[galaxy-commits] commit/galaxy-central: natefoo: Allow changing the header for remote user.

3 Jan 2014

1 new commit in galaxy-central:

https://bitbucket.org/galaxy/galaxy-central/commits/e92e13e9c103/
Changeset:   e92e13e9c103
User:        natefoo
Date:        2014-01-03 17:41:19
Summary:     Allow changing the header for remote user.
Affected #:  6 files

diff -r 5f221e5774804c77987831bebc6941d5a91fa872 -r e92e13e9c103cc1f36dff65e1523479bf5cb17ed lib/galaxy/config.py

--- a/lib/galaxy/config.py
+++ b/lib/galaxy/config.py
@@ -123,6 +123,7 @@
         self.retry_metadata_internally = string_as_bool( kwargs.get( "retry_metadata_internally", "True" ) )
         self.use_remote_user = string_as_bool( kwargs.get( "use_remote_user", "False" ) )
         self.remote_user_maildomain = kwargs.get( "remote_user_maildomain", None )
+        self.remote_user_header = kwargs.get( "remote_user_header", 'HTTP_REMOTE_USER' )
         self.remote_user_logout_href = kwargs.get( "remote_user_logout_href", None )
         self.require_login = string_as_bool( kwargs.get( "require_login", "False" ) )
         self.allow_user_creation = string_as_bool( kwargs.get( "allow_user_creation", "True" ) )

diff -r 5f221e5774804c77987831bebc6941d5a91fa872 -r e92e13e9c103cc1f36dff65e1523479bf5cb17ed lib/galaxy/web/framework/__init__.py
--- a/lib/galaxy/web/framework/__init__.py
+++ b/lib/galaxy/web/framework/__init__.py
@@ -586,9 +586,9 @@
         # things now.
         if self.app.config.use_remote_user:
             #If this is an api request, and they've passed a key, we let this go.
-            assert "HTTP_REMOTE_USER" in self.environ, \
-                "use_remote_user is set but no HTTP_REMOTE_USER variable"
-            remote_user_email = self.environ[ 'HTTP_REMOTE_USER' ]
+            assert self.app.config.remote_user_header in self.environ, \
+                "use_remote_user is set but %s header was not provided" % self.app.config.remote_user_header
+            remote_user_email = self.environ[ self.app.config.remote_user_header ]
             if galaxy_session:
                 # An existing session, make sure correct association exists
                 if galaxy_session.user is None:

diff -r 5f221e5774804c77987831bebc6941d5a91fa872 -r e92e13e9c103cc1f36dff65e1523479bf5cb17ed lib/galaxy/web/framework/middleware/remoteuser.py
--- a/lib/galaxy/web/framework/middleware/remoteuser.py
+++ b/lib/galaxy/web/framework/middleware/remoteuser.py
@@ -36,11 +36,12 @@
 """
 
 class RemoteUser( object ):
-    def __init__( self, app, maildomain=None, display_servers=None, admin_users=None ):
+    def __init__( self, app, maildomain=None, display_servers=None, admin_users=None, remote_user_header=None ):
         self.app = app
         self.maildomain = maildomain
         self.display_servers = display_servers or []
         self.admin_users = admin_users or []
+        self.remote_user_header = remote_user_header or 'HTTP_REMOTE_USER'
     def __call__( self, environ, start_response ):
         # Allow display servers
         if self.display_servers and environ.has_key( 'REMOTE_ADDR' ):
@@ -50,16 +51,16 @@
                 # in the event of a lookup failure, deny access
                 host = None
             if host in self.display_servers:
-                environ[ 'HTTP_REMOTE_USER' ] = 'remote_display_server@%s' % ( self.maildomain or 'example.org' )
+                environ[ self.remote_user_header ] = 'remote_display_server@%s' % ( self.maildomain or 'example.org' )
                 return self.app( environ, start_response )
         # Apache sets REMOTE_USER to the string '(null)' when using the
         # Rewrite* method for passing REMOTE_USER and a user is
         # un-authenticated.  Any other possible values need to go here as well.
         path_info = environ.get('PATH_INFO', '')
-        if environ.has_key( 'HTTP_REMOTE_USER' ) and environ[ 'HTTP_REMOTE_USER' ] != '(null)':
-            if not environ[ 'HTTP_REMOTE_USER' ].count( '@' ):
+        if environ.has_key( self.remote_user_header ) and environ[ self.remote_user_header ] != '(null)':
+            if not environ[ self.remote_user_header ].count( '@' ):
                 if self.maildomain is not None:
-                    environ[ 'HTTP_REMOTE_USER' ] += '@' + self.maildomain
+                    environ[ self.remote_user_header ] += '@' + self.maildomain
                 else:
                     title = "Access to Galaxy is denied"
                     message = """
@@ -73,7 +74,7 @@
                         before you may access Galaxy.
                     """
                     return self.error( start_response, title, message )
-            if path_info.startswith( '/user/create' ) and environ[ 'HTTP_REMOTE_USER' ] in self.admin_users:
+            if path_info.startswith( '/user/create' ) and environ[ self.remote_user_header ] in self.admin_users:
                 pass # admins can create users
             elif path_info.startswith( '/user/api_keys' ):
                 pass # api keys can be managed when remote_user is in use

diff -r 5f221e5774804c77987831bebc6941d5a91fa872 -r e92e13e9c103cc1f36dff65e1523479bf5cb17ed lib/galaxy/webapps/galaxy/buildapp.py
--- a/lib/galaxy/webapps/galaxy/buildapp.py
+++ b/lib/galaxy/webapps/galaxy/buildapp.py
@@ -350,7 +350,8 @@
         from galaxy.web.framework.middleware.remoteuser import RemoteUser
         app = RemoteUser( app, maildomain = conf.get( 'remote_user_maildomain', None ),
                                display_servers = util.listify( conf.get( 'display_servers', '' ) ),
-                               admin_users = conf.get( 'admin_users', '' ).split( ',' ) )
+                               admin_users = conf.get( 'admin_users', '' ).split( ',' ),
+                               remote_user_header = conf.get( 'remote_user_header', 'HTTP_REMOTE_USER' ) )
         log.debug( "Enabling 'remote user' middleware" )
     # The recursive middleware allows for including requests in other
     # requests or forwarding of requests, all on the server side.

diff -r 5f221e5774804c77987831bebc6941d5a91fa872 -r e92e13e9c103cc1f36dff65e1523479bf5cb17ed lib/galaxy/webapps/tool_shed/config.py
--- a/lib/galaxy/webapps/tool_shed/config.py
+++ b/lib/galaxy/webapps/tool_shed/config.py
@@ -72,6 +72,7 @@
         self.blacklist_location = kwargs.get( 'blacklist_file', None )
         self.blacklist_content = None
         self.remote_user_maildomain = kwargs.get( "remote_user_maildomain", None )
+        self.remote_user_header = kwargs.get( "remote_user_header", 'HTTP_REMOTE_USER' )
         self.remote_user_logout_href = kwargs.get( "remote_user_logout_href", None )
         self.require_login = string_as_bool( kwargs.get( "require_login", "False" ) )
         self.allow_user_creation = string_as_bool( kwargs.get( "allow_user_creation", "True" ) )

diff -r 5f221e5774804c77987831bebc6941d5a91fa872 -r e92e13e9c103cc1f36dff65e1523479bf5cb17ed universe_wsgi.ini.sample
--- a/universe_wsgi.ini.sample
+++ b/universe_wsgi.ini.sample
@@ -586,6 +586,13 @@
 # to usernames, to become your Galaxy usernames (email addresses).
 #remote_user_maildomain = None
 
+# If use_remote_user is enabled, the header that the upstream proxy provides
+# the remote username in defaults to HTTP_REMOTE_USER (the 'HTTP_' is prepended
+# by WSGI).  This option allows you to change the header.  Note, you still need
+# to prepend 'HTTP_' to the header in this option, but your proxy server should
+# *not* include 'HTTP_' at the beginning of the header name.
+#remote_user_header = 'HTTP_REMOTE_USER'
+
 # If use_remote_user is enabled, you can set this to a URL that will log your
 # users out.
 #remote_user_logout_href = None

Repository URL: https://bitbucket.org/galaxy/galaxy-central/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

    

[galaxy-commits] commit/galaxy-central: natefoo: Allow changing the header for remote user.

commits-noreply＠bitbucket.org