From 0bca61e61f295283d4a67f6e2b1e8b5a52c0f2c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Mon, 30 Jan 2017 07:04:05 +0000 Subject: [PATCH] Add preliminary LDAP fallback support for Kerberos protected API calls --- certidude/auth.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/certidude/auth.py b/certidude/auth.py index 6972416..90ffe2a 100644 --- a/certidude/auth.py +++ b/certidude/auth.py @@ -35,6 +35,12 @@ if "kerberos" in config.AUTHENTICATION_BACKENDS: def authenticate(optional=False): def wrapper(func): def kerberos_authenticate(resource, req, resp, *args, **kwargs): + # If LDAP enabled and device is not Kerberos capable fall + # back to LDAP bind authentication + if "ldap" in config.AUTHENTICATION_BACKENDS: + if "Android" in req.user_agent: + return ldap_authenticate(resource, req, resp, *args, **kwargs) + # Try pre-emptive authentication if not req.auth: if optional: @@ -191,7 +197,7 @@ def authenticate(optional=False): req.context["user"] = User.objects.get(user) return func(resource, req, resp, *args, **kwargs) - if config.AUTHENTICATION_BACKENDS == {"kerberos"}: + if "kerberos" in config.AUTHENTICATION_BACKENDS: return kerberos_authenticate elif config.AUTHENTICATION_BACKENDS == {"pam"}: return pam_authenticate