OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
250 Commits
13 Branches
0 Tags
45 MiB
Tree: 7dd5bc685e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7dd5bc685e'
${ noResults }
server-tools/auth_from_http_remote_user/controllers/session.py

129 lines
5.0 KiB
Raw Normal View History

[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
11 years ago
  1. # -*- coding: utf-8 -*-
  2. ##############################################################################
  3. #
  4. # Author: Laurent Mignon
  5. # Copyright 2014 'ACSONE SA/NV'
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU Affero General Public License as
  9. # published by the Free Software Foundation, either version 3 of the
  10. # License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU Affero General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU Affero General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. ##############################################################################
  22. from openerp import SUPERUSER_ID
  24. from openerp.addons.web import http
  25. from openerp.addons.web.controllers import main
  26. from openerp.modules.registry import RegistryManager
  27. from .. import utils
  29. import random
  30. import logging
  31. import openerp.tools.config as config
  33. _logger = logging.getLogger(__name__)
  36. class Session(main.Session):
  37. _cp_path = "/web/session"
  39. _REQUIRED_ATTRIBUTES = ['HTTP_REMOTE_USER']
  40. _OPTIONAL_ATTRIBUTES = []
  42. def _get_db(self, db):
  43. if db is not None and len(db) > 0:
  44. return db
  45. db = config['db_name']
  46. if db is None or len(db) == 0:
  47. _logger.error("No db found for SSO. Specify one in the URL using parameter "
  48. "db=? or provide a default one in the configuration")
  49. raise http.AuthenticationError()
  51. def _get_user_id_from_attributes(self, res_users, cr, attrs):
  52. login = attrs.get('HTTP_REMOTE_USER', None)
  53. user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login), ('active', '=', True)])
  54. assert len(user_ids) < 2
  55. if user_ids:
  56. return user_ids[0]
  57. return None
  59. def _get_attributes_form_header(self, req):
  60. attrs = {}
  62. all_attrs = self._REQUIRED_ATTRIBUTES + self._OPTIONAL_ATTRIBUTES
  64. headers = req.httprequest.headers.environ
  66. for attr in all_attrs:
  67. value = headers.get(attr, None)
  68. if value is not None:
  69. attrs[attr] = value
  71. attrs_found = set(attrs.keys())
  72. attrs_missing = set(all_attrs) - attrs_found
  73. if len(attrs_found) > 0:
  74. _logger.debug("Fields '%s' not found in http headers\n %s", attrs_missing, headers)
  76. missings = set(self._REQUIRED_ATTRIBUTES) - attrs_found
  77. if len(missings) > 0:
  78. _logger.error("Required fields '%s' not found in http headers\n %s", missings, headers)
  79. return attrs
  81. def _bind_http_remote_user(self, req, db_name):
  82. db_name = self._get_db(db_name)
  83. try:
  84. registry = RegistryManager.get(db_name)
  85. with registry.cursor() as cr:
  86. modules = registry.get('ir.module.module')
  87. installed = modules.search_count(cr, SUPERUSER_ID, ['&',
  88. ('name', '=', 'auth_from_http_remote_user'),
  89. ('state', '=', 'installed')]) == 1
  90. if not installed:
  91. return
  92. config = registry.get('auth_from_http_remote_user.config.settings')
  93. # get parameters for SSO
  94. default_login_page_disabled = config.is_default_login_page_disabled(cr, SUPERUSER_ID, None)
  96. # get the user
  97. res_users = registry.get('res.users')
  98. attrs = self._get_attributes_form_header(req)
  99. user_id = self._get_user_id_from_attributes(res_users, cr, attrs)
  101. if user_id is None:
  102. if default_login_page_disabled:
  103. raise http.AuthenticationError()
  104. return
  106. # generate a specific key for authentication
  107. key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
  108. res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})
  109. login = res_users.browse(cr, SUPERUSER_ID, user_id).login
  110. req.session.bind(db_name, user_id, login, key)
  111. except http.AuthenticationError, e:
  112. raise e
  113. except Exception, e:
  114. _logger.error("Error binding Http Remote User session", exc_info=True)
  115. raise e
  117. @http.jsonrequest
  118. def get_http_remote_user_session_info(self, req, db):
  119. if not req.session._login:
  120. self._bind_http_remote_user(req, db)
  121. return self.session_info(req)
  123. randrange = random.SystemRandom().randrange
  126. def randomString(length, chrs):
  127. """Produce a string of length random bytes, chosen from chrs."""
  128. n = len(chrs)
  129. return ''.join([chrs[randrange(n)] for _ in xrange(length)])