diff --git a/awx/api/generics.py b/awx/api/generics.py
index 9e1698a61f3a..5c6f03e11b0f 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -14,7 +14,7 @@
from django.db import connection, transaction
from django.db.models.fields.related import OneToOneRel
from django.http import QueryDict
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, redirect
from django.template.loader import render_to_string
from django.utils.encoding import smart_str
from django.utils.safestring import mark_safe
@@ -36,7 +36,7 @@
# django-ansible-base
from ansible_base.rest_filters.rest_framework.field_lookup_backend import FieldLookupBackend
from ansible_base.lib.utils.models import get_all_field_names
-from ansible_base.lib.utils.requests import get_remote_host
+from ansible_base.lib.utils.requests import get_remote_host, is_proxied_request
from ansible_base.rbac.models import RoleEvaluation, RoleDefinition
from ansible_base.rbac.permission_registry import permission_registry
from ansible_base.jwt_consumer.common.util import validate_x_trusted_proxy_header
@@ -82,6 +82,12 @@
class LoggedLoginView(auth_views.LoginView):
def get(self, request, *args, **kwargs):
+ if is_proxied_request():
+ next = request.GET.get('next', "")
+ if next:
+ next = f"?next={next}"
+ return redirect(f"/login{next}")
+
# The django.auth.contrib login form doesn't perform the content
# negotiation we've come to expect from DRF; add in code to catch
# situations where Accept != text/html (or */*) and reply with
@@ -97,6 +103,15 @@ def get(self, request, *args, **kwargs):
return super(LoggedLoginView, self).get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
+ if is_proxied_request():
+ # Give a message, saying to login via AAP
+ return Response(
+ {
+ 'detail': _('Please log in via Platform Authentication.'),
+ },
+ status=status.HTTP_401_UNAUTHORIZED,
+ )
+
ret = super(LoggedLoginView, self).post(request, *args, **kwargs)
ip = get_remote_host(request) # request.META.get('REMOTE_ADDR', None)
if request.user.is_authenticated:
@@ -119,6 +134,12 @@ class LoggedLogoutView(auth_views.LogoutView):
success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()
def dispatch(self, request, *args, **kwargs):
+ if is_proxied_request():
+ next = request.GET.get('next', "")
+ if next:
+ next = f"?next={next}"
+ return redirect(f"/logout/{next}")
+
original_user = getattr(request, 'user', None)
ret = super(LoggedLogoutView, self).dispatch(request, *args, **kwargs)
current_user = getattr(request, 'user', None)
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index bf1e6e57270d..e535cf10dd95 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -320,6 +320,10 @@
'social_django.context_processors.login_redirect',
],
'builtins': ['awx.main.templatetags.swagger'],
+ 'libraries': {
+ "ansible_base.lib.templatetags.requests": "ansible_base.lib.templatetags.requests",
+ "ansible_base.lib.templatetags.util": "ansible_base.lib.templatetags.util",
+ },
},
'DIRS': [
os.path.join(BASE_DIR, 'templates'),
diff --git a/awx/templates/rest_framework/api.html b/awx/templates/rest_framework/api.html
index fbcfe97b30b1..806e915c22ed 100644
--- a/awx/templates/rest_framework/api.html
+++ b/awx/templates/rest_framework/api.html
@@ -1,11 +1,18 @@
{% extends 'rest_framework/base.html' %}
-{% load i18n static %}
+{% load i18n static ansible_base.lib.templatetags.requests ansible_base.lib.templatetags.util %}
{% block title %}{{ name }} · {% trans 'AWX REST API' %}{% endblock %}
{% block bootstrap_theme %}
+ {% is_proxied_request as proxied %}
+ {% if proxied %}
+
+ {% else %}
+ {% endif %}
{% endblock %}
{% block style %}
@@ -24,7 +31,6 @@
- 
{% trans 'REST API' %}
@@ -74,5 +80,13 @@
{{ block.super }}
+
+{% is_proxied_request as proxied %}
+{% if proxied %}
+
+{% else %}
+{% endif %}
{% endblock %}