From fef99be0b05d2bdfa91a4dff95c144b8c7580cee Mon Sep 17 00:00:00 2001 From: Chenxiong Qi Date: Jul 06 2017 03:19:36 +0000 Subject: Force to specify backend authentication Signed-off-by: Chenxiong Qi --- diff --git a/conf/config.py b/conf/config.py index 6062238..2f056f8 100644 --- a/conf/config.py +++ b/conf/config.py @@ -52,7 +52,7 @@ class BaseConfiguration(object): # noauth: no authentication is enabled. Useful for development particularly. # kerberos: Kerberos authentication is enabled. # openidc: OpenIDC authentication is enabled. - AUTH_BACKEND = 'noauth' + AUTH_BACKEND = '' # Used for Kerberos authentication and to query user's groups. # Format: ldap://hostname[:port] @@ -89,6 +89,7 @@ class DevConfiguration(BaseConfiguration): except: pass + AUTH_BACKEND = 'noauth' AUTH_OPENIDC_USERINFO_URI = 'https://iddev.fedorainfracloud.org/openidc/UserInfo' @@ -104,6 +105,7 @@ class TestConfiguration(BaseConfiguration): NET_TIMEOUT = 3 NET_RETRY_INTERVAL = 1 + AUTH_BACKEND = 'noauth' AUTH_LDAP_SERVER = 'ldap://ldap.example.com' AUTH_LDAP_GROUP_BASE = 'ou=groups,dc=example,dc=com' diff --git a/odcs/auth.py b/odcs/auth.py index 1bece39..9231d41 100644 --- a/odcs/auth.py +++ b/odcs/auth.py @@ -143,8 +143,15 @@ def get_user_info(token): return r.json() -def init_auth(app, backend=None): - if backend is None or backend == 'noauth': +def init_auth(app, backend): + """Initialize authentication backend + + Enable and initialize authentication backend to work with frontend + authentication module running in Apache. + """ + if backend == 'noauth': + # Do not enable any authentication backend working with frontend + # authentication module in Apache. return if backend == 'kerberos': global load_krb_user_from_request diff --git a/tests/test_auth.py b/tests/test_auth.py index ed97a7f..822d7c7 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -264,9 +264,6 @@ class TestInitAuth(unittest.TestCase): def test_not_use_auth_backend(self): app = Mock() - init_auth(app) - app.before_request.assert_not_called() - init_auth(app, 'noauth') app.before_request.assert_not_called() @@ -274,3 +271,4 @@ class TestInitAuth(unittest.TestCase): app = Mock() self.assertRaises(ValueError, init_auth, app, 'xxx') self.assertRaises(ValueError, init_auth, app, '') + self.assertRaises(ValueError, init_auth, app, None)