rest_authentication: allow having user named after service origin (fixes #10691)
It allows managing services' permissions finely.
This commit is contained in:
parent
e0c2bfae00
commit
80b6a26ca4
|
@ -45,10 +45,9 @@ class PublikAuthentication(authentication.BaseAuthentication):
|
|||
super(PublikAuthentication, self).__init__(*args, **kwargs)
|
||||
|
||||
def resolve_user(self, request):
|
||||
User = get_user_model()
|
||||
if 'NameID' in request.GET:
|
||||
name_id = request.GET['NameID']
|
||||
User = get_user_model()
|
||||
|
||||
is_authentic = True
|
||||
try:
|
||||
User._meta.get_field_by_name('uuid')
|
||||
|
@ -69,8 +68,12 @@ class PublikAuthentication(authentication.BaseAuthentication):
|
|||
else:
|
||||
raise exceptions.AuthenticationFailed(
|
||||
'No usable model to match nameid=%r' % name_id)
|
||||
|
||||
else:
|
||||
orig = request.GET['orig']
|
||||
try:
|
||||
return User.objects.get(username=orig)
|
||||
except User.DoesNotExist:
|
||||
pass
|
||||
if hasattr(settings, 'HOBO_ANONYMOUS_SERVICE_USER_CLASS'):
|
||||
klass = import_string(settings.HOBO_ANONYMOUS_SERVICE_USER_CLASS)
|
||||
self.logger.info('anonymous signature validated')
|
||||
|
|
|
@ -11,6 +11,7 @@ from hobo import signature, rest_authentication
|
|||
|
||||
pytestmark = pytest.mark.django_db
|
||||
|
||||
|
||||
def test_publik_authentication(tenant, settings):
|
||||
settings.HOBO_ANONYMOUS_SERVICE_USER_CLASS = \
|
||||
'hobo.rest_authentication.AnonymousAdminServiceUser'
|
||||
|
@ -33,7 +34,7 @@ def test_publik_authentication(tenant, settings):
|
|||
assert isinstance(result, tuple)
|
||||
assert len(result) == 2
|
||||
assert result[0] == user
|
||||
assert result[1] == None
|
||||
assert result[1] is None
|
||||
|
||||
# Test anonymous user
|
||||
AUTH_QUERY = '&orig=%s' % urllib.quote(ORIG)
|
||||
|
@ -47,11 +48,24 @@ def test_publik_authentication(tenant, settings):
|
|||
assert result[0].__class__ is rest_authentication.AnonymousAdminServiceUser
|
||||
assert result[0].is_authenticated()
|
||||
assert result[0].is_staff
|
||||
assert result[1] == None
|
||||
assert result[1] is None
|
||||
|
||||
# Test user named after service orig
|
||||
service_user = User.objects.create(username=ORIG)
|
||||
|
||||
AUTH_QUERY = '&orig=%s' % urllib.quote(ORIG)
|
||||
request = factory.get(signature.sign_url(URL + AUTH_QUERY, key))
|
||||
|
||||
publik_authentication = rest_authentication.PublikAuthentication()
|
||||
result = publik_authentication.authenticate(request)
|
||||
assert result is not None
|
||||
assert isinstance(result, tuple)
|
||||
assert len(result) == 2
|
||||
assert result[0] == service_user
|
||||
assert result[1] is None
|
||||
|
||||
# Failure
|
||||
request = factory.get(signature.sign_url(URL + AUTH_QUERY, key+'zob'))
|
||||
request = factory.get(signature.sign_url(URL + AUTH_QUERY, key + 'zob'))
|
||||
|
||||
publik_authentication = rest_authentication.PublikAuthentication()
|
||||
with pytest.raises(AuthenticationFailed):
|
||||
|
|
Loading…
Reference in New Issue