diff options
author | Simo Sorce <simo@redhat.com> | 2015-04-07 22:23:47 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-07 22:57:49 -0400 |
commit | 0c8c416289514889ec095c203880a8ce1e4c23d4 (patch) | |
tree | 204aa7dde9538b7bc4acda4808507270b28e93a3 /custodia/httpd/server.py | |
parent | 50abe3fd6ec1ed43a14fad94ad1fe2081f6e9cee (diff) | |
download | custodia-0c8c416289514889ec095c203880a8ce1e4c23d4.tar.gz custodia-0c8c416289514889ec095c203880a8ce1e4c23d4.tar.xz custodia-0c8c416289514889ec095c203880a8ce1e4c23d4.zip |
Change authenticators to return a result
Authenticators will not signal anymore validity by adding a request
attributes.
Instead they can return on of three values:
- True, indicates positive authentication
- False, indicate explicit failure
- None, inicates neither success nor failure, not applicable
Diffstat (limited to 'custodia/httpd/server.py')
-rw-r--r-- | custodia/httpd/server.py | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/custodia/httpd/server.py b/custodia/httpd/server.py index 0e58f0d..a5e59a9 100644 --- a/custodia/httpd/server.py +++ b/custodia/httpd/server.py @@ -55,9 +55,12 @@ class ForkingLocalHTTPServer(ForkingMixIn, UnixStreamServer): correct consumer based on the server configuration, that is provided at initialization time. - When authentication is performed the request dictionary will have - a 'valid_auth' boolean member set to True if authentication was - successful. Additional attributes may be set by authentication plugins. + When authentication is performed all the authenticators are executed. + If any returns False, authentication fails and a 403 error is raised. + If none of them positively succeeds and they all return None then also + authentication fails and a 403 error is raised. Authentication plugins + can add attributes to the request object for use of authorization or + other plugins. Once authentication is successful the pipeline will parse the path component and find the consumer plugin that handles the provided path @@ -92,9 +95,14 @@ class ForkingLocalHTTPServer(ForkingMixIn, UnixStreamServer): authers = self.config.get('authenticators') if authers is None: raise HTTPError(403) + valid_once = False for auth in authers: - authers[auth].handle(request) - if 'valid_auth' not in request or request['valid_auth'] is not True: + valid = authers[auth].handle(request) + if valid is False: + raise HTTPError(403) + elif valid is True: + valid_once = True + if valid_once is not True: raise HTTPError(403) # Select consumer |