Issue #6989
closedcert auth does not work with current binding gems
Description
Our pulp settings.py has these settings added:
REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'
)
and authenticating with a cert works fine:
# curl https://`hostname`/pulp/api/v3/tasks/ --cert /etc/pki/katello/certs/pulp-client.crt --key /etc/pki/katello/private/pulp-client.key
{"count":0,"next":null,"previous":null,"results":[]}[
However, using the bindings does not work, i always get:
Response body: {"detail":"Invalid username/password."}
This used to work, but after updating to master, it no longer does. After some investigation I realized that the bindings were adding basic auth headers even when basic auth wasn't used and this was related. I could mimick this with curl:
# curl https://`hostname`/pulp/api/v3/tasks/ --cert /etc/pki/katello/certs/pulp-client.crt --key /etc/pki/katello/private/pulp-client.key -u ':'
This works perfectly fine against 3.4, but not against pulpcore master. I even manually patched the local ruby bindings to omit basic auth: https://gist.github.com/jlsherrill/dece315a225a9de4365d176461591ef4
and that seemed to work around the issue.
I glanced through the commit log and didn't see anything all that relevant, so i wonder if it was a django update as i did notice an update there and with django-rest-framework
Tried with bindings 3.5.0.dev01592305561 (as well as 3.4.1)
Updated by fao89 over 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to fao89
Updated by fao89 over 4 years ago
- Status changed from ASSIGNED to NEW
- Assignee deleted (
fao89)
Updated by fao89 over 4 years ago
- Triaged changed from No to Yes
- Sprint set to Sprint 75
Updated by dkliban@redhat.com over 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to dkliban@redhat.com
I could not reproduce the issue. I used the cento7-katello-nightly box and upgraded pulpcore and related packages to 3.5.0. Is this issue still reproducing for you?
Updated by sajha over 4 years ago
Cannot reproduce this on pulpcore 3.5.0 with pulpcore_client-3.5.0 gem or pulpcore_client-3.4.z gem on a katello box.
Updated by dkliban@redhat.com over 4 years ago
- Status changed from ASSIGNED to CLOSED - WORKSFORME
Updated by fao89 over 4 years ago
I believe we should test it again since we changed the OpenAPI