From 426ad30a52a5326d808ab1ba242d97ab85cc9d4d Mon Sep 17 00:00:00 2001
From: Michael Shamoon <4887959+nikonratm@users.noreply.github.com>
Date: Sun, 3 Jan 2021 21:21:39 -0800
Subject: [PATCH] Refactor to extend RemoteUserMiddleware & add authentication
 for Django

---
 src/paperless/auth.py     | 16 +++-------------
 src/paperless/settings.py | 21 ++++++++++++++-------
 2 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/src/paperless/auth.py b/src/paperless/auth.py
index d92dc7671..cd717e56b 100644
--- a/src/paperless/auth.py
+++ b/src/paperless/auth.py
@@ -2,7 +2,7 @@ from django.conf import settings
 from django.contrib.auth.models import User
 from django.utils.deprecation import MiddlewareMixin
 from rest_framework import authentication
-from rest_framework import exceptions
+from django.contrib.auth.middleware import RemoteUserMiddleware
 
 
 class AutoLoginMiddleware(MiddlewareMixin):
@@ -29,19 +29,9 @@ class AngularApiAuthenticationOverride(authentication.BaseAuthentication):
             return None
 
 
-class HttpRemoteUserAuthentication(authentication.BaseAuthentication):
+class HttpRemoteUserMiddleware(RemoteUserMiddleware):
     """ This class allows authentication via HTTP_REMOTE_USER which is set for
         example by certain SSO applications.
     """
 
-    def authenticate(self, request):
-        username = request.META.get('HTTP_REMOTE_USER')
-        if not username:
-            return None
-
-        try:
-            user = User.objects.get(username=username)
-        except User.DoesNotExist:
-            raise exceptions.AuthenticationFailed('No such user')
-
-        return (user, None)
+    header = 'HTTP_REMOTE_USER'
diff --git a/src/paperless/settings.py b/src/paperless/settings.py
index dd0d4a7d9..afbc667e0 100644
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -115,13 +115,6 @@ if DEBUG:
         'paperless.auth.AngularApiAuthenticationOverride'
     )
 
-ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER")
-
-if ENABLE_HTTP_REMOTE_USER:
-    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append(
-        'paperless.auth.HttpRemoteUserAuthentication'
-    )
-
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
@@ -135,6 +128,20 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
+ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER")
+
+if ENABLE_HTTP_REMOTE_USER:
+    MIDDLEWARE.append(
+        'paperless.auth.HttpRemoteUserMiddleware'
+    )
+    AUTHENTICATION_BACKENDS = [
+        'django.contrib.auth.backends.RemoteUserBackend',
+        'django.contrib.auth.backends.ModelBackend'
+    ]
+    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append(
+        'rest_framework.authentication.RemoteUserAuthentication'
+    )
+
 ROOT_URLCONF = 'paperless.urls'
 
 FORCE_SCRIPT_NAME = os.getenv("PAPERLESS_FORCE_SCRIPT_NAME")