Mercurial > p > roundup > code
view doc/roundup-server.ini.example @ 8411:ef1ea918b07a reauth-confirm_id
feat(security): Add user confirmation/reauth for sensitive changes
Auditors can raise Reauth(reason) exception to require the user to
enter a token (e.g. account password) to verify the user is performing
the change.
Naming is subject to change.
actions.py: New ReauthAction class handler and verifyPassword() method
for overriding if needed.
client.py: Handle Reauth exception by calling Client:reauth() method.
Default client:reauth method. Add 'reauth' action declaration.
exceptions.py: Define and document Reauth exception as a subclass of
RoundupCGIException.
templating.py: Define method utils.embed_form_fields().
The original form making a change to the database has a lot of form
fields. These need to be resubmitted to Roundup as part of the form
submission that verifies the user's password.
This method turns all non file form fields into type=hidden inputs.
It escapes the names and values to prevent XSS.
For file form fields, it base64 encodes the contents and puts them
in hidden pre blocks. The pre blocks have data attributes for the
filename, filetype and the original field name. (Note the original
field name is not used.)
This stops the file content data (maybe binary e.g. jpegs) from
breaking the html page. The reauth template runs JavaScript that
turns the encoded data inside the pre tags back into a file. Then
it adds a multiple file input control to the page and attaches all
the files to it. This file input is submitted with the rest of the
fields.
_generic.reauth.html (multiple tracker templates): Generates a form
with id=reauth_form to:
display any message from the Reauth exception to the user (e.g. why
user is asked to auth).
get the user's password
submit the form
embed all the form data that triggered the reauth
recreate any file data that was submitted as part of the form and
generate a new file input to push the data to the back end
It has the JavaScript routine (as an IIFE) that regenerates a file
input without user intervention.
All the TAL based tracker templates use the same form. There is also
one for the jinja2 template. The JavaScript for both is the same.
reference.txt: document embed_form_fields utility method.
upgrading.txt: initial upgrading docs.
TODO:
Finalize naming. I am leaning toward ConfirmID rather than Reauth.
Still looking for a standard name for this workflow.
Externalize the javascript in _generic.reauth.html to a seperate file
and use utils.readfile() to embed it or change the script to load it
from a @@file url.
Clean up upgrading.txt with just steps to implement and less feature
detail/internals.
Document internals/troubleshooting in reference.txt.
Add tests using live server.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 11 Aug 2025 14:01:12 -0400 |
| parents | 09af33304790 |
| children |
line wrap: on
line source
; This is a sample configuration file for roundup-server. See the ; admin_guide for information about its contents. [main] # Host name of the Roundup web server instance. # If left unconfigured (no 'host' setting) the default # will be used. # If empty, listen on all network interfaces. # If you want to explicitly listen on all # network interfaces, the address 0.0.0.0 is a more # explicit way to achieve this, the use of an empty # string for this purpose is deprecated and will go away # in a future release. # Default: localhost host = localhost # Port to listen on. # Default: 8080 port = 8017 # Path to favicon.ico image file. If unset, built-in favicon.ico is used. # The path may be either absolute or relative # to the directory containing this config file. # Default: favicon.ico favicon = favicon.ico # User ID as which the server will answer requests. # In order to use this option, the server must be run initially as root. # Availability: Unix. # Default: user = roundup # Group ID as which the server will answer requests. # In order to use this option, the server must be run initially as root. # Availability: Unix. # Default: group = # don't fork (this overrides the pidfile mechanism)' # Allowed values: yes, no # Default: no nodaemon = no # Log client machine names instead of IP addresses (much slower) # Allowed values: yes, no # Default: no log_hostnames = no # Have http(s) request logging done via python logger module. # If set to yes the python logging module is used with qualname # 'roundup.http'. Otherwise logging is done to stderr or the file # specified using the -l/logfile option. # Allowed values: yes, no # Default: no loghttpvialogger = no # File to which the server records the process id of the daemon. # If this option is not set, the server will run in foreground # # The path may be either absolute or relative # to the directory containing this config file. # Default: pidfile = # Log file path. If unset, log to stderr. # The path may be either absolute or relative # to the directory containing this config file. # Default: logfile = # Set processing of each request in separate subprocess. # Allowed values: debug, none, thread, fork. # Default: fork multiprocess = fork # Tracker index template. If unset, built-in will be used. # The path may be either absolute or relative # to the directory containing this config file. # Default: template = # Enable SSL support (requires pyopenssl) # Allowed values: yes, no # Default: no ssl = no # PEM file used for SSL. A temporary self-signed certificate # will be used if left blank. # The path may be either absolute or relative # to the directory containing this config file. # Default: pem = # Comma separated list of extra headers that should # be copied into the CGI environment. # E.G. if you want to access the REMOTE_USER and # X-Proxy-User headers in the back end, # set to the value REMOTE_USER,X-Proxy-User. # Allowed values: comma-separated list of words # Default: include_headers = # Change to HTTP/1.0 if needed. This disables keepalive. # Default: HTTP/1.1 http_version = HTTP/1.1 # Roundup trackers to serve. # Each option in this section defines single Roundup tracker. # Option name identifies the tracker and will appear in the URL. # Option value is tracker home directory path. # The path may be either absolute or relative # to the directory containing this config file. [trackers] demo = /trackers/demo sysadmin = /trackers/sysadmin