From 619f356ecc06e5f78d8238463ac9af44ca1ac276 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 6 Jun 2022 23:20:13 +0200 Subject: [PATCH] only allow SCIM basic auth for testing and debug Signed-off-by: Jens Langhammer --- authentik/sources/scim/migrations/0001_initial.py | 5 +++-- authentik/sources/scim/views/v2/auth.py | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/authentik/sources/scim/migrations/0001_initial.py b/authentik/sources/scim/migrations/0001_initial.py index 4aac65188..6dcae8e4e 100644 --- a/authentik/sources/scim/migrations/0001_initial.py +++ b/authentik/sources/scim/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 4.0.5 on 2022-06-06 21:03 +# Generated by Django 4.0.5 on 2022-06-06 21:37 import django.db.models.deletion from django.db import migrations, models @@ -38,7 +38,8 @@ class Migration(migrations.Migration): ), ], options={ - "abstract": False, + "verbose_name": "SCIM Source", + "verbose_name_plural": "SCIM Sources", }, bases=("authentik_core.source",), ), diff --git a/authentik/sources/scim/views/v2/auth.py b/authentik/sources/scim/views/v2/auth.py index 60ef9fb05..9ff46eec0 100644 --- a/authentik/sources/scim/views/v2/auth.py +++ b/authentik/sources/scim/views/v2/auth.py @@ -2,6 +2,7 @@ from base64 import b64decode from typing import Any, Optional, Union +from django.conf import settings from rest_framework.authentication import BaseAuthentication, get_authorization_header from rest_framework.request import Request @@ -11,8 +12,10 @@ from authentik.core.models import Token, TokenIntents, User class SCIMTokenAuth(BaseAuthentication): """SCIM Token auth""" - def legacy(self, key: str, source_slug: str) -> Optional[Token]: + def legacy(self, key: str, source_slug: str) -> Optional[Token]: # pragma: no cover """Legacy HTTP-Basic auth for testing""" + if not settings.TEST or not settings.DEBUG: + return None _username, _, password = b64decode(key.encode()).decode().partition(":") token = self.check_token(password, source_slug) if token: