only allow SCIM basic auth for testing and debug

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-06 23:20:13 +02:00 · 2022-06-06 23:20:13 +02:00 · 619f356ecc
parent d99a81d32f
commit 619f356ecc
2 changed files with 7 additions and 3 deletions
--- a/authentik/sources/scim/migrations/0001_initial.py
+++ b/authentik/sources/scim/migrations/0001_initial.py
@ -1,4 +1,4 @@
-# Generated by Django 4.0.5 on 2022-06-06 21:03
+# Generated by Django 4.0.5 on 2022-06-06 21:37

 import django.db.models.deletion
 from django.db import migrations, models
@ -38,7 +38,8 @@ class Migration(migrations.Migration):
                ),
            ],
            options={
-                "abstract": False,
+                "verbose_name": "SCIM Source",
+                "verbose_name_plural": "SCIM Sources",
            },
            bases=("authentik_core.source",),
        ),
--- a/authentik/sources/scim/views/v2/auth.py
+++ b/authentik/sources/scim/views/v2/auth.py
@ -2,6 +2,7 @@
 from base64 import b64decode
 from typing import Any, Optional, Union

+from django.conf import settings
 from rest_framework.authentication import BaseAuthentication, get_authorization_header
 from rest_framework.request import Request

@ -11,8 +12,10 @@ from authentik.core.models import Token, TokenIntents, User
 class SCIMTokenAuth(BaseAuthentication):
    """SCIM Token auth"""

-    def legacy(self, key: str, source_slug: str) -> Optional[Token]:
+    def legacy(self, key: str, source_slug: str) -> Optional[Token]:  # pragma: no cover
        """Legacy HTTP-Basic auth for testing"""
+        if not settings.TEST or not settings.DEBUG:
+            return None
        _username, _, password = b64decode(key.encode()).decode().partition(":")
        token = self.check_token(password, source_slug)
        if token: