diff --git a/python/nav/web/auth/remote_user.py b/python/nav/web/auth/remote_user.py index f790c4f3c0..0b8c5cfbdf 100644 --- a/python/nav/web/auth/remote_user.py +++ b/python/nav/web/auth/remote_user.py @@ -50,6 +50,7 @@ class RemoteUserConfigParser(NAVConfigParser): logout-url= varname=REMOTE_USER workaround=none +autocreate=no """ @@ -76,16 +77,11 @@ def authenticate(request): try: account = Account.objects.get(login=username) except Account.DoesNotExist: - # Store the remote user in the database and return the new account - account = Account(login=username, name=username, ext_sync='REMOTE_USER') - account.set_password(fake_password(32)) - account.save() - _logger.info("Created user %s from header REMOTE_USER", account.login) - template = 'Account "{actor}" created due to REMOTE_USER HTTP header' - LogEntry.add_log_entry( - account, 'create-account', template=template, subsystem='auth' - ) - return account + if _config.getboolean('remote-user', 'autocreate', fallback=False): + return autocreate_remote_user(username) + # Bail out! + _logger.info('User creation turned off, did not create "%s"', username) + return False # Bail out! Potentially evil user if account.locked: @@ -99,6 +95,19 @@ def authenticate(request): return account +def autocreate_remote_user(username): + # Store the remote user in the database and return the new account + account = Account(login=username, name=username, ext_sync='REMOTE_USER') + account.set_password(fake_password(32)) + account.save() + _logger.info("Created user %s from header REMOTE_USER", account.login) + template = 'Account "{actor}" created due to REMOTE_USER HTTP header' + LogEntry.add_log_entry( + account, 'create-account', template=template, subsystem='auth' + ) + return account + + def login(request): """Log in the user in REMOTE_USER, if any and enabled