[PATCH/foreman 1/1] fixes #1300 Add support of HTTP Auth with REMOTE_USER env variable

Romain_Vrignaud · November 16, 2011, 10:35am

Signed-off-by: Romain Vrignaud <romain@yakaz.com>

···

From: Romain Vrignaud --- app/controllers/application_controller.rb | 11 +++++++++++ lib/foreman/default_settings/loader.rb | 1 + 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0783d91…f14ff56 100644
— a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -63,6 +63,17 @@ class ApplicationController < ActionController::Base
logger.warn(“Failed authentcation from #{request.remote_ip} #{user}”) if User.current.nil?
return !User.current.nil?
end

if login delegation authorized and REMOTE_USER not empty, authenticate user without using password
if Setting[“authorize_login_delegation”] == true and !request.env[“REMOTE_USER”].nil?

user = User.find_by_login(request.env["REMOTE_USER"])

User.current = user.is_a?(User) ? user : nil

```
if !user.nil? 
```
```
  session[:user] = User.current.id
```
```
  return !User.current.nil?
```
```
else 
```

  logger.warn("Failed authentcation from REMOTE_USER") if User.current.nil?

```
end
```
end
session[:original_uri] = request.request_uri # keep the old request uri that we can redirect later on
redirect_to login_users_path and return
else
diff --git a/lib/foreman/default_settings/loader.rb b/lib/foreman/default_settings/loader.rb
index 5fcfd87…9de682c 100644
— a/lib/foreman/default_settings/loader.rb
+++ b/lib/foreman/default_settings/loader.rb
@@ -28,6 +28,7 @@ module Foreman
set(‘foreman_url’, “The hostname where your foreman instance is running on”, “foreman.#{domain}”),
set(‘email_replay_address’, “The email replay address for emails that foreman is sending”, “Foreman-noreply@#{domain}”),
set(‘entries_per_page’, “The amount of records shown per page in foreman”, 20),

    set('authorize_login_delegation',"Authorize login delegation",false),
       ].each { |s| create s.update(:category => "General")}

       [

–
1.7.2.5

ohadlevy · November 16, 2011, 1:05pm

> From: Romain Vrignaud <romain@yakaz.com>
>
>
> Signed-off-by: Romain Vrignaud <romain@yakaz.com>
> —
> app/controllers/application_controller.rb | 11 +++++++++++
> lib/foreman/default_settings/loader.rb | 1 +
> 2 files changed, 12 insertions(+), 0 deletions(-)
>
> diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
> index 0783d91…f14ff56 100644
> — a/app/controllers/application_controller.rb
> +++ b/app/controllers/application_controller.rb
> @@ -63,6 +63,17 @@ class ApplicationController < ActionController::Base
> logger.warn("Failed authentcation from #{request.remote_ip} #{user}") if User.current.nil?
> return !User.current.nil?
> end
> + # if login delegation authorized and REMOTE_USER not empty, authenticate user without using password
> + if Setting["authorize_login_delegation"] == true and !request.env["REMOTE_USER"].nil?
> + user = User.find_by_login(request.env["REMOTE_USER"])
> + User.current = user.is_a?(User) ? user : nil
> + if !user.nil?
> + session[:user] = User.current.id
> + return !User.current.nil?
> + else
> + logger.warn("Failed authentcation from REMOTE_USER") if User.current.nil?
> + end
> + end
> session[:original_uri] = request.request_uri # keep the old request uri that we can redirect later on
> redirect_to login_users_path and return
> else
> diff --git a/lib/foreman/default_settings/loader.rb b/lib/foreman/default_settings/loader.rb
> index 5fcfd87…9de682c 100644
> — a/lib/foreman/default_settings/loader.rb
> +++ b/lib/foreman/default_settings/loader.rb
> @@ -28,6 +28,7 @@ module Foreman
> set('foreman_url', "The hostname where your foreman instance is running on", "foreman.#{domain}"),
> set('email_replay_address', "The email replay address for emails that foreman is sending", "Foreman-noreply@#{domain}"),
> set('entries_per_page', "The amount of records shown per page in foreman", 20),
> + set('authorize_login_delegation',"Authorize login delegation",false),
could you be a bit more descriptive here, so other people would
understand what it means ?
> ].each { |s| create s.update(:category => "General")}
>
> [
> –
> 1.7.2.5
>
>

+1

···

On Wed, Nov 16, 2011 at 12:35 PM, Romain Vrignaud wrote:

ohadlevy · November 16, 2011, 1:06pm

and, on a side note, it would be very much appreciated, if you could
write a simple functional test for this.

Thanks,
Ohad

···

On Wed, Nov 16, 2011 at 3:05 PM, Ohad Levy wrote: > On Wed, Nov 16, 2011 at 12:35 PM, Romain Vrignaud wrote: >> From: Romain Vrignaud >> >> >> Signed-off-by: Romain Vrignaud >> --- >> app/controllers/application_controller.rb | 11 +++++++++++ >> lib/foreman/default_settings/loader.rb | 1 + >> 2 files changed, 12 insertions(+), 0 deletions(-) >> >> diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb >> index 0783d91..f14ff56 100644 >> --- a/app/controllers/application_controller.rb >> +++ b/app/controllers/application_controller.rb >> @@ -63,6 +63,17 @@ class ApplicationController < ActionController::Base >> logger.warn("Failed authentcation from #{request.remote_ip} #{user}") if User.current.nil? >> return !User.current.nil? >> end >> + # if login delegation authorized and REMOTE_USER not empty, authenticate user without using password >> + if Setting["authorize_login_delegation"] == true and !request.env["REMOTE_USER"].nil? >> + user = User.find_by_login(request.env["REMOTE_USER"]) >> + User.current = user.is_a?(User) ? user : nil >> + if !user.nil? >> + session[:user] = User.current.id >> + return !User.current.nil? >> + else >> + logger.warn("Failed authentcation from REMOTE_USER") if User.current.nil? >> + end >> + end >> session[:original_uri] = request.request_uri # keep the old request uri that we can redirect later on >> redirect_to login_users_path and return >> else >> diff --git a/lib/foreman/default_settings/loader.rb b/lib/foreman/default_settings/loader.rb >> index 5fcfd87..9de682c 100644 >> --- a/lib/foreman/default_settings/loader.rb >> +++ b/lib/foreman/default_settings/loader.rb >> @@ -28,6 +28,7 @@ module Foreman >> set('foreman_url', "The hostname where your foreman instance is running on", "foreman.#{domain}"), >> set('email_replay_address', "The email replay address for emails that foreman is sending", "Foreman-noreply@#{domain}"), >> set('entries_per_page', "The amount of records shown per page in foreman", 20), >> + set('authorize_login_delegation',"Authorize login delegation",false), > could you be a bit more descriptive here, so other people would > understand what it means ;) ? >> ].each { |s| create s.update(:category => "General")} >> >> [ >> -- >> 1.7.2.5 >> >> > > +1 >