OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
579 Commits
13 Branches
0 Tags
45 MiB
Tree: 9a7cb96127
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a7cb96127'
${ noResults }
server-tools/auth_from_http_remote_user/controllers/main.py

110 lines
4.0 KiB
Raw Normal View History

[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
port auth_from_http_remote_user to 8.0
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
[FIX] always check the uid in the session and the one in the request to avoid session mismatch...
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
[FIX] if the default login page is disabled, redirect with *401*
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
port auth_from_http_remote_user to 8.0
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
Code simplification: remove overkill method
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
port auth_from_http_remote_user to 8.0
10 years ago
[FIX] always check the uid in the session and the one in the request to avoid session mismatch...
10 years ago
port auth_from_http_remote_user to 8.0
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
[PEP8] line lenght is now ridiculous (80 chars)
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
port auth_from_http_remote_user to 8.0
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
port auth_from_http_remote_user to 8.0
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
[FIX] always check the uid in the session and the one in the request to avoid session mismatch...
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
[FIX] always check the uid in the session and the one in the request to avoid session mismatch...
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
If HTTP_REMOTE_USER is in the request headers and no corresponding user is found in odoo always issues Unauthorized (avoid redirect to the login page) If the uid in the session is not the same as the one from the binded HTTP_REMOTE_USER, always logout to clean up the session
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
auth_http_remote_user: test if already authenticated based on login instead of uid Avoids a database query unless authentication is actually required.
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
auth_http_remote_user: test if already authenticated based on login instead of uid Avoids a database query unless authentication is actually required.
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
If HTTP_REMOTE_USER is in the request headers and no corresponding user is found in odoo always issues Unauthorized (avoid redirect to the login page) If the uid in the session is not the same as the one from the binded HTTP_REMOTE_USER, always logout to clean up the session
10 years ago
auth_http_remote_user: slight reorganization and some comments (logic remains identical)
10 years ago
If HTTP_REMOTE_USER is in the request headers and no corresponding user is found in odoo always issues Unauthorized (avoid redirect to the login page) If the uid in the session is not the same as the one from the binded HTTP_REMOTE_USER, always logout to clean up the session
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
[PEP8] line lenght is now ridiculous (80 chars)
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
[PEP8] line lenght is now ridiculous (80 chars)
10 years ago
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
10 years ago
  1. # -*- coding: utf-8 -*-
  2. ##############################################################################
  3. #
  4. # Author: Laurent Mignon
  5. # Copyright 2014 'ACSONE SA/NV'
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU Affero General Public License as
  9. # published by the Free Software Foundation, either version 3 of the
  10. # License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU Affero General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU Affero General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. ##############################################################################
  22. from openerp import SUPERUSER_ID
  24. import openerp
  25. from openerp import http
  26. from openerp.http import request
  27. from openerp.addons.web.controllers import main
  28. from openerp.addons.auth_from_http_remote_user.model import \
  29. AuthFromHttpRemoteUserInstalled
  30. from .. import utils
  32. import random
  33. import logging
  34. import werkzeug
  36. _logger = logging.getLogger(__name__)
  39. class Home(main.Home):
  41. _REMOTE_USER_ATTRIBUTE = 'HTTP_REMOTE_USER'
  43. @http.route('/web', type='http', auth="none")
  44. def web_client(self, s_action=None, **kw):
  45. main.ensure_db()
  46. try:
  47. self._bind_http_remote_user(http.request.session.db)
  48. except http.AuthenticationError:
  49. return werkzeug.exceptions.Unauthorized().get_response()
  50. return super(Home, self).web_client(s_action, **kw)
  52. def _search_user(self, res_users, login, cr):
  53. user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login),
  54. ('active', '=', True)])
  55. assert len(user_ids) < 2
  56. if user_ids:
  57. return user_ids[0]
  58. return None
  60. def _bind_http_remote_user(self, db_name):
  61. try:
  62. registry = openerp.registry(db_name)
  63. with registry.cursor() as cr:
  64. if AuthFromHttpRemoteUserInstalled._name not in registry:
  65. # module not installed in database,
  66. # continue usual behavior
  67. return
  69. headers = http.request.httprequest.headers.environ
  71. login = headers.get(self._REMOTE_USER_ATTRIBUTE, None)
  72. if not login:
  73. # no HTTP_REMOTE_USER header,
  74. # continue usual behavior
  75. return
  77. request_login = request.session.login
  78. if request_login:
  79. if request_login == login:
  80. # already authenticated
  81. return
  82. else:
  83. request.session.logout(keep_db=True)
  85. res_users = registry.get('res.users')
  86. user_id = self._search_user(res_users, login, cr)
  87. if not user_id:
  88. # HTTP_REMOTE_USER login not found in database
  89. request.session.logout(keep_db=True)
  90. raise http.AuthenticationError()
  92. # generate a specific key for authentication
  93. key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
  94. res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})
  95. request.session.authenticate(db_name, login=login,
  96. password=key, uid=user_id)
  97. except http.AuthenticationError, e:
  98. raise e
  99. except Exception, e:
  100. _logger.error("Error binding Http Remote User session",
  101. exc_info=True)
  102. raise e
  104. randrange = random.SystemRandom().randrange
  107. def randomString(length, chrs):
  108. """Produce a string of length random bytes, chosen from chrs."""
  109. n = len(chrs)
  110. return ''.join([chrs[randrange(n)] for _ in xrange(length)])