Skip to content

add support to most recent Flask versions #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+14 −9
Open

add support to most recent Flask versions #16

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1a63f2
add support to most recent Flask versions
PauloLuna Mar 15, 2024
10c0fc5
Merge pull request #1 from PauloLuna/PauloLuna-patch-1
PauloLuna Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 14 additions & 9 deletions flask_kerberos.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import kerberos

from flask import Response
from flask import _request_ctx_stack as stack
from flask import g
from flask import make_response
from flask import request
from functools import wraps
Expand All @@ -10,6 +10,11 @@

_SERVICE_NAME = None

def get_ctx():
if 'flask_kerberos' not in g:
g.flask_kerberos = {}

return g.flask_kerberos

def init_kerberos(app, service='HTTP', hostname=gethostname()):
'''
Expand Down Expand Up @@ -65,15 +70,15 @@ def _gssapi_authenticate(token):
@rtype: int or None
'''
state = None
ctx = stack.top
ctx = get_ctx()
try:
rc, state = kerberos.authGSSServerInit(_SERVICE_NAME)
if rc != kerberos.AUTH_GSS_COMPLETE:
return None
rc = kerberos.authGSSServerStep(state, token)
if rc == kerberos.AUTH_GSS_COMPLETE:
ctx.kerberos_token = kerberos.authGSSServerResponse(state)
ctx.kerberos_user = kerberos.authGSSServerUserName(state)
ctx['kerberos_token'] = kerberos.authGSSServerResponse(state)
ctx['kerberos_user'] = kerberos.authGSSServerUserName(state)
return rc
elif rc == kerberos.AUTH_GSS_CONTINUE:
return kerberos.AUTH_GSS_CONTINUE
Expand Down Expand Up @@ -101,15 +106,15 @@ def requires_authentication(function):
def decorated(*args, **kwargs):
header = request.headers.get("Authorization")
if header:
ctx = stack.top
ctx = get_ctx()
token = ''.join(header.split()[1:])
rc = _gssapi_authenticate(token)
if rc == kerberos.AUTH_GSS_COMPLETE:
response = function(ctx.kerberos_user, *args, **kwargs)
if rc == kerberos.AUTH_GSS_COMPLETE and 'kerberos_user' in ctx:
response = function(ctx['kerberos_user'], *args, **kwargs)
response = make_response(response)
if ctx.kerberos_token is not None:
if 'kerberos_token' in ctx:
response.headers['WWW-Authenticate'] = ' '.join(['negotiate',
ctx.kerberos_token])
ctx['kerberos_token']])
return response
elif rc != kerberos.AUTH_GSS_CONTINUE:
return _forbidden()
Expand Down