moving auth_proxy to hooks.py

7 years ago · cb7430df4e
--- a/realms/__init__.py
+++ b/realms/__init__.py
@@ -27,9 +27,8 @@ from werkzeug.exceptions import HTTPException
 from sqlalchemy.ext.declarative import declarative_base

 from realms.modules.search.models import Search
 from realms.lib.util import to_canonical, remove_ext, mkdir_safe, gravatar_url, to_dict
 from realms.lib.util import to_canonical, remove_ext, mkdir_safe, gravatar_url, to_dict, is_su, in_virtualenv
 from realms.lib.hook import HookModelMeta, HookMixin
 from realms.lib.util import is_su, in_virtualenv
 from realms.version import __version__


@@ -216,22 +215,6 @@ def create_app(config=None):
        if app.config.get('DB_URI'):
            db.metadata.create_all(db.get_engine(app))

    if app.config["AUTH_PROXY"]:
        logger = logging.getLogger("realms.auth")

        @app.before_request
        def proxy_auth():
            from realms.modules.auth.proxy.models import User as ProxyUser
            remote_user = request.headers.get(app.config["AUTH_PROXY_HEADER_NAME"])
            if remote_user:
                if current_user.is_authenticated:
                    if current_user.id == remote_user:
                        return
                    logger.info("login in realms and login by proxy are different: '{}'/'{}'".format(
                        current_user.id, remote_user))
                    logout_user()
                logger.info("User logged in by proxy as '{}'".format(remote_user))
                ProxyUser.do_login(remote_user)

    return app

--- a/realms/config/__init__.py
+++ b/realms/config/__init__.py
@@ -160,6 +160,8 @@ class Config(object):
            self.MODULES.append('auth.oauth')
        if hasattr(self, 'LDAP'):
            self.MODULES.append('auth.ldap')
        if hasattr(self, "AUTH_PROXY"):
            self.MODULES.append('auth.proxy')
        if in_vagrant():
            self.USE_X_SENDFILE = False
        if self.ENV == "DEV":
--- a/realms/modules/auth/proxy/hooks.py
+++ b/realms/modules/auth/proxy/hooks.py
@@ -0,0 +1,25 @@
 from __future__ import absolute_import

 import logging

 from flask import request, current_app
 from flask_login import current_user, logout_user

 from .models import User as ProxyUser


 logger = logging.getLogger("realms.auth")


 def before_request():
    header_name = current_app.config["AUTH_PROXY_HEADER_NAME"]
    remote_user = request.headers.get(header_name)
    if remote_user:
        if current_user.is_authenticated:
            if current_user.id == remote_user:
                return
            logger.info("login in realms and login by proxy are different: '{}'/'{}'".format(
                current_user.id, remote_user))
            logout_user()
        logger.info("User logged in by proxy as '{}'".format(remote_user))
        ProxyUser.do_login(remote_user)