From 12f939a533495c6df3b48e32cb7f547fefa213a1 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jbjohnso@us.ibm.com>
Date: Mon, 14 Jul 2014 15:03:34 -0400
Subject: [PATCH] Extend HTTP token to work correctly with PAM authentication

---
 confluent_server/confluent/auth.py    | 4 ++--
 confluent_server/confluent/httpapi.py | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/confluent_server/confluent/auth.py b/confluent_server/confluent/auth.py
index c1576e9b..9c1c7a3d 100644
--- a/confluent_server/confluent/auth.py
+++ b/confluent_server/confluent/auth.py
@@ -113,10 +113,10 @@ def authorize(name, element, tenant=False, operation='create',
         return None
     manager = configmanager.ConfigManager(tenant)
     if skipuserobj:
-        return None, manager, user, tenant
+        return None, manager, user, tenant, skipuserobj
     userobj = manager.get_user(user)
     if userobj:  # returning
-        return userobj, manager, user, tenant
+        return userobj, manager, user, tenant, skipuserobj
     return None
 
 
diff --git a/confluent_server/confluent/httpapi.py b/confluent_server/confluent/httpapi.py
index 607e29e3..807d085a 100644
--- a/confluent_server/confluent/httpapi.py
+++ b/confluent_server/confluent/httpapi.py
@@ -160,7 +160,9 @@ def _authorize_request(env, operation):
             if sessionid in httpsessions:
                 httpsessions[sessionid]['expiry'] = time.time() + 90
                 name = httpsessions[sessionid]['name']
-                authdata = auth.authorize(name, element=None)
+                authdata = auth.authorize(
+                    name, element=None, 
+                    skipuserobj=httpsessions[sessionid]['skipuserobject'])
     if (not authdata) and 'HTTP_AUTHORIZATION' in env:
         name, passphrase = base64.b64decode(
             env['HTTP_AUTHORIZATION'].replace('Basic ', '')).split(':', 1)
@@ -168,7 +170,8 @@ def _authorize_request(env, operation):
         sessid = util.randomstring(32)
         while sessid in httpsessions:
             sessid = util.randomstring(32)
-        httpsessions[sessid] = {'name': name, 'expiry': time.time() + 90}
+        httpsessions[sessid] = {'name': name, 'expiry': time.time() + 90,
+                                'skipuserobject': authdata[4]}
         cookie['confluentsessionid'] = sessid
         cookie['confluentsessionid']['secure'] = 1
         cookie['confluentsessionid']['httponly'] = 1