From ac8e83e3ac17685aa9502b22a71c55ef7d48647c Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Thu, 23 Sep 2021 09:55:24 +0200
Subject: [PATCH] conditional evaluation of proxyauthtype

---
 koji/auth.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/koji/auth.py b/koji/auth.py
index fd9fd4a7..7b539ab1 100644
--- a/koji/auth.py
+++ b/koji/auth.py
@@ -374,15 +374,15 @@ class Session(object):
             else:
                 raise koji.AuthError('%s is not authorized to login other users' % client_dn)
 
-        # in this point we can continue with proxied user in same way as if it is not proxied
-        if proxyauthtype is not None:
-            if not context.opts['ProxyAuthType']:
-                raise koji.AuthError("Proxy must use same auth mechanism as hub "
-                                     "(behaviour can be overriden via ProxyAuthType hub option)")
-            if proxyauthtype not in (koji.AUTHTYPE_GSSAPI, koji.AUTHTYPE_SSL):
-                raise koji.AuthError(
-                    "Proxied authtype %s is not valid for sslLogin" % proxyauthtype)
-            authtype = proxyauthtype
+            # in this point we can continue with proxied user in same way as if it is not proxied
+            if proxyauthtype is not None:
+                if not context.opts['ProxyAuthType']:
+                    raise koji.AuthError("Proxy must use same auth mechanism as hub (behaviour "
+                                         "can be overriden via ProxyAuthType hub option)")
+                if proxyauthtype not in (koji.AUTHTYPE_GSSAPI, koji.AUTHTYPE_SSL):
+                    raise koji.AuthError(
+                        "Proxied authtype %s is not valid for sslLogin" % proxyauthtype)
+                authtype = proxyauthtype
 
         if authtype == koji.AUTHTYPE_GSSAPI and '@' in username:
             user_id = self.getUserIdFromKerberos(username)