Merge pull request #260 from shamoon/feature/remote-user

Feature: authentication via HTTP_REMOTE_USER
2025-04-02 13:45:10 -05:00 · 2021-01-06 14:27:14 +01:00 · 2021-01-06 14:27:14 +01:00 · b17d9f850e
commit b17d9f850e
parent e107d5df6f 426ad30a52
4 changed files with 37 additions and 7 deletions
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -162,6 +162,12 @@ PAPERLESS_COOKIE_PREFIX=<str>

    Defaults to ``""``, which does not alter the cookie names.

+PAPERLESS_ENABLE_HTTP_REMOTE_USER=<bool>
+    Allows authentication via HTTP_REMOTE_USER which is used by some SSO
+    applications.
+
+    Defaults to `false` which disables this feature.
+
 .. _configuration-ocr:

 OCR settings
--- a/paperless.conf.example
+++ b/paperless.conf.example
@ -31,6 +31,7 @@
 #PAPERLESS_STATIC_URL=/static/
 #PAPERLESS_AUTO_LOGIN_USERNAME=
 #PAPERLESS_COOKIE_PREFIX=
+#PAPERLESS_ENABLE_HTTP_REMOTE_USER=false

 # OCR settings

--- a/src/paperless/auth.py
+++ b/src/paperless/auth.py
@ -2,6 +2,7 @@ from django.conf import settings
 from django.contrib.auth.models import User
 from django.utils.deprecation import MiddlewareMixin
 from rest_framework import authentication
+from django.contrib.auth.middleware import RemoteUserMiddleware


 class AutoLoginMiddleware(MiddlewareMixin):
@ -26,3 +27,11 @@ class AngularApiAuthenticationOverride(authentication.BaseAuthentication):
            return (user, None)
        else:
            return None
+
+
+class HttpRemoteUserMiddleware(RemoteUserMiddleware):
+    """ This class allows authentication via HTTP_REMOTE_USER which is set for
+        example by certain SSO applications.
+    """
+
+    header = 'HTTP_REMOTE_USER'
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@ -129,6 +129,20 @@ MIDDLEWARE = [
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]

+ENABLE_HTTP_REMOTE_USER = __get_boolean("PAPERLESS_ENABLE_HTTP_REMOTE_USER")
+
+if ENABLE_HTTP_REMOTE_USER:
+    MIDDLEWARE.append(
+        'paperless.auth.HttpRemoteUserMiddleware'
+    )
+    AUTHENTICATION_BACKENDS = [
+        'django.contrib.auth.backends.RemoteUserBackend',
+        'django.contrib.auth.backends.ModelBackend'
+    ]
+    REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'].append(
+        'rest_framework.authentication.RemoteUserAuthentication'
+    )
+
 ROOT_URLCONF = 'paperless.urls'

 FORCE_SCRIPT_NAME = os.getenv("PAPERLESS_FORCE_SCRIPT_NAME")