diff --git a/docs/configuration.rst b/docs/configuration.rst index 7d297a760..ae4a8b7c8 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -162,6 +162,12 @@ PAPERLESS_COOKIE_PREFIX= Defaults to ``""``, which does not alter the cookie names. +PAPERLESS_ENABLE_HTTP_REMOTE_USER= + Allows authentication via HTTP_REMOTE_USER which is used by some SSO + applications. + + Defaults to `false` which disables this feature. + .. _configuration-ocr: OCR settings @@ -210,20 +216,20 @@ PAPERLESS_OCR_MODE= into images and puts the OCRed text on top. This works for all documents, however, the resulting document may be significantly larger and text won't appear as sharp when zoomed in. - + The default is ``skip``, which only performs OCR when necessary and always creates archived documents. PAPERLESS_OCR_OUTPUT_TYPE= Specify the the type of PDF documents that paperless should produce. - + * ``pdf``: Modify the PDF document as little as possible. * ``pdfa``: Convert PDF documents into PDF/A-2b documents, which is a subset of the entire PDF specification and meant for storing documents long term. * ``pdfa-1``, ``pdfa-2``, ``pdfa-3`` to specify the exact version of PDF/A you wish to use. - + If not specified, ``pdfa`` is used. Remember that paperless also keeps the original input file as well as the archived version. @@ -275,14 +281,14 @@ PAPERLESS_OCR_USER_ARG= .. code:: json - {"deskew": true, "optimize": 3, "unpaper_args": "--pre-rotate 90"} - + {"deskew": true, "optimize": 3, "unpaper_args": "--pre-rotate 90"} + .. _configuration-tika: Tika settings ############# -Paperless can make use of `Tika `_ and +Paperless can make use of `Tika `_ and `Gotenberg `_ for parsing and converting "Office" documents (such as ".doc", ".xlsx" and ".odt"). If you wish to use this, you must provide a Tika server and a Gotenberg server, @@ -306,7 +312,7 @@ PAPERLESS_TIKA_GOTENBERG_ENDPOINT= Defaults to "http://localhost:3000". - + Software tweaks ############### diff --git a/paperless.conf.example b/paperless.conf.example index cda52cc19..50d79c720 100644 --- a/paperless.conf.example +++ b/paperless.conf.example @@ -31,6 +31,7 @@ #PAPERLESS_STATIC_URL=/static/ #PAPERLESS_AUTO_LOGIN_USERNAME= #PAPERLESS_COOKIE_PREFIX= +#PAPERLESS_ENABLE_HTTP_REMOTE_USER=false # OCR settings diff --git a/src/paperless/auth.py b/src/paperless/auth.py index ece5d0eba..cd717e56b 100644 --- a/src/paperless/auth.py +++ b/src/paperless/auth.py @@ -2,6 +2,7 @@ from django.conf import settings from django.contrib.auth.models import User from django.utils.deprecation import MiddlewareMixin from rest_framework import authentication +from django.contrib.auth.middleware import RemoteUserMiddleware class AutoLoginMiddleware(MiddlewareMixin): @@ -26,3 +27,11 @@ class AngularApiAuthenticationOverride(authentication.BaseAuthentication): return (user, None) else: return None + + +class HttpRemoteUserMiddleware(RemoteUserMiddleware): + """ This class allows authentication via HTTP_REMOTE_USER which is set for + example by certain SSO applications. + """ + + header = 'HTTP_REMOTE_USER' diff --git a/src/paperless/settings.py b/src/paperless/settings.py index 9f770aeae..1c3846f9a 100644 --- a/src/paperless/settings.py +++ b/src/paperless/settings.py @@ -129,6 +129,20 @@ MIDDLEWARE = [ 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] +ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER") + +if ENABLE_HTTP_REMOTE_USER: + MIDDLEWARE.append( + 'paperless.auth.HttpRemoteUserMiddleware' + ) + AUTHENTICATION_BACKENDS = [ + 'django.contrib.auth.backends.RemoteUserBackend', + 'django.contrib.auth.backends.ModelBackend' + ] + REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append( + 'rest_framework.authentication.RemoteUserAuthentication' + ) + ROOT_URLCONF = 'paperless.urls' FORCE_SCRIPT_NAME = os.getenv("PAPERLESS_FORCE_SCRIPT_NAME")