Skip to content
Snippets Groups Projects
Commit 5f076585 authored by Pavel Kácha's avatar Pavel Kácha
Browse files

X509MixMatchAuthenticator: fixed, added logging, config, allowing setting of null secret

parent a18d473c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
warden3/warden_server/README
+ 2
1
View file @ 5f076585
...@@ -214,7 +214,8 @@ warden_server.py register [--help] -n NAME -h HOSTNAME -r REQUESTOR ...@@ -214,7 +214,8 @@ warden_server.py register [--help] -n NAME -h HOSTNAME -r REQUESTOR
-r REQUESTOR, --requestor REQUESTOR -r REQUESTOR, --requestor REQUESTOR
requestor email requestor email
-s SECRET, --secret SECRET -s SECRET, --secret SECRET
authentication token authentication token (use explicit empty string to
disable)
--note NOTE client freetext description --note NOTE client freetext description
--valid valid client (default) --valid valid client (default)
--novalid --novalid
......
warden3/warden_server/warden_server.py
+ 11
3
View file @ 5f076585
...@@ -394,7 +394,7 @@ class X509MixMatchAuthenticator(PlainAuthenticator): ...@@ -394,7 +394,7 @@ class X509MixMatchAuthenticator(PlainAuthenticator):
def __init__(self, req, log, db): def __init__(self, req, log, db):
PlainAuthenticator.__init__(self, req, log, db) PlainAuthenticator.__init__(self, req, log, db)
self.hostname_auth = X509Authenticator(req, log, db) self.hostname_auth = X509Authenticator(req, log, db)
self.name_auth = X509Authenticator(req, log, db) self.name_auth = X509NameAuthenticator(req, log, db)
def authenticate(self, env, args): def authenticate(self, env, args):
...@@ -421,7 +421,8 @@ class X509MixMatchAuthenticator(PlainAuthenticator): ...@@ -421,7 +421,8 @@ class X509MixMatchAuthenticator(PlainAuthenticator):
else: else:
auth = self.hostname_auth auth = self.hostname_auth
return auth.authenticate(self, env, args) self.log.info("MixMatch is choosing %s" % type(auth).__name__)
return auth.authenticate(env, args)
class NoValidator(ObjectBase): class NoValidator(ObjectBase):
...@@ -601,6 +602,8 @@ class MySQL(ObjectBase): ...@@ -601,6 +602,8 @@ class MySQL(ObjectBase):
for attr in set(Client._fields) - set(["id", "registered"]): for attr in set(Client._fields) - set(["id", "registered"]):
val = kwargs.get(attr, None) val = kwargs.get(attr, None)
if val is not None: if val is not None:
if attr == "secret" and val == "": # disable secret
val = None
uquery.append("`%s` = %%s" % attr) uquery.append("`%s` = %%s" % attr)
params.append(val) params.append(val)
if not uquery: if not uquery:
...@@ -1243,6 +1246,11 @@ param_def = { ...@@ -1243,6 +1246,11 @@ param_def = {
"log": {"type": "obj", "default": "log"}, "log": {"type": "obj", "default": "log"},
"db": {"type": "obj", "default": "db"} "db": {"type": "obj", "default": "db"}
}, },
X509MixMatchAuthenticator: {
"req": {"type": "obj", "default": "req"},
"log": {"type": "obj", "default": "log"},
"db": {"type": "obj", "default": "db"}
},
NoValidator: { NoValidator: {
"req": {"type": "obj", "default": "req"}, "req": {"type": "obj", "default": "req"},
"log": {"type": "obj", "default": "log"}, "log": {"type": "obj", "default": "log"},
...@@ -1511,7 +1519,7 @@ def add_client_args(subargp, mod=False): ...@@ -1511,7 +1519,7 @@ def add_client_args(subargp, mod=False):
subargp.add_argument("-r", "--requestor", required=not mod, subargp.add_argument("-r", "--requestor", required=not mod,
help="requestor email") help="requestor email")
subargp.add_argument("-s", "--secret", subargp.add_argument("-s", "--secret",
help="authentication token") help="authentication token (use explicit empty string to disable)")
subargp.add_argument("--note", subargp.add_argument("--note",
help="client freetext description") help="client freetext description")
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment