@ -25,6 +25,8 @@ from flask import request, Response
from . import lm , ub , config , constants , services , logger , limiter
from . helper import generate_random_password , generate_password_hash , check_email
log = logger . create ( )
def login_required_if_no_ano ( func ) :
@ -103,9 +105,51 @@ def load_user_from_reverse_proxy_header(req):
rp_header_username = req . headers . get ( rp_header_name )
if rp_header_username :
user = _fetch_user_by_name ( rp_header_username )
if not user and config . config_reverse_proxy_create_users :
create_user_from_reverse_proxy_header ( req )
user = _fetch_user_by_name ( rp_header_username )
if user :
[ limiter . limiter . storage . clear ( k . key ) for k in limiter . current_limits ]
login_user ( user )
return user
return None
def create_user_from_reverse_proxy_header ( req ) :
rp_header_name = config . config_reverse_proxy_login_header_name
username = req . headers . get ( rp_header_name )
# does the user have an email address in the headers?
rp_email_header_name = config . config_reverse_proxy_email_header_name
if rp_email_header_name :
try :
email = check_email ( req . headers . get ( rp_email_header_name ) )
except Exception :
log . debug ( ' No email address found in Reverse Proxy headers ' )
email = username + ' @localhost '
# generate a random password
password = generate_random_password ( config . config_password_min_length )
pwhash = generate_password_hash ( password )
user = ub . User ( )
user . name = username
user . password = pwhash
user . email = email
user . default_language = config . config_default_language
user . locale = config . config_default_locale
user . role = config . config_default_role
user . sidebar_view = config . config_default_show
user . allowed_tags = config . config_allowed_tags
user . denied_tags = config . config_denied_tags
user . allowed_column_value = config . config_allowed_column_value
user . denied_column_value = config . config_denied_column_value
# save the user
ub . session . add ( user )
try :
ub . session . commit ( )
except Exception as ex :
log . warning ( " Failed to create Reverse Proxy user: %s - %s " , username , ex )
ub . session . rollback ( )