Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make JWT the first auth class and default #14932

Merged
merged 1 commit into from
Feb 27, 2024
Merged

Make JWT the first auth class and default #14932

merged 1 commit into from
Feb 27, 2024

Conversation

chrismeyersfsu
Copy link
Member

SUMMARY

No harm in adding it to the list. If a JWT auth header is provided, then process it (valid or not). If a JWT is not provided, move on to the next auth.

ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • API
AWX VERSION
devel
ADDITIONAL INFORMATION

* No harm in adding it to the list. If a JWT auth header is provided,
  then process it (valid or not). If a JWT is not provided, move on to
  the next auth.
Copy link
Member

@kdelee kdelee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested this out, if no JWT header, everything else (basic, session, token) works fine. So should not regress

@chrismeyersfsu chrismeyersfsu merged commit b3466d4 into devel Feb 27, 2024
22 checks passed
@chrismeyersfsu chrismeyersfsu deleted the AAP-21221 branch February 27, 2024 20:09
@kakawait
Copy link

kakawait commented Jun 5, 2024

I don't know if specific to our installation, is a bit custom (but we didn't touch source code). But with LDAP (didn't test without) since 24.3.1 (and so since this PR) (everything works fine on 23.8.2) we get error on logging page and impossible to log in.

Error is following (fold because long)

AttributeError-at-api-

Since that request.user is None and as soon I rollback that PR code, everything works again.

Dump of `request` object
'_request': <WSGIRequest: GET '/api/'>
'parsers': [<awx.api.parsers.JSONParser object at 0x7f4074d23ed0>]
'authenticators': [<ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4074ba4450>
<awx.api.authentication.LoggedOAuth2Authentication object at 0x7f4074ba4490>
<awx.api.authentication.SessionAuthentication object at 0x7f4074ba4510>
<awx.api.authentication.LoggedBasicAuthentication object at 0x7f4074ba6a50>]
'negotiator': <rest_framework.negotiation.DefaultContentNegotiation object at 0x7f4074ba6790>
'parser_context': {'view': <awx.api.views.root.ApiRootView object at 0x7f4074b9dbd0>
'args': ()
'kwargs': {}
'request': <rest_framework.request.Request: GET '/api/'>
'encoding': 'utf-8'}
'_data': <class 'rest_framework.request.Empty'>
'_files': <class 'rest_framework.request.Empty'>
'_full_data': <class 'rest_framework.request.Empty'>
'_content_type': <class 'rest_framework.request.Empty'>
'_stream': <class 'rest_framework.request.Empty'>
'_authenticator': <ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4074ba4450>
'_user': None
'_auth': None
'accepted_renderer': <awx.api.renderers.DefaultJSONRenderer object at 0x7f4074b9f690>
'accepted_media_type': 'application/json'
'version': 'v2'
'versioning_scheme': <awx.api.versioning.URLPathVersioning object at 0x7f4074d02310>
'csrf_processing_done': True}hello{'_request': <WSGIRequest: GET '/api/'>
'parsers': [<awx.api.parsers.JSONParser object at 0x7f4074d23a10>]
'authenticators': [<ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4074d23b90>
<awx.api.authentication.LoggedOAuth2Authentication object at 0x7f4074d230d0>
<awx.api.authentication.SessionAuthentication object at 0x7f4074cfbc10>
<awx.api.authentication.LoggedBasicAuthentication object at 0x7f4074cfb690>]
'negotiator': <rest_framework.negotiation.DefaultContentNegotiation object at 0x7f407492e6d0>
'parser_context': {'view': <awx.api.views.root.ApiRootView object at 0x7f407492bb50>
'args': ()
'kwargs': {}
'request': <rest_framework.request.Request: GET '/api/'>
'encoding': 'utf-8'}
'_data': <class 'rest_framework.request.Empty'>
'_files': <class 'rest_framework.request.Empty'>
'_full_data': <class 'rest_framework.request.Empty'>
'_content_type': <class 'rest_framework.request.Empty'>
'_stream': <class 'rest_framework.request.Empty'>
'_authenticator': <ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4074d23b90>
'_user': None
'_auth': None
'accepted_renderer': <awx.api.renderers.DefaultJSONRenderer object at 0x7f4074d23b50>
'accepted_media_type': 'application/json'
'version': 'v2'
'versioning_scheme': <awx.api.versioning.URLPathVersioning object at 0x7f4074928b50>
'csrf_processing_done': True}hello{'_request': <WSGIRequest: GET '/api/v2/me/'>
'parsers': [<awx.api.parsers.JSONParser object at 0x7f4074d292d0>]
'authenticators': [<ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4074d2bed0>
<awx.api.authentication.LoggedOAuth2Authentication object at 0x7f4074d2bf50>
<awx.api.authentication.SessionAuthentication object at 0x7f4074d2be90>
<awx.api.authentication.LoggedBasicAuthentication object at 0x7f4074d2be10>]
'negotiator': <rest_framework.negotiation.DefaultContentNegotiation object at 0x7f4074d2b550>
'parser_context': {'view': <awx.api.views.UserMeList object at 0x7f4074d94f50>
'args': ()
'kwargs': {}
'request': <rest_framework.request.Request: GET '/api/v2/me/'>
'encoding': 'utf-8'}
'_data': {}
'_files': <MultiValueDict: {}>
'_full_data': {}
'_content_type': <class 'rest_framework.request.Empty'>
'_stream': None
'_authenticator': <ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4074d2bed0>
'_user': None
'_auth': None
'accepted_renderer': <awx.api.renderers.DefaultJSONRenderer object at 0x7f4074d02a10>
'accepted_media_type': 'application/json'
'version': 'v2'
'versioning_scheme': <awx.api.versioning.URLPathVersioning object at 0x7f4074d10e10>}hello{'_request': <WSGIRequest: GET '/api/v2/auth/'>
'parsers': [<awx.api.parsers.JSONParser object at 0x7f4074d2bf90>]
'authenticators': ()
'negotiator': <rest_framework.negotiation.DefaultContentNegotiation object at 0x7f4074d296d0>
'parser_context': {'view': <awx.api.views.AuthView object at 0x7f4074d9cf50>
'args': ()
'kwargs': {}
'request': <rest_framework.request.Request: GET '/api/v2/auth/'>
'encoding': 'utf-8'}
'_data': <class 'rest_framework.request.Empty'>
'_files': <class 'rest_framework.request.Empty'>
'_full_data': <class 'rest_framework.request.Empty'>
'_content_type': <class 'rest_framework.request.Empty'>
'_stream': <class 'rest_framework.request.Empty'>
'_authenticator': None
'_user': <django.contrib.auth.models.AnonymousUser object at 0x7f4074d29790>
'_auth': None
'accepted_renderer': <awx.api.renderers.DefaultJSONRenderer object at 0x7f4074d2bf10>
'accepted_media_type': 'application/json'
'version': 'v2'
'versioning_scheme': <awx.api.versioning.URLPathVersioning object at 0x7f4074d299d0>}hello{'_request': <WSGIRequest: GET '/api/v2/me/'>
'parsers': [<awx.api.parsers.JSONParser object at 0x7f4073a88890>]
'authenticators': [<ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4073a88250>
<awx.api.authentication.LoggedOAuth2Authentication object at 0x7f4073a8bbd0>
<awx.api.authentication.SessionAuthentication object at 0x7f4073a8ad90>
<awx.api.authentication.LoggedBasicAuthentication object at 0x7f4073af3f50>]
'negotiator': <rest_framework.negotiation.DefaultContentNegotiation object at 0x7f4073af1450>
'parser_context': {'view': <awx.api.views.UserMeList object at 0x7f40748e0f50>
'args': ()
'kwargs': {}
'request': <rest_framework.request.Request: GET '/api/v2/me/'>
'encoding': 'utf-8'}
'_data': {}
'_files': <MultiValueDict: {}>
'_full_data': {}
'_content_type': <class 'rest_framework.request.Empty'>
'_stream': None
'_authenticator': <ansible_base.jwt_consumer.awx.auth.AwxJWTAuthentication object at 0x7f4073a88250>
'_user': None
'_auth': None
'accepted_renderer': <awx.api.renderers.DefaultJSONRenderer object at 0x7f4073a88450>
'accepted_media_type': 'application/json'
'version': 'v2'
'versioning_scheme': <awx.api.versioning.URLPathVersioning object at 0x7f4073a88bd0>

Regarding the error, I don't think is related to LDAP. But do you have any idea if something missing on my installation to explain that failure?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants