Allow auth backends to provide login and password

This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2025-06-26 16:45:52 +00:00 · 2017-05-31 02:05:55 +02:00 · 2017-05-31 02:05:55 +02:00 · 09bde14e50
commit 09bde14e50
parent 8bc45aeb24
3 changed files with 32 additions and 6 deletions
--- a/radicale/auth.py
+++ b/radicale/auth.py
@ -67,6 +67,10 @@ def load(configuration, logger):
    logger.debug("Authentication type is %s", auth_type)
    if auth_type == "None":
        class_ = NoneAuth
+    elif auth_type == "remote_user":
+        class_ = RemoteUserAuth
+    elif auth_type == "http_x_remote_user":
+        class_ = HttpXRemoteUserAuth
    elif auth_type == "htpasswd":
        class_ = Auth
    else:
@ -79,6 +83,14 @@ class BaseAuth:
        self.configuration = configuration
        self.logger = logger

+    def get_external_login(self, environ):
+        """Optionally provide the login and password externally.
+
+        Returns a tuple (login, password) or ().
+
+        """
+        return ()
+
    def is_authenticated(self, user, password):
        """Validate credentials.

@ -201,3 +213,13 @@ class Auth(BaseAuth):
                    if login_ok & password_ok:
                        return True
        return False
+
+
+class RemoteUserAuth(NoneAuth):
+    def get_external_login(self, environ):
+        return environ.get("REMOTE_USER", ""), ""
+
+
+class HttpXRemoteUserAuth(NoneAuth):
+    def get_external_login(self, environ):
+        return environ.get("HTTP_X_REMOTE_USER", ""), ""