From 7f97716ae903ddb10e1f417d12e59c2c8cab461a Mon Sep 17 00:00:00 2001 From: Matt Date: Thu, 1 Feb 2018 16:41:38 -0500 Subject: [PATCH 1/7] Testing auth disabling mods --- src/paperless/auto_auth.py | 16 ++++++++++++++++ src/paperless/settings.py | 15 +++++++++++---- 2 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 src/paperless/auto_auth.py diff --git a/src/paperless/auto_auth.py b/src/paperless/auto_auth.py new file mode 100644 index 000000000..27d9158c1 --- /dev/null +++ b/src/paperless/auto_auth.py @@ -0,0 +1,16 @@ +from django.contrib.auth.models import User + +class User: + is_superuser = True + is_active = True + is_staff = True + id = 1 + +def return_true(*args, **kwargs): + return True +User.has_module_perms = return_true +User.has_perm = return_true + +class Middleware(object): + def process_request(self, request): + request.user = User() diff --git a/src/paperless/settings.py b/src/paperless/settings.py index 6d750c9b0..a28424e81 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -77,14 +77,21 @@ INSTALLED_APPS = [ if os.getenv("PAPERLESS_INSTALLED_APPS"): INSTALLED_APPS += os.getenv("PAPERLESS_INSTALLED_APPS").split(",") + +AUTH_CLASSES = [\ + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware'] + +if bool(os.getenv("PAPERLESS_DISABLE_AUTH","true").lower() in ("yes", "y", "1", "t", "true")): + AUTH_CLASSES = ['auto_auth.Middleware'] + MIDDLEWARE_CLASSES = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware']\ + + AUTH_CLASSES + \ + ['django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] From 516bc48a33101437707b6a7775caaea07f5600f5 Mon Sep 17 00:00:00 2001 From: Matt Meno Date: Thu, 1 Feb 2018 17:17:05 -0500 Subject: [PATCH 2/7] Updating changes to allow for disabling login --- paperless.conf.example | 5 +++++ src/paperless/auto_auth.py | 10 +++++++++- src/paperless/settings.py | 6 ++++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/paperless.conf.example b/paperless.conf.example index b197b1a12..a7af84ff0 100644 --- a/paperless.conf.example +++ b/paperless.conf.example @@ -86,6 +86,11 @@ PAPERLESS_PASSPHRASE="secret" # https://docs.djangoproject.com/en/1.11/ref/settings/#force-script-name #PAPERLESS_FORCE_SCRIPT_NAME="" +# If you are using alternative authentication means or are just using paperless +# as a single user on a small private network, this option allows you to disable +# user authentication if you set it to "true" +#PAPERLESS_DISABLE_LOGIN="" + ############################################################################### #### Software Tweaks #### ############################################################################### diff --git a/src/paperless/auto_auth.py b/src/paperless/auto_auth.py index 27d9158c1..f4b908c7d 100644 --- a/src/paperless/auto_auth.py +++ b/src/paperless/auto_auth.py @@ -1,10 +1,18 @@ from django.contrib.auth.models import User +''' + This is a dummy authentication middleware module that creates what + is roughly an Anonymous authenticated user so we can disable login + and not interfere with existing user ID's. +''' + class User: is_superuser = True is_active = True is_staff = True - id = 1 + is_authenticated=True + id = -1 #Must be -1 to avoid colliding with possible existing user ID's (that start number at 1) + pk = -1 def return_true(*args, **kwargs): return True diff --git a/src/paperless/settings.py b/src/paperless/settings.py index a28424e81..ec7449f64 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -78,12 +78,14 @@ if os.getenv("PAPERLESS_INSTALLED_APPS"): INSTALLED_APPS += os.getenv("PAPERLESS_INSTALLED_APPS").split(",") +#Default Django authentication middleware (requires a username/password) AUTH_CLASSES = [\ 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware'] -if bool(os.getenv("PAPERLESS_DISABLE_AUTH","true").lower() in ("yes", "y", "1", "t", "true")): - AUTH_CLASSES = ['auto_auth.Middleware'] +#If AUTH is disabled, we just use our "bypass" authentication middleware +if bool(os.getenv("PAPERLESS_DISABLE_LOGIN","false").lower() in ("yes", "y", "1", "t", "true")): + AUTH_CLASSES = ['paperless.auto_auth.Middleware'] MIDDLEWARE_CLASSES = [ 'django.middleware.security.SecurityMiddleware', From e70ad3d49344d6db5b0cf39c552345268c9417d8 Mon Sep 17 00:00:00 2001 From: Matt Date: Thu, 1 Feb 2018 17:32:08 -0500 Subject: [PATCH 3/7] Fixing formatting to be compatible with upstream repo for login disabling patch --- src/paperless/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/paperless/settings.py b/src/paperless/settings.py index ec7449f64..199a03dd6 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -85,7 +85,7 @@ AUTH_CLASSES = [\ #If AUTH is disabled, we just use our "bypass" authentication middleware if bool(os.getenv("PAPERLESS_DISABLE_LOGIN","false").lower() in ("yes", "y", "1", "t", "true")): - AUTH_CLASSES = ['paperless.auto_auth.Middleware'] + AUTH_CLASSES = ['paperless.auto_auth.Middleware'] MIDDLEWARE_CLASSES = [ 'django.middleware.security.SecurityMiddleware', From 96c517d65c4ad8eb0a202836eb34394d8da5023c Mon Sep 17 00:00:00 2001 From: Matt Date: Fri, 2 Feb 2018 09:50:43 -0500 Subject: [PATCH 4/7] Rejiggering code style to make upstream pycodestyle checks happy --- src/paperless/auto_auth.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/paperless/auto_auth.py b/src/paperless/auto_auth.py index f4b908c7d..a12bf9405 100644 --- a/src/paperless/auto_auth.py +++ b/src/paperless/auto_auth.py @@ -1,24 +1,34 @@ from django.contrib.auth.models import User ''' - This is a dummy authentication middleware module that creates what + This is a dummy authentication middleware module that creates what is roughly an Anonymous authenticated user so we can disable login and not interfere with existing user ID's. ''' + class User: is_superuser = True is_active = True is_staff = True - is_authenticated=True - id = -1 #Must be -1 to avoid colliding with possible existing user ID's (that start number at 1) + is_authenticated = True + + ''' + Must be -1 to avoid colliding with possible + existing user ID's (that start number at 1) + ''' + id = -1 pk = -1 + def return_true(*args, **kwargs): return True + + User.has_module_perms = return_true User.has_perm = return_true + class Middleware(object): def process_request(self, request): request.user = User() From e7c23cfb9250aa062362edec3ae2e5d182e3f97a Mon Sep 17 00:00:00 2001 From: Matt Date: Tue, 6 Feb 2018 10:03:50 -0500 Subject: [PATCH 5/7] Making paperless.conf DISABLE_LOGIN default explicitly to "false" for clarity --- paperless.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/paperless.conf.example b/paperless.conf.example index a7af84ff0..d6d6527f0 100644 --- a/paperless.conf.example +++ b/paperless.conf.example @@ -89,7 +89,7 @@ PAPERLESS_PASSPHRASE="secret" # If you are using alternative authentication means or are just using paperless # as a single user on a small private network, this option allows you to disable # user authentication if you set it to "true" -#PAPERLESS_DISABLE_LOGIN="" +#PAPERLESS_DISABLE_LOGIN="false" ############################################################################### #### Software Tweaks #### From 151d85f2beb2b365161573dae8892c88c008da84 Mon Sep 17 00:00:00 2001 From: Matt Date: Thu, 8 Feb 2018 08:46:33 -0500 Subject: [PATCH 6/7] Moving auto-auth logic to more Django-flavored locations and correcting some readability/stylistic considerations requested by the upstream maintainer --- src/paperless/auto_auth.py | 34 ---------------------------------- src/paperless/middleware.py | 14 ++++++++++++++ src/paperless/models.py | 19 +++++++++++++++++++ src/paperless/settings.py | 21 ++++++++++----------- 4 files changed, 43 insertions(+), 45 deletions(-) delete mode 100644 src/paperless/auto_auth.py create mode 100644 src/paperless/middleware.py create mode 100644 src/paperless/models.py diff --git a/src/paperless/auto_auth.py b/src/paperless/auto_auth.py deleted file mode 100644 index a12bf9405..000000000 --- a/src/paperless/auto_auth.py +++ /dev/null @@ -1,34 +0,0 @@ -from django.contrib.auth.models import User - -''' - This is a dummy authentication middleware module that creates what - is roughly an Anonymous authenticated user so we can disable login - and not interfere with existing user ID's. -''' - - -class User: - is_superuser = True - is_active = True - is_staff = True - is_authenticated = True - - ''' - Must be -1 to avoid colliding with possible - existing user ID's (that start number at 1) - ''' - id = -1 - pk = -1 - - -def return_true(*args, **kwargs): - return True - - -User.has_module_perms = return_true -User.has_perm = return_true - - -class Middleware(object): - def process_request(self, request): - request.user = User() diff --git a/src/paperless/middleware.py b/src/paperless/middleware.py new file mode 100644 index 000000000..c2a74cc51 --- /dev/null +++ b/src/paperless/middleware.py @@ -0,0 +1,14 @@ +from django.utils.deprecation import MiddlewareMixin +from .models import User + +class Middleware (MiddlewareMixin): + """ + This is a dummy authentication middleware class that creates what + is roughly an Anonymous authenticated user so we can disable login + and not interfere with existing user ID's. It's only used if + login is disabled in paperless.conf (default is to require login) + """ + + def process_request(self, request): + request.user = User() + diff --git a/src/paperless/models.py b/src/paperless/models.py new file mode 100644 index 000000000..1728d6822 --- /dev/null +++ b/src/paperless/models.py @@ -0,0 +1,19 @@ +class User: + """ + This is a dummy django User used with our middleware to disable + login authentication if that is configured in paperless.conf + """ + is_superuser = True + is_active = True + is_staff = True + is_authenticated = True + has_module_perms = lambda *_: True + has_perm = lambda *_: True + + #Must be -1 to avoid colliding with real user ID's (which start at 1) + id = -1 + + @property + def pk(self): + return self.id + diff --git a/src/paperless/settings.py b/src/paperless/settings.py index e9e668037..b998e101a 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -78,25 +78,24 @@ if os.getenv("PAPERLESS_INSTALLED_APPS"): INSTALLED_APPS += os.getenv("PAPERLESS_INSTALLED_APPS").split(",") -#Default Django authentication middleware (requires a username/password) -AUTH_CLASSES = [\ - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.auth.middleware.SessionAuthenticationMiddleware'] - -#If AUTH is disabled, we just use our "bypass" authentication middleware -if bool(os.getenv("PAPERLESS_DISABLE_LOGIN","false").lower() in ("yes", "y", "1", "t", "true")): - AUTH_CLASSES = ['paperless.auto_auth.Middleware'] MIDDLEWARE_CLASSES = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware']\ - + AUTH_CLASSES + \ - ['django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] +#If AUTH is disabled, we just use our "bypass" authentication middleware +if bool(os.getenv("PAPERLESS_DISABLE_LOGIN", "false").lower() in ("yes", "y", "1", "t", "true")): + _index = MIDDLEWARE_CLASSES.index('django.contrib.auth.middleware.AuthenticationMiddleware') + MIDDLEWARE_CLASSES[_index] = 'paperless.middleware.Middleware' + MIDDLEWARE_CLASSES.remove('django.contrib.auth.middleware.SessionAuthenticationMiddleware') + ROOT_URLCONF = 'paperless.urls' TEMPLATES = [ From 4bde14368c0e1d298b0477aa8e0904fe36d263fa Mon Sep 17 00:00:00 2001 From: Matt Date: Thu, 8 Feb 2018 09:01:10 -0500 Subject: [PATCH 7/7] Rejiggering for more pycodestyle issues... --- src/paperless/middleware.py | 4 ++-- src/paperless/models.py | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/paperless/middleware.py b/src/paperless/middleware.py index c2a74cc51..8fed7da8f 100644 --- a/src/paperless/middleware.py +++ b/src/paperless/middleware.py @@ -1,14 +1,14 @@ from django.utils.deprecation import MiddlewareMixin from .models import User + class Middleware (MiddlewareMixin): """ This is a dummy authentication middleware class that creates what is roughly an Anonymous authenticated user so we can disable login - and not interfere with existing user ID's. It's only used if + and not interfere with existing user ID's. It's only used if login is disabled in paperless.conf (default is to require login) """ def process_request(self, request): request.user = User() - diff --git a/src/paperless/models.py b/src/paperless/models.py index 1728d6822..4001d3468 100644 --- a/src/paperless/models.py +++ b/src/paperless/models.py @@ -7,13 +7,20 @@ class User: is_active = True is_staff = True is_authenticated = True - has_module_perms = lambda *_: True - has_perm = lambda *_: True - #Must be -1 to avoid colliding with real user ID's (which start at 1) + # Must be -1 to avoid colliding with real user ID's (which start at 1) id = -1 @property def pk(self): - return self.id - + return self.id + + +""" + NOTE: These are here as a hack instead of being in the User definition + above due to the way pycodestyle handles lamdbdas. + See https://github.com/PyCQA/pycodestyle/issues/379 for more. +""" + +User.has_module_perms = lambda *_: True +User.has_perm = lambda *_: True