Mercurial > p > roundup > code

diff roundup/scripts/roundup_server.py @ 6436:1f2f7c0b8968

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2550837 - New option for web auth (also http header passing) Implement experimental support to allow tracker to use an alternate authentication variable replacing ROUNDUP_USER. Also add -I option to roundup-server to whitelist HTTP headers that should be passed through to the tracker.
author John Rouillard <rouilj@ieee.org>
date Mon, 14 Jun 2021 19:33:27 -0400
parents 5d6b6e948e17
children 7fb13dc67a41
line wrap: on
line diff
--- a/roundup/scripts/roundup_server.py	Fri Jun 11 18:09:21 2021 -0400
+++ b/roundup/scripts/roundup_server.py	Mon Jun 14 19:33:27 2021 -0400
@@ -406,6 +406,12 @@
         if co:
             env['HTTP_COOKIE'] = ', '.join(co)
         env['HTTP_AUTHORIZATION'] = self.headers.get('authorization')
+        # self.CONFIG['INCLUDE_HEADERS'] is a list.
+        for h in self.CONFIG['INCLUDE_HEADERS']:
+            env[h] = self.headers.get(h, None)
+            # if header is MISSING
+            if env[h] is None:
+                del(env[h])
         env['SCRIPT_NAME'] = ''
         env['SERVER_NAME'] = self.server.server_name
         env['SERVER_PORT'] = str(self.server.server_port)
@@ -626,6 +632,12 @@
             (configuration.NullableFilePathOption, "pem", "",
                 "PEM file used for SSL. A temporary self-signed certificate\n"
                 "will be used if left blank."),
+            (configuration.WordListOption, "include_headers", "",
+                "Comma separated list of extra headers that should\n"
+                "be copied into the CGI environment.\n"
+                "E.G. if you want to acces the REMOTE_USER and\n"
+                "X-Proxy-User headers in the back end,\n"
+                "set to the value REMOTE_USER,X-Proxy-User."),
         )),
         ("trackers", (), "Roundup trackers to serve.\n"
             "Each option in this section defines single Roundup tracker.\n"
@@ -650,6 +662,7 @@
         "loghttpvialogger": 'L',
         "ssl": "s",
         "pem": "e:",
+        "include_headers": "I:",
     }
 
     def __init__(self, config_file=None):
@@ -864,6 +877,7 @@
                connections, defaults to localhost, use 0.0.0.0 to bind
                to all network interfaces
  -p <port>     set the port to listen on (default: %(port)s)
+ -I <header1[,header2]*> list of headers to pass to the backend
  -l <fname>    log to the file indicated by fname instead of stderr/stdout
  -N            log client machine names instead of IP addresses (much slower)
  -i <fname>    set tracker index template
Roundup Issue Tracker: http://roundup-tracker.org/