remove support for job-scoped auth tokens

When Jobs and Adhoc Commands are launched, awx uses a job-scoped auth token to dynamically fetch inventory via the awx REST API; this process is complicated, hard to debug, and likely won't work going forward with oauth2-based tokens in awx see: https://github.com/ansible/awx/issues/21
2026-03-06 03:01:06 -03:30 · 2017-10-18 16:10:49 -04:00
parent 3685cb5517
commit ea683344f5
9 changed files with 99 additions and 341 deletions
--- a/awx/api/authentication.py
+++ b/awx/api/authentication.py
@@ -17,7 +17,7 @@ from rest_framework import exceptions
 from rest_framework import HTTP_HEADER_ENCODING

 # AWX
-from awx.main.models import UnifiedJob, AuthToken
+from awx.main.models import AuthToken

 logger = logging.getLogger('awx.api.authentication')

@@ -137,29 +137,3 @@ class LoggedBasicAuthentication(authentication.BasicAuthentication):
        if not settings.AUTH_BASIC_ENABLED:
            return
        return super(LoggedBasicAuthentication, self).authenticate_header(request)
-
-
-class TaskAuthentication(authentication.BaseAuthentication):
-    '''
-    Custom authentication used for views accessed by the inventory and callback
-    scripts when running a task.
-    '''
-
-    model = None
-
-    def authenticate(self, request):
-        auth = authentication.get_authorization_header(request).split()
-        if len(auth) != 2 or auth[0].lower() != 'token' or '-' not in auth[1]:
-            return None
-        pk, key = auth[1].split('-', 1)
-        try:
-            unified_job = UnifiedJob.objects.get(pk=pk, status='running')
-        except UnifiedJob.DoesNotExist:
-            return None
-        token = unified_job.task_auth_token
-        if auth[1] != token:
-            raise exceptions.AuthenticationFailed(_('Invalid task token'))
-        return (None, token)
-
-    def authenticate_header(self, request):
-        return 'Token'