Use Email header from SSOWat

2024-09-03 20:26:01 +02:00 · 2019-08-29 22:52:48 +02:00 · 2019-08-29 22:52:48 +02:00 · b74c5ac883
commit b74c5ac883
parent a268d78454
4 changed files with 6 additions and 20 deletions
--- a/scripts/install
+++ b/scripts/install
@ -123,8 +123,9 @@ echo "TIME_ZONE = \"$(cat /etc/timezone)\"" | tee -a $final_path/conf/seahub_set

 # SSO authentication
 echo 'ENABLE_REMOTE_USER_AUTHENTICATION = True' | tee -a $final_path/conf/seahub_settings.py
+echo "REMOTE_USER_HEADER = 'HTTP_EMAIL'" | tee -a $final_path/conf/seahub_settings.py
 echo 'REMOTE_USER_CREATE_UNKNOWN_USER = False' | tee -a $final_path/conf/seahub_settings.py
-echo "REMOTE_USER_DOMAIN = '$domain'" | tee -a $final_path/conf/seahub_settings.py
+echo "REMOTE_USER_DOMAIN = ''" | tee -a $final_path/conf/seahub_settings.py
 echo "REMOTE_USER_PROTECTED_PATH = ['$path_url', '$path_url/accounts/login']" | tee -a $final_path/conf/seahub_settings.py

 # LDAP configuration
@ -171,7 +172,8 @@ sleep 5
 su - $seafile_user -s /bin/bash -c "$final_path/seafile-server-$seafile_version/seafile.sh start"
 # We escape all char witch needed.
 ynh_replace_special_string --match_string __ADMIN_PASSWORD__ --replace_string "$admin_password" --target_file $final_path/first_launch.exp
-su - $seafile_user -s /bin/bash -c "$final_path/first_launch.exp $final_path/seafile-server-$seafile_version $admin@$domain"
+admin_email=$(ynh_user_get_info $admin 'mail')
+su - $seafile_user -s /bin/bash -c "$final_path/first_launch.exp $final_path/seafile-server-$seafile_version $admin_email"
 ynh_secure_remove --file="$final_path/first_launch.exp"

 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -141,8 +141,9 @@ case $installed_version in
 	expect_scripts/upgrade_7.0.exp $final_path/seafile-server-$seafile_version $root_pwd
 	# SSO authentication
    echo 'ENABLE_REMOTE_USER_AUTHENTICATION = True' | tee -a $final_path/conf/seahub_settings.py
+    echo "REMOTE_USER_HEADER = 'HTTP_EMAIL'" | tee -a $final_path/conf/seahub_settings.py
    echo 'REMOTE_USER_CREATE_UNKNOWN_USER = False' | tee -a $final_path/conf/seahub_settings.py
-    echo "REMOTE_USER_DOMAIN = '$domain'" | tee -a $final_path/conf/seahub_settings.py
+    echo "REMOTE_USER_DOMAIN = ''" | tee -a $final_path/conf/seahub_settings.py
    echo "REMOTE_USER_PROTECTED_PATH = ['$path_url', '$path_url/accounts/login']" | tee -a $final_path/conf/seahub_settings.py

    # Clean connexion from the SSO. If we don't do this we could have some when the user was loged by the old SSO auth mecanisme
--- a/sources/patches/arm-force_domain_email.patch
+++ b/sources/patches/arm-force_domain_email.patch
@ -1 +0,0 @@
-x86-64-force_domain_email.patch
--- a/sources/patches/x86-64-force_domain_email.patch
+++ b/sources/patches/x86-64-force_domain_email.patch
@ -1,16 +0,0 @@
-diff --git a/seahub/base/accounts.py b/seahub/base/accounts.py
-index 4ebbb98c4..ba468d073 100644
--- a/seahub/seahub/base/accounts.py
-+++ b/seahub/seahub/base/accounts.py
-@@ -540,7 +540,11 @@ class User(object):
- 
- class AuthBackend(object):
- 
-+    allowed_domain = settings.REMOTE_USER_DOMAIN
-+
-     def get_user_with_import(self, username):
-+        if '@' in username and self.allowed_domain != username.split('@')[1]:
-+            raise User.DoesNotExist, 'Invalid domain for the email. Please use the seafile domain for the domain part of the email.'
-         emailuser = seaserv.get_emailuser_with_import(username)
-         if not emailuser:
-             raise User.DoesNotExist, 'User matching query does not exits.'