Mercurial > p > roundup > code
comparison roundup/scripts/roundup_server.py @ 6436:1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
Implement experimental support to allow tracker to use an alternate
authentication variable replacing ROUNDUP_USER. Also add -I option to
roundup-server to whitelist HTTP headers that should be passed through
to the tracker.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 14 Jun 2021 19:33:27 -0400 |
| parents | 5d6b6e948e17 |
| children | 7fb13dc67a41 |
comparison
equal
deleted
inserted
replaced
| 6435:ada96db8ec62 | 6436:1f2f7c0b8968 |
|---|---|
| 404 ch = self.headers.getheaders('cookie') | 404 ch = self.headers.getheaders('cookie') |
| 405 co = list(filter(None, ch)) | 405 co = list(filter(None, ch)) |
| 406 if co: | 406 if co: |
| 407 env['HTTP_COOKIE'] = ', '.join(co) | 407 env['HTTP_COOKIE'] = ', '.join(co) |
| 408 env['HTTP_AUTHORIZATION'] = self.headers.get('authorization') | 408 env['HTTP_AUTHORIZATION'] = self.headers.get('authorization') |
| 409 # self.CONFIG['INCLUDE_HEADERS'] is a list. | |
| 410 for h in self.CONFIG['INCLUDE_HEADERS']: | |
| 411 env[h] = self.headers.get(h, None) | |
| 412 # if header is MISSING | |
| 413 if env[h] is None: | |
| 414 del(env[h]) | |
| 409 env['SCRIPT_NAME'] = '' | 415 env['SCRIPT_NAME'] = '' |
| 410 env['SERVER_NAME'] = self.server.server_name | 416 env['SERVER_NAME'] = self.server.server_name |
| 411 env['SERVER_PORT'] = str(self.server.server_port) | 417 env['SERVER_PORT'] = str(self.server.server_port) |
| 412 try: | 418 try: |
| 413 env['HTTP_HOST'] = self.headers['host'] | 419 env['HTTP_HOST'] = self.headers['host'] |
| 624 (configuration.BooleanOption, "ssl", "no", | 630 (configuration.BooleanOption, "ssl", "no", |
| 625 "Enable SSL support (requires pyopenssl)"), | 631 "Enable SSL support (requires pyopenssl)"), |
| 626 (configuration.NullableFilePathOption, "pem", "", | 632 (configuration.NullableFilePathOption, "pem", "", |
| 627 "PEM file used for SSL. A temporary self-signed certificate\n" | 633 "PEM file used for SSL. A temporary self-signed certificate\n" |
| 628 "will be used if left blank."), | 634 "will be used if left blank."), |
| 635 (configuration.WordListOption, "include_headers", "", | |
| 636 "Comma separated list of extra headers that should\n" | |
| 637 "be copied into the CGI environment.\n" | |
| 638 "E.G. if you want to acces the REMOTE_USER and\n" | |
| 639 "X-Proxy-User headers in the back end,\n" | |
| 640 "set to the value REMOTE_USER,X-Proxy-User."), | |
| 629 )), | 641 )), |
| 630 ("trackers", (), "Roundup trackers to serve.\n" | 642 ("trackers", (), "Roundup trackers to serve.\n" |
| 631 "Each option in this section defines single Roundup tracker.\n" | 643 "Each option in this section defines single Roundup tracker.\n" |
| 632 "Option name identifies the tracker and will appear in the URL.\n" | 644 "Option name identifies the tracker and will appear in the URL.\n" |
| 633 "Option value is tracker home directory path.\n" | 645 "Option value is tracker home directory path.\n" |
| 648 "multiprocess": "t:", | 660 "multiprocess": "t:", |
| 649 "template": "i:", | 661 "template": "i:", |
| 650 "loghttpvialogger": 'L', | 662 "loghttpvialogger": 'L', |
| 651 "ssl": "s", | 663 "ssl": "s", |
| 652 "pem": "e:", | 664 "pem": "e:", |
| 665 "include_headers": "I:", | |
| 653 } | 666 } |
| 654 | 667 |
| 655 def __init__(self, config_file=None): | 668 def __init__(self, config_file=None): |
| 656 configuration.Config.__init__(self, config_file, self.SETTINGS) | 669 configuration.Config.__init__(self, config_file, self.SETTINGS) |
| 657 self.sections.append("trackers") | 670 self.sections.append("trackers") |
| 862 -n <name> set the host name of the Roundup web server instance, | 875 -n <name> set the host name of the Roundup web server instance, |
| 863 specifies on which network interfaces to listen for | 876 specifies on which network interfaces to listen for |
| 864 connections, defaults to localhost, use 0.0.0.0 to bind | 877 connections, defaults to localhost, use 0.0.0.0 to bind |
| 865 to all network interfaces | 878 to all network interfaces |
| 866 -p <port> set the port to listen on (default: %(port)s) | 879 -p <port> set the port to listen on (default: %(port)s) |
| 880 -I <header1[,header2]*> list of headers to pass to the backend | |
| 867 -l <fname> log to the file indicated by fname instead of stderr/stdout | 881 -l <fname> log to the file indicated by fname instead of stderr/stdout |
| 868 -N log client machine names instead of IP addresses (much slower) | 882 -N log client machine names instead of IP addresses (much slower) |
| 869 -i <fname> set tracker index template | 883 -i <fname> set tracker index template |
| 870 -s enable SSL | 884 -s enable SSL |
| 871 -L http request logging uses python logging (roundup.http) | 885 -L http request logging uses python logging (roundup.http) |