Skip to content

Commit

Permalink
New option 'trusted_auth_header'
Browse files Browse the repository at this point in the history
  • Loading branch information
mar10 committed Apr 8, 2016
1 parent c44f5d3 commit fba4614
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 0 deletions.
4 changes: 4 additions & 0 deletions doc/annotated_wsgidav.conf
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,10 @@ acceptbasic = True # Allow basic authentication, True or False
acceptdigest = True # Allow digest authentication, True or False
defaultdigest = True # True (default digest) or False (default basic)

# Enter the name of a header field that will be accepted as authorized user.
# Including quotes, for example: trusted_auth_header = "REMOTE_USER"
trusted_auth_header = None


#===============================================================================
# Domain Controller
Expand Down
1 change: 1 addition & 0 deletions tests/wsgidav-client-test.conf
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@ addShare("dav", "~/wsgidav_test")
acceptbasic = True # Allow basic authentication, True or False
acceptdigest = True # Allow digest authentication, True or False
defaultdigest = True # True (default digest) or False (default basic)
trusted_auth_header = None


#===============================================================================
Expand Down
3 changes: 3 additions & 0 deletions wsgidav.conf
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,9 @@ acceptbasic = True # Allow basic authentication, True or False
acceptdigest = True # Allow digest authentication, True or False
defaultdigest = True # True (default digest) or False (default basic)

# Enter the name of a header field that will be accepted as authorized user.
# Including quotes, for example: trusted_auth_header = "REMOTE_USER"
trusted_auth_header = None

#domaincontroller = # Uncomment this line to specify your own domain controller
# Default: wsgidav.domain_controller, which uses the USERS
Expand Down
3 changes: 3 additions & 0 deletions wsgidav.conf.sample
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,9 @@ acceptbasic = True # Allow basic authentication, True or False
acceptdigest = True # Allow digest authentication, True or False
defaultdigest = True # True (default digest) or False (default basic)

# Enter the name of a header field that will be accepted as authorized user.
# Including quotes, for example: trusted_auth_header = "REMOTE_USER"
trusted_auth_header = None

#domaincontroller = # Uncomment this line to specify your own domain controller
# Default: wsgidav.domain_controller, which uses the USERS
Expand Down
9 changes: 9 additions & 0 deletions wsgidav/http_authenticator.py
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ def __init__(self, application, config):
self._acceptbasic = config.get("acceptbasic", True)
self._acceptdigest = config.get("acceptdigest", True)
self._defaultdigest = config.get("defaultdigest", True)
self._trusted_auth_header = config.get("trusted_auth_header", None)
self._noncedict = dict([])

self._headerparser = re.compile(r"([\w]+)=([^,]*),")
Expand Down Expand Up @@ -183,6 +184,14 @@ def __call__(self, environ, start_response):
environ["http_authenticator.username"] = ""
return self._application(environ, start_response)

if self._trusted_auth_header and environ.get(self._trusted_auth_header):
# accept a username that was injected by a trusted upstream server
_logger.debug("Accept trusted username %s='%s'for realm '%s'"
% (self._trusted_auth_header, environ.get(self._trusted_auth_header), realmname))
environ["http_authenticator.realm"] = realmname
environ["http_authenticator.username"] = environ.get(self._trusted_auth_header)
return self._application(environ, start_response)

if "HTTP_AUTHORIZATION" in environ:
authheader = environ["HTTP_AUTHORIZATION"]
authmatch = self._headermethod.search(authheader)
Expand Down
1 change: 1 addition & 0 deletions wsgidav/wsgidav_app.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@
"acceptbasic": True, # Allow basic authentication, True or False
"acceptdigest": True, # Allow digest authentication, True or False
"defaultdigest": True, # True (default digest) or False (default basic)
"trusted_auth_header": None, # Name of a header field that will be accepted as authorized user

# Error printer options
"catchall": False,
Expand Down

0 comments on commit fba4614

Please sign in to comment.