Merge branch 'issue_28'

doc/annotated_wsgidav.conf

@@ -244,6 +244,10 @@ acceptbasic = True    # Allow basic authentication, True or False
 acceptdigest = True   # Allow digest authentication, True or False
 defaultdigest = True  # True (default digest) or False (default basic)
 
+# Enter the name of a header field that will be accepted as authorized user.
+# Including quotes, for example: trusted_auth_header = "REMOTE_USER"
+trusted_auth_header = None
+
 
 #===============================================================================
 # Domain Controller

tests/wsgidav-client-test.conf

@@ -195,6 +195,7 @@ addShare("dav", "~/wsgidav_test")
 acceptbasic = True    # Allow basic authentication, True or False
 acceptdigest = True   # Allow digest authentication, True or False
 defaultdigest = True  # True (default digest) or False (default basic)
+trusted_auth_header = None
 
 
 #===============================================================================

wsgidav.conf

@@ -114,6 +114,9 @@ acceptbasic = True    # Allow basic authentication, True or False
 acceptdigest = True   # Allow digest authentication, True or False
 defaultdigest = True  # True (default digest) or False (default basic)
 
+# Enter the name of a header field that will be accepted as authorized user.
+# Including quotes, for example: trusted_auth_header = "REMOTE_USER"
+trusted_auth_header = None
 
 #domaincontroller =   # Uncomment this line to specify your own domain controller
                       # Default: wsgidav.domain_controller, which uses the USERS 

wsgidav.conf.sample

@@ -144,6 +144,9 @@ acceptbasic = True    # Allow basic authentication, True or False
 acceptdigest = True   # Allow digest authentication, True or False
 defaultdigest = True  # True (default digest) or False (default basic)
 
+# Enter the name of a header field that will be accepted as authorized user.
+# Including quotes, for example: trusted_auth_header = "REMOTE_USER"
+trusted_auth_header = None
 
 #domaincontroller =   # Uncomment this line to specify your own domain controller
                       # Default: wsgidav.domain_controller, which uses the USERS 

wsgidav/http_authenticator.py

@@ -146,6 +146,7 @@ def __init__(self, application, config):
         self._acceptbasic = config.get("acceptbasic", True)
         self._acceptdigest = config.get("acceptdigest", True)
         self._defaultdigest = config.get("defaultdigest", True)
+        self._trusted_auth_header = config.get("trusted_auth_header", None)
         self._noncedict = dict([])
 
         self._headerparser = re.compile(r"([\w]+)=([^,]*),")
@@ -183,6 +184,14 @@ def __call__(self, environ, start_response):
             environ["http_authenticator.username"] = ""
             return self._application(environ, start_response)
 
+        if self._trusted_auth_header and environ.get(self._trusted_auth_header):
+            # accept a username that was injected by a trusted upstream server
+            _logger.debug("Accept trusted username %s='%s'for realm '%s'"
+                % (self._trusted_auth_header, environ.get(self._trusted_auth_header), realmname))
+            environ["http_authenticator.realm"] = realmname
+            environ["http_authenticator.username"] = environ.get(self._trusted_auth_header)
+            return self._application(environ, start_response)
+
         if "HTTP_AUTHORIZATION" in environ:
             authheader = environ["HTTP_AUTHORIZATION"] 
             authmatch = self._headermethod.search(authheader)          

wsgidav/wsgidav_app.py

@@ -88,6 +88,7 @@
     "acceptbasic": True,      # Allow basic authentication, True or False
     "acceptdigest": True,     # Allow digest authentication, True or False
     "defaultdigest": True,    # True (default digest) or False (default basic)
+    "trusted_auth_header": None,  # Name of a header field that will be accepted as authorized user
 
     # Error printer options
     "catchall": False,