only allow SCIM basic auth for testing and debug

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-06-06 23:20:13 +02:00 committed by Jens Langhammer
parent d99a81d32f
commit 619f356ecc
No known key found for this signature in database
2 changed files with 7 additions and 3 deletions

View File

@ -1,4 +1,4 @@
# Generated by Django 4.0.5 on 2022-06-06 21:03 # Generated by Django 4.0.5 on 2022-06-06 21:37
import django.db.models.deletion import django.db.models.deletion
from django.db import migrations, models from django.db import migrations, models
@ -38,7 +38,8 @@ class Migration(migrations.Migration):
), ),
], ],
options={ options={
"abstract": False, "verbose_name": "SCIM Source",
"verbose_name_plural": "SCIM Sources",
}, },
bases=("authentik_core.source",), bases=("authentik_core.source",),
), ),

View File

@ -2,6 +2,7 @@
from base64 import b64decode from base64 import b64decode
from typing import Any, Optional, Union from typing import Any, Optional, Union
from django.conf import settings
from rest_framework.authentication import BaseAuthentication, get_authorization_header from rest_framework.authentication import BaseAuthentication, get_authorization_header
from rest_framework.request import Request from rest_framework.request import Request
@ -11,8 +12,10 @@ from authentik.core.models import Token, TokenIntents, User
class SCIMTokenAuth(BaseAuthentication): class SCIMTokenAuth(BaseAuthentication):
"""SCIM Token auth""" """SCIM Token auth"""
def legacy(self, key: str, source_slug: str) -> Optional[Token]: def legacy(self, key: str, source_slug: str) -> Optional[Token]: # pragma: no cover
"""Legacy HTTP-Basic auth for testing""" """Legacy HTTP-Basic auth for testing"""
if not settings.TEST or not settings.DEBUG:
return None
_username, _, password = b64decode(key.encode()).decode().partition(":") _username, _, password = b64decode(key.encode()).decode().partition(":")
token = self.check_token(password, source_slug) token = self.check_token(password, source_slug)
if token: if token: