swh.deposit.auth module

swh.deposit.auth.convert_response(request, content)

Convert response from drf’s basic authentication mechanism to a swh-deposit one.

Args:

request (Request): Use to build the response content (bytes): The drf’s answer

Returns:

Response with the same status error as before, only the body is now an swh-deposit compliant one.

class swh.deposit.auth.WrapBasicAuthenticationResponseMiddleware(get_response)

Bases: object

Middleware to capture potential authentication error and convert them to standard deposit response.

This is to be installed in django’s settings.py module.

class swh.deposit.auth.HasDepositPermission

Bases: rest_framework.permissions.BasePermission

Allows access to authenticated users with the DEPOSIT_PERMISSION.

has_permission(request, view)

Return True if permission is granted, False otherwise.

class swh.deposit.auth.KeycloakBasicAuthentication

Bases: rest_framework.authentication.BasicAuthentication

Keycloack authentication against username/password.

Deposit users will continue sending Basic authentication queries to the deposit server. Transparently, the deposit server will stop authenticate itself the users. It will delegate the authentication queries to the keycloak instance.

Technically, reuses rest_framework.BasicAuthentication and overrides the func:authenticate_credentials method to discuss with keycloak.

As an implementation detail, this also uses the django cache mechanism to avoid too many authentication request to keycloak.

property client

get_user(user_id: str) → Optional[swh.auth.django.models.OIDCUser]

Retrieve user from cache if any.

authenticate_credentials(user_id, password, request)

Authenticate the user_id/password against keycloak.

Raises

AuthenticationFailed in case of authentication failure –

Returns

Tuple of deposit_client, None.