Prevent Authorization header to be overwritten

pulp · Jul 1, 2024 · cbcf3c8 · cbcf3c8
1 parent e858364
commit cbcf3c8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/CHANGES/+auth_header.bugfix b/CHANGES/+auth_header.bugfix
@@ -0,0 +1 @@
+A provided "Authorization" header will no longer be overruled by other authentication mechanisms.
diff --git a/pulp-glue/pulp_glue/common/openapi.py b/pulp-glue/pulp_glue/common/openapi.py
@@ -604,7 +604,11 @@ def render_request(
             "security", self.api_spec.get("security", {})
         )
         if security and self.auth_provider:
-            auth = self.auth_provider(security, self.api_spec["components"]["securitySchemes"])
+            if "Authorization" in self._session.headers:
+                # Bad idea, but you wanted it that way.
+                auth = None
+            else:
+                auth = self.auth_provider(security, self.api_spec["components"]["securitySchemes"])
         else:
             # No auth required? Don't provide it.
             # No auth_provider available? Hope for the best (should do the trick for cert auth).