PulpNoCreateRemoteUserBackend fails without rest_framework.permissions.AllowAny

[ianballou]

Version

      "versions": {
        "deb": "3.5.1",
        "rpm": "3.28.0",
        "core": "3.70.0",
        "file": "3.70.0",
        "ostree": "2.4.6",
        "python": "3.13.2",
        "ansible": "0.24.1",
        "certguard": "3.70.0",
        "container": "2.24.0"
      }

Describe the bug
Katello uses remote authentication with no DB user. After upgrading from Pulpcore 3.63 to 3.70, API calls show:

vagrant@centos9-katello-devel-stable ~/foreman $ sudo pulp rpm repository list
Error: {"detail":"Authentication credentials were not provided."}

The same goes when adding the following in the config:

REST_FRAMEWORK__DEFAULT_PERMISSION_CLASSES = [
'rest_framework.permissions.IsAuthenticated'
]

I thought the above would work since admin (the only user we use) should be considered authenticated.

To access the API, I had to use rest_framework.permissions.AllowAny. Perhaps this is appropriate for Katello, but it's unclear.

For more context, here are the auth settings:

AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
    'rest_framework.authentication.SessionAuthentication',
    'pulpcore.app.authentication.PulpRemoteUserAuthentication'
)

With all of this said -- was it expected that we'd need to make a settings change to upgrade Pulp in Katello?

To Reproduce
Use the config described above, or just upgrade a Katello nightly box to Pulpcore 3.70.

Expected behavior
Auth continues working.

[ianballou]

I was following the docs here https://pulpproject.org/pulpcore/docs/admin/guides/auth/external/#1-accept-external-auth