Plugin for pre-authentication via http Header?

bkuker · December 26, 2018, 5:17pm

Hello,

I am working on a plugin for octoprint that will work with a reverse proxy like nginx to provide user authentication against virtually any authentication system with no effort.

The idea is that nginx authenticated the user via whatever method you want, and then proxies to octoprint only if the user is logged in. Easy. The tricky part id that nginx includes a header "Remote-User: whoever-is-logged-in" and octoprint automatically logs in that user (even creating the user if it does not exist). Octoprint is on a private, secure, network behind nginx and will implicitly trust this header.

I've created a plugin that seems to work, but I do not know anything about the Octoprint code base, nor do I know anything about Flask... And I do not know Python either.

Would anyone be willing to review the code? I'll post it on GH.

Thanks!

bkuker · December 26, 2018, 9:44pm

My code is at:

https://github.com/bkuker/OctoPrint-HttpPreauth/blob/90a76101a8de3322de9b6921620b3e1278e4b4f9/octoprint_httppreauth/init.py

To be frank the design of the FilebasedUserManager does not make sense to me yet, it seems to mix together the User Database and the Login / Session Management functionality. I am not even certain I need to be implementing findUser because login_user seems to get called even earlier, at the passive login part of the code?