|
|
|
@ -25,6 +25,8 @@ from flask import request, Response
|
|
|
|
|
|
|
|
|
|
from . import lm, ub, config, constants, services, logger, limiter
|
|
|
|
|
|
|
|
|
|
from .helper import generate_random_password, generate_password_hash, check_email
|
|
|
|
|
|
|
|
|
|
log = logger.create()
|
|
|
|
|
|
|
|
|
|
def login_required_if_no_ano(func):
|
|
|
|
@ -103,9 +105,51 @@ def load_user_from_reverse_proxy_header(req):
|
|
|
|
|
rp_header_username = req.headers.get(rp_header_name)
|
|
|
|
|
if rp_header_username:
|
|
|
|
|
user = _fetch_user_by_name(rp_header_username)
|
|
|
|
|
if not user and config.config_reverse_proxy_create_users:
|
|
|
|
|
create_user_from_reverse_proxy_header(req)
|
|
|
|
|
user = _fetch_user_by_name(rp_header_username)
|
|
|
|
|
|
|
|
|
|
if user:
|
|
|
|
|
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
|
|
|
|
login_user(user)
|
|
|
|
|
return user
|
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def create_user_from_reverse_proxy_header(req):
|
|
|
|
|
rp_header_name = config.config_reverse_proxy_login_header_name
|
|
|
|
|
username = req.headers.get(rp_header_name)
|
|
|
|
|
|
|
|
|
|
# does the user have an email address in the headers?
|
|
|
|
|
rp_email_header_name = config.config_reverse_proxy_email_header_name
|
|
|
|
|
if rp_email_header_name:
|
|
|
|
|
try:
|
|
|
|
|
email = check_email(req.headers.get(rp_email_header_name))
|
|
|
|
|
except Exception:
|
|
|
|
|
log.debug('No email address found in Reverse Proxy headers')
|
|
|
|
|
email = username + '@localhost'
|
|
|
|
|
|
|
|
|
|
# generate a random password
|
|
|
|
|
password = generate_random_password(config.config_password_min_length)
|
|
|
|
|
pwhash = generate_password_hash(password)
|
|
|
|
|
|
|
|
|
|
user = ub.User()
|
|
|
|
|
user.name = username
|
|
|
|
|
user.password = pwhash
|
|
|
|
|
user.email = email
|
|
|
|
|
user.default_language = config.config_default_language
|
|
|
|
|
user.locale = config.config_default_locale
|
|
|
|
|
user.role = config.config_default_role
|
|
|
|
|
user.sidebar_view = config.config_default_show
|
|
|
|
|
user.allowed_tags = config.config_allowed_tags
|
|
|
|
|
user.denied_tags = config.config_denied_tags
|
|
|
|
|
user.allowed_column_value = config.config_allowed_column_value
|
|
|
|
|
user.denied_column_value = config.config_denied_column_value
|
|
|
|
|
|
|
|
|
|
# save the user
|
|
|
|
|
ub.session.add(user)
|
|
|
|
|
try:
|
|
|
|
|
ub.session.commit()
|
|
|
|
|
except Exception as ex:
|
|
|
|
|
log.warning("Failed to create Reverse Proxy user: %s - %s", username, ex)
|
|
|
|
|
ub.session.rollback()
|
|
|
|
|