Browse Source

Merge pull request #457 from acsone/9.0-auth_from_http_remote_user-migration-lmi

[9.0][MIG] auth_from_http_remote_user
pull/592/head
Pedro M. Baeza 8 years ago
committed by GitHub
parent
commit
98f39a9e3d
  1. 43
      auth_from_http_remote_user/README.rst
  2. 24
      auth_from_http_remote_user/__init__.py
  3. 33
      auth_from_http_remote_user/__openerp__.py
  4. 21
      auth_from_http_remote_user/controllers/__init__.py
  5. 30
      auth_from_http_remote_user/controllers/main.py
  6. 27
      auth_from_http_remote_user/model.py
  7. 6
      auth_from_http_remote_user/models/__init__.py
  8. 10
      auth_from_http_remote_user/models/auth_from_http_remote_user.py
  9. 24
      auth_from_http_remote_user/models/res_users.py
  10. 65
      auth_from_http_remote_user/res_users.py
  11. 21
      auth_from_http_remote_user/tests/__init__.py
  12. 23
      auth_from_http_remote_user/tests/test_res_users.py
  13. 22
      auth_from_http_remote_user/utils.py
  14. 1
      setup/auth_from_http_remote_user/odoo_addons/__init__.py
  15. 1
      setup/auth_from_http_remote_user/odoo_addons/auth_from_http_remote_user
  16. 6
      setup/auth_from_http_remote_user/setup.py

43
auth_from_http_remote_user/README.rst

@ -1,3 +1,8 @@
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
=========================================
Allow users to be automatically logged in Allow users to be automatically logged in
========================================= =========================================
@ -12,7 +17,7 @@ If the field is found in the header and no user matches the given one, the
system issue a login error page. (*401* `Unauthorized`) system issue a login error page. (*401* `Unauthorized`)
Use case. Use case.
---------
=========
The module allows integration with external security systems [#]_ that can pass The module allows integration with external security systems [#]_ that can pass
along authentication of a user via Remote_User HTTP header field. In many along authentication of a user via Remote_User HTTP header field. In many
@ -37,7 +42,7 @@ cases, this is achieved via server like Apache HTTPD or nginx proxying Odoo.
How to test the module with Apache [#]_ How to test the module with Apache [#]_
----------------------------------------
=======================================
Apache can be used as a reverse proxy providing the authentication and adding Apache can be used as a reverse proxy providing the authentication and adding
the required field in the Http headers. the required field in the Http headers.
@ -120,6 +125,38 @@ logged in the system.
.. [#] Shibolleth, Tivoli access manager, .. .. [#] Shibolleth, Tivoli access manager, ..
.. [#] Based on a ubuntu 12.04 env .. [#] Based on a ubuntu 12.04 env
Bug Tracker
===========
Bugs are tracked on `GitHub Issues
<https://github.com/OCA/server-tools/issues>`_. In case of trouble, please
check there if your issue has already been reported. If you spotted it first,
help us smashing it by providing a detailed and welcomed feedback.
Credits
=======
Images
------
* Odoo Community Association: `Icon <https://github.com/OCA/maintainer-tools/blob/master/template/module/static/description/icon.svg>`_.
Contributors Contributors
------------ ------------
* Laurent Mignon
* Laurent Mignon <laurent.mignon@acsone.eu>
Maintainer
----------
.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org
This module is maintained by the OCA.
OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.
To contribute to this module, please visit https://odoo-community.org.

24
auth_from_http_remote_user/__init__.py

@ -1,24 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from . import controllers from . import controllers
from . import res_users
from . import model
from . import models

33
auth_from_http_remote_user/__openerp__.py

@ -1,37 +1,14 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
{ {
'name': 'Authenticate via HTTP Remote User', 'name': 'Authenticate via HTTP Remote User',
'version': '8.0.1.0.0',
'version': '9.0.1.0.0',
'category': 'Tools', 'category': 'Tools',
'author': "Acsone SA/NV,Odoo Community Association (OCA)", 'author': "Acsone SA/NV,Odoo Community Association (OCA)",
'maintainer': 'ACSONE SA/NV', 'maintainer': 'ACSONE SA/NV',
'website': 'http://www.acsone.eu', 'website': 'http://www.acsone.eu',
'depends': ['base', 'web', 'base_setup'],
'depends': ['web', 'base_setup'],
"license": "AGPL-3", "license": "AGPL-3",
'data': [],
"demo": [],
"test": [],
"active": False,
'installable': False,
"auto_install": False,
"application": False,
'installable': True,
} }

21
auth_from_http_remote_user/controllers/__init__.py

@ -1,22 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from . import main from . import main

30
auth_from_http_remote_user/controllers/main.py

@ -1,31 +1,14 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from openerp import SUPERUSER_ID from openerp import SUPERUSER_ID
import openerp
from openerp import http from openerp import http
from openerp.http import request from openerp.http import request
from openerp.addons.web.controllers import main from openerp.addons.web.controllers import main
from openerp.addons.auth_from_http_remote_user.model import \
from openerp.modules.registry import RegistryManager
from ..models.auth_from_http_remote_user import \
AuthFromHttpRemoteUserInstalled AuthFromHttpRemoteUserInstalled
from .. import utils from .. import utils
@ -59,7 +42,7 @@ class Home(main.Home):
def _bind_http_remote_user(self, db_name): def _bind_http_remote_user(self, db_name):
try: try:
registry = openerp.registry(db_name)
registry = RegistryManager.get(db_name)
with registry.cursor() as cr: with registry.cursor() as cr:
if AuthFromHttpRemoteUserInstalled._name not in registry: if AuthFromHttpRemoteUserInstalled._name not in registry:
# module not installed in database, # module not installed in database,
@ -72,6 +55,9 @@ class Home(main.Home):
if not login: if not login:
# no HTTP_REMOTE_USER header, # no HTTP_REMOTE_USER header,
# continue usual behavior # continue usual behavior
_logger.debug("Required fields '%s' not found in http"
" headers\n %s",
self._REMOTE_USER_ATTRIBUTE, headers)
return return
request_login = request.session.login request_login = request.session.login

27
auth_from_http_remote_user/model.py

@ -1,27 +0,0 @@
# -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from openerp.osv import orm
class AuthFromHttpRemoteUserInstalled(orm.AbstractModel):
"""An abstract model used to safely know if the module is installed
"""
_name = 'auth_from_http_remote_user.installed'

6
auth_from_http_remote_user/models/__init__.py

@ -0,0 +1,6 @@
# -*- coding: utf-8 -*-
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from . import res_users
from . import auth_from_http_remote_user

10
auth_from_http_remote_user/models/auth_from_http_remote_user.py

@ -0,0 +1,10 @@
# -*- coding: utf-8 -*-
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from openerp import models
class AuthFromHttpRemoteUserInstalled(models.AbstractModel):
"""An abstract model used to safely know if the module is installed
"""
_name = 'auth_from_http_remote_user.installed'

24
auth_from_http_remote_user/models/res_users.py

@ -0,0 +1,24 @@
# -*- coding: utf-8 -*-
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from openerp import api, fields, models
import openerp.exceptions
from openerp.addons.auth_from_http_remote_user import utils
class ResUsers(models.Model):
_inherit = 'res.users'
sso_key = fields.Char(
'SSO Key', size=utils.KEY_LENGTH, readonly=True, copy=False)
@api.model
def check_credentials(self, password):
try:
return super(ResUsers, self).check_credentials(password)
except openerp.exceptions.AccessDenied:
res = self.sudo().search([('id', '=', self.env.uid),
('sso_key', '=', password)])
if not res:
raise

65
auth_from_http_remote_user/res_users.py

@ -1,65 +0,0 @@
# -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from openerp.modules.registry import RegistryManager
from openerp.osv import orm, fields
from openerp import SUPERUSER_ID
import openerp.exceptions
from openerp.addons.auth_from_http_remote_user import utils
class res_users(orm.Model):
_inherit = 'res.users'
_columns = {
'sso_key': fields.char('SSO Key', size=utils.KEY_LENGTH,
readonly=True),
}
def copy(self, cr, uid, rid, defaults=None, context=None):
defaults = defaults or {}
defaults['sso_key'] = False
return super(res_users, self).copy(cr, uid, rid, defaults, context)
def check_credentials(self, cr, uid, password):
try:
return super(res_users, self).check_credentials(cr, uid, password)
except openerp.exceptions.AccessDenied:
res = self.search(cr, SUPERUSER_ID, [('id', '=', uid),
('sso_key', '=', password)])
if not res:
raise openerp.exceptions.AccessDenied()
def check(self, db, uid, passwd):
try:
return super(res_users, self).check(db, uid, passwd)
except openerp.exceptions.AccessDenied:
if not passwd:
raise
with RegistryManager.get(db).cursor() as cr:
cr.execute('''SELECT COUNT(1)
FROM res_users
WHERE id=%s
AND sso_key=%s
AND active=%s''', (int(uid), passwd, True))
if not cr.fetchone()[0]:
raise
self._uid_cache.setdefault(db, {})[uid] = passwd

21
auth_from_http_remote_user/tests/__init__.py

@ -1,22 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from . import test_res_users from . import test_res_users

23
auth_from_http_remote_user/tests/test_res_users.py

@ -1,23 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
from openerp.tests import common from openerp.tests import common
import mock import mock
@ -41,7 +24,7 @@ def mock_cursor(cr):
cr.autocommit = org_autocommit cr.autocommit = org_autocommit
class test_res_users(common.TransactionCase):
class TestResUsers(common.TransactionCase):
def test_login(self): def test_login(self):
res_users_obj = self.registry('res.users') res_users_obj = self.registry('res.users')

22
auth_from_http_remote_user/utils.py

@ -1,22 +1,4 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
##############################################################################
#
# Author: Laurent Mignon
# Copyright 2014 'ACSONE SA/NV'
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
# Copyright 2014 ACSONE SA/NV (<http://acsone.eu>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
KEY_LENGTH = 16 KEY_LENGTH = 16

1
setup/auth_from_http_remote_user/odoo_addons/__init__.py

@ -0,0 +1 @@
__import__('pkg_resources').declare_namespace(__name__)

1
setup/auth_from_http_remote_user/odoo_addons/auth_from_http_remote_user

@ -0,0 +1 @@
../../../auth_from_http_remote_user

6
setup/auth_from_http_remote_user/setup.py

@ -0,0 +1,6 @@
import setuptools
setuptools.setup(
setup_requires=['setuptools-odoo'],
odoo_addon=True,
)
Loading…
Cancel
Save