Check if the Authorization header for Basic Authentication is valid

closes #1577
pulp · Apr 13, 2024 · 6c313b1 · 6c313b1
1 parent f377a9c
commit 6c313b1
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/CHANGES/1577.bugfix b/CHANGES/1577.bugfix
@@ -0,0 +1 @@
+Fixed a bug that disallowed users from leveraging the remote authentication.
diff --git a/pulp_container/app/token_verification.py b/pulp_container/app/token_verification.py
@@ -64,8 +64,9 @@ class RegistryAuthentication(BasicAuthentication):
     A basic authentication class that accepts empty username and password as anonymous.
     """
 
-    PULP_AUTHENTICATION_CLASS = "pulpcore.app.authentication.PulpRemoteUserAuthentication"
+    PULP_REMOTE_AUTHENTICATION_CLASS = "pulpcore.app.authentication.PulpRemoteUserAuthentication"
     AUTH_CLASSES = settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"]
+    ALLOWS_REMOTE_AUTHENTICATION = PULP_REMOTE_AUTHENTICATION_CLASS in AUTH_CLASSES
 
     def authenticate(self, request):
         """
@@ -80,13 +81,16 @@ def authenticate(self, request):
             return (AnonymousUser, None)
 
         try:
-            return super().authenticate(request)
+            result = super().authenticate(request)
         except AuthenticationFailed:
-            if self.PULP_AUTHENTICATION_CLASS in self.AUTH_CLASSES:
+            if self.ALLOWS_REMOTE_AUTHENTICATION:
                 return RemoteUserRegistryAuthentication().authenticate(request)
             else:
                 raise
 
+        if result is None and self.ALLOWS_REMOTE_AUTHENTICATION:
+            return RemoteUserRegistryAuthentication().authenticate(request)
+
 
 class RemoteUserRegistryAuthentication(RemoteUserAuthentication):
     """
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fixed a bug that disallowed users from leveraging the remote authentication.