3 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/c893e34c0ef3/ Changeset: c893e34c0ef3 User: Galaxy Date: 2013-03-27 00:32:29 Summary: lower case external remote user - canonicalise email address Affected #: 1 file diff -r dfa5f6b881769995d4bb660e82b4c20256779bf3 -r c893e34c0ef3ca12ef8878944f70b11a92e1a43d lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py +++ b/lib/galaxy/web/framework/__init__.py @@ -726,7 +726,7 @@ #If this is an api request, and they've passed a key, we let this go. assert self.app.config.remote_user_header in self.environ, \ "use_remote_user is set but %s header was not provided" % self.app.config.remote_user_header - remote_user_email = self.environ[ self.app.config.remote_user_header ] + remote_user_email = self.environ[ self.app.config.remote_user_header ].lower() if galaxy_session: # An existing session, make sure correct association exists if galaxy_session.user is None: @@ -854,7 +854,7 @@ """ if not self.app.config.use_remote_user: return None - + remote_user_email = remote_user_email.lower() user = self.sa_session.query( self.app.model.User ) \ .filter( self.app.model.User.table.c.email==remote_user_email ) \ .first() https://bitbucket.org/galaxy/galaxy-central/commits/de7af0ce204e/ Changeset: de7af0ce204e User: jmchilton Date: 2014-01-17 08:10:58 Summary: Make normalizing remote user e-mail optional (off by default). I don't think we can make this change as is in case other institutions have configured their proxies to supply consistent e-mail addresses or other identifiers and these identifiers are not uniformly lower case. In such cases these changes (Pull Request 144) would break Galaxy's existing user management. Affected #: 2 files diff -r c893e34c0ef3ca12ef8878944f70b11a92e1a43d -r de7af0ce204e4e632ae28449f8de82e6ac440066 lib/galaxy/config.py --- a/lib/galaxy/config.py +++ b/lib/galaxy/config.py @@ -122,6 +122,7 @@ self.id_secret = kwargs.get( "id_secret", "USING THE DEFAULT IS NOT SECURE!" ) self.retry_metadata_internally = string_as_bool( kwargs.get( "retry_metadata_internally", "True" ) ) self.use_remote_user = string_as_bool( kwargs.get( "use_remote_user", "False" ) ) + self.normalize_remote_user_email = string_as_bool( kwargs.get( "normalize_remote_user_email", "False" ) ) self.remote_user_maildomain = kwargs.get( "remote_user_maildomain", None ) self.remote_user_header = kwargs.get( "remote_user_header", 'HTTP_REMOTE_USER' ) self.remote_user_logout_href = kwargs.get( "remote_user_logout_href", None ) diff -r c893e34c0ef3ca12ef8878944f70b11a92e1a43d -r de7af0ce204e4e632ae28449f8de82e6ac440066 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py +++ b/lib/galaxy/web/framework/__init__.py @@ -726,7 +726,9 @@ #If this is an api request, and they've passed a key, we let this go. assert self.app.config.remote_user_header in self.environ, \ "use_remote_user is set but %s header was not provided" % self.app.config.remote_user_header - remote_user_email = self.environ[ self.app.config.remote_user_header ].lower() + remote_user_email = self.environ[ self.app.config.remote_user_header ] + if getattr( self.app.config, "normalize_remote_user_email", False ): + remote_user_email = remote_user_email.lower() if galaxy_session: # An existing session, make sure correct association exists if galaxy_session.user is None: @@ -854,7 +856,8 @@ """ if not self.app.config.use_remote_user: return None - remote_user_email = remote_user_email.lower() + if getattr( self.app.config, "normalize_remote_user_email", False ): + remote_user_email = remote_user_email.lower() user = self.sa_session.query( self.app.model.User ) \ .filter( self.app.model.User.table.c.email==remote_user_email ) \ .first() https://bitbucket.org/galaxy/galaxy-central/commits/4f898ebb8a0f/ Changeset: 4f898ebb8a0f User: jmchilton Date: 2014-01-22 21:39:55 Summary: Document new normalize_remote_user_email option. Affected #: 1 file diff -r de7af0ce204e4e632ae28449f8de82e6ac440066 -r 4f898ebb8a0fe36c762ed61f09847af8afcfbd79 universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample +++ b/universe_wsgi.ini.sample @@ -601,6 +601,11 @@ # users out. #remote_user_logout_href = None +# If your proxy and/or authentication source does not normalize e-mail +# addresses or user names being passed to Galaxy - enable the following option +# to force these to lower case. +#normalize_remote_user_email = True + # Administrative users - set this to a comma-separated list of valid Galaxy # users (email addresses). These users will have access to the Admin section # of the server, and will have access to create users, groups, roles, Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.