seafile_ynh/sources/sso_auth.patch

92 lines
3.8 KiB
Diff
Raw Normal View History

2017-08-11 22:01:38 +02:00
diff -Naur a/seahub/seahub/auth/middleware.py b/seahub/seahub/auth/middleware.py
--- a/seahub/seahub/auth/middleware.py 2017-06-13 07:49:44.000000000 +0200
+++ b/seahub/seahub/auth/middleware.py 2017-08-11 19:13:54.000000000 +0200
@@ -1,5 +1,6 @@
# Copyright (c) 2012-2016 Seafile Ltd.
-from django.contrib import auth
+#from django.contrib import auth
+from seahub import auth
from django.core.exceptions import ImproperlyConfigured
@@ -50,7 +51,7 @@
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the RemoteUserMiddleware class.")
try:
- username = request.META[self.header]
2017-09-30 15:07:56 +02:00
+ username = request.META["HTTP_AUTH_USER"] + '@' + request.META["HTTP_HOST"]
2017-08-11 22:01:38 +02:00
except KeyError:
# If specified header doesn't exist then return (leaving
# request.user set to AnonymousUser by the
diff -Naur a/seahub/seahub/base/accounts.py b/seahub/seahub/base/accounts.py
--- a/seahub/seahub/base/accounts.py 2017-06-13 07:49:44.000000000 +0200
+++ b/seahub/seahub/base/accounts.py 2017-08-11 20:28:30.000000000 +0200
@@ -396,6 +396,48 @@
if user.check_password(password):
return user
+class RemoteUserBackend(AuthBackend):
+ """
+ This backend is to be used in conjunction with the ``RemoteUserMiddleware``
+ found in the middleware module of this package, and is used when the server
+ is handling authentication outside of Django.
+ By default, the ``authenticate`` method creates ``User`` objects for
+ usernames that don't already exist in the database. Subclasses can disable
+ this behavior by setting the ``create_unknown_user`` attribute to
+ ``False``.
+ """
+
+ # Create a User object if not already in the database?
+ create_unknown_user = True
+
+ def authenticate(self, remote_user):
+ """
+ The username passed as ``remote_user`` is considered trusted. This
+ method simply returns the ``User`` object with the given username,
+ creating a new ``User`` object if ``create_unknown_user`` is ``True``.
+ Returns None if ``create_unknown_user`` is ``False`` and a ``User``
+ object with the given username is not found in the database.
+ """
+ if not remote_user:
+ return
+ user = None
+ username = self.clean_username(remote_user)
+
+ # Note that this could be accomplished in one try-except clause, but
+ # instead we use get_or_create when creating unknown users since it has
+ # built-in safeguards for multiple threads.
+
+ user = self.get_user(username)
+ return user
+
+ def clean_username(self, username):
+ """
+ Performs any cleaning on the "username" prior to using it to get or
+ create the user object. Returns the cleaned username.
+ By default, returns the username unchanged.
+ """
+ return username
+
########## Register related
class RegistrationBackend(object):
"""
diff -Naur a/seahub/seahub/settings.py b/seahub/seahub/settings.py
--- a/seahub/seahub/settings.py 2017-06-13 07:52:41.000000000 +0200
+++ b/seahub/seahub/settings.py 2017-08-11 21:48:59.397330029 +0200
@@ -114,6 +114,7 @@
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'seahub.auth.middleware.AuthenticationMiddleware',
+ 'seahub.auth.middleware.RemoteUserMiddleware',
'seahub.base.middleware.BaseMiddleware',
'seahub.base.middleware.InfobarMiddleware',
'seahub.password_session.middleware.CheckPasswordHash',
@@ -232,6 +233,7 @@
CONSTANCE_DATABASE_CACHE_BACKEND = 'default'
AUTHENTICATION_BACKENDS = (
+ 'seahub.base.accounts.RemoteUserBackend',
'seahub.base.accounts.AuthBackend',
)
LOGIN_REDIRECT_URL = '/profile/'