paperless-ngx/src/paperless/auth.py

from django.conf import settings
from django.contrib import auth
from django.contrib.auth.models import User
from django.utils.deprecation import MiddlewareMixin
from rest_framework import authentication
from django.contrib.auth.middleware import RemoteUserMiddleware


class AutoLoginMiddleware(MiddlewareMixin):
    def process_request(self, request):
        try:
            request.user = User.objects.get(username=settings.AUTO_LOGIN_USERNAME)
            auth.login(request, request.user)
        except User.DoesNotExist:
            pass


class AngularApiAuthenticationOverride(authentication.BaseAuthentication):
    """This class is here to provide authentication to the angular dev server
    during development. This is disabled in production.
    """

    def authenticate(self, request):
        if (
            settings.DEBUG
            and "Referer" in request.headers
            and request.headers["Referer"].startswith("http://localhost:4200/")
        ):  # NOQA: E501
            user = User.objects.filter(is_staff=True).first()
            print("Auto-Login with user {}".format(user))
            return (user, None)
        else:
            return None


class HttpRemoteUserMiddleware(RemoteUserMiddleware):
    """This class allows authentication via HTTP_REMOTE_USER which is set for
    example by certain SSO applications.
    """

    header = settings.HTTP_REMOTE_USER_HEADER_NAME
use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00			`from django.conf import settings`
fixes #745 2021-03-14 14:17:21 +01:00			`from django.contrib import auth`
use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00			`from django.contrib.auth.models import User`
added setting PAPERLESS_AUTO_LOGIN_USERNAME 2020-11-23 22:50:02 +01:00			`from django.utils.deprecation import MiddlewareMixin`
use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00			`from rest_framework import authentication`
Refactor to extend RemoteUserMiddleware & add authentication for Django 2021-01-03 21:21:39 -08:00			`from django.contrib.auth.middleware import RemoteUserMiddleware`
use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00

added setting PAPERLESS_AUTO_LOGIN_USERNAME 2020-11-23 22:50:02 +01:00			`class AutoLoginMiddleware(MiddlewareMixin):`
			`def process_request(self, request):`
			`try:`
Format Python code with black 2022-02-27 15:26:41 +01:00			`request.user = User.objects.get(username=settings.AUTO_LOGIN_USERNAME)`
fixes #745 2021-03-14 14:17:21 +01:00			`auth.login(request, request.user)`
added setting PAPERLESS_AUTO_LOGIN_USERNAME 2020-11-23 22:50:02 +01:00			`except User.DoesNotExist:`
			`pass`


use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00			`class AngularApiAuthenticationOverride(authentication.BaseAuthentication):`
Format Python code with black 2022-02-27 15:26:41 +01:00			`"""This class is here to provide authentication to the angular dev server`
			`during development. This is disabled in production.`
use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00			`"""`
added - document index - api access for thumbnails/downloads - more api filters updated - pipfile removed - filename handling - legacy thumb/download access - obsolete admin gui settings (per page items, FY, inline view) 2020-10-25 23:03:02 +01:00
			`def authenticate(self, request):`
Format Python code with black 2022-02-27 15:26:41 +01:00			`if (`
			`settings.DEBUG`
			`and "Referer" in request.headers`
			`and request.headers["Referer"].startswith("http://localhost:4200/")`
			`): # NOQA: E501`
use django authentication instead of auth tokens. 2020-11-09 15:28:12 +01:00			`user = User.objects.filter(is_staff=True).first()`
			`print("Auto-Login with user {}".format(user))`
			`return (user, None)`
added - document index - api access for thumbnails/downloads - more api filters updated - pipfile removed - filename handling - legacy thumb/download access - obsolete admin gui settings (per page items, FY, inline view) 2020-10-25 23:03:02 +01:00			`else:`
			`return None`
Allow authentication via HTTP_REMOTE_USER 2021-01-03 00:37:19 -08:00

Refactor to extend RemoteUserMiddleware & add authentication for Django 2021-01-03 21:21:39 -08:00			`class HttpRemoteUserMiddleware(RemoteUserMiddleware):`
Format Python code with black 2022-02-27 15:26:41 +01:00			`"""This class allows authentication via HTTP_REMOTE_USER which is set for`
			`example by certain SSO applications.`
Allow authentication via HTTP_REMOTE_USER 2021-01-03 00:37:19 -08:00			`"""`
Format Python code with black 2022-02-27 15:26:41 +01:00
Add the possibility to customize the remote user header name Inspired by the discussion here https://github.com/jonaswinkler/paperless-ng/discussions/639#discussion-3242017 it is worthwhile to be able to customize the header name that is used for authentication as its name is not really standardized. 2021-03-02 09:07:42 +01:00			`header = settings.HTTP_REMOTE_USER_HEADER_NAME`