diff --git a/auth_from_http_remote_user/__openerp__.py b/auth_from_http_remote_user/__openerp__.py index 810ec427a..cf7bbc34b 100644 --- a/auth_from_http_remote_user/__openerp__.py +++ b/auth_from_http_remote_user/__openerp__.py @@ -34,21 +34,22 @@ command: :: --load=web,web_kanban,auth_from_http_remote_user, ... If the field is not found or no user matches the given one, it can lets the -system redirect to the login page (default) or issue a login error page depending -of the configuration. +system redirect to the login page (default) or issue a login error page +depending of the configuration. How to test the module with Apache [#]_ ---------------------------------------- -Apache can be used as a reverse proxy providing the authentication and adding the -required field in the Http headers. +Apache can be used as a reverse proxy providing the authentication and adding +the required field in the Http headers. Install apache: :: $ sudo apt-get install apache2 -Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available: :: +Define a new vhost to Apache by putting a new file in +/etc/apache2/sites-available: :: $ sudo vi /etc/apache2/sites-available/MY_VHOST.com @@ -75,16 +76,20 @@ with the following content: :: ProxyPreserveHost On -.. important:: The *RequestHeader* directive is used to add the *Remote-User* field - in the http headers. By default an *'Http-'* prefix is added to the field name. - In OpenErp, header's fields name are normalized. As result of this normalization, - the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'. If you don't know how - your specified field is seen by OpenErp, run your server in debug mode once the - module is activated and look for an entry like: :: - - DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.session: +.. important:: The *RequestHeader* directive is used to add the *Remote-User* + field in the http headers. By default an *'Http-'* prefix is added to the + field name. + In OpenErp, header's fields name are normalized. As result of this + normalization, the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'. + If you don't know how your specified field is seen by OpenErp, run your + server in debug mode once the module is activated and look for an entry + like: :: + + DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers. + session: Field 'HTTP_MY_REMOTE_USER' not found in http headers - {'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ..., 'HTTP_REMOTE_USER': 'demo') + {'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ..., + 'HTTP_REMOTE_USER': 'demo') Enable the required apache modules: :: @@ -108,8 +113,9 @@ Finally reload the configuration: :: $ sudo service apache2 reload -Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted -for a login and password outside OpenErp and are automatically logged in the system. +Open your browser and go to MY_VHOST.com. If everything is well configured, you +are prompted for a login and password outside OpenErp and are automatically +logged in the system. .. [#] Based on a ubuntu 12.04 env diff --git a/auth_from_http_remote_user/controllers/main.py b/auth_from_http_remote_user/controllers/main.py index 37f62b665..eff4d29a6 100644 --- a/auth_from_http_remote_user/controllers/main.py +++ b/auth_from_http_remote_user/controllers/main.py @@ -29,7 +29,6 @@ from .. import utils import random import logging -import openerp.tools.config as config _logger = logging.getLogger(__name__) @@ -48,7 +47,8 @@ class Home(main.Home): def _get_user_id_from_attributes(self, res_users, cr, attrs): login = attrs.get('HTTP_REMOTE_USER', None) - user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login), ('active', '=', True)]) + user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login), + ('active', '=', True)]) assert len(user_ids) < 2 if user_ids: return user_ids[0] @@ -69,11 +69,13 @@ class Home(main.Home): attrs_found = set(attrs.keys()) attrs_missing = set(all_attrs) - attrs_found if len(attrs_found) > 0: - _logger.debug("Fields '%s' not found in http headers\n %s", attrs_missing, headers) + _logger.debug("Fields '%s' not found in http headers\n %s", + attrs_missing, headers) missings = set(self._REQUIRED_ATTRIBUTES) - attrs_found if len(missings) > 0: - _logger.error("Required fields '%s' not found in http headers\n %s", missings, headers) + _logger.error("Required fields '%s' not found in http headers\n %s", + missings, headers) return attrs def _bind_http_remote_user(self, db_name): @@ -81,19 +83,26 @@ class Home(main.Home): registry = openerp.registry(db_name) with registry.cursor() as cr: modules = registry.get('ir.module.module') - installed = modules.search_count(cr, SUPERUSER_ID, ['&', - ('name', '=', 'auth_from_http_remote_user'), - ('state', '=', 'installed')]) == 1 + domain = ['&', + ('name', '=', 'auth_from_http_remote_user'), + ('state', '=', 'installed')] + installed = modules.search_count(cr, SUPERUSER_ID, domain) == 1 if not installed: return - config = registry.get('auth_from_http_remote_user.config.settings') + config = registry.get('auth_from_http_remote_user.' + 'config.settings') # get parameters for SSO - default_login_page_disabled = config.is_default_login_page_disabled(cr, SUPERUSER_ID, None) + default_login_page_disabled = \ + config.is_default_login_page_disabled(cr, + SUPERUSER_ID, + None) # get the user res_users = registry.get('res.users') attrs = self._get_attributes_form_header() - user_id = self._get_user_id_from_attributes(res_users, cr, attrs) + user_id = self._get_user_id_from_attributes(res_users, + cr, + attrs) if user_id is None: if default_login_page_disabled: @@ -104,11 +113,13 @@ class Home(main.Home): key = randomString(utils.KEY_LENGTH, '0123456789abcdef') res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key}) login = res_users.browse(cr, SUPERUSER_ID, user_id).login - request.session.authenticate(db_name, login=login, password=key, uid=user_id) + request.session.authenticate(db_name, login=login, + password=key, uid=user_id) except http.AuthenticationError, e: raise e except Exception, e: - _logger.error("Error binding Http Remote User session", exc_info=True) + _logger.error("Error binding Http Remote User session", + exc_info=True) raise e randrange = random.SystemRandom().randrange diff --git a/auth_from_http_remote_user/res_config.py b/auth_from_http_remote_user/res_config.py index 5cbc9082d..dcbc2f97a 100644 --- a/auth_from_http_remote_user/res_config.py +++ b/auth_from_http_remote_user/res_config.py @@ -40,21 +40,28 @@ Otherwise the normal login page will be displayed. def is_default_login_page_disabled(self, cr, uid, fields, context=None): ir_config_obj = self.pool['ir.config_parameter'] - default_login_page_disabled = ir_config_obj.get_param(cr, - uid, - 'auth_from_http_remote_user.default_login_page_disabled') + default_login_page_disabled = \ + ir_config_obj.get_param(cr, + uid, + 'auth_from_http_remote_user.' + 'default_login_page_disabled') if isinstance(default_login_page_disabled, types.BooleanType): return default_login_page_disabled return safe_eval(default_login_page_disabled) - def get_default_default_login_page_disabled(self, cr, uid, fields, context=None): - default_login_page_disabled = self.is_default_login_page_disabled(cr, uid, fields, context) + def get_default_default_login_page_disabled(self, cr, uid, fields, + context=None): + default_login_page_disabled = \ + self.is_default_login_page_disabled(cr, uid, fields, context) return {'default_login_page_disabled': default_login_page_disabled} - def set_default_default_login_page_disabled(self, cr, uid, ids, context=None): + def set_default_default_login_page_disabled(self, cr, uid, ids, + context=None): config = self.browse(cr, uid, ids[0], context) ir_config_parameter_obj = self.pool['ir.config_parameter'] + param_value = repr(config.default_login_page_disabled) ir_config_parameter_obj.set_param(cr, uid, - 'auth_from_http_remote_user.default_login_page_disabled', - repr(config.default_login_page_disabled)) + 'auth_from_http_remote_user.' + 'default_login_page_disabled', + param_value) diff --git a/auth_from_http_remote_user/res_users.py b/auth_from_http_remote_user/res_users.py index fef91596d..638179405 100644 --- a/auth_from_http_remote_user/res_users.py +++ b/auth_from_http_remote_user/res_users.py @@ -43,7 +43,8 @@ class res_users(orm.Model): try: return super(res_users, self).check_credentials(cr, uid, password) except openerp.exceptions.AccessDenied: - res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), ('sso_key', '=', password)]) + res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), + ('sso_key', '=', password)]) if not res: raise openerp.exceptions.AccessDenied() diff --git a/auth_from_http_remote_user/tests/test_res_users.py b/auth_from_http_remote_user/tests/test_res_users.py index 9341661ee..486531bc7 100644 --- a/auth_from_http_remote_user/tests/test_res_users.py +++ b/auth_from_http_remote_user/tests/test_res_users.py @@ -55,10 +55,11 @@ class test_res_users(common.TransactionCase): # the http header (HTTP_REMODE_USER) res_users_obj.write(self.cr, self.uid, uid, {'sso_key': token}) - # Here we need to mock the cursor since the login is natively done inside - # its own connection + # Here we need to mock the cursor since the login is natively done + # inside its own connection with mock_cursor(self.cr): - # We can verifies that the given (uid, token) is authorized for the database + # We can verifies that the given (uid, token) is authorized for + # the database res_users_obj.check(common.DB, uid, token) # we are able to login with the new token @@ -66,11 +67,14 @@ class test_res_users(common.TransactionCase): self.assertTrue(res) @unittest.skipIf(os.environ.get('TRAVIS'), - 'When run by travis, tests runs on a database with all required addons from server-tools and ' - 'their dependencies installed. Even if `auth_from_http_remote_user` does not require the `mail`' - 'module, The previous installation of the mail module has created the column ' - '`notification_email_send` as REQUIRED into the table res_partner. BTW, it\'s no more possible ' - 'to copy a res_user without an intefirty error') + 'When run by travis, tests runs on a database with all ' + 'required addons from server-tools and their dependencies ' + 'installed. Even if `auth_from_http_remote_user` does not ' + 'require the `mail` module, The previous installation of ' + 'the mail module has created the column ' + '`notification_email_send` as REQUIRED into the table ' + 'res_partner. BTW, it\'s no more possible to copy a ' + 'res_user without an intefirty error') def test_copy(self): '''Check that the sso_key is not copied on copy '''