Refactor to extend RemoteUserMiddleware & add authentication for Django

2025-11-03 03:16:10 -06:00 · 2021-01-03 21:21:39 -08:00
parent 8caa61bd9d
commit 0286abd92a
2 changed files with 17 additions and 20 deletions
--- a/src/paperless/auth.py
+++ b/src/paperless/auth.py
@@ -2,7 +2,7 @@ from django.conf import settings
 from django.contrib.auth.models import User
 from django.utils.deprecation import MiddlewareMixin
 from rest_framework import authentication
-from rest_framework import exceptions
+from django.contrib.auth.middleware import RemoteUserMiddleware


 class AutoLoginMiddleware(MiddlewareMixin):
@@ -29,19 +29,9 @@ class AngularApiAuthenticationOverride(authentication.BaseAuthentication):
            return None


-class HttpRemoteUserAuthentication(authentication.BaseAuthentication):
+class HttpRemoteUserMiddleware(RemoteUserMiddleware):
    """ This class allows authentication via HTTP_REMOTE_USER which is set for
        example by certain SSO applications.
    """

-    def authenticate(self, request):
-        username = request.META.get('HTTP_REMOTE_USER')
-        if not username:
-            return None
-
-        try:
-            user = User.objects.get(username=username)
-        except User.DoesNotExist:
-            raise exceptions.AuthenticationFailed('No such user')
-
-        return (user, None)
+    header = 'HTTP_REMOTE_USER'
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -115,13 +115,6 @@ if DEBUG:
        'paperless.auth.AngularApiAuthenticationOverride'
    )

-ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER")
-
-if ENABLE_HTTP_REMOTE_USER:
-    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append(
-        'paperless.auth.HttpRemoteUserAuthentication'
-    )
-
 MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'whitenoise.middleware.WhiteNoiseMiddleware',
@@ -135,6 +128,20 @@ MIDDLEWARE = [
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]

+ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER")
+
+if ENABLE_HTTP_REMOTE_USER:
+    MIDDLEWARE.append(
+        'paperless.auth.HttpRemoteUserMiddleware'
+    )
+    AUTHENTICATION_BACKENDS = [
+        'django.contrib.auth.backends.RemoteUserBackend',
+        'django.contrib.auth.backends.ModelBackend'
+    ]
+    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append(
+        'rest_framework.authentication.RemoteUserAuthentication'
+    )
+
 ROOT_URLCONF = 'paperless.urls'

 FORCE_SCRIPT_NAME = os.getenv("PAPERLESS_FORCE_SCRIPT_NAME")