mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 06:51:10 +03:00
properly detect settings.AUTHENTICATION_BACKEND changes for SSO logins
see: https://github.com/ansible/tower/issues/1979
This commit is contained in:
parent
1733a20094
commit
c3bda8e259
@ -8,12 +8,14 @@ import urllib
|
|||||||
import six
|
import six
|
||||||
|
|
||||||
# Django
|
# Django
|
||||||
|
from django.conf import settings
|
||||||
from django.utils.functional import LazyObject
|
from django.utils.functional import LazyObject
|
||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
|
|
||||||
# Python Social Auth
|
# Python Social Auth
|
||||||
from social_core.exceptions import SocialAuthBaseException
|
from social_core.exceptions import SocialAuthBaseException
|
||||||
from social_core.utils import social_logger
|
from social_core.utils import social_logger
|
||||||
|
from social_django import utils
|
||||||
from social_django.middleware import SocialAuthExceptionMiddleware
|
from social_django.middleware import SocialAuthExceptionMiddleware
|
||||||
|
|
||||||
|
|
||||||
@ -24,6 +26,19 @@ class SocialAuthMiddleware(SocialAuthExceptionMiddleware):
|
|||||||
request.session['social_auth_last_backend'] = callback_kwargs['backend']
|
request.session['social_auth_last_backend'] = callback_kwargs['backend']
|
||||||
|
|
||||||
def process_request(self, request):
|
def process_request(self, request):
|
||||||
|
if request.path.startswith('/sso'):
|
||||||
|
# django-social keeps a list of backends in memory that it gathers
|
||||||
|
# based on the value of settings.AUTHENTICATION_BACKENDS *at import
|
||||||
|
# time*:
|
||||||
|
# https://github.com/python-social-auth/social-app-django/blob/c1e2795b00b753d58a81fa6a0261d8dae1d9c73d/social_django/utils.py#L13
|
||||||
|
#
|
||||||
|
# our settings.AUTHENTICATION_BACKENDS can *change*
|
||||||
|
# dynamically as Tower settings are changed (i.e., if somebody
|
||||||
|
# configures Github OAuth2 integration), so we need to
|
||||||
|
# _overwrite_ this in-memory value at the top of every request so
|
||||||
|
# that we have the latest version
|
||||||
|
# see: https://github.com/ansible/tower/issues/1979
|
||||||
|
utils.BACKENDS = settings.AUTHENTICATION_BACKENDS
|
||||||
token_key = request.COOKIES.get('token', '')
|
token_key = request.COOKIES.get('token', '')
|
||||||
token_key = urllib.quote(urllib.unquote(token_key).strip('"'))
|
token_key = urllib.quote(urllib.unquote(token_key).strip('"'))
|
||||||
|
|
||||||
|
@ -13,6 +13,7 @@ from django.core.wsgi import WSGIHandler # NOQA
|
|||||||
import django # NOQA
|
import django # NOQA
|
||||||
from django.conf import settings # NOQA
|
from django.conf import settings # NOQA
|
||||||
from django.urls import resolve # NOQA
|
from django.urls import resolve # NOQA
|
||||||
|
import social_django # NOQA
|
||||||
|
|
||||||
|
|
||||||
"""
|
"""
|
||||||
@ -34,6 +35,11 @@ if MODE == 'production':
|
|||||||
logger.error("Missing or incorrect metadata for Tower version. Ensure Tower was installed using the setup playbook.")
|
logger.error("Missing or incorrect metadata for Tower version. Ensure Tower was installed using the setup playbook.")
|
||||||
raise Exception("Missing or incorrect metadata for Tower version. Ensure Tower was installed using the setup playbook.")
|
raise Exception("Missing or incorrect metadata for Tower version. Ensure Tower was installed using the setup playbook.")
|
||||||
|
|
||||||
|
if social_django.__version__ != '2.1.0':
|
||||||
|
raise RuntimeError("social_django version other than 2.1.0 detected {}. \
|
||||||
|
Confirm that per-request social_django.utils.BACKENDS override \
|
||||||
|
still works".format(social_django.__version__))
|
||||||
|
|
||||||
|
|
||||||
if django.__version__ != '1.11.11':
|
if django.__version__ != '1.11.11':
|
||||||
raise RuntimeError("Django version other than 1.11.11 detected {}. \
|
raise RuntimeError("Django version other than 1.11.11 detected {}. \
|
||||||
|
Loading…
Reference in New Issue
Block a user