[ADD] HTTP Basic auth for OpenERP. One module picks up the HTTP authorization

header and tries to login the user with the credentials given. Usually,
you would have a setup that your OpenERP instance sits behind a proxy
that does the authentication and passes it on via those headers.

The second modifies the logout procedure to clear the browser's credential
cache for basic authentication for the site OpenERP is running on.

It is split into two modules because of the web client's habit of loading
all addons which have a static directory, resulting in always executing
auth_from_http_basic's monkey patch. This way the user has to consciously
decide to load the addon.

auth_from_http_basic/__init__.py

@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    OpenERP, Open Source Management Solution
+#    This module copyright (C) 2014 Therp BV (<http://therp.nl>).
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+from openerp.addons.web.http import WebRequest, JsonRequest
+from openerp.addons.web.controllers import main as web_main
+
+old_init = WebRequest.init
+
+
+def init(self, params):
+    old_init(self, params)
+    if self.httprequest.authorization and not self.session._login:
+        dbs = web_main.db_list(self)
+        self.session.authenticate(
+            dbs and dbs[0],
+            self.httprequest.authorization.username,
+            self.httprequest.authorization.password,
+            dict(
+                base_location=self.httprequest.url_root.rstrip('/'),
+                HTTP_HOST=self.httprequest.environ['HTTP_HOST'],
+                REMOTE_ADDR=self.httprequest.environ['REMOTE_ADDR']
+                ))
+
+WebRequest.init = init
+
+old_dispatch = JsonRequest.dispatch
+
+
+def dispatch(self, method):
+    response = old_dispatch(self, method)
+    if method.im_func == web_main.Session.destroy.im_func:
+        response.status = '301 logout'
+        response.headers.add(
+            'Location',
+            self.httprequest.url.replace('://', '://logout@'))
+    return response
+
+JsonRequest.dispatch = dispatch

auth_from_http_basic/__openerp__.py

@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    OpenERP, Open Source Management Solution
+#    This module copyright (C) 2014 Therp BV (<http://therp.nl>).
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+{
+    "name": "Authenticate via HTTP basic authentication",
+    "version": "1.0",
+    "author": "Therp BV",
+    "complexity": "expert",
+    "description": """
+In an environment where several web applications authenticate against the same
+source, the simplest way to attain single sign on would be to have the
+webserver handle authentication and pass the login information via HTTP headers
+to the application it proxies.
+
+This addon allows for this setup. Technically, it picks up the HTTP
+Authorization header, extracts a username and a password and tries to login
+into the first database found in the database list.
+
+If you have to set a specific database, possibly depending on the login
+provided, use the addon dbfilter_from_header.
+
+The addon has to be loaded as server-wide module.
+
+
+Funders:
+
+Open2bizz software & consultancy
+    """,
+    "category": "",
+    "depends": [
+    ],
+    "data": [
+    ],
+    "js": [
+    ],
+    "css": [
+    ],
+    "qweb": [
+    ],
+    "auto_install": False,
+    "installable": True,
+    "external_dependencies": {
+        'python': [],
+    },
+}

auth_from_http_basic_logout/__init__.py

@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    OpenERP, Open Source Management Solution
+#    This module copyright (C) 2014 Therp BV (<http://therp.nl>).
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################

auth_from_http_basic_logout/__openerp__.py

@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    OpenERP, Open Source Management Solution
+#    This module copyright (C) 2014 Therp BV (<http://therp.nl>).
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+{
+    "name": "Authenticate via HTTP basic authentication (logout helper)",
+    "version": "1.0",
+    "author": "Therp BV",
+    "complexity": "expert",
+    "description": """
+With auth_from_http_basic, the logout procedure has to be bent a bit to provide
+a good user experience. As the former has to be a server wide module, this is
+the clientside complement which provides the javascript part.
+
+The addon has to be installed in the database in use.
+
+
+Funders:
+
+Open2bizz software & consultancy
+    """,
+    "category": "",
+    "depends": [
+        'web',
+        'auth_from_http_basic',
+    ],
+    "data": [
+    ],
+    "js": [
+        'static/src/js/auth_from_http_basic_logout.js',
+    ],
+    "css": [
+    ],
+    "qweb": [
+    ],
+    "auto_install": False,
+    "installable": True,
+    "external_dependencies": {
+        'python': [],
+    },
+}

auth_from_http_basic_logout/i18n/auth_from_http_basic_logout.pot

@@ -0,0 +1,23 @@
+# Translation of OpenERP Server.
+# This file contains the translation of the following modules:
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenERP Server 7.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-01-18 16:31+0000\n"
+"PO-Revision-Date: 2014-01-18 16:31+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_from_http_basic_logout
+#. openerp-web
+#: code:addons/auth_from_http_basic_logout/static/src/js/auth_from_http_basic_logout.js:37
+#, python-format
+msgid "<p style=\"background: white\">You have been logged out successfully. <a href=\"#\">Click here to log in again.</a></p>"
+msgstr ""
+

auth_from_http_basic_logout/i18n/nl.po

@@ -0,0 +1,23 @@
+# Translation of OpenERP Server.
+# This file contains the translation of the following modules:
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: OpenERP Server 7.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2014-01-18 16:31+0000\n"
+"PO-Revision-Date: 2014-01-18 16:31+0000\n"
+"Last-Translator: <>\n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: auth_from_http_basic_logout
+#. openerp-web
+#: code:addons/auth_from_http_basic_logout/static/src/js/auth_from_http_basic_logout.js:37
+#, python-format
+msgid "<p style=\"background: white\">You have been logged out successfully. <a href=\"#\">Click here to log in again.</a></p>"
+msgstr "<p style=\"background: white\">U bent afgemeld. <a href=\"#\">Klik hier om weer in te loggen.</a></p>"
+

auth_from_http_basic_logout/static/src/js/auth_from_http_basic_logout.js

@@ -0,0 +1,48 @@
+//-*- coding: utf-8 -*-
+//############################################################################
+//
+//   OpenERP, Open Source Management Solution
+//   This module copyright (C) 2014 Therp BV (<http://therp.nl>).
+//
+//   This program is free software: you can redistribute it and/or modify
+//   it under the terms of the GNU Affero General Public License as
+//   published by the Free Software Foundation, either version 3 of the
+//   License, or (at your option) any later version.
+//
+//   This program is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU Affero General Public License for more details.
+//
+//   You should have received a copy of the GNU Affero General Public License
+//   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+//############################################################################
+
+openerp.auth_from_http_basic_logout = function(openerp)
+{
+    openerp.web.Session.include({
+        session_logout: function()
+        {
+            var deferred = this._super(this, arguments);
+            deferred.fail(function(error, ev)
+            {
+                ev.preventDefault();
+                openerp.web.blockUI();
+                jQuery('.openerp_webclient_container').remove();
+                jQuery('.oe_blockui_spin_container')
+                    .empty()
+                    .html(
+                        _.string.sprintf(
+                            openerp.web._t(
+                                '<p style="background: white">You have been logged out successfully. <a href="#">Click here to log in again.</a></p>')
+                            ))
+                    .click(function() 
+                    {
+                        window.location.reload();
+                    });
+            });
+            return deferred;
+        }
+    });
+}