Prevent third-party-based user from imposing tower user.

2026-05-19 23:07:42 -02:30 · 2017-05-04 17:31:57 -04:00
parent 6c7028f657
commit 7a6364c642
2 changed files with 27 additions and 4 deletions
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -138,7 +138,9 @@ class RADIUSBackend(BaseRADIUSBackend):
        if not feature_enabled('enterprise_auth'):
            logger.error("Unable to get_user, license does not support RADIUS authentication")
            return None
-        return super(RADIUSBackend, self).get_user(user_id)
+        user = super(RADIUSBackend, self).get_user(user_id)
+        if not user.has_usable_password():
+            return user

    def get_django_user(self, username, password=None):
        try:
@@ -190,7 +192,9 @@ class TACACSPlusBackend(object):
            logger.exception("TACACS+ Authentication Error: %s" % (e.message,))
            return None
        if auth.valid:
-            return self._get_or_set_user(username, password)
+            user = self._get_or_set_user(username, password)
+            if not user.has_usable_password():
+                return user
        else:
            return None
        return None