Add support for single-sign on using python-social-auth (with Google/Github OAuth2 and SAML support). Add support for RADIUS as another authentication backend.

2026-03-06 03:01:06 -03:30 · 2015-10-02 14:57:27 -04:00
parent 2a7f1b7251
commit 2ba5e06e2c
23 changed files with 458 additions and 7 deletions
--- a/awx/api/authentication.py
+++ b/awx/api/authentication.py
@@ -1,6 +1,9 @@
 # Copyright (c) 2015 Ansible, Inc.
 # All Rights Reserved.

+# Python
+import urllib
+
 # Django
 from django.utils.timezone import now as tz_now
 from django.conf import settings
@@ -30,6 +33,13 @@ class TokenAuthentication(authentication.TokenAuthentication):
            auth = auth.encode(HTTP_HEADER_ENCODING)
        return auth

+    @staticmethod
+    def _get_auth_token_cookie(request):
+        token = request.COOKIES.get('token', '')
+        if token:
+            token = urllib.unquote(token).strip('"')
+            return 'token %s' % token
+
    def authenticate(self, request):
        self.request = request

@@ -40,7 +50,9 @@ class TokenAuthentication(authentication.TokenAuthentication):
        if not auth or auth[0].lower() != 'token':
            auth = authentication.get_authorization_header(request).split()
            if not auth or auth[0].lower() != 'token':
-                return None
+                auth = TokenAuthentication._get_auth_token_cookie(request).split()
+                if not auth or auth[0].lower() != 'token':
+                    return None

        if len(auth) == 1:
            msg = 'Invalid token header. No credentials provided.'