Check if the Authorization header for Basic Authentication is valid

If the header is not valid, DRF returns None when calling the authenticate() method. This can cause troubles when users are leveraging the remote authentication because Pulp thinks they are anonymous users. In the end, authorized users cannot push or pull content from Pulp. This affects only admin users in scenarios where the token authentication is disabled. closes #1577 (cherry picked from commit b1c5d70)
pulp · Dec 4, 2024 · 32bcee5 · 32bcee5
1 parent 5672378
commit 32bcee5
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 3 deletions.
diff --git a/CHANGES/1577.bugfix b/CHANGES/1577.bugfix
@@ -0,0 +1 @@
+Fixed a bug that disallowed users from leveraging the remote authentication.
diff --git a/pulp_container/app/token_verification.py b/pulp_container/app/token_verification.py
@@ -74,9 +74,6 @@ def authenticate(self, request):
 
         If basic authentication could not success, remote webserver authentication is considered.
         """
-        if request.headers.get("Authorization") == "Basic Og==":
-            return (AnonymousUser, None)
-
         try:
             user = super().authenticate(request)
         except AuthenticationFailed:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fixed a bug that disallowed users from leveraging the remote authentication.