allow to explicitly disable client authentication

2026-04-05 11:48:33 +08:00 · 2017-02-20 16:52:54 +10:00
parent 6eaf8d7863
commit be65a0ff81
4 changed files with 16 additions and 0 deletions
--- a/conf/config.py
+++ b/conf/config.py
@@ -86,6 +86,9 @@ class BaseConfiguration(object):
    AMQ_PRIVATE_KEY_FILE = '/etc/module_build_service/msg-m8y-client.key'
    AMQ_TRUSTED_CERT_FILE = '/etc/module_build_service/Root-CA.crt'

+    # Disable Client Authorization
+    NO_AUTH = False
+

 class DevConfiguration(BaseConfiguration):
    DEBUG = True
--- a/module_build_service/auth.py
+++ b/module_build_service/auth.py
@@ -92,6 +92,10 @@ def get_user(request):
    Returns the client's username and groups based on the OIDC token provided.
    """

+    if app.config['NO_AUTH']:
+        log.debug("Authorization is disabled.")
+        return
+
    _load_secrets()

    if not "oidc_token" in request.cookies:
--- a/module_build_service/config.py
+++ b/module_build_service/config.py
@@ -280,6 +280,10 @@ class Config(object):
            'type': int,
            'default': 30,
            'desc': 'Global network retry interval for read/write operations, in seconds.'},
+        'no_auth': {
+            'type': bool,
+            'default': False,
+            'desc': 'Disable client authentication.'},
    }

    def __init__(self, conf_section_obj):
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -62,3 +62,8 @@ class TestAuthModule(unittest.TestCase):
        request.cookies.return_value = {"oidc_token", "1234"}
        result = module_build_service.auth.get_user(request)
        eq_(result, name)
+
+    def test_disable_authentication(self):
+        with patch.dict('module_build_service.app.config', {'NO_AUTH': True}, clear=True):
+            request = mock.MagicMock()
+            eq_(module_build_service.auth.get_user(request), None)