Browse Source

[PEP8] line lenght is now ridiculous (80 chars)

pull/34/head
Laurent Mignon 11 years ago
parent
commit
2f51036928
  1. 38
      auth_from_http_remote_user/__openerp__.py
  2. 33
      auth_from_http_remote_user/controllers/main.py
  3. 21
      auth_from_http_remote_user/res_config.py
  4. 3
      auth_from_http_remote_user/res_users.py
  5. 20
      auth_from_http_remote_user/tests/test_res_users.py

38
auth_from_http_remote_user/__openerp__.py

@ -34,21 +34,22 @@ command: ::
--load=web,web_kanban,auth_from_http_remote_user, ... --load=web,web_kanban,auth_from_http_remote_user, ...
If the field is not found or no user matches the given one, it can lets the If the field is not found or no user matches the given one, it can lets the
system redirect to the login page (default) or issue a login error page depending
of the configuration.
system redirect to the login page (default) or issue a login error page
depending of the configuration.
How to test the module with Apache [#]_ How to test the module with Apache [#]_
---------------------------------------- ----------------------------------------
Apache can be used as a reverse proxy providing the authentication and adding the
required field in the Http headers.
Apache can be used as a reverse proxy providing the authentication and adding
the required field in the Http headers.
Install apache: :: Install apache: ::
$ sudo apt-get install apache2 $ sudo apt-get install apache2
Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available: ::
Define a new vhost to Apache by putting a new file in
/etc/apache2/sites-available: ::
$ sudo vi /etc/apache2/sites-available/MY_VHOST.com $ sudo vi /etc/apache2/sites-available/MY_VHOST.com
@ -75,16 +76,20 @@ with the following content: ::
ProxyPreserveHost On ProxyPreserveHost On
</VirtualHost> </VirtualHost>
.. important:: The *RequestHeader* directive is used to add the *Remote-User* field
in the http headers. By default an *'Http-'* prefix is added to the field name.
In OpenErp, header's fields name are normalized. As result of this normalization,
the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'. If you don't know how
your specified field is seen by OpenErp, run your server in debug mode once the
module is activated and look for an entry like: ::
DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.session:
.. important:: The *RequestHeader* directive is used to add the *Remote-User*
field in the http headers. By default an *'Http-'* prefix is added to the
field name.
In OpenErp, header's fields name are normalized. As result of this
normalization, the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'.
If you don't know how your specified field is seen by OpenErp, run your
server in debug mode once the module is activated and look for an entry
like: ::
DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.
session:
Field 'HTTP_MY_REMOTE_USER' not found in http headers Field 'HTTP_MY_REMOTE_USER' not found in http headers
{'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ..., 'HTTP_REMOTE_USER': 'demo')
{'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ...,
'HTTP_REMOTE_USER': 'demo')
Enable the required apache modules: :: Enable the required apache modules: ::
@ -108,8 +113,9 @@ Finally reload the configuration: ::
$ sudo service apache2 reload $ sudo service apache2 reload
Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted
for a login and password outside OpenErp and are automatically logged in the system.
Open your browser and go to MY_VHOST.com. If everything is well configured, you
are prompted for a login and password outside OpenErp and are automatically
logged in the system.
.. [#] Based on a ubuntu 12.04 env .. [#] Based on a ubuntu 12.04 env

33
auth_from_http_remote_user/controllers/main.py

@ -29,7 +29,6 @@ from .. import utils
import random import random
import logging import logging
import openerp.tools.config as config
_logger = logging.getLogger(__name__) _logger = logging.getLogger(__name__)
@ -48,7 +47,8 @@ class Home(main.Home):
def _get_user_id_from_attributes(self, res_users, cr, attrs): def _get_user_id_from_attributes(self, res_users, cr, attrs):
login = attrs.get('HTTP_REMOTE_USER', None) login = attrs.get('HTTP_REMOTE_USER', None)
user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login), ('active', '=', True)])
user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login),
('active', '=', True)])
assert len(user_ids) < 2 assert len(user_ids) < 2
if user_ids: if user_ids:
return user_ids[0] return user_ids[0]
@ -69,11 +69,13 @@ class Home(main.Home):
attrs_found = set(attrs.keys()) attrs_found = set(attrs.keys())
attrs_missing = set(all_attrs) - attrs_found attrs_missing = set(all_attrs) - attrs_found
if len(attrs_found) > 0: if len(attrs_found) > 0:
_logger.debug("Fields '%s' not found in http headers\n %s", attrs_missing, headers)
_logger.debug("Fields '%s' not found in http headers\n %s",
attrs_missing, headers)
missings = set(self._REQUIRED_ATTRIBUTES) - attrs_found missings = set(self._REQUIRED_ATTRIBUTES) - attrs_found
if len(missings) > 0: if len(missings) > 0:
_logger.error("Required fields '%s' not found in http headers\n %s", missings, headers)
_logger.error("Required fields '%s' not found in http headers\n %s",
missings, headers)
return attrs return attrs
def _bind_http_remote_user(self, db_name): def _bind_http_remote_user(self, db_name):
@ -81,19 +83,26 @@ class Home(main.Home):
registry = openerp.registry(db_name) registry = openerp.registry(db_name)
with registry.cursor() as cr: with registry.cursor() as cr:
modules = registry.get('ir.module.module') modules = registry.get('ir.module.module')
installed = modules.search_count(cr, SUPERUSER_ID, ['&',
domain = ['&',
('name', '=', 'auth_from_http_remote_user'), ('name', '=', 'auth_from_http_remote_user'),
('state', '=', 'installed')]) == 1
('state', '=', 'installed')]
installed = modules.search_count(cr, SUPERUSER_ID, domain) == 1
if not installed: if not installed:
return return
config = registry.get('auth_from_http_remote_user.config.settings')
config = registry.get('auth_from_http_remote_user.'
'config.settings')
# get parameters for SSO # get parameters for SSO
default_login_page_disabled = config.is_default_login_page_disabled(cr, SUPERUSER_ID, None)
default_login_page_disabled = \
config.is_default_login_page_disabled(cr,
SUPERUSER_ID,
None)
# get the user # get the user
res_users = registry.get('res.users') res_users = registry.get('res.users')
attrs = self._get_attributes_form_header() attrs = self._get_attributes_form_header()
user_id = self._get_user_id_from_attributes(res_users, cr, attrs)
user_id = self._get_user_id_from_attributes(res_users,
cr,
attrs)
if user_id is None: if user_id is None:
if default_login_page_disabled: if default_login_page_disabled:
@ -104,11 +113,13 @@ class Home(main.Home):
key = randomString(utils.KEY_LENGTH, '0123456789abcdef') key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key}) res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})
login = res_users.browse(cr, SUPERUSER_ID, user_id).login login = res_users.browse(cr, SUPERUSER_ID, user_id).login
request.session.authenticate(db_name, login=login, password=key, uid=user_id)
request.session.authenticate(db_name, login=login,
password=key, uid=user_id)
except http.AuthenticationError, e: except http.AuthenticationError, e:
raise e raise e
except Exception, e: except Exception, e:
_logger.error("Error binding Http Remote User session", exc_info=True)
_logger.error("Error binding Http Remote User session",
exc_info=True)
raise e raise e
randrange = random.SystemRandom().randrange randrange = random.SystemRandom().randrange

21
auth_from_http_remote_user/res_config.py

@ -40,21 +40,28 @@ Otherwise the normal login page will be displayed.
def is_default_login_page_disabled(self, cr, uid, fields, context=None): def is_default_login_page_disabled(self, cr, uid, fields, context=None):
ir_config_obj = self.pool['ir.config_parameter'] ir_config_obj = self.pool['ir.config_parameter']
default_login_page_disabled = ir_config_obj.get_param(cr,
default_login_page_disabled = \
ir_config_obj.get_param(cr,
uid, uid,
'auth_from_http_remote_user.default_login_page_disabled')
'auth_from_http_remote_user.'
'default_login_page_disabled')
if isinstance(default_login_page_disabled, types.BooleanType): if isinstance(default_login_page_disabled, types.BooleanType):
return default_login_page_disabled return default_login_page_disabled
return safe_eval(default_login_page_disabled) return safe_eval(default_login_page_disabled)
def get_default_default_login_page_disabled(self, cr, uid, fields, context=None):
default_login_page_disabled = self.is_default_login_page_disabled(cr, uid, fields, context)
def get_default_default_login_page_disabled(self, cr, uid, fields,
context=None):
default_login_page_disabled = \
self.is_default_login_page_disabled(cr, uid, fields, context)
return {'default_login_page_disabled': default_login_page_disabled} return {'default_login_page_disabled': default_login_page_disabled}
def set_default_default_login_page_disabled(self, cr, uid, ids, context=None):
def set_default_default_login_page_disabled(self, cr, uid, ids,
context=None):
config = self.browse(cr, uid, ids[0], context) config = self.browse(cr, uid, ids[0], context)
ir_config_parameter_obj = self.pool['ir.config_parameter'] ir_config_parameter_obj = self.pool['ir.config_parameter']
param_value = repr(config.default_login_page_disabled)
ir_config_parameter_obj.set_param(cr, ir_config_parameter_obj.set_param(cr,
uid, uid,
'auth_from_http_remote_user.default_login_page_disabled',
repr(config.default_login_page_disabled))
'auth_from_http_remote_user.'
'default_login_page_disabled',
param_value)

3
auth_from_http_remote_user/res_users.py

@ -43,7 +43,8 @@ class res_users(orm.Model):
try: try:
return super(res_users, self).check_credentials(cr, uid, password) return super(res_users, self).check_credentials(cr, uid, password)
except openerp.exceptions.AccessDenied: except openerp.exceptions.AccessDenied:
res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), ('sso_key', '=', password)])
res = self.search(cr, SUPERUSER_ID, [('id', '=', uid),
('sso_key', '=', password)])
if not res: if not res:
raise openerp.exceptions.AccessDenied() raise openerp.exceptions.AccessDenied()

20
auth_from_http_remote_user/tests/test_res_users.py

@ -55,10 +55,11 @@ class test_res_users(common.TransactionCase):
# the http header (HTTP_REMODE_USER) # the http header (HTTP_REMODE_USER)
res_users_obj.write(self.cr, self.uid, uid, {'sso_key': token}) res_users_obj.write(self.cr, self.uid, uid, {'sso_key': token})
# Here we need to mock the cursor since the login is natively done inside
# its own connection
# Here we need to mock the cursor since the login is natively done
# inside its own connection
with mock_cursor(self.cr): with mock_cursor(self.cr):
# We can verifies that the given (uid, token) is authorized for the database
# We can verifies that the given (uid, token) is authorized for
# the database
res_users_obj.check(common.DB, uid, token) res_users_obj.check(common.DB, uid, token)
# we are able to login with the new token # we are able to login with the new token
@ -66,11 +67,14 @@ class test_res_users(common.TransactionCase):
self.assertTrue(res) self.assertTrue(res)
@unittest.skipIf(os.environ.get('TRAVIS'), @unittest.skipIf(os.environ.get('TRAVIS'),
'When run by travis, tests runs on a database with all required addons from server-tools and '
'their dependencies installed. Even if `auth_from_http_remote_user` does not require the `mail`'
'module, The previous installation of the mail module has created the column '
'`notification_email_send` as REQUIRED into the table res_partner. BTW, it\'s no more possible '
'to copy a res_user without an intefirty error')
'When run by travis, tests runs on a database with all '
'required addons from server-tools and their dependencies '
'installed. Even if `auth_from_http_remote_user` does not '
'require the `mail` module, The previous installation of '
'the mail module has created the column '
'`notification_email_send` as REQUIRED into the table '
'res_partner. BTW, it\'s no more possible to copy a '
'res_user without an intefirty error')
def test_copy(self): def test_copy(self):
'''Check that the sso_key is not copied on copy '''Check that the sso_key is not copied on copy
''' '''

Loading…
Cancel
Save