diff --git a/ansible_base/authentication/views/authenticator_plugins.py b/ansible_base/authentication/views/authenticator_plugins.py index 0ee5ae807..759ed8032 100644 --- a/ansible_base/authentication/views/authenticator_plugins.py +++ b/ansible_base/authentication/views/authenticator_plugins.py @@ -12,6 +12,9 @@ def get(self, request, format=None): for p in plugins: try: klass = get_authenticator_class(p) + if getattr(klass, "type", "") == "internal": + # Allow for 'hiding' some plugins from this list so the UI doesn't show them as a choice. + continue config = klass.configuration_class() config_schema = config.get_configuration_schema() resp['authenticators'].append( diff --git a/test_app/tests/authentication/views/test_authenticator_plugins.py b/test_app/tests/authentication/views/test_authenticator_plugins.py index bdaee983a..276f1b4ae 100644 --- a/test_app/tests/authentication/views/test_authenticator_plugins.py +++ b/test_app/tests/authentication/views/test_authenticator_plugins.py @@ -2,11 +2,17 @@ from ansible_base.lib.utils.response import get_relative_url -def test_plugin_authenticator_view(admin_api_client): +def test_plugin_authenticator_view(admin_api_client, settings): """ Test the authenticator plugin view. It should show all available plugins (which exist on the system as python files, not database entries). """ + fixture_module = "test_app.tests.fixtures.authenticator_plugins" + settings.ANSIBLE_BASE_AUTHENTICATOR_CLASS_PREFIXES = [ + "ansible_base.authentication.authenticator_plugins", + fixture_module, + ] + url = get_relative_url("authenticator_plugin-view") response = admin_api_client.get(url) assert response.status_code == 200 @@ -16,6 +22,9 @@ def test_plugin_authenticator_view(admin_api_client): assert 'ansible_base.authentication.authenticator_plugins.ldap' in auth_types assert 'ansible_base.authentication.authenticator_plugins.local' in auth_types + # ones defined with type == 'internal' are not shown on this endpoint + assert f"{fixture_module}.definitely_not_public" not in auth_types + def test_plugin_authenticator_view_import_error(admin_api_client, shut_up_logging, settings): """ diff --git a/test_app/tests/fixtures/authenticator_plugins/custom.py b/test_app/tests/fixtures/authenticator_plugins/custom.py index 690cb40b3..b9a571638 100644 --- a/test_app/tests/fixtures/authenticator_plugins/custom.py +++ b/test_app/tests/fixtures/authenticator_plugins/custom.py @@ -8,12 +8,13 @@ class AuthenticatorPlugin(AbstractAuthenticatorPlugin): + configuration_encrypted_fields = [] + type = "custom" + category = "password" + def __init__(self, database_instance=None, *args, **kwargs): super().__init__(database_instance, *args, **kwargs) - self.configuration_encrypted_fields = [] - self.type = "custom" self.set_logger(logger) - self.category = "password" def authenticate(self, request, username=None, password=None, **kwargs): if username == "admin" and password == "hello123": diff --git a/test_app/tests/fixtures/authenticator_plugins/definitely_not_public.py b/test_app/tests/fixtures/authenticator_plugins/definitely_not_public.py new file mode 100644 index 000000000..711c9748f --- /dev/null +++ b/test_app/tests/fixtures/authenticator_plugins/definitely_not_public.py @@ -0,0 +1,24 @@ +import logging + +from django.contrib.auth import get_user_model + +from ansible_base.authentication.authenticator_plugins.base import AbstractAuthenticatorPlugin + +logger = logging.getLogger('test_app.tests.fixtures.authenticator_plugins.definitely_not_public') + + +class AuthenticatorPlugin(AbstractAuthenticatorPlugin): + configuration_encrypted_fields = [] + type = "internal" + category = "password" + + def __init__(self, database_instance=None, *args, **kwargs): + super().__init__(database_instance, *args, **kwargs) + self.set_logger(logger) + + def authenticate(self, request, username=None, password=None, **kwargs): + if username == "admin" and password == "hello123": + user = get_user_model().objects.get(username=username) + return user + + return None