Extend HTTP token to work correctly with PAM authentication

confluent_server/confluent/auth.py

@@ -113,10 +113,10 @@ def authorize(name, element, tenant=False, operation='create',
         return None
     manager = configmanager.ConfigManager(tenant)
     if skipuserobj:
-        return None, manager, user, tenant
+        return None, manager, user, tenant, skipuserobj
     userobj = manager.get_user(user)
     if userobj:  # returning
-        return userobj, manager, user, tenant
+        return userobj, manager, user, tenant, skipuserobj
     return None
 
 

confluent_server/confluent/httpapi.py

@@ -160,7 +160,9 @@ def _authorize_request(env, operation):
             if sessionid in httpsessions:
                 httpsessions[sessionid]['expiry'] = time.time() + 90
                 name = httpsessions[sessionid]['name']
-                authdata = auth.authorize(name, element=None)
+                authdata = auth.authorize(
+                    name, element=None, 
+                    skipuserobj=httpsessions[sessionid]['skipuserobject'])
     if (not authdata) and 'HTTP_AUTHORIZATION' in env:
         name, passphrase = base64.b64decode(
             env['HTTP_AUTHORIZATION'].replace('Basic ', '')).split(':', 1)
@@ -168,7 +170,8 @@ def _authorize_request(env, operation):
         sessid = util.randomstring(32)
         while sessid in httpsessions:
             sessid = util.randomstring(32)
-        httpsessions[sessid] = {'name': name, 'expiry': time.time() + 90}
+        httpsessions[sessid] = {'name': name, 'expiry': time.time() + 90,
+                                'skipuserobject': authdata[4]}
         cookie['confluentsessionid'] = sessid
         cookie['confluentsessionid']['secure'] = 1
         cookie['confluentsessionid']['httponly'] = 1