From cb7430df4ece59f5e8a34bc802b8099128a0f947 Mon Sep 17 00:00:00 2001 From: Stephane Martin Date: Tue, 6 Sep 2016 13:53:40 +0200 Subject: [PATCH] moving auth_proxy to hooks.py --- realms/__init__.py | 19 +------------------ realms/config/__init__.py | 2 ++ realms/modules/auth/proxy/hooks.py | 25 +++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 18 deletions(-) create mode 100644 realms/modules/auth/proxy/hooks.py diff --git a/realms/__init__.py b/realms/__init__.py index e04c122..bdb1640 100644 --- a/realms/__init__.py +++ b/realms/__init__.py @@ -27,9 +27,8 @@ from werkzeug.exceptions import HTTPException from sqlalchemy.ext.declarative import declarative_base from realms.modules.search.models import Search -from realms.lib.util import to_canonical, remove_ext, mkdir_safe, gravatar_url, to_dict +from realms.lib.util import to_canonical, remove_ext, mkdir_safe, gravatar_url, to_dict, is_su, in_virtualenv from realms.lib.hook import HookModelMeta, HookMixin -from realms.lib.util import is_su, in_virtualenv from realms.version import __version__ @@ -216,22 +215,6 @@ def create_app(config=None): if app.config.get('DB_URI'): db.metadata.create_all(db.get_engine(app)) - if app.config["AUTH_PROXY"]: - logger = logging.getLogger("realms.auth") - - @app.before_request - def proxy_auth(): - from realms.modules.auth.proxy.models import User as ProxyUser - remote_user = request.headers.get(app.config["AUTH_PROXY_HEADER_NAME"]) - if remote_user: - if current_user.is_authenticated: - if current_user.id == remote_user: - return - logger.info("login in realms and login by proxy are different: '{}'/'{}'".format( - current_user.id, remote_user)) - logout_user() - logger.info("User logged in by proxy as '{}'".format(remote_user)) - ProxyUser.do_login(remote_user) return app diff --git a/realms/config/__init__.py b/realms/config/__init__.py index 3c5da25..860837f 100644 --- a/realms/config/__init__.py +++ b/realms/config/__init__.py @@ -160,6 +160,8 @@ class Config(object): self.MODULES.append('auth.oauth') if hasattr(self, 'LDAP'): self.MODULES.append('auth.ldap') + if hasattr(self, "AUTH_PROXY"): + self.MODULES.append('auth.proxy') if in_vagrant(): self.USE_X_SENDFILE = False if self.ENV == "DEV": diff --git a/realms/modules/auth/proxy/hooks.py b/realms/modules/auth/proxy/hooks.py new file mode 100644 index 0000000..e7dcae4 --- /dev/null +++ b/realms/modules/auth/proxy/hooks.py @@ -0,0 +1,25 @@ +from __future__ import absolute_import + +import logging + +from flask import request, current_app +from flask_login import current_user, logout_user + +from .models import User as ProxyUser + + +logger = logging.getLogger("realms.auth") + + +def before_request(): + header_name = current_app.config["AUTH_PROXY_HEADER_NAME"] + remote_user = request.headers.get(header_name) + if remote_user: + if current_user.is_authenticated: + if current_user.id == remote_user: + return + logger.info("login in realms and login by proxy are different: '{}'/'{}'".format( + current_user.id, remote_user)) + logout_user() + logger.info("User logged in by proxy as '{}'".format(remote_user)) + ProxyUser.do_login(remote_user)