only allow SCIM basic auth for testing and debug
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
d99a81d32f
commit
619f356ecc
|
@ -1,4 +1,4 @@
|
||||||
# Generated by Django 4.0.5 on 2022-06-06 21:03
|
# Generated by Django 4.0.5 on 2022-06-06 21:37
|
||||||
|
|
||||||
import django.db.models.deletion
|
import django.db.models.deletion
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
@ -38,7 +38,8 @@ class Migration(migrations.Migration):
|
||||||
),
|
),
|
||||||
],
|
],
|
||||||
options={
|
options={
|
||||||
"abstract": False,
|
"verbose_name": "SCIM Source",
|
||||||
|
"verbose_name_plural": "SCIM Sources",
|
||||||
},
|
},
|
||||||
bases=("authentik_core.source",),
|
bases=("authentik_core.source",),
|
||||||
),
|
),
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
from base64 import b64decode
|
from base64 import b64decode
|
||||||
from typing import Any, Optional, Union
|
from typing import Any, Optional, Union
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
from rest_framework.authentication import BaseAuthentication, get_authorization_header
|
from rest_framework.authentication import BaseAuthentication, get_authorization_header
|
||||||
from rest_framework.request import Request
|
from rest_framework.request import Request
|
||||||
|
|
||||||
|
@ -11,8 +12,10 @@ from authentik.core.models import Token, TokenIntents, User
|
||||||
class SCIMTokenAuth(BaseAuthentication):
|
class SCIMTokenAuth(BaseAuthentication):
|
||||||
"""SCIM Token auth"""
|
"""SCIM Token auth"""
|
||||||
|
|
||||||
def legacy(self, key: str, source_slug: str) -> Optional[Token]:
|
def legacy(self, key: str, source_slug: str) -> Optional[Token]: # pragma: no cover
|
||||||
"""Legacy HTTP-Basic auth for testing"""
|
"""Legacy HTTP-Basic auth for testing"""
|
||||||
|
if not settings.TEST or not settings.DEBUG:
|
||||||
|
return None
|
||||||
_username, _, password = b64decode(key.encode()).decode().partition(":")
|
_username, _, password = b64decode(key.encode()).decode().partition(":")
|
||||||
token = self.check_token(password, source_slug)
|
token = self.check_token(password, source_slug)
|
||||||
if token:
|
if token:
|
||||||
|
|
Reference in a new issue