diff --git a/auth_from_http_remote_user/__openerp__.py b/auth_from_http_remote_user/__openerp__.py
index 317cdb073..810ec427a 100644
--- a/auth_from_http_remote_user/__openerp__.py
+++ b/auth_from_http_remote_user/__openerp__.py
@@ -119,7 +119,6 @@ for a login and password outside OpenErp and are automatically logged in the sys
'website': 'http://www.acsone.eu',
'depends': ['web'],
"license": "AGPL-3",
- "js": ['static/src/js/auth_from_http_remote_user.js'],
'data': [
'res_config_view.xml',
'res_config_data.xml'],
diff --git a/auth_from_http_remote_user/controllers/__init__.py b/auth_from_http_remote_user/controllers/__init__.py
index 7705efcef..6b12b8082 100644
--- a/auth_from_http_remote_user/controllers/__init__.py
+++ b/auth_from_http_remote_user/controllers/__init__.py
@@ -19,4 +19,4 @@
#
##############################################################################
-from . import session
+from . import main
diff --git a/auth_from_http_remote_user/controllers/session.py b/auth_from_http_remote_user/controllers/main.py
similarity index 78%
rename from auth_from_http_remote_user/controllers/session.py
rename to auth_from_http_remote_user/controllers/main.py
index f1dc0450a..37f62b665 100644
--- a/auth_from_http_remote_user/controllers/session.py
+++ b/auth_from_http_remote_user/controllers/main.py
@@ -21,9 +21,10 @@
from openerp import SUPERUSER_ID
-from openerp.addons.web import http
+import openerp
+from openerp import http
+from openerp.http import request
from openerp.addons.web.controllers import main
-from openerp.modules.registry import RegistryManager
from .. import utils
import random
@@ -33,20 +34,17 @@ import openerp.tools.config as config
_logger = logging.getLogger(__name__)
-class Session(main.Session):
- _cp_path = "/web/session"
+class Home(main.Home):
_REQUIRED_ATTRIBUTES = ['HTTP_REMOTE_USER']
_OPTIONAL_ATTRIBUTES = []
- def _get_db(self, db):
- if db is not None and len(db) > 0:
- return db
- db = config['db_name']
- if db is None or len(db) == 0:
- _logger.error("No db found for SSO. Specify one in the URL using parameter "
- "db=? or provide a default one in the configuration")
- raise http.AuthenticationError()
+ @http.route('/web', type='http', auth="none")
+ def web_client(self, s_action=None, **kw):
+ main.ensure_db()
+ if not request.session.uid:
+ self._bind_http_remote_user(http.request.session.db)
+ return super(Home, self).web_client(s_action, **kw)
def _get_user_id_from_attributes(self, res_users, cr, attrs):
login = attrs.get('HTTP_REMOTE_USER', None)
@@ -56,12 +54,12 @@ class Session(main.Session):
return user_ids[0]
return None
- def _get_attributes_form_header(self, req):
+ def _get_attributes_form_header(self):
attrs = {}
all_attrs = self._REQUIRED_ATTRIBUTES + self._OPTIONAL_ATTRIBUTES
- headers = req.httprequest.headers.environ
+ headers = http.request.httprequest.headers.environ
for attr in all_attrs:
value = headers.get(attr, None)
@@ -78,10 +76,9 @@ class Session(main.Session):
_logger.error("Required fields '%s' not found in http headers\n %s", missings, headers)
return attrs
- def _bind_http_remote_user(self, req, db_name):
- db_name = self._get_db(db_name)
+ def _bind_http_remote_user(self, db_name):
try:
- registry = RegistryManager.get(db_name)
+ registry = openerp.registry(db_name)
with registry.cursor() as cr:
modules = registry.get('ir.module.module')
installed = modules.search_count(cr, SUPERUSER_ID, ['&',
@@ -95,7 +92,7 @@ class Session(main.Session):
# get the user
res_users = registry.get('res.users')
- attrs = self._get_attributes_form_header(req)
+ attrs = self._get_attributes_form_header()
user_id = self._get_user_id_from_attributes(res_users, cr, attrs)
if user_id is None:
@@ -107,19 +104,13 @@ class Session(main.Session):
key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})
login = res_users.browse(cr, SUPERUSER_ID, user_id).login
- req.session.bind(db_name, user_id, login, key)
+ request.session.authenticate(db_name, login=login, password=key, uid=user_id)
except http.AuthenticationError, e:
raise e
except Exception, e:
_logger.error("Error binding Http Remote User session", exc_info=True)
raise e
- @http.jsonrequest
- def get_http_remote_user_session_info(self, req, db):
- if not req.session._login:
- self._bind_http_remote_user(req, db)
- return self.session_info(req)
-
randrange = random.SystemRandom().randrange
diff --git a/auth_from_http_remote_user/static/src/js/auth_from_http_remote_user.js b/auth_from_http_remote_user/static/src/js/auth_from_http_remote_user.js
deleted file mode 100644
index df34118cf..000000000
--- a/auth_from_http_remote_user/static/src/js/auth_from_http_remote_user.js
+++ /dev/null
@@ -1,36 +0,0 @@
-openerp.auth_from_http_remote_user = function(instance) {
-
- instance.web.Session.include({
- session_load_response : function(response) {
- //unregister the event since it must be called only if the rpc call
- //is made by session_reload
- this.off('response', this.session_load_response);
- if (response.error && response.error.data.type === "session_invalid") {
- $("body").html("Access Denied
");
- }
-
- console.log("session_load_response called");
- },
-
- session_reload : function() {
- var self = this;
- // we need to register an handler for 'response' since
- // by default, the rpc doesn't call callback function
- // if the response is of error type 'session_invalid'
- this.on('response', this, this.session_load_response);
- return this.rpc("/web/session/get_http_remote_user_session_info", {
- db : $.deparam.querystring().db
- }).done(function(result) {
- // If immediately follows a login (triggered by trying to
- // restore
- // an invalid session or no session at all), refresh session
- // data
- // (should not change, but just in case...)
- _.extend(self, result);
- }).fail(function(result){
- $("body").html("Server error
");
- });
- }
- });
-
-};
\ No newline at end of file
diff --git a/auth_from_http_remote_user/tests/test_res_users.py b/auth_from_http_remote_user/tests/test_res_users.py
index e2ba2f890..9341661ee 100644
--- a/auth_from_http_remote_user/tests/test_res_users.py
+++ b/auth_from_http_remote_user/tests/test_res_users.py
@@ -45,10 +45,11 @@ class test_res_users(common.TransactionCase):
def test_login(self):
res_users_obj = self.registry('res.users')
- uid = res = res_users_obj.login(common.DB, 'admin', 'admin')
+ res = res_users_obj.authenticate(common.DB, 'admin', 'admin', None)
+ uid = res
self.assertTrue(res, "Basic login must works as expected")
token = "123456"
- res = res_users_obj.login(common.DB, 'admin', token)
+ res = res_users_obj.authenticate(common.DB, 'admin', token, None)
self.assertFalse(res)
# mimic what the new controller do when it find a value in
# the http header (HTTP_REMODE_USER)
@@ -61,7 +62,7 @@ class test_res_users(common.TransactionCase):
res_users_obj.check(common.DB, uid, token)
# we are able to login with the new token
- res = res_users_obj.login(common.DB, 'admin', token)
+ res = res_users_obj.authenticate(common.DB, 'admin', token, None)
self.assertTrue(res)
@unittest.skipIf(os.environ.get('TRAVIS'),