From 5c664eadf9243ae71c22617c863171885619ef76 Mon Sep 17 00:00:00 2001 From: Jeff Bradberry Date: Fri, 7 May 2021 14:37:39 -0400 Subject: [PATCH] Write a thin wrapper around the standard Django auth backend --- awx/main/backends.py | 14 ++++++++++++++ awx/settings/defaults.py | 2 +- awx/sso/fields.py | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 awx/main/backends.py diff --git a/awx/main/backends.py b/awx/main/backends.py new file mode 100644 index 0000000000..722b94805f --- /dev/null +++ b/awx/main/backends.py @@ -0,0 +1,14 @@ +import logging + +from django.conf import settings +from django.contrib.auth.backends import ModelBackend + +logger = logging.getLogger('awx.main.backends') + + +class AWXModelBackend(ModelBackend): + def authenticate(self, request, **kwargs): + if settings.DISABLE_LOCAL_AUTH: + logger.warning(f"User '{kwargs['username']}' attempted login through the disabled local authentication system.") + return + return super().authenticate(request, **kwargs) diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index 31100f11b3..c2ac5f4b02 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -364,7 +364,7 @@ AUTHENTICATION_BACKENDS = ( 'social_core.backends.github_enterprise.GithubEnterpriseTeamOAuth2', 'social_core.backends.azuread.AzureADOAuth2', 'awx.sso.backends.SAMLAuth', - 'django.contrib.auth.backends.ModelBackend', + 'awx.main.backends.AWXModelBackend', ) diff --git a/awx/sso/fields.py b/awx/sso/fields.py index c2ad629d6f..deef330842 100644 --- a/awx/sso/fields.py +++ b/awx/sso/fields.py @@ -196,6 +196,7 @@ class AuthenticationBackendsField(fields.StringListField): ], ), ('django.contrib.auth.backends.ModelBackend', []), + ('awx.main.backends.AWXModelBackend', []), ] )