From 021235ed468c4c6111a163b478afed0a36e77215 Mon Sep 17 00:00:00 2001 From: Ken Dreyer Date: Feb 14 2023 06:52:44 +0000 Subject: client: switch to HTTPSPNEGOAuth and drop mutual_authentication Stop using requests-gssapi's compat shim and switch to the HTTPSPNEGOAuth class. Stop using GSSAPI mutual authentication, because this provides no benefit. requests-gssapi defaults to DISABLED for stability and simplicity. --- diff --git a/client/odcs/client/odcs.py b/client/odcs/client/odcs.py index f837f14..b06d0b2 100644 --- a/client/odcs/client/odcs.py +++ b/client/odcs/client/odcs.py @@ -29,7 +29,7 @@ import time from urllib.parse import urljoin -from requests_gssapi import HTTPKerberosAuth, OPTIONAL +from requests_gssapi import HTTPSPNEGOAuth from odcs.client import version as client_version @@ -432,7 +432,7 @@ class ODCS(object): if self.auth_mech == AuthMech.OpenIDC: headers["Authorization"] = "Bearer {0}".format(self._openidc_token) elif self.auth_mech == AuthMech.Kerberos: - request_data["auth"] = HTTPKerberosAuth(mutual_authentication=OPTIONAL) + request_data["auth"] = HTTPSPNEGOAuth() elif self.auth_mech == AuthMech.SSL: request_data["cert"] = (self._ssl_cert, self._ssl_key) diff --git a/client/tests/test_client_odcs.py b/client/tests/test_client_odcs.py index 73c363d..f9fd6cb 100644 --- a/client/tests/test_client_odcs.py +++ b/client/tests/test_client_odcs.py @@ -105,10 +105,10 @@ class TestMakeRequest(unittest.TestCase): requests.get.return_value.raise_for_status.assert_called_once() @patch("odcs.client.odcs.requests") - @patch("odcs.client.odcs.HTTPKerberosAuth") - def test_with_kerberos_auth(self, HTTPKerberosAuth, requests): + @patch("odcs.client.odcs.HTTPSPNEGOAuth") + def test_with_kerberos_auth(self, HTTPSPNEGOAuth, requests): requests.post.return_value.status_code = 200 - expected_auth = HTTPKerberosAuth.return_value + expected_auth = HTTPSPNEGOAuth.return_value odcs = ODCS(self.server_url, auth_mech=AuthMech.Kerberos) r = odcs._make_request("post", self.resource_path)