Mercurial > p > roundup > code
view roundup/scripts/roundup_admin.py @ 5303:5017c3422334
Pass X-Forwarded-For and X-Forwarded-Proto headers as
HTTP_X-FORWARDED-FOR and HTTP_X-FORWARDED-PROTO variables
in the tracker environment array.
Neither of these variables should be used by the code code unless
config.ini params are added to control their use.
I use the FORWARDED-FOR variable to disable the reCAPTCHA extenxaion
check if it is a local address using:
if 'HTTP_X-FORWARDED-FOR' in self.client.env:
# if proxied from client at local site, don't validate captcha
# used for running automated tests.
clientip=self.client.env['HTTP_X-FORWARDED-FOR'].split(',')[0]
if clientip.startswith("192.168.10."):
secret="none"
I run a front end web server that proxies over loopback to the running
roundup-server. So I feel I can trust the X-Forwarded-For header. In
other setup's that may not be true. Hence the requirement that it not
be used in core roundup code without allowing the roundup admin the
ability to disable it.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 09 Oct 2017 17:54:54 -0400 |
| parents | 86ef4ab17dc5 |
| children | 1045b8eb0a3b |
line wrap: on
line source
# Copyright (c) 2001 Bizar Software Pty Ltd (http://www.bizarsoftware.com.au/) # This module is free software, and you may redistribute it and/or modify # under the same terms as Python, so long as this copyright message and # disclaimer are retained in their original form. # # IN NO EVENT SHALL BIZAR SOFTWARE PTY LTD BE LIABLE TO ANY PARTY FOR # DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING # OUT OF THE USE OF THIS CODE, EVEN IF THE AUTHOR HAS BEEN ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # BIZAR SOFTWARE PTY LTD SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, # BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE. THE CODE PROVIDED HEREUNDER IS ON AN "AS IS" # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. """Command-line script stub that calls the roundup.admin functions. """ __docformat__ = 'restructuredtext' import sys # --- patch sys.path to make sure 'import roundup' finds correct version import os.path as osp thisdir = osp.dirname(osp.abspath(__file__)) rootdir = osp.dirname(osp.dirname(thisdir)) if (osp.exists(thisdir + '/__init__.py') and osp.exists(rootdir + '/roundup/__init__.py')): # the script is located inside roundup source code sys.path.insert(0, rootdir) # --/ # python version check from roundup import version_check # import the admin tool guts and make it go from roundup.admin import AdminTool from roundup.i18n import _ def run(): # time out after a minute if we can import socket if hasattr(socket, 'setdefaulttimeout'): socket.setdefaulttimeout(60) tool = AdminTool() sys.exit(tool.main()) if __name__ == '__main__': run() # vim: set filetype=python ts=4 sw=4 et si