From 08ab0534819b83d6e2dd16047143101bdba2a243 Mon Sep 17 00:00:00 2001 From: Lubomír Sedlář Date: Aug 16 2021 12:04:14 +0000 Subject: Allow optional kerberos auth Even if the server requires no authentication for GET requests, we can send it. This should make it possible for the new client to work with servers with both old and new version. For updated servers mutual auth will fail, but as optional it is ignored. For old servers everything should continue working. --- diff --git a/client/odcs/client/odcs.py b/client/odcs/client/odcs.py index d94a280..4b7bb1a 100644 --- a/client/odcs/client/odcs.py +++ b/client/odcs/client/odcs.py @@ -27,7 +27,7 @@ import requests import time from six.moves import urllib_parse -from requests_kerberos import HTTPKerberosAuth +from requests_kerberos import HTTPKerberosAuth, OPTIONAL class AuthMech(object): @@ -422,13 +422,12 @@ class ODCS(object): request_data["params"] = data if not self._verify_ssl: request_data["verify"] = False - if method != "get": - if self.auth_mech == AuthMech.OpenIDC: - headers["Authorization"] = "Bearer {0}".format(self._openidc_token) - elif self.auth_mech == AuthMech.Kerberos: - request_data["auth"] = HTTPKerberosAuth() - elif self.auth_mech == AuthMech.SSL: - request_data["cert"] = (self._ssl_cert, self._ssl_key) + if self.auth_mech == AuthMech.OpenIDC: + headers["Authorization"] = "Bearer {0}".format(self._openidc_token) + elif self.auth_mech == AuthMech.Kerberos: + request_data["auth"] = HTTPKerberosAuth(mutual_authentication=OPTIONAL) + elif self.auth_mech == AuthMech.SSL: + request_data["cert"] = (self._ssl_cert, self._ssl_key) # Anonymous is the last possible value and no auth should be set