Browse Source

auth_http_remote_user: test if already authenticated based on login instead of uid

Avoids a database query unless authentication is actually required.
pull/34/head
Stéphane Bidoul 10 years ago
parent
commit
c2fec40d13
  1. 17
      auth_from_http_remote_user/controllers/main.py

17
auth_from_http_remote_user/controllers/main.py

@ -74,22 +74,21 @@ class Home(main.Home):
# continue usual behavior
return
res_users = registry.get('res.users')
request_login = request.session.login
if request_login:
if request_login == login:
# already authenticated
return
else:
request.session.logout(keep_db=True)
res_users = registry.get('res.users')
user_id = self._search_user(res_users, login, cr)
if not user_id:
# HTTP_REMOTE_USER login not found in database
request.session.logout(keep_db=True)
raise http.AuthenticationError()
request_uid = request.session.uid
if request_uid:
if request_uid == user_id:
# already authenticated
return
else:
request.session.logout(keep_db=True)
# generate a specific key for authentication
key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})

Loading…
Cancel
Save