Check if the Authorization header for Basic Authentication is valid

If the header is not valid, DRF returns None when calling the
authenticate() method. This can cause troubles when users are
leveraging the remote authentication because Pulp thinks they
are anonymous users. In the end, authorized users cannot
push or pull content from Pulp. This affects only admin users
in scenarios where the token authentication is disabled.

closes pulp#1577

Author: lubosmj

CHANGES/1577.bugfix

@@ -0,0 +1 @@
+Fixed a bug that disallowed users from leveraging the remote authentication.

pulp_container/app/token_verification.py

@@ -64,29 +64,29 @@ class RegistryAuthentication(BasicAuthentication):
     A basic authentication class that accepts empty username and password as anonymous.
     """
 
-    PULP_AUTHENTICATION_CLASS = "pulpcore.app.authentication.PulpRemoteUserAuthentication"
+    PULP_REMOTE_AUTHENTICATION_CLASS = "pulpcore.app.authentication.PulpRemoteUserAuthentication"
     AUTH_CLASSES = settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"]
+    ALLOWS_REMOTE_AUTHENTICATION = PULP_REMOTE_AUTHENTICATION_CLASS in AUTH_CLASSES
 
     def authenticate(self, request):
         """
         Perform basic authentication with the exception to accept empty credentials.
 
-        For anonymous user, Podman sends 'Authorization': 'Basic Og=='.
-        This represents ":" in base64.
-
         If basic authentication could not success, remote webserver authentication is considered.
         """
-        if request.headers.get("Authorization") == "Basic Og==":
-            return (AnonymousUser, None)
-
         try:
-            return super().authenticate(request)
+            user = super().authenticate(request)
         except AuthenticationFailed:
-            if self.PULP_AUTHENTICATION_CLASS in self.AUTH_CLASSES:
+            if self.ALLOWS_REMOTE_AUTHENTICATION:
                 return RemoteUserRegistryAuthentication().authenticate(request)
             else:
                 raise
 
+        if user is None and self.ALLOWS_REMOTE_AUTHENTICATION:
+            return RemoteUserRegistryAuthentication().authenticate(request)
+        else:
+            return user
+
 
 class RemoteUserRegistryAuthentication(RemoteUserAuthentication):
     """