details: http://www.bx.psu.edu/hg/galaxy/rev/682c179a2f84 changeset: 1648:682c179a2f84 user: Nate Coraor <nate@bx.psu.edu> date: Thu Dec 04 10:47:41 2008 -0500 description: Let UCSC through w/o authentication when use_remote_user is enabled. 2 file(s) affected in this change: lib/galaxy/web/buildapp.py lib/galaxy/web/framework/middleware/remoteuser.py diffs (60 lines): diff -r 15bf910890d5 -r 682c179a2f84 lib/galaxy/web/buildapp.py --- a/lib/galaxy/web/buildapp.py Tue Dec 02 17:17:23 2008 -0500 +++ b/lib/galaxy/web/buildapp.py Thu Dec 04 10:47:41 2008 -0500 @@ -95,7 +95,7 @@ # upstream server if asbool(conf.get( 'use_remote_user', False )): from galaxy.web.framework.middleware.remoteuser import RemoteUser - app = RemoteUser( app, maildomain=conf.get( 'remote_user_maildomain', None ) ) + app = RemoteUser( app, maildomain=conf.get( 'remote_user_maildomain', None ), ucsc_display_sites=conf.get( 'ucsc_display_sites', [] ) ) log.debug( "Enabling 'remote user' middleware" ) # The recursive middleware allows for including requests in other # requests or forwarding of requests, all on the server side. diff -r 15bf910890d5 -r 682c179a2f84 lib/galaxy/web/framework/middleware/remoteuser.py --- a/lib/galaxy/web/framework/middleware/remoteuser.py Tue Dec 02 17:17:23 2008 -0500 +++ b/lib/galaxy/web/framework/middleware/remoteuser.py Thu Dec 04 10:47:41 2008 -0500 @@ -1,6 +1,8 @@ """ Middleware for handling $REMOTE_USER if use_remote_user is enabled. """ + +import socket errorpage = """ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> @@ -33,11 +35,34 @@ </html> """ +UCSC_SERVERS = ( + 'hgw1.cse.ucsc.edu', + 'hgw2.cse.ucsc.edu', + 'hgw3.cse.ucsc.edu', + 'hgw4.cse.ucsc.edu', + 'hgw5.cse.ucsc.edu', + 'hgw6.cse.ucsc.edu', + 'hgw7.cse.ucsc.edu', + 'hgw8.cse.ucsc.edu', +) + class RemoteUser( object ): - def __init__( self, app, maildomain=None ): + def __init__( self, app, maildomain=None, ucsc_display_sites=[] ): self.app = app self.maildomain = maildomain + self.allow_ucsc = False + if len( ucsc_display_sites ): + self.allow_ucsc = True def __call__( self, environ, start_response ): + # Allow through UCSC if the UCSC display links are enabled + if self.allow_ucsc and environ.has_key( 'REMOTE_ADDR' ): + try: + host = socket.gethostbyaddr( environ[ 'REMOTE_ADDR' ] )[0] + except( socket.error, socket.herror, socket.gaierror, socket.timeout ): + # in the event of a lookup failure, deny access + host = None + if host in UCSC_SERVERS: + return self.app( environ, start_response ) # Apache sets REMOTE_USER to the string '(null)' when using the # Rewrite* method for passing REMOTE_USER and a user is # un-authenticated. Any other possible values need to go here as well.