Skip to content

Commit

Permalink
Add toggle for automatic creation of remote users
Browse files Browse the repository at this point in the history
Add a new flag to the remote user config that by default is off. If
remote users is enabled and the new flag is toggled on, the username in
REMOTE_USER will be used to automatically create a new user with that
username. Automatic creation regardless used to be the default behavior.
  • Loading branch information
hmpf committed Nov 2, 2023
1 parent 6a7d097 commit 1a7d8be
Showing 1 changed file with 19 additions and 10 deletions.
29 changes: 19 additions & 10 deletions python/nav/web/auth/remote_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ class RemoteUserConfigParser(NAVConfigParser):
logout-url=
varname=REMOTE_USER
workaround=none
autocreate=no
"""


Expand All @@ -76,16 +77,11 @@ def authenticate(request):
try:
account = Account.objects.get(login=username)
except Account.DoesNotExist:
# Store the remote user in the database and return the new account
account = Account(login=username, name=username, ext_sync='REMOTE_USER')
account.set_password(fake_password(32))
account.save()
_logger.info("Created user %s from header REMOTE_USER", account.login)
template = 'Account "{actor}" created due to REMOTE_USER HTTP header'
LogEntry.add_log_entry(
account, 'create-account', template=template, subsystem='auth'
)
return account
if _config.getboolean('remote-user', 'autocreate', fallback=False):
return autocreate_remote_user(username)
# Bail out!
_logger.info('User creation turned off, did not create "%s"', username)
return False

# Bail out! Potentially evil user
if account.locked:
Expand All @@ -99,6 +95,19 @@ def authenticate(request):
return account


def autocreate_remote_user(username):
# Store the remote user in the database and return the new account
account = Account(login=username, name=username, ext_sync='REMOTE_USER')
account.set_password(fake_password(32))
account.save()
_logger.info("Created user %s from header REMOTE_USER", account.login)
template = 'Account "{actor}" created due to REMOTE_USER HTTP header'
LogEntry.add_log_entry(
account, 'create-account', template=template, subsystem='auth'
)
return account


def login(request):
"""Log in the user in REMOTE_USER, if any and enabled
Expand Down

0 comments on commit 1a7d8be

Please sign in to comment.