OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
251 Commits
13 Branches
0 Tags
45 MiB
Tree: c893a706b8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c893a706b8'
${ noResults }
server-tools/auth_from_http_remote_user/__openerp__.py

132 lines
4.4 KiB
Raw Normal View History

[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
11 years ago
  1. # -*- coding: utf-8 -*-
  2. ##############################################################################
  3. #
  4. # Author: Laurent Mignon
  5. # Copyright 2014 'ACSONE SA/NV'
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU Affero General Public License as
  9. # published by the Free Software Foundation, either version 3 of the
  10. # License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU Affero General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU Affero General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. ##############################################################################
  21. {
  22. 'name': 'Authenticate via HTTP Remote User',
  23. 'version': '1.0',
  24. 'category': 'Tools',
  25. 'description': """
  26. Allow users to be automatically logged in.
  27. ==========================================
  29. This module initialize the session by looking for the field HTTP_REMOTE_USER in
  30. the HEADER of the HTTP request and trying to bind the given value to a user
  31. This module must be loaded at startup; Add the *--load* parameter to the startup
  32. command: ::
  34. --load=web,web_kanban,auth_from_http_remote_user, ...
  36. If the field is not found or no user matches the given one, it can lets the
  37. system redirect to the login page (default) or issue a login error page depending
  38. of the configuration.
  40. How to test the module with Apache [#]_
  41. ----------------------------------------
  43. Apache can be used as a reverse proxy providing the authentication and adding the
  44. required field in the Http headers.
  46. Install apache: ::
  48. $ sudo apt-get install apache2
  51. Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available: ::
  53. $ sudo vi /etc/apache2/sites-available/MY_VHOST.com
  55. with the following content: ::
  57. <VirtualHost *:80>
  58. ServerName MY_VHOST.com
  59. ProxyRequests Off
  60. <Location />
  61. AuthType Basic
  62. AuthName "Test OpenErp auth_from_http_remote_user"
  63. AuthBasicProvider file
  64. AuthUserFile /etc/apache2/MY_VHOST.htpasswd
  65. Require valid-user
  67. RewriteEngine On
  68. RewriteCond %{LA-U:REMOTE_USER} (.+)
  69. RewriteRule . - [E=RU:%1]
  70. RequestHeader set Remote-User "%{RU}e" env=RU
  71. </Location>
  73. ProxyPass / http://127.0.0.1:8069/ retry=10
  74. ProxyPassReverse / http://127.0.0.1:8069/
  75. ProxyPreserveHost On
  76. </VirtualHost>
  78. .. important:: The *RequestHeader* directive is used to add the *Remote-User* field
  79. in the http headers. By default an *'Http-'* prefix is added to the field name.
  80. In OpenErp, header's fields name are normalized. As result of this normalization,
  81. the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'. If you don't know how
  82. your specified field is seen by OpenErp, run your server in debug mode once the
  83. module is activated and look for an entry like: ::
  85. DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.session:
  86. Field 'HTTP_MY_REMOTE_USER' not found in http headers
  87. {'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ..., 'HTTP_REMOTE_USER': 'demo')
  89. Enable the required apache modules: ::
  91. $ sudo a2enmod headers
  92. $ sudo a2enmod proxy
  93. $ sudo a2enmod rewrite
  94. $ sudo a2enmod proxy_http
  96. Enable your new vhost: ::
  98. $ sudo a2ensite MY_VHOST.com
  100. Create the *htpassword* file used by the configured basic authentication: ::
  102. $ sudo htpasswd -cb /etc/apache2/MY_VHOST.htpasswd admin admin
  103. $ sudo htpasswd -b /etc/apache2/MY_VHOST.htpasswd demo demo
  105. For local test, add the *MY_VHOST.com* in your /etc/vhosts file.
  107. Finally reload the configuration: ::
  109. $ sudo service apache2 reload
  111. Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted
  112. for a login and password outside OpenErp and are automatically logged in the system.
  114. .. [#] Based on a ubuntu 12.04 env
  116. """,
  117. 'author': 'Acsone SA/NV',
  118. 'maintainer': 'ACSONE SA/NV',
  119. 'website': 'http://www.acsone.eu',
  120. 'depends': ['web'],
  121. "license": "AGPL-3",
  122. 'data': [
  123. 'res_config_view.xml',
  124. 'res_config_data.xml'],
  125. "demo": [],
  126. "test": [],
  127. "active": False,
  128. "license": "AGPL-3",
  129. "installable": True,
  130. "auto_install": False,
  131. "application": False,
  132. }