mirror of
				https://github.com/paperless-ngx/paperless-ngx.git
				synced 2025-10-25 07:49:06 -04:00 
			
		
		
		
	Merge pull request #677 from skuzzle/dev
Add the possibility to customize the remote user header name
This commit is contained in:
		
						commit
						da9f370924
					
				| @ -192,7 +192,17 @@ PAPERLESS_ENABLE_HTTP_REMOTE_USER=<bool> | ||||
|     applications. | ||||
| 
 | ||||
|     Defaults to `false` which disables this feature. | ||||
| 
 | ||||
|      | ||||
| PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=<str> | ||||
|     If `PAPERLESS_ENABLE_HTTP_REMOTE_USER` is enabled, this property allows to  | ||||
|     customize the name of the HTTP header from which the authenticated username  | ||||
|     is extracted. Values are in terms of | ||||
|     [HttpRequest.META](https://docs.djangoproject.com/en/3.1/ref/request-response/#django.http.HttpRequest.META). | ||||
|     Thus, the configured value must start with `HTTP_` followed by the  | ||||
|     normalized actual header name. | ||||
|      | ||||
|     Defaults to `HTTP_REMOTE_USER`. | ||||
|      | ||||
| .. _configuration-ocr: | ||||
| 
 | ||||
| OCR settings | ||||
|  | ||||
							
								
								
									
										66
									
								
								src/documents/tests/test_auth.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										66
									
								
								src/documents/tests/test_auth.py
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,66 @@ | ||||
| from django.contrib.auth.models import User | ||||
| from django.test import override_settings, Client, modify_settings, TestCase | ||||
| 
 | ||||
| 
 | ||||
| class TestRemoteUserAuthentication(TestCase): | ||||
| 
 | ||||
|     def test_no_remote_user_auth(self): | ||||
|         client = Client() | ||||
| 
 | ||||
|         response = client.get("/api/documents/") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|         response = client.get("/api/documents/", HTTP_REMOTE_USER="someone") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|         response = client.get("/api/documents/", HTTP_X_FORWARDED_USER="someone") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|     @modify_settings( | ||||
|         MIDDLEWARE={ | ||||
|             'append': 'paperless.auth.HttpRemoteUserMiddleware' | ||||
|         }, | ||||
|         AUTHENTICATION_BACKENDS={ | ||||
|             'prepend': 'django.contrib.auth.backends.RemoteUserBackend' | ||||
|         } | ||||
|     ) | ||||
|     def test_standard_remote_user_auth(self): | ||||
|         client = Client() | ||||
| 
 | ||||
|         response = client.get("/api/documents/") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|         response = client.get("/api/documents/", HTTP_X_FORWARDED_USER="someone") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|         self.assertFalse(User.objects.filter(username="someone").exists()) | ||||
| 
 | ||||
|         response = client.get("/api/documents/", HTTP_REMOTE_USER="someone") | ||||
|         self.assertEqual(response.status_code, 200) | ||||
| 
 | ||||
|         self.assertTrue(User.objects.filter(username="someone").exists()) | ||||
| 
 | ||||
|     @modify_settings( | ||||
|         MIDDLEWARE={ | ||||
|             'append': 'paperless.auth.HttpRemoteUserMiddleware' | ||||
|         }, | ||||
|         AUTHENTICATION_BACKENDS={ | ||||
|             'prepend': 'django.contrib.auth.backends.RemoteUserBackend' | ||||
|         } | ||||
|     ) | ||||
|     @override_settings(HTTP_REMOTE_USER_HEADER_NAME="HTTP_X_FORWARDED_USER") | ||||
|     def test_custom_remote_user_auth(self): | ||||
|         client = Client() | ||||
| 
 | ||||
|         response = client.get("/api/documents/") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|         response = client.get("/api/documents/", HTTP_REMOTE_USER="someone") | ||||
|         self.assertEqual(response.status_code, 401) | ||||
| 
 | ||||
|         self.assertFalse(User.objects.filter(username="someone").exists()) | ||||
| 
 | ||||
|         response = client.get("/api/documents/", HTTP_X_FORWARDED_USER="someone") | ||||
|         self.assertEqual(response.status_code, 200) | ||||
| 
 | ||||
|         self.assertTrue(User.objects.filter(username="someone").exists()) | ||||
| @ -33,5 +33,4 @@ class HttpRemoteUserMiddleware(RemoteUserMiddleware): | ||||
|     """ This class allows authentication via HTTP_REMOTE_USER which is set for | ||||
|         example by certain SSO applications. | ||||
|     """ | ||||
| 
 | ||||
|     header = 'HTTP_REMOTE_USER' | ||||
|     header = settings.HTTP_REMOTE_USER_HEADER_NAME | ||||
|  | ||||
| @ -189,6 +189,7 @@ if AUTO_LOGIN_USERNAME: | ||||
|     MIDDLEWARE.insert(_index+1, 'paperless.auth.AutoLoginMiddleware') | ||||
| 
 | ||||
| ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER") | ||||
| HTTP_REMOTE_USER_HEADER_NAME = os.getenv("PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME", "HTTP_REMOTE_USER") | ||||
| 
 | ||||
| if ENABLE_HTTP_REMOTE_USER: | ||||
|     MIDDLEWARE.append( | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user