mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-19 10:26:17 +00:00
Add proxy authentification
This commit is contained in:
Louis Chemineau
@@ -1,7 +1,8 @@
|
|||||||
# Copyright (c) 2012-2016 Seafile Ltd.
|
# Copyright (c) 2012-2016 Seafile Ltd.
|
||||||
from django.contrib import auth
|
from seahub import auth
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
class LazyUser(object):
|
class LazyUser(object):
|
||||||
def __get__(self, request, obj_type=None):
|
def __get__(self, request, obj_type=None):
|
||||||
@@ -30,15 +31,15 @@ class RemoteUserMiddleware(object):
|
|||||||
If authentication is successful, the user is automatically logged in to
|
If authentication is successful, the user is automatically logged in to
|
||||||
persist the user in the session.
|
persist the user in the session.
|
||||||
|
|
||||||
The header used is configurable and defaults to ``REMOTE_USER``. Subclass
|
The header used is configurable and defaults to ``REMOTE_USER``. Set the
|
||||||
this class and change the ``header`` attribute if you need to use a
|
``PROXY_AUTH_HEADER`` environment variable if you need to use a different
|
||||||
different header.
|
header.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Name of request header to grab username from. This will be the key as
|
# Name of request header to grab username from. This will be the key as
|
||||||
# used in the request.META dictionary, i.e. the normalization of headers to
|
# used in the request.META dictionary, i.e. the normalization of headers to
|
||||||
# all uppercase and the addition of "HTTP_" prefix apply.
|
# all uppercase and the addition of "HTTP_" prefix apply.
|
||||||
header = "REMOTE_USER"
|
header = getattr(settings, 'PROXY_AUTH_HEADER', "HTTP_REMOTE_USER")
|
||||||
|
|
||||||
def process_request(self, request):
|
def process_request(self, request):
|
||||||
# AuthenticationMiddleware is required so that request.user exists.
|
# AuthenticationMiddleware is required so that request.user exists.
|
||||||
|
|||||||
@@ -576,6 +576,50 @@ class AuthBackend(object):
|
|||||||
if user.check_password(password):
|
if user.check_password(password):
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
class ProxyRemoteUserBackend(AuthBackend):
|
||||||
|
"""
|
||||||
|
This backend is to be used in conjunction with the ``RemoteUserMiddleware``
|
||||||
|
found in the middleware module of this package, and is used when the server
|
||||||
|
is handling authentication outside of Django.
|
||||||
|
By default, the ``authenticate`` method creates ``User`` objects for
|
||||||
|
usernames that don't already exist in the database. Subclasses can disable
|
||||||
|
this behavior by setting the ``create_unknown_user`` attribute to
|
||||||
|
``False``.
|
||||||
|
"""
|
||||||
|
# Create a User object if not already in the database?
|
||||||
|
create_unknown_user = True
|
||||||
|
|
||||||
|
trust_proxy = getattr(settings, 'TRUST_PROXY_AUTHTENTICATION', False)
|
||||||
|
|
||||||
|
def authenticate(self, remote_user):
|
||||||
|
"""
|
||||||
|
The username passed as ``remote_user`` is considered trusted. This
|
||||||
|
method simply returns the ``User`` object with the given username,
|
||||||
|
creating a new ``User`` object if ``create_unknown_user`` is ``True``.
|
||||||
|
Returns None if ``create_unknown_user`` is ``False`` and a ``User``
|
||||||
|
object with the given username is not found in the database.
|
||||||
|
"""
|
||||||
|
# End the remote user auth process if the proxy is not trusted
|
||||||
|
if not remote_user or not self.trust_proxy:
|
||||||
|
return
|
||||||
|
user = None
|
||||||
|
username = self.clean_username(remote_user)
|
||||||
|
|
||||||
|
# Note that this could be accomplished in one try-except clause, but
|
||||||
|
# instead we use get_or_create when creating unknown users since it has
|
||||||
|
# built-in safeguards for multiple threads.
|
||||||
|
|
||||||
|
user = self.get_user(username)
|
||||||
|
return user
|
||||||
|
|
||||||
|
def clean_username(self, username):
|
||||||
|
"""
|
||||||
|
Performs any cleaning on the "username" prior to using it to get or
|
||||||
|
create the user object. Returns the cleaned username.
|
||||||
|
By default, returns the username unchanged.
|
||||||
|
"""
|
||||||
|
return username
|
||||||
|
|
||||||
########## Register related
|
########## Register related
|
||||||
class RegistrationBackend(object):
|
class RegistrationBackend(object):
|
||||||
"""
|
"""
|
||||||
|
|||||||
@@ -116,6 +116,7 @@ MIDDLEWARE_CLASSES = (
|
|||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.messages.middleware.MessageMiddleware',
|
'django.contrib.messages.middleware.MessageMiddleware',
|
||||||
'seahub.auth.middleware.AuthenticationMiddleware',
|
'seahub.auth.middleware.AuthenticationMiddleware',
|
||||||
|
'seahub.auth.middleware.RemoteUserMiddleware',
|
||||||
'seahub.base.middleware.BaseMiddleware',
|
'seahub.base.middleware.BaseMiddleware',
|
||||||
'seahub.base.middleware.InfobarMiddleware',
|
'seahub.base.middleware.InfobarMiddleware',
|
||||||
'seahub.password_session.middleware.CheckPasswordHash',
|
'seahub.password_session.middleware.CheckPasswordHash',
|
||||||
@@ -271,6 +272,7 @@ CONSTANCE_DATABASE_CACHE_BACKEND = 'default'
|
|||||||
AUTHENTICATION_BACKENDS = (
|
AUTHENTICATION_BACKENDS = (
|
||||||
'seahub.social_core.backends.weixin_enterprise.WeixinWorkOAuth2',
|
'seahub.social_core.backends.weixin_enterprise.WeixinWorkOAuth2',
|
||||||
|
|
||||||
|
'seahub.base.accounts.ProxyRemoteUserBackend',
|
||||||
'seahub.base.accounts.AuthBackend',
|
'seahub.base.accounts.AuthBackend',
|
||||||
'seahub.oauth.backends.OauthRemoteUserBackend',
|
'seahub.oauth.backends.OauthRemoteUserBackend',
|
||||||
)
|
)
|
||||||
|
|||||||
Reference in New Issue
Block a user