auth: Revert back to authentication using a web form

[pbs.git] / src / web / base.py

diff --git a/src/web/base.py b/src/web/base.py
index b7c96d96c1fec9025c6904dd145092b58df8a46b..15dd79a76d5d0841ea1df7973642fc348afa8fa8 100644 (file)
--- a/src/web/base.py
+++ b/src/web/base.py
@@ -52,6 +52,7 @@ class KerberosAuthMixin(object):
                # Set status to 401
                self.set_status(401)
 
+       @functools.cache
        def get_authenticated_user(self):
                auth_header = self.request.headers.get("Authorization", None)
 
@@ -60,7 +61,7 @@ class KerberosAuthMixin(object):
                        return
 
                # Perform GSS API Negotiation
-               if auth_header.startswith("Negotiate"):
+               if auth_header.startswith("Negotiate "):
                        return self._auth_negotiate(auth_header)
 
                # Perform Basic Authentication
@@ -127,6 +128,10 @@ class KerberosAuthMixin(object):
                except:
                        raise tornado.web.HTTPError(400, "Authorization data was malformed")
 
+               # Authenticate against Kerberos
+               return self._auth_with_credentials(username, password)
+
+       def _auth_with_credentials(self, username, password):
                # Check the credentials against the Kerberos database
                try:
                        kerberos.checkPassword(username, password,