Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PR #2279/64968a92 backport][stable-4.10] Force galaxy session auth as the first auth class. #2319

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion galaxy_ng/app/dynaconf_hooks.py
Original file line number Diff line number Diff line change
Expand Up @@ -417,13 +417,24 @@ def configure_authentication_classes(settings: Dynaconf, data: Dict[str, Any]) -
# add in keycloak classes if necessary ...
if data.get('GALAXY_AUTH_KEYCLOAK_ENABLED') is True:
for class_name in [
"galaxy_ng.app.auth.session.SessionAuthentication",
# "galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth"
]:
if class_name not in galaxy_auth_classes:
galaxy_auth_classes.insert(0, class_name)

# galaxy sessionauth -must- always come first ...
galaxy_session = "galaxy_ng.app.auth.session.SessionAuthentication"
if galaxy_auth_classes:
# Check if galaxy_session is already the first element
if galaxy_auth_classes[0] != galaxy_session:
# Remove galaxy_session if it exists in the list
if galaxy_session in galaxy_auth_classes:
galaxy_auth_classes.remove(galaxy_session)
# Insert galaxy_session at the beginning of the list
galaxy_auth_classes.insert(0, galaxy_session)

if galaxy_auth_classes:
data["ANSIBLE_AUTHENTICATION_CLASSES"] = list(galaxy_auth_classes)
data["GALAXY_AUTHENTICATION_CLASSES"] = list(galaxy_auth_classes)
Expand Down
24 changes: 12 additions & 12 deletions galaxy_ng/tests/unit/app/test_dynaconf_hooks.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ def validate(*args, **kwargs):
@pytest.mark.parametrize(
"do_stuff, extra_settings, expected_results",
[
# >=4.10 no external auth ...
# 0 >=4.10 no external auth ...
(
True,
# False,
Expand All @@ -84,7 +84,7 @@ def validate(*args, **kwargs):
]
},
),
# >=4.10 ldap ...
# 1 >=4.10 ldap ...
(
True,
# False,
Expand Down Expand Up @@ -120,7 +120,7 @@ def validate(*args, **kwargs):
"REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": None,
},
),
# >=4.10 keycloak ...
# 2 >=4.10 keycloak ...
(
True,
# False,
Expand All @@ -143,23 +143,23 @@ def validate(*args, **kwargs):
"ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend",
],
"ANSIBLE_AUTHENTICATION_CLASSES": [
"galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.session.SessionAuthentication",
],
"GALAXY_AUTHENTICATION_CLASSES": [
"galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.session.SessionAuthentication",
],
"REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": [
"galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.session.SessionAuthentication",
],
},
),
# >=4.10 dab ..
# 3 >=4.10 dab ..
(
True,
# False,
Expand Down Expand Up @@ -195,7 +195,7 @@ def validate(*args, **kwargs):
],
},
),
# >=4.10 keycloak+dab ...
# 4 >=4.10 keycloak+dab ...
(
True,
# False,
Expand Down Expand Up @@ -224,32 +224,32 @@ def validate(*args, **kwargs):
"ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend",
],
"ANSIBLE_AUTHENTICATION_CLASSES": [
"galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.session.SessionAuthentication",
"ansible_base.jwt_consumer.hub.auth.HubJWTAuth",
"rest_framework.authentication.TokenAuthentication",
"rest_framework.authentication.BasicAuthentication",
],
"GALAXY_AUTHENTICATION_CLASSES": [
"galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.session.SessionAuthentication",
"ansible_base.jwt_consumer.hub.auth.HubJWTAuth",
"rest_framework.authentication.TokenAuthentication",
"rest_framework.authentication.BasicAuthentication",
],
"REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": [
"galaxy_ng.app.auth.session.SessionAuthentication",
"galaxy_ng.app.auth.keycloak.KeycloakBasicAuth",
"galaxy_ng.app.auth.token.ExpiringTokenAuthentication",
"galaxy_ng.app.auth.session.SessionAuthentication",
"ansible_base.jwt_consumer.hub.auth.HubJWTAuth",
"rest_framework.authentication.TokenAuthentication",
"rest_framework.authentication.BasicAuthentication",
],
},
),
# >=4.10 ldap+dab ...
# 5 >=4.10 ldap+dab ...
(
True,
# False,
Expand Down
Loading