External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-04 18:21:03 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #479 from chrismeyersfsu/fix-basic_auth_cookies

Browse Source 
if basic auth in headers, don't use cookie token
This commit is contained in:
Chris Meyers
2015-10-19 17:07:14 -04:00
parent 99da0965ef 1db26531a1
commit bcc2cb7914
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/api/authentication.py
View File

@@ -50,7 +50,10 @@ class TokenAuthentication(authentication.TokenAuthentication):
auth = TokenAuthentication._get_x_auth_token_header(request).split() auth = TokenAuthentication._get_x_auth_token_header(request).split()
if not auth or auth[0].lower() != 'token': if not auth or auth[0].lower() != 'token':
auth = authentication.get_authorization_header(request).split() auth = authentication.get_authorization_header(request).split()
if not auth or auth[0].lower() != 'token': # Prefer basic auth over cookie token
if auth and auth[0].lower() == 'basic':
return None
elif not auth or auth[0].lower() != 'token':
auth = TokenAuthentication._get_auth_token_cookie(request).split() auth = TokenAuthentication._get_auth_token_cookie(request).split()
if not auth or auth[0].lower() != 'token': if not auth or auth[0].lower() != 'token':
return None return None