2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 19:40:12 +00:00

Extend HTTP token to work correctly with PAM authentication

This commit is contained in:
Jarrod Johnson 2014-07-14 15:03:34 -04:00
parent c70f365cd2
commit 12f939a533
2 changed files with 7 additions and 4 deletions

View File

@ -113,10 +113,10 @@ def authorize(name, element, tenant=False, operation='create',
return None
manager = configmanager.ConfigManager(tenant)
if skipuserobj:
return None, manager, user, tenant
return None, manager, user, tenant, skipuserobj
userobj = manager.get_user(user)
if userobj: # returning
return userobj, manager, user, tenant
return userobj, manager, user, tenant, skipuserobj
return None

View File

@ -160,7 +160,9 @@ def _authorize_request(env, operation):
if sessionid in httpsessions:
httpsessions[sessionid]['expiry'] = time.time() + 90
name = httpsessions[sessionid]['name']
authdata = auth.authorize(name, element=None)
authdata = auth.authorize(
name, element=None,
skipuserobj=httpsessions[sessionid]['skipuserobject'])
if (not authdata) and 'HTTP_AUTHORIZATION' in env:
name, passphrase = base64.b64decode(
env['HTTP_AUTHORIZATION'].replace('Basic ', '')).split(':', 1)
@ -168,7 +170,8 @@ def _authorize_request(env, operation):
sessid = util.randomstring(32)
while sessid in httpsessions:
sessid = util.randomstring(32)
httpsessions[sessid] = {'name': name, 'expiry': time.time() + 90}
httpsessions[sessid] = {'name': name, 'expiry': time.time() + 90,
'skipuserobject': authdata[4]}
cookie['confluentsessionid'] = sessid
cookie['confluentsessionid']['secure'] = 1
cookie['confluentsessionid']['httponly'] = 1