Browse Source

[PEP8] line lenght is now ridiculous (80 chars)

pull/34/head
Laurent Mignon 11 years ago
parent
commit
2f51036928
  1. 38
      auth_from_http_remote_user/__openerp__.py
  2. 35
      auth_from_http_remote_user/controllers/main.py
  3. 23
      auth_from_http_remote_user/res_config.py
  4. 3
      auth_from_http_remote_user/res_users.py
  5. 20
      auth_from_http_remote_user/tests/test_res_users.py

38
auth_from_http_remote_user/__openerp__.py

@ -34,21 +34,22 @@ command: ::
--load=web,web_kanban,auth_from_http_remote_user, ...
If the field is not found or no user matches the given one, it can lets the
system redirect to the login page (default) or issue a login error page depending
of the configuration.
system redirect to the login page (default) or issue a login error page
depending of the configuration.
How to test the module with Apache [#]_
----------------------------------------
Apache can be used as a reverse proxy providing the authentication and adding the
required field in the Http headers.
Apache can be used as a reverse proxy providing the authentication and adding
the required field in the Http headers.
Install apache: ::
$ sudo apt-get install apache2
Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available: ::
Define a new vhost to Apache by putting a new file in
/etc/apache2/sites-available: ::
$ sudo vi /etc/apache2/sites-available/MY_VHOST.com
@ -75,16 +76,20 @@ with the following content: ::
ProxyPreserveHost On
</VirtualHost>
.. important:: The *RequestHeader* directive is used to add the *Remote-User* field
in the http headers. By default an *'Http-'* prefix is added to the field name.
In OpenErp, header's fields name are normalized. As result of this normalization,
the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'. If you don't know how
your specified field is seen by OpenErp, run your server in debug mode once the
module is activated and look for an entry like: ::
DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.session:
.. important:: The *RequestHeader* directive is used to add the *Remote-User*
field in the http headers. By default an *'Http-'* prefix is added to the
field name.
In OpenErp, header's fields name are normalized. As result of this
normalization, the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'.
If you don't know how your specified field is seen by OpenErp, run your
server in debug mode once the module is activated and look for an entry
like: ::
DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.
session:
Field 'HTTP_MY_REMOTE_USER' not found in http headers
{'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ..., 'HTTP_REMOTE_USER': 'demo')
{'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ...,
'HTTP_REMOTE_USER': 'demo')
Enable the required apache modules: ::
@ -108,8 +113,9 @@ Finally reload the configuration: ::
$ sudo service apache2 reload
Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted
for a login and password outside OpenErp and are automatically logged in the system.
Open your browser and go to MY_VHOST.com. If everything is well configured, you
are prompted for a login and password outside OpenErp and are automatically
logged in the system.
.. [#] Based on a ubuntu 12.04 env

35
auth_from_http_remote_user/controllers/main.py

@ -29,7 +29,6 @@ from .. import utils
import random
import logging
import openerp.tools.config as config
_logger = logging.getLogger(__name__)
@ -48,7 +47,8 @@ class Home(main.Home):
def _get_user_id_from_attributes(self, res_users, cr, attrs):
login = attrs.get('HTTP_REMOTE_USER', None)
user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login), ('active', '=', True)])
user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login),
('active', '=', True)])
assert len(user_ids) < 2
if user_ids:
return user_ids[0]
@ -69,11 +69,13 @@ class Home(main.Home):
attrs_found = set(attrs.keys())
attrs_missing = set(all_attrs) - attrs_found
if len(attrs_found) > 0:
_logger.debug("Fields '%s' not found in http headers\n %s", attrs_missing, headers)
_logger.debug("Fields '%s' not found in http headers\n %s",
attrs_missing, headers)
missings = set(self._REQUIRED_ATTRIBUTES) - attrs_found
if len(missings) > 0:
_logger.error("Required fields '%s' not found in http headers\n %s", missings, headers)
_logger.error("Required fields '%s' not found in http headers\n %s",
missings, headers)
return attrs
def _bind_http_remote_user(self, db_name):
@ -81,19 +83,26 @@ class Home(main.Home):
registry = openerp.registry(db_name)
with registry.cursor() as cr:
modules = registry.get('ir.module.module')
installed = modules.search_count(cr, SUPERUSER_ID, ['&',
('name', '=', 'auth_from_http_remote_user'),
('state', '=', 'installed')]) == 1
domain = ['&',
('name', '=', 'auth_from_http_remote_user'),
('state', '=', 'installed')]
installed = modules.search_count(cr, SUPERUSER_ID, domain) == 1
if not installed:
return
config = registry.get('auth_from_http_remote_user.config.settings')
config = registry.get('auth_from_http_remote_user.'
'config.settings')
# get parameters for SSO
default_login_page_disabled = config.is_default_login_page_disabled(cr, SUPERUSER_ID, None)
default_login_page_disabled = \
config.is_default_login_page_disabled(cr,
SUPERUSER_ID,
None)
# get the user
res_users = registry.get('res.users')
attrs = self._get_attributes_form_header()
user_id = self._get_user_id_from_attributes(res_users, cr, attrs)
user_id = self._get_user_id_from_attributes(res_users,
cr,
attrs)
if user_id is None:
if default_login_page_disabled:
@ -104,11 +113,13 @@ class Home(main.Home):
key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})
login = res_users.browse(cr, SUPERUSER_ID, user_id).login
request.session.authenticate(db_name, login=login, password=key, uid=user_id)
request.session.authenticate(db_name, login=login,
password=key, uid=user_id)
except http.AuthenticationError, e:
raise e
except Exception, e:
_logger.error("Error binding Http Remote User session", exc_info=True)
_logger.error("Error binding Http Remote User session",
exc_info=True)
raise e
randrange = random.SystemRandom().randrange

23
auth_from_http_remote_user/res_config.py

@ -40,21 +40,28 @@ Otherwise the normal login page will be displayed.
def is_default_login_page_disabled(self, cr, uid, fields, context=None):
ir_config_obj = self.pool['ir.config_parameter']
default_login_page_disabled = ir_config_obj.get_param(cr,
uid,
'auth_from_http_remote_user.default_login_page_disabled')
default_login_page_disabled = \
ir_config_obj.get_param(cr,
uid,
'auth_from_http_remote_user.'
'default_login_page_disabled')
if isinstance(default_login_page_disabled, types.BooleanType):
return default_login_page_disabled
return safe_eval(default_login_page_disabled)
def get_default_default_login_page_disabled(self, cr, uid, fields, context=None):
default_login_page_disabled = self.is_default_login_page_disabled(cr, uid, fields, context)
def get_default_default_login_page_disabled(self, cr, uid, fields,
context=None):
default_login_page_disabled = \
self.is_default_login_page_disabled(cr, uid, fields, context)
return {'default_login_page_disabled': default_login_page_disabled}
def set_default_default_login_page_disabled(self, cr, uid, ids, context=None):
def set_default_default_login_page_disabled(self, cr, uid, ids,
context=None):
config = self.browse(cr, uid, ids[0], context)
ir_config_parameter_obj = self.pool['ir.config_parameter']
param_value = repr(config.default_login_page_disabled)
ir_config_parameter_obj.set_param(cr,
uid,
'auth_from_http_remote_user.default_login_page_disabled',
repr(config.default_login_page_disabled))
'auth_from_http_remote_user.'
'default_login_page_disabled',
param_value)

3
auth_from_http_remote_user/res_users.py

@ -43,7 +43,8 @@ class res_users(orm.Model):
try:
return super(res_users, self).check_credentials(cr, uid, password)
except openerp.exceptions.AccessDenied:
res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), ('sso_key', '=', password)])
res = self.search(cr, SUPERUSER_ID, [('id', '=', uid),
('sso_key', '=', password)])
if not res:
raise openerp.exceptions.AccessDenied()

20
auth_from_http_remote_user/tests/test_res_users.py

@ -55,10 +55,11 @@ class test_res_users(common.TransactionCase):
# the http header (HTTP_REMODE_USER)
res_users_obj.write(self.cr, self.uid, uid, {'sso_key': token})
# Here we need to mock the cursor since the login is natively done inside
# its own connection
# Here we need to mock the cursor since the login is natively done
# inside its own connection
with mock_cursor(self.cr):
# We can verifies that the given (uid, token) is authorized for the database
# We can verifies that the given (uid, token) is authorized for
# the database
res_users_obj.check(common.DB, uid, token)
# we are able to login with the new token
@ -66,11 +67,14 @@ class test_res_users(common.TransactionCase):
self.assertTrue(res)
@unittest.skipIf(os.environ.get('TRAVIS'),
'When run by travis, tests runs on a database with all required addons from server-tools and '
'their dependencies installed. Even if `auth_from_http_remote_user` does not require the `mail`'
'module, The previous installation of the mail module has created the column '
'`notification_email_send` as REQUIRED into the table res_partner. BTW, it\'s no more possible '
'to copy a res_user without an intefirty error')
'When run by travis, tests runs on a database with all '
'required addons from server-tools and their dependencies '
'installed. Even if `auth_from_http_remote_user` does not '
'require the `mail` module, The previous installation of '
'the mail module has created the column '
'`notification_email_send` as REQUIRED into the table '
'res_partner. BTW, it\'s no more possible to copy a '
'res_user without an intefirty error')
def test_copy(self):
'''Check that the sso_key is not copied on copy
'''

Loading…
Cancel
Save