Mercurial > p > roundup > code
comparison roundup/configuration.py @ 6436:1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
Implement experimental support to allow tracker to use an alternate
authentication variable replacing ROUNDUP_USER. Also add -I option to
roundup-server to whitelist HTTP headers that should be passed through
to the tracker.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 14 Jun 2021 19:33:27 -0400 |
| parents | 08e209a7f22b |
| children | 8f1b91756457 |
comparison
equal
deleted
inserted
replaced
| 6435:ada96db8ec62 | 6436:1f2f7c0b8968 |
|---|---|
| 834 "file content *as HTML*. This is a potential security risk\n" | 834 "file content *as HTML*. This is a potential security risk\n" |
| 835 "and is therefore disabled by default. Set to 'yes' if you\n" | 835 "and is therefore disabled by default. Set to 'yes' if you\n" |
| 836 "trust *all* users uploading content to your tracker."), | 836 "trust *all* users uploading content to your tracker."), |
| 837 (BooleanOption, 'http_auth', "yes", | 837 (BooleanOption, 'http_auth', "yes", |
| 838 "Whether to use HTTP Basic Authentication, if present.\n" | 838 "Whether to use HTTP Basic Authentication, if present.\n" |
| 839 "Roundup will use either the REMOTE_USER or HTTP_AUTHORIZATION\n" | 839 "Roundup will use either the REMOTE_USER (the value set \n" |
| 840 "by http_auth_header) or HTTP_AUTHORIZATION\n" | |
| 840 "variables supplied by your web server (in that order).\n" | 841 "variables supplied by your web server (in that order).\n" |
| 841 "Set this option to 'no' if you do not wish to use HTTP Basic\n" | 842 "Set this option to 'no' if you do not wish to use HTTP Basic\n" |
| 842 "Authentication in your web interface."), | 843 "Authentication in your web interface."), |
| 844 (Option, "http_auth_header", "", | |
| 845 "The HTTP header that holds the user authentication information.\n" | |
| 846 "If empty (default) the REMOTE_USER header is used.\n" | |
| 847 "This is used when the upstream HTTP server authenticates\n" | |
| 848 "the user and passes the username using this HTTP header."), | |
| 843 (BooleanOption, 'http_auth_convert_realm_to_lowercase', "no", | 849 (BooleanOption, 'http_auth_convert_realm_to_lowercase', "no", |
| 844 "If usernames consist of a name and a domain/realm part of\n" | 850 "If usernames consist of a name and a domain/realm part of\n" |
| 845 "the form user@realm and we're using REMOTE_USER for\n" | 851 "the form user@realm and we're using REMOTE_USER for\n" |
| 846 "authentication (e.g. via Kerberos), convert the realm part\n" | 852 "authentication (e.g. via Kerberos), convert the realm part\n" |
| 847 "of the incoming REMOTE_USER to lowercase before matching\n" | 853 "of the incoming REMOTE_USER to lowercase before matching\n" |