mirror of
				https://github.com/paperless-ngx/paperless-ngx.git
				synced 2025-10-25 07:49:06 -04:00 
			
		
		
		
	Merge pull request #677 from skuzzle/dev
Add the possibility to customize the remote user header name
This commit is contained in:
		
						commit
						da9f370924
					
				| @ -192,7 +192,17 @@ PAPERLESS_ENABLE_HTTP_REMOTE_USER=<bool> | |||||||
|     applications. |     applications. | ||||||
| 
 | 
 | ||||||
|     Defaults to `false` which disables this feature. |     Defaults to `false` which disables this feature. | ||||||
| 
 |      | ||||||
|  | PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=<str> | ||||||
|  |     If `PAPERLESS_ENABLE_HTTP_REMOTE_USER` is enabled, this property allows to  | ||||||
|  |     customize the name of the HTTP header from which the authenticated username  | ||||||
|  |     is extracted. Values are in terms of | ||||||
|  |     [HttpRequest.META](https://docs.djangoproject.com/en/3.1/ref/request-response/#django.http.HttpRequest.META). | ||||||
|  |     Thus, the configured value must start with `HTTP_` followed by the  | ||||||
|  |     normalized actual header name. | ||||||
|  |      | ||||||
|  |     Defaults to `HTTP_REMOTE_USER`. | ||||||
|  |      | ||||||
| .. _configuration-ocr: | .. _configuration-ocr: | ||||||
| 
 | 
 | ||||||
| OCR settings | OCR settings | ||||||
|  | |||||||
							
								
								
									
										66
									
								
								src/documents/tests/test_auth.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										66
									
								
								src/documents/tests/test_auth.py
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,66 @@ | |||||||
|  | from django.contrib.auth.models import User | ||||||
|  | from django.test import override_settings, Client, modify_settings, TestCase | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class TestRemoteUserAuthentication(TestCase): | ||||||
|  | 
 | ||||||
|  |     def test_no_remote_user_auth(self): | ||||||
|  |         client = Client() | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/", HTTP_REMOTE_USER="someone") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/", HTTP_X_FORWARDED_USER="someone") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |     @modify_settings( | ||||||
|  |         MIDDLEWARE={ | ||||||
|  |             'append': 'paperless.auth.HttpRemoteUserMiddleware' | ||||||
|  |         }, | ||||||
|  |         AUTHENTICATION_BACKENDS={ | ||||||
|  |             'prepend': 'django.contrib.auth.backends.RemoteUserBackend' | ||||||
|  |         } | ||||||
|  |     ) | ||||||
|  |     def test_standard_remote_user_auth(self): | ||||||
|  |         client = Client() | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/", HTTP_X_FORWARDED_USER="someone") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |         self.assertFalse(User.objects.filter(username="someone").exists()) | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/", HTTP_REMOTE_USER="someone") | ||||||
|  |         self.assertEqual(response.status_code, 200) | ||||||
|  | 
 | ||||||
|  |         self.assertTrue(User.objects.filter(username="someone").exists()) | ||||||
|  | 
 | ||||||
|  |     @modify_settings( | ||||||
|  |         MIDDLEWARE={ | ||||||
|  |             'append': 'paperless.auth.HttpRemoteUserMiddleware' | ||||||
|  |         }, | ||||||
|  |         AUTHENTICATION_BACKENDS={ | ||||||
|  |             'prepend': 'django.contrib.auth.backends.RemoteUserBackend' | ||||||
|  |         } | ||||||
|  |     ) | ||||||
|  |     @override_settings(HTTP_REMOTE_USER_HEADER_NAME="HTTP_X_FORWARDED_USER") | ||||||
|  |     def test_custom_remote_user_auth(self): | ||||||
|  |         client = Client() | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/", HTTP_REMOTE_USER="someone") | ||||||
|  |         self.assertEqual(response.status_code, 401) | ||||||
|  | 
 | ||||||
|  |         self.assertFalse(User.objects.filter(username="someone").exists()) | ||||||
|  | 
 | ||||||
|  |         response = client.get("/api/documents/", HTTP_X_FORWARDED_USER="someone") | ||||||
|  |         self.assertEqual(response.status_code, 200) | ||||||
|  | 
 | ||||||
|  |         self.assertTrue(User.objects.filter(username="someone").exists()) | ||||||
| @ -33,5 +33,4 @@ class HttpRemoteUserMiddleware(RemoteUserMiddleware): | |||||||
|     """ This class allows authentication via HTTP_REMOTE_USER which is set for |     """ This class allows authentication via HTTP_REMOTE_USER which is set for | ||||||
|         example by certain SSO applications. |         example by certain SSO applications. | ||||||
|     """ |     """ | ||||||
| 
 |     header = settings.HTTP_REMOTE_USER_HEADER_NAME | ||||||
|     header = 'HTTP_REMOTE_USER' |  | ||||||
|  | |||||||
| @ -189,6 +189,7 @@ if AUTO_LOGIN_USERNAME: | |||||||
|     MIDDLEWARE.insert(_index+1, 'paperless.auth.AutoLoginMiddleware') |     MIDDLEWARE.insert(_index+1, 'paperless.auth.AutoLoginMiddleware') | ||||||
| 
 | 
 | ||||||
| ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER") | ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER") | ||||||
|  | HTTP_REMOTE_USER_HEADER_NAME = os.getenv("PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME", "HTTP_REMOTE_USER") | ||||||
| 
 | 
 | ||||||
| if ENABLE_HTTP_REMOTE_USER: | if ENABLE_HTTP_REMOTE_USER: | ||||||
|     MIDDLEWARE.append( |     MIDDLEWARE.append( | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user