clears authtoken & add PAT

2026-03-06 03:01:06 -03:30 · 2018-01-18 10:57:54 -05:00
parent 88bc4a0a9c
commit 310f37dd37
34 changed files with 558 additions and 628 deletions
--- a/awx/api/authentication.py
+++ b/awx/api/authentication.py
@@ -2,129 +2,21 @@
 # All Rights Reserved.

 # Python
-import urllib
 import logging

 # Django
 from django.conf import settings
-from django.utils.timezone import now as tz_now
 from django.utils.encoding import smart_text
-from django.utils.translation import ugettext_lazy as _

 # Django REST Framework
 from rest_framework import authentication
-from rest_framework import exceptions
-from rest_framework import HTTP_HEADER_ENCODING

 # Django OAuth Toolkit
 from oauth2_provider.contrib.rest_framework import OAuth2Authentication

-# AWX
-from awx.main.models import AuthToken
-
 logger = logging.getLogger('awx.api.authentication')


-class TokenAuthentication(authentication.TokenAuthentication):
-    '''
-    Custom token authentication using tokens that expire and are associated
-    with parameters specific to the request.
-    '''
-
-    model = AuthToken
-
-    @staticmethod
-    def _get_x_auth_token_header(request):
-        auth = request.META.get('HTTP_X_AUTH_TOKEN', '')
-        if isinstance(auth, type('')):
-            # Work around django test client oddness
-            auth = auth.encode(HTTP_HEADER_ENCODING)
-        return auth
-
-    @staticmethod
-    def _get_auth_token_cookie(request):
-        token = request.COOKIES.get('token', '')
-        if token:
-            token = urllib.unquote(token).strip('"')
-            return 'token %s' % token
-        return ''
-
-    def authenticate(self, request):
-        self.request = request
-
-        # Prefer the custom X-Auth-Token header over the Authorization header,
-        # to handle cases where the browser submits saved Basic auth and
-        # overrides the UI's normal use of the Authorization header.
-        auth = TokenAuthentication._get_x_auth_token_header(request).split()
-        if not auth or auth[0].lower() != 'token':
-            auth = authentication.get_authorization_header(request).split()
-            # Prefer basic auth over cookie token
-            if auth and auth[0].lower() == 'basic':
-                return None
-            elif not auth or auth[0].lower() != 'token':
-                auth = TokenAuthentication._get_auth_token_cookie(request).split()
-                if not auth or auth[0].lower() != 'token':
-                    return None
-
-        if len(auth) == 1:
-            msg = _('Invalid token header. No credentials provided.')
-            raise exceptions.AuthenticationFailed(msg)
-        elif len(auth) > 2:
-            msg = _('Invalid token header. Token string should not contain spaces.')
-            raise exceptions.AuthenticationFailed(msg)
-
-        return self.authenticate_credentials(auth[1])
-
-    def authenticate_credentials(self, key):
-        now = tz_now()
-        # Retrieve the request hash and token.
-        try:
-            request_hash = self.model.get_request_hash(self.request)
-            token = self.model.objects.select_related('user').get(
-                key=key,
-                request_hash=request_hash,
-            )
-        except self.model.DoesNotExist:
-            raise exceptions.AuthenticationFailed(AuthToken.reason_long('invalid_token'))
-
-        # Tell the user why their token was previously invalidated.
-        if token.invalidated:
-            raise exceptions.AuthenticationFailed(AuthToken.reason_long(token.reason))
-
-        # Explicitly handle expired tokens
-        if token.is_expired(now=now):
-            token.invalidate(reason='timeout_reached')
-            raise exceptions.AuthenticationFailed(AuthToken.reason_long('timeout_reached'))
-
-        # Token invalidated due to session limit config being reduced
-        # Session limit reached invalidation will also take place on authentication
-        if settings.AUTH_TOKEN_PER_USER != -1:
-            if not token.in_valid_tokens(now=now):
-                token.invalidate(reason='limit_reached')
-                raise exceptions.AuthenticationFailed(AuthToken.reason_long('limit_reached'))
-
-        # If the user is inactive, then return an error.
-        if not token.user.is_active:
-            raise exceptions.AuthenticationFailed(_('User inactive or deleted'))
-
-        # Refresh the token.
-        # The token is extended from "right now" + configurable setting amount.
-        token.refresh(now=now)
-
-        # Return the user object and the token.
-        return (token.user, token)
-
-
-class TokenGetAuthentication(TokenAuthentication):
-
-    def authenticate(self, request):
-        if request.method.lower() == 'get':
-            token = request.GET.get('token', None)
-            if token:
-                request.META['HTTP_X_AUTH_TOKEN'] = 'Token %s' % token
-        return super(TokenGetAuthentication, self).authenticate(request)
-
-
 class LoggedBasicAuthentication(authentication.BasicAuthentication):

    def authenticate(self, request):
@@ -143,7 +35,7 @@ class LoggedBasicAuthentication(authentication.BasicAuthentication):


 class SessionAuthentication(authentication.SessionAuthentication):
-
+    
    def authenticate_header(self, request):
        return 'Session'