Make authentication extendable
Plugins can't easily extend authentications with their own means of authentication if SSL is used. The reason is that #authorize_with_ssl_client before block would always fail on SSL if no client is available. In REX there are use cases where REX core worker is authenticated differently (looking at serial number or using token). The authentication methods should not run if other authentication method already succeeded. That will also help to avoid running both trusted hosts and ssl auth methods that are built in proxy.
Fixes #21605 - more authorization options
Before this change, when using authorization helpers, one got all or
nothing, without any chance to use the authorization just of a subset of
This patch introduces `Sinatra::Authorization::Helpers` that provide
`do_authorize*` methods that are not wrapped in the before block. so that
they their usage is more flexible.
#3 Updated by Lukas Zapletal 9 months ago
- Triaged changed from No to Yes
- Status changed from Ready For Testing to New
- Pull request deleted (
The proposal was not considered good enough, the authorization mechanism needs a modular and plugin-friendly approach. https://github.com/theforeman/smart-proxy/pull/550