Browse Source
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
pull/34/head
[ADD] This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying^Co bind the given value to a user
pull/34/head
Laurent Mignon
11 years ago
12 changed files with 649 additions and 0 deletions
-
24auth_from_http_remote_user/__init__.py
-
133auth_from_http_remote_user/__openerp__.py
-
22auth_from_http_remote_user/controllers/__init__.py
-
129auth_from_http_remote_user/controllers/session.py
-
60auth_from_http_remote_user/res_config.py
-
9auth_from_http_remote_user/res_config_data.xml
-
39auth_from_http_remote_user/res_config_view.xml
-
64auth_from_http_remote_user/res_users.py
-
36auth_from_http_remote_user/static/src/js/auth_from_http_remote_user.js
-
28auth_from_http_remote_user/tests/__init__.py
-
83auth_from_http_remote_user/tests/test_res_users.py
-
22auth_from_http_remote_user/utils.py
@ -0,0 +1,24 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from . import controllers |
|||
from . import res_config |
|||
from . import res_users |
@ -0,0 +1,133 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
{ |
|||
'name': 'Authenticate via HTTP Remote User', |
|||
'version': '1.0', |
|||
'category': 'Tools', |
|||
'description': """ |
|||
Allow users to be automatically logged in. |
|||
========================================== |
|||
|
|||
This module initialize the session by looking for the field HTTP_REMOTE_USER in |
|||
the HEADER of the HTTP request and trying to bind the given value to a user |
|||
This module must be loaded at startup; Add the *--load* parameter to the startup |
|||
command: :: |
|||
|
|||
--load=web,web_kanban,auth_from_http_remote_user, ... |
|||
|
|||
If the field is not found or no user matches the given one, it can lets the |
|||
system redirect to the login page (default) or issue a login error page depending |
|||
of the configuration. |
|||
|
|||
How to test the module with Apache [#]_ |
|||
---------------------------------------- |
|||
|
|||
Apache can be used as a reverse proxy providing the authentication and adding the |
|||
required field in the Http headers. |
|||
|
|||
Install apache: :: |
|||
|
|||
$ sudo apt-get install apache2 |
|||
|
|||
|
|||
Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available: :: |
|||
|
|||
$ sudo vi /etc/apache2/sites-available/MY_VHOST.com |
|||
|
|||
with the following content: :: |
|||
|
|||
<VirtualHost *:80> |
|||
ServerName MY_VHOST.com |
|||
ProxyRequests Off |
|||
<Location /> |
|||
AuthType Basic |
|||
AuthName "Test OpenErp auth_from_http_remote_user" |
|||
AuthBasicProvider file |
|||
AuthUserFile /etc/apache2/MY_VHOST.htpasswd |
|||
Require valid-user |
|||
|
|||
RewriteEngine On |
|||
RewriteCond %{LA-U:REMOTE_USER} (.+) |
|||
RewriteRule . - [E=RU:%1] |
|||
RequestHeader set Remote-User "%{RU}e" env=RU |
|||
</Location> |
|||
|
|||
ProxyPass / http://127.0.0.1:8069/ retry=10 |
|||
ProxyPassReverse / http://127.0.0.1:8069/ |
|||
ProxyPreserveHost On |
|||
</VirtualHost> |
|||
|
|||
.. important:: The *RequestHeader* directive is used to add the *Remote-User* field |
|||
in the http headers. By default an *'Http-'* prefix is added to the field name. |
|||
In OpenErp, header's fields name are normalized. As result of this normalization, |
|||
the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'. If you don't know how |
|||
your specified field is seen by OpenErp, run your server in debug mode once the |
|||
module is activated and look for an entry like: :: |
|||
|
|||
DEBUG openerp1 openerp.addons.auth_from_http_remote_user.controllers.session: |
|||
Field 'HTTP_MY_REMOTE_USER' not found in http headers |
|||
{'HTTP_AUTHORIZATION': 'Basic YWRtaW46YWRtaW4=', ..., 'HTTP_REMOTE_USER': 'demo') |
|||
|
|||
Enable the required apache modules: :: |
|||
|
|||
$ sudo a2enmod headers |
|||
$ sudo a2enmod proxy |
|||
$ sudo a2enmod rewrite |
|||
$ sudo a2enmod proxy_http |
|||
|
|||
Enable your new vhost: :: |
|||
|
|||
$ sudo a2ensite MY_VHOST.com |
|||
|
|||
Create the *htpassword* file used by the configured basic authentication: :: |
|||
|
|||
$ sudo htpasswd -cb /etc/apache2/MY_VHOST.htpasswd admin admin |
|||
$ sudo htpasswd -b /etc/apache2/MY_VHOST.htpasswd demo demo |
|||
|
|||
For local test, add the *MY_VHOST.com* in your /etc/vhosts file. |
|||
|
|||
Finally reload the configuration: :: |
|||
|
|||
$ sudo service apache2 reload |
|||
|
|||
Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted |
|||
for a login and password outside OpenErp and are automatically logged in the system. |
|||
|
|||
.. [#] Based on a ubuntu 12.04 env |
|||
|
|||
""", |
|||
'author': 'Acsone SA/NV', |
|||
'maintainer': 'ACSONE SA/NV', |
|||
'website': 'http://www.acsone.eu', |
|||
'depends': ['web'], |
|||
"license": "AGPL-3", |
|||
"js": ['static/src/js/auth_from_http_remote_user.js'], |
|||
'data': [ |
|||
'res_config_view.xml', |
|||
'res_config_data.xml'], |
|||
"demo": [], |
|||
"test": [], |
|||
"active": False, |
|||
"license": "AGPL-3", |
|||
"installable": True, |
|||
"auto_install": False, |
|||
"application": False, |
|||
} |
@ -0,0 +1,22 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from . import session |
@ -0,0 +1,129 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from openerp import SUPERUSER_ID |
|||
|
|||
from openerp.addons.web import http |
|||
from openerp.addons.web.controllers import main |
|||
from openerp.modules.registry import RegistryManager |
|||
from .. import utils |
|||
|
|||
import random |
|||
import logging |
|||
import openerp.tools.config as config |
|||
|
|||
_logger = logging.getLogger(__name__) |
|||
|
|||
|
|||
class Session(main.Session): |
|||
_cp_path = "/web/session" |
|||
|
|||
_REQUIRED_ATTRIBUTES = ['HTTP_REMOTE_USER'] |
|||
_OPTIONAL_ATTRIBUTES = [] |
|||
|
|||
def _get_db(self, db): |
|||
if db is not None and len(db) > 0: |
|||
return db |
|||
db = config['db_name'] |
|||
if db is None or len(db) == 0: |
|||
_logger.error("No db found for SSO. Specify one in the URL using parameter " |
|||
"db=? or provide a default one in the configuration") |
|||
raise http.AuthenticationError() |
|||
|
|||
def _get_user_id_from_attributes(self, res_users, cr, attrs): |
|||
login = attrs.get('HTTP_REMOTE_USER', None) |
|||
user_ids = res_users.search(cr, SUPERUSER_ID, [('login', '=', login), ('active', '=', True)]) |
|||
assert len(user_ids) < 2 |
|||
if user_ids: |
|||
return user_ids[0] |
|||
return None |
|||
|
|||
def _get_attributes_form_header(self, req): |
|||
attrs = {} |
|||
|
|||
all_attrs = self._REQUIRED_ATTRIBUTES + self._OPTIONAL_ATTRIBUTES |
|||
|
|||
headers = req.httprequest.headers.environ |
|||
|
|||
for attr in all_attrs: |
|||
value = headers.get(attr, None) |
|||
if value is not None: |
|||
attrs[attr] = value |
|||
|
|||
attrs_found = set(attrs.keys()) |
|||
attrs_missing = set(all_attrs) - attrs_found |
|||
if len(attrs_found) > 0: |
|||
_logger.debug("Fields '%s' not found in http headers\n %s", attrs_missing, headers) |
|||
|
|||
missings = set(self._REQUIRED_ATTRIBUTES) - attrs_found |
|||
if len(missings) > 0: |
|||
_logger.error("Required fields '%s' not found in http headers\n %s", missings, headers) |
|||
return attrs |
|||
|
|||
def _bind_http_remote_user(self, req, db_name): |
|||
db_name = self._get_db(db_name) |
|||
try: |
|||
registry = RegistryManager.get(db_name) |
|||
with registry.cursor() as cr: |
|||
modules = registry.get('ir.module.module') |
|||
installed = modules.search_count(cr, SUPERUSER_ID, ['&', |
|||
('name', '=', 'auth_from_http_remote_user'), |
|||
('state', '=', 'installed')]) == 1 |
|||
if not installed: |
|||
return |
|||
config = registry.get('auth_from_http_remote_user.config.settings') |
|||
# get parameters for SSO |
|||
default_login_page_disabled = config.is_default_login_page_disabled(cr, SUPERUSER_ID, None) |
|||
|
|||
# get the user |
|||
res_users = registry.get('res.users') |
|||
attrs = self._get_attributes_form_header(req) |
|||
user_id = self._get_user_id_from_attributes(res_users, cr, attrs) |
|||
|
|||
if user_id is None: |
|||
if default_login_page_disabled: |
|||
raise http.AuthenticationError() |
|||
return |
|||
|
|||
# generate a specific key for authentication |
|||
key = randomString(utils.KEY_LENGTH, '0123456789abcdef') |
|||
res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key}) |
|||
login = res_users.browse(cr, SUPERUSER_ID, user_id).login |
|||
req.session.bind(db_name, user_id, login, key) |
|||
except http.AuthenticationError, e: |
|||
raise e |
|||
except Exception, e: |
|||
_logger.error("Error binding Http Remote User session", exc_info=True) |
|||
raise e |
|||
|
|||
@http.jsonrequest |
|||
def get_http_remote_user_session_info(self, req, db): |
|||
if not req.session._login: |
|||
self._bind_http_remote_user(req, db) |
|||
return self.session_info(req) |
|||
|
|||
randrange = random.SystemRandom().randrange |
|||
|
|||
|
|||
def randomString(length, chrs): |
|||
"""Produce a string of length random bytes, chosen from chrs.""" |
|||
n = len(chrs) |
|||
return ''.join([chrs[randrange(n)] for _ in xrange(length)]) |
@ -0,0 +1,60 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from openerp.osv import orm, fields |
|||
from openerp.tools.safe_eval import safe_eval |
|||
import types |
|||
|
|||
|
|||
class auth_from_http_remote_user_configuration(orm.TransientModel): |
|||
_name = 'auth_from_http_remote_user.config.settings' |
|||
_inherit = 'res.config.settings' |
|||
|
|||
_columns = { |
|||
'default_login_page_disabled': fields.boolean("Disable login page", |
|||
help=""" |
|||
Disable the default login page. |
|||
If the HTTP_REMOTE_HEADER field is not found or no user matches the given one, |
|||
the system will display a login error page if the login page is disabled. |
|||
Otherwise the normal login page will be displayed. |
|||
"""), |
|||
} |
|||
|
|||
def is_default_login_page_disabled(self, cr, uid, fields, context=None): |
|||
ir_config_obj = self.pool['ir.config_parameter'] |
|||
default_login_page_disabled = ir_config_obj.get_param(cr, |
|||
uid, |
|||
'auth_from_http_remote_user.default_login_page_disabled') |
|||
if isinstance(default_login_page_disabled, types.BooleanType): |
|||
return default_login_page_disabled |
|||
return safe_eval(default_login_page_disabled) |
|||
|
|||
def get_default_default_login_page_disabled(self, cr, uid, fields, context=None): |
|||
default_login_page_disabled = self.is_default_login_page_disabled(cr, uid, fields, context) |
|||
return {'default_login_page_disabled': default_login_page_disabled} |
|||
|
|||
def set_default_default_login_page_disabled(self, cr, uid, ids, context=None): |
|||
config = self.browse(cr, uid, ids[0], context) |
|||
ir_config_parameter_obj = self.pool['ir.config_parameter'] |
|||
ir_config_parameter_obj.set_param(cr, |
|||
uid, |
|||
'auth_from_http_remote_user.default_login_page_disabled', |
|||
repr(config.default_login_page_disabled)) |
@ -0,0 +1,9 @@ |
|||
<?xml version="1.0"?> |
|||
<openerp> |
|||
<data noupdate="1"> |
|||
<record model="ir.config_parameter" id="auth_from_http_remote_user.default_login_page_disabled"> |
|||
<field name="key">auth_from_http_remote_user.default_login_page_disabled</field> |
|||
<field name="value">False</field> |
|||
</record> |
|||
</data> |
|||
</openerp> |
@ -0,0 +1,39 @@ |
|||
<?xml version="1.0" encoding="utf-8"?> |
|||
<openerp> |
|||
<data> |
|||
<record model="ir.ui.view" id="help_view_config_settings"> |
|||
<field name="name">Auth HTTP_REMOTE_USER settings</field> |
|||
<field name="model">auth_from_http_remote_user.config.settings</field> |
|||
<field name="priority" eval="20" /> |
|||
<field name="arch" type="xml"> |
|||
<form string="Configure Auth HTTP_REMOTE_USER" version="7.0" |
|||
class="oe_form_configuration"> |
|||
<header> |
|||
<header> |
|||
<button string="Apply" type="object" name="execute" class="oe_highlight"/> |
|||
or |
|||
<button string="Cancel" type="object" name="cancel" class="oe_link"/> |
|||
</header> |
|||
</header> |
|||
<separator string="Auth HTTP_REMOTE_USER" /> |
|||
<group> |
|||
<field name="default_login_page_disabled" /> |
|||
</group> |
|||
</form> |
|||
</field> |
|||
</record> |
|||
|
|||
<record model="ir.actions.act_window" id="auth_from_http_remote_user_action_config_settings"> |
|||
<field name="name">Configure Auth HTTP_REMOTE_USER</field> |
|||
<field name="type">ir.actions.act_window</field> |
|||
<field name="res_model">auth_from_http_remote_user.config.settings</field> |
|||
<field name="view_mode">form</field> |
|||
<field name="target">inline</field> |
|||
</record> |
|||
|
|||
<menuitem id="base.menu_auth_from_http_remote_user_config" name="Auth HTTP_REMOTE_USER" |
|||
parent="base.menu_config" sequence="10" |
|||
action="auth_from_http_remote_user_action_config_settings" /> |
|||
|
|||
</data> |
|||
</openerp> |
@ -0,0 +1,64 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from openerp.modules.registry import RegistryManager |
|||
from openerp.osv import orm, fields |
|||
from openerp import SUPERUSER_ID |
|||
import openerp.exceptions |
|||
from openerp.addons.auth_from_http_remote_user import utils |
|||
|
|||
|
|||
class res_users(orm.Model): |
|||
_inherit = 'res.users' |
|||
|
|||
_columns = { |
|||
'sso_key': fields.char('SSO Key', size=utils.KEY_LENGTH, |
|||
readonly=True), |
|||
} |
|||
|
|||
def copy(self, cr, uid, rid, defaults=None, context=None): |
|||
defaults = defaults or {} |
|||
defaults['sso_key'] = False |
|||
return super(res_users, self).copy(cr, uid, rid, defaults, context) |
|||
|
|||
def check_credentials(self, cr, uid, password): |
|||
try: |
|||
return super(res_users, self).check_credentials(cr, uid, password) |
|||
except openerp.exceptions.AccessDenied: |
|||
res = self.search(cr, SUPERUSER_ID, [('id', '=', uid), ('sso_key', '=', password)]) |
|||
if not res: |
|||
raise openerp.exceptions.AccessDenied() |
|||
|
|||
def check(self, db, uid, passwd): |
|||
try: |
|||
return super(res_users, self).check(db, uid, passwd) |
|||
except openerp.exceptions.AccessDenied: |
|||
if not passwd: |
|||
raise |
|||
with RegistryManager.get(db).cursor() as cr: |
|||
cr.execute('''SELECT COUNT(1) |
|||
FROM res_users |
|||
WHERE id=%s |
|||
AND sso_key=%s |
|||
AND active=%s''', (int(uid), passwd, True)) |
|||
if not cr.fetchone()[0]: |
|||
raise |
|||
self._uid_cache.setdefault(db, {})[uid] = passwd |
@ -0,0 +1,36 @@ |
|||
openerp.auth_from_http_remote_user = function(instance) { |
|||
|
|||
instance.web.Session.include({ |
|||
session_load_response : function(response) { |
|||
//unregister the event since it must be called only if the rpc call
|
|||
//is made by session_reload
|
|||
this.off('response', this.session_load_response); |
|||
if (response.error && response.error.data.type === "session_invalid") { |
|||
$("body").html("<h1>Access Denied</h1>"); |
|||
} |
|||
|
|||
console.log("session_load_response called"); |
|||
}, |
|||
|
|||
session_reload : function() { |
|||
var self = this; |
|||
// we need to register an handler for 'response' since
|
|||
// by default, the rpc doesn't call callback function
|
|||
// if the response is of error type 'session_invalid'
|
|||
this.on('response', this, this.session_load_response); |
|||
return this.rpc("/web/session/get_http_remote_user_session_info", { |
|||
db : $.deparam.querystring().db |
|||
}).done(function(result) { |
|||
// If immediately follows a login (triggered by trying to
|
|||
// restore
|
|||
// an invalid session or no session at all), refresh session
|
|||
// data
|
|||
// (should not change, but just in case...)
|
|||
_.extend(self, result); |
|||
}).fail(function(result){ |
|||
$("body").html("<h1>Server error</h1>"); |
|||
}); |
|||
} |
|||
}); |
|||
|
|||
}; |
@ -0,0 +1,28 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from . import test_res_users |
|||
fast_suite = [ |
|||
] |
|||
|
|||
checks = [ |
|||
test_res_users, |
|||
] |
@ -0,0 +1,83 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
from openerp.tests import common |
|||
import mock |
|||
import os |
|||
from contextlib import contextmanager |
|||
import unittest |
|||
|
|||
|
|||
@contextmanager |
|||
def mock_cursor(cr): |
|||
with mock.patch('openerp.sql_db.Connection.cursor') as mocked_cursor_call: |
|||
org_close = cr.close |
|||
org_autocommit = cr.autocommit |
|||
try: |
|||
cr.close = mock.Mock() |
|||
cr.autocommit = mock.Mock() |
|||
mocked_cursor_call.return_value = cr |
|||
yield |
|||
finally: |
|||
cr.close = org_close |
|||
cr.autocommit = org_autocommit |
|||
|
|||
|
|||
class test_res_users(common.TransactionCase): |
|||
|
|||
def test_login(self): |
|||
res_users_obj = self.registry('res.users') |
|||
uid = res = res_users_obj.login(common.DB, 'admin', 'admin') |
|||
self.assertTrue(res, "Basic login must works as expected") |
|||
token = "123456" |
|||
res = res_users_obj.login(common.DB, 'admin', token) |
|||
self.assertFalse(res) |
|||
# mimic what the new controller do when it find a value in |
|||
# the http header (HTTP_REMODE_USER) |
|||
res_users_obj.write(self.cr, self.uid, uid, {'sso_key': token}) |
|||
|
|||
# Here we need to mock the cursor since the login is natively done inside |
|||
# its own connection |
|||
with mock_cursor(self.cr): |
|||
# We can verifies that the given (uid, token) is authorized for the database |
|||
res_users_obj.check(common.DB, uid, token) |
|||
|
|||
# we are able to login with the new token |
|||
res = res_users_obj.login(common.DB, 'admin', token) |
|||
self.assertTrue(res) |
|||
|
|||
@unittest.skipIf(os.environ.get('TRAVIS'), |
|||
'When run by travis, tests runs on a database with all required addons from server-tools and ' |
|||
'their dependencies installed. Even if `auth_from_http_remote_user` does not require the `mail`' |
|||
'module, The previous installation of the mail module has created the column ' |
|||
'`notification_email_send` as REQUIRED into the table res_partner. BTW, it\'s no more possible ' |
|||
'to copy a res_user without an intefirty error') |
|||
def test_copy(self): |
|||
'''Check that the sso_key is not copied on copy |
|||
''' |
|||
res_users_obj = self.registry('res.users') |
|||
vals = {'sso_key': '123'} |
|||
res_users_obj.write(self.cr, self.uid, self.uid, vals) |
|||
read_vals = res_users_obj.read(self.cr, self.uid, self.uid, ['sso_key']) |
|||
self.assertDictContainsSubset(vals, read_vals) |
|||
copy = res_users_obj.copy(self.cr, self.uid, self.uid) |
|||
read_vals = res_users_obj.read(self.cr, self.uid, copy, ['sso_key']) |
|||
self.assertFalse(read_vals.get('sso_key')) |
@ -0,0 +1,22 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# Author: Laurent Mignon |
|||
# Copyright 2014 'ACSONE SA/NV' |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
|
|||
KEY_LENGTH = 16 |
Write
Preview
Loading…
Cancel
Save
Reference in new issue