moving auth_proxy to hooks.py

This commit is contained in:
Stephane Martin 2016-09-06 13:53:40 +02:00
parent cc2d0b7e09
commit cb7430df4e
3 changed files with 28 additions and 18 deletions

View file

@ -27,9 +27,8 @@ from werkzeug.exceptions import HTTPException
from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.ext.declarative import declarative_base
from realms.modules.search.models import Search from realms.modules.search.models import Search
from realms.lib.util import to_canonical, remove_ext, mkdir_safe, gravatar_url, to_dict from realms.lib.util import to_canonical, remove_ext, mkdir_safe, gravatar_url, to_dict, is_su, in_virtualenv
from realms.lib.hook import HookModelMeta, HookMixin from realms.lib.hook import HookModelMeta, HookMixin
from realms.lib.util import is_su, in_virtualenv
from realms.version import __version__ from realms.version import __version__
@ -216,22 +215,6 @@ def create_app(config=None):
if app.config.get('DB_URI'): if app.config.get('DB_URI'):
db.metadata.create_all(db.get_engine(app)) db.metadata.create_all(db.get_engine(app))
if app.config["AUTH_PROXY"]:
logger = logging.getLogger("realms.auth")
@app.before_request
def proxy_auth():
from realms.modules.auth.proxy.models import User as ProxyUser
remote_user = request.headers.get(app.config["AUTH_PROXY_HEADER_NAME"])
if remote_user:
if current_user.is_authenticated:
if current_user.id == remote_user:
return
logger.info("login in realms and login by proxy are different: '{}'/'{}'".format(
current_user.id, remote_user))
logout_user()
logger.info("User logged in by proxy as '{}'".format(remote_user))
ProxyUser.do_login(remote_user)
return app return app

View file

@ -160,6 +160,8 @@ class Config(object):
self.MODULES.append('auth.oauth') self.MODULES.append('auth.oauth')
if hasattr(self, 'LDAP'): if hasattr(self, 'LDAP'):
self.MODULES.append('auth.ldap') self.MODULES.append('auth.ldap')
if hasattr(self, "AUTH_PROXY"):
self.MODULES.append('auth.proxy')
if in_vagrant(): if in_vagrant():
self.USE_X_SENDFILE = False self.USE_X_SENDFILE = False
if self.ENV == "DEV": if self.ENV == "DEV":

View file

@ -0,0 +1,25 @@
from __future__ import absolute_import
import logging
from flask import request, current_app
from flask_login import current_user, logout_user
from .models import User as ProxyUser
logger = logging.getLogger("realms.auth")
def before_request():
header_name = current_app.config["AUTH_PROXY_HEADER_NAME"]
remote_user = request.headers.get(header_name)
if remote_user:
if current_user.is_authenticated:
if current_user.id == remote_user:
return
logger.info("login in realms and login by proxy are different: '{}'/'{}'".format(
current_user.id, remote_user))
logout_user()
logger.info("User logged in by proxy as '{}'".format(remote_user))
ProxyUser.do_login(remote_user)