From ac13f6042aab11f923f8299914bbf83f0d3a8b38 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Sun, 5 Feb 2023 08:44:52 +0100
Subject: [PATCH] Removed prints Enabled additional reverse proxy
 authentication for opds feeds (fixes #2399)

---
 cps/MyLoginManager.py      |  1 +
 cps/admin.py               |  9 ++-------
 cps/services/simpleldap.py |  1 -
 cps/usermanagement.py      | 10 +++++-----
 4 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/cps/MyLoginManager.py b/cps/MyLoginManager.py
index aa03ca52..2587e1a9 100644
--- a/cps/MyLoginManager.py
+++ b/cps/MyLoginManager.py
@@ -46,6 +46,7 @@ class MyLoginManager(LoginManager):
             if user is not None:
                 app = current_app._get_current_object()
                 user_loaded_from_cookie.send(app, user=user)
+                # if session was restored from remember me cookie make login valid
                 confirm_login()
                 return user
         return None
diff --git a/cps/admin.py b/cps/admin.py
index b0ac0fac..9cc568cd 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -101,13 +101,8 @@ def admin_required(f):
 
 @admi.before_app_request
 def before_request():
-    # make remember me function work
-    #if current_user.is_authenticated:
-    #    print("before request confirm request {}".format(request.path))
-    #    confirm_login()
-    #if not ub.check_user_session(current_user.id, flask_session.get('_id')) and 'opds' not in request.path:
-    #    log.info("before logout {}".format(request.path))
-    #    logout_user()
+    if not ub.check_user_session(current_user.id, flask_session.get('_id')) and 'opds' not in request.path:
+        logout_user()
     g.constants = constants
     # g.user = current_user
     g.google_site_verification = os.getenv('GOOGLE_SITE_VERIFICATION','')
diff --git a/cps/services/simpleldap.py b/cps/services/simpleldap.py
index 8f1606fc..1ca7e5bf 100644
--- a/cps/services/simpleldap.py
+++ b/cps/services/simpleldap.py
@@ -89,7 +89,6 @@ def get_object_details(user=None,query_filter=None):
 
 
 def bind():
-    print("bind")
     return _ldap.bind()
 
 
diff --git a/cps/usermanagement.py b/cps/usermanagement.py
index affc997f..e80e55b2 100644
--- a/cps/usermanagement.py
+++ b/cps/usermanagement.py
@@ -40,9 +40,11 @@ def requires_basic_auth_if_no_ano(f):
     @wraps(f)
     def decorated(*args, **kwargs):
         auth = request.authorization
-        print("opds_requires_basic_auth")
-        if (not auth or auth.type != 'basic'):
+        if not auth or auth.type != 'basic':
             if config.config_anonbrowse != 1:
+                user = load_user_from_reverse_proxy_header(request)
+                if user:
+                    return f(*args, **kwargs)
                 return _authenticate()
             else:
                 return f(*args, **kwargs)
@@ -86,14 +88,12 @@ def _fetch_user_by_name(username):
 
 @lm.user_loader
 def load_user(user_id):
-    print("load_user: {}".format(user_id))
     user = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
     return user
 
 
 @lm.request_loader
-def load_user_from_request(req):
-    print("load_from_request")
+def load_user_from_reverse_proxy_header(req):
     if config.config_allow_reverse_proxy_header_login:
         rp_header_name = config.config_reverse_proxy_login_header_name
         if rp_header_name: