From 01a1d6ffd057c52b6781ddf5d13fa6a93ae82f0e Mon Sep 17 00:00:00 2001 From: adamscmRH Date: Wed, 20 Jun 2018 23:09:52 -0400 Subject: [PATCH 1/2] selectively authenticate with OAuth2 Backend --- awx/api/authentication.py | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/awx/api/authentication.py b/awx/api/authentication.py index f0d345e444..8ba8e11d34 100644 --- a/awx/api/authentication.py +++ b/awx/api/authentication.py @@ -46,14 +46,17 @@ class SessionAuthentication(authentication.SessionAuthentication): class LoggedOAuth2Authentication(OAuth2Authentication): def authenticate(self, request): - ret = super(LoggedOAuth2Authentication, self).authenticate(request) - if ret: - user, token = ret - username = user.username if user else '' - logger.info(smart_text( - u"User {} performed a {} to {} through the API using OAuth token {}.".format( - username, request.method, request.path, token.pk - ) - )) - setattr(user, 'oauth_scopes', [x for x in token.scope.split() if x]) - return ret + if 'Bearer' in request.META['HTTP_AUTHORIZATION']: + ret = super(LoggedOAuth2Authentication, self).authenticate(request) + if ret: + user, token = ret + username = user.username if user else '' + logger.debug(smart_text( + u"User {} performed a {} to {} through the API using OAuth token {}.".format( + username, request.method, request.path, token.pk + ) + )) + setattr(user, 'oauth_scopes', [x for x in token.scope.split() if x]) + return ret + else: + return None From b7f5161835baad8e6900e40d8eb650193a5454df Mon Sep 17 00:00:00 2001 From: adamscmRH Date: Thu, 21 Jun 2018 16:29:40 -0400 Subject: [PATCH 2/2] try-except auth_header --- awx/api/authentication.py | 25 +++++++++++-------------- awx/api/generics.py | 7 +++++-- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/awx/api/authentication.py b/awx/api/authentication.py index 8ba8e11d34..f0d345e444 100644 --- a/awx/api/authentication.py +++ b/awx/api/authentication.py @@ -46,17 +46,14 @@ class SessionAuthentication(authentication.SessionAuthentication): class LoggedOAuth2Authentication(OAuth2Authentication): def authenticate(self, request): - if 'Bearer' in request.META['HTTP_AUTHORIZATION']: - ret = super(LoggedOAuth2Authentication, self).authenticate(request) - if ret: - user, token = ret - username = user.username if user else '' - logger.debug(smart_text( - u"User {} performed a {} to {} through the API using OAuth token {}.".format( - username, request.method, request.path, token.pk - ) - )) - setattr(user, 'oauth_scopes', [x for x in token.scope.split() if x]) - return ret - else: - return None + ret = super(LoggedOAuth2Authentication, self).authenticate(request) + if ret: + user, token = ret + username = user.username if user else '' + logger.info(smart_text( + u"User {} performed a {} to {} through the API using OAuth token {}.".format( + username, request.method, request.path, token.pk + ) + )) + setattr(user, 'oauth_scopes', [x for x in token.scope.split() if x]) + return ret diff --git a/awx/api/generics.py b/awx/api/generics.py index fbd0a7fe34..114875ad16 100644 --- a/awx/api/generics.py +++ b/awx/api/generics.py @@ -234,8 +234,11 @@ class APIView(views.APIView): was attempted. """ for authenticator in self.get_authenticators(): - resp_hdr = authenticator.authenticate_header(request) - if not resp_hdr: + try: + resp_hdr = authenticator.authenticate_header(request) + if not resp_hdr: + continue + except AttributeError: continue req_hdr = get_authorization_header(request) if not req_hdr: