From b661c2fa920068a162c1a896f597e4f84a9a3cb0 Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:27:38 -0500 Subject: [PATCH 1/8] added config fields to settings table --- cps/config_sql.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cps/config_sql.py b/cps/config_sql.py index 809e97d8..f4af9d66 100644 --- a/cps/config_sql.py +++ b/cps/config_sql.py @@ -104,6 +104,9 @@ class _Settings(_Base): config_calibre = Column(String) config_rarfile_location = Column(String) + config_allow_reverse_proxy_header_login = Column(Boolean, default=False) + config_reverse_proxy_login_header_name = Column(String) + config_updatechannel = Column(Integer, default=constants.UPDATE_STABLE) def __repr__(self): From af7dbbf1e4a7f68eb283f4953ddbfed3cb436e1f Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:27:40 -0500 Subject: [PATCH 2/8] added logic for reverse proxy login --- cps/web.py | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/cps/web.py b/cps/web.py index 7aa921e4..e88d423d 100644 --- a/cps/web.py +++ b/cps/web.py @@ -116,14 +116,35 @@ web = Blueprint('web', __name__) log = logger.create() # ################################### Login logic and rights management ############################################### +def _fetch_user_by_name(username): + return ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == username.lower()).first() @lm.user_loader def load_user(user_id): return ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() -@lm.header_loader -def load_user_from_header(header_val): +@lm.request_loader +def load_user_from_request(request): + auth_header = request.headers.get("Authorization") + if auth_header: + user = load_user_from_auth_header(auth_header) + if user: + return user + + if config.config_allow_reverse_proxy_header_login: + rp_header_name = config.config_reverse_proxy_login_header_name + if rp_header_name: + rp_header = request.headers.get(rp_header_name) + if rp_header_username: + user = _fetch_user_by_name(rp_header_username) + if user: + return user + + return + + +def load_user_from_auth_header(header_val): if header_val.startswith('Basic '): header_val = header_val.replace('Basic ', '', 1) basic_username = basic_password = '' @@ -133,7 +154,7 @@ def load_user_from_header(header_val): basic_password = header_val.split(':')[1] except TypeError: pass - user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == basic_username.lower()).first() + user = _fetch_user_by_name(basic_username) if user and check_password_hash(str(user.password), basic_password): return user return From 77b0954c7007693c083167f14609fbaafa107b89 Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:28:50 -0500 Subject: [PATCH 3/8] use a macro for the display of boolean settings --- cps/templates/admin.html | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/cps/templates/admin.html b/cps/templates/admin.html index 17b84f34..5324f80e 100644 --- a/cps/templates/admin.html +++ b/cps/templates/admin.html @@ -1,4 +1,7 @@ {% extends "layout.html" %} +{% macro display_bool_setting(setting_value) -%} + {% if setting_value %}{% else %}{% endif %} +{%- endmacro %} {% block body %}
@@ -23,11 +26,11 @@ {{user.email}} {{user.kindle_mail}} {{user.downloads.count()}} - {% if user.role_admin() %}{% else %}{% endif %} - {% if user.role_download() %}{% else %}{% endif %} - {% if user.role_viewer() %}{% else %}{% endif %} - {% if user.role_upload() %}{% else %}{% endif %} - {% if user.role_edit() %}{% else %}{% endif %} + {{ display_bool_setting(user.role_admin()) }} + {{ display_bool_setting(user.role_download()) }} + {{ display_bool_setting(user.role_viewer()) }} + {{ display_bool_setting(user.role_upload()) }} + {{ display_bool_setting(user.role_edit()) }} {% endif %} {% endfor %} @@ -83,19 +86,19 @@
{{_('Uploading')}}
-
{% if config.config_uploading %}{% else %}{% endif %}
+
{{ display_bool_setting(config.config_uploading) }}
{{_('Anonymous browsing')}}
-
{% if config.config_anonbrowse %}{% else %}{% endif %}
+
{{ display_bool_setting(config.config_anonbrowse) }}
{{_('Public registration')}}
-
{% if config.config_public_reg %}{% else %}{% endif %}
+
{{ display_bool_setting(config.config_public_reg) }}
{{_('Remote login')}}
-
{% if config.config_remote_login %}{% else %}{% endif %}
+
{{ display_bool_setting(config.config_remote_login) }}
From f0760c07d8119afb60a70026ee6e952ae167dafc Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:31:12 -0500 Subject: [PATCH 4/8] added admin display of reverse proxy settings --- cps/templates/admin.html | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cps/templates/admin.html b/cps/templates/admin.html index 5324f80e..e698d014 100644 --- a/cps/templates/admin.html +++ b/cps/templates/admin.html @@ -100,6 +100,16 @@
{{_('Remote login')}}
{{ display_bool_setting(config.config_remote_login) }}
+
+
{{_('Reverse proxy login')}}
+
{{ display_bool_setting(config.config_allow_reverse_proxy_header_login) }}
+
+ {% if config.config_allow_reverse_proxy_header_login %} +
+
{{_('Reverse proxy header name')}}
+
{{ config.config_reverse_proxy_login_header_name }}
+
+ {% endif %} From 9351ff032ff1b953dc027a758a902cc10232207e Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:31:17 -0500 Subject: [PATCH 5/8] whitespace --- cps/templates/admin.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cps/templates/admin.html b/cps/templates/admin.html index e698d014..a7770c59 100644 --- a/cps/templates/admin.html +++ b/cps/templates/admin.html @@ -1,6 +1,6 @@ {% extends "layout.html" %} {% macro display_bool_setting(setting_value) -%} - {% if setting_value %}{% else %}{% endif %} + {% if setting_value %}{% else %}{% endif %} {%- endmacro %} {% block body %}
From 39b6b100f9e70388994f74d5098ebc622d6f9be9 Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:31:19 -0500 Subject: [PATCH 6/8] whitespace --- cps/templates/config_edit.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cps/templates/config_edit.html b/cps/templates/config_edit.html index 85b9598e..b46d07f5 100644 --- a/cps/templates/config_edit.html +++ b/cps/templates/config_edit.html @@ -200,7 +200,7 @@
{% if feature_support['ldap'] %} -
+
From efcee0a7b7ecf33e6527a98b05b1acdd82c1d2f6 Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:31:21 -0500 Subject: [PATCH 7/8] added reverse proxy configuration form and handler --- cps/admin.py | 4 ++++ cps/templates/config_edit.html | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/cps/admin.py b/cps/admin.py index 1862dda8..6cb5bfdb 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -347,6 +347,10 @@ def _configuration_update_helper(): _config_int("config_updatechannel") + # Reverse proxy login configuration + _config_checkbox("config_allow_reverse_proxy_header_login") + _config_string("config_reverse_proxy_login_header_name") + # GitHub OAuth configuration if config.config_login_type == constants.LOGIN_OAUTH: active_oauths = 0 diff --git a/cps/templates/config_edit.html b/cps/templates/config_edit.html index b46d07f5..0d28b8ea 100644 --- a/cps/templates/config_edit.html +++ b/cps/templates/config_edit.html @@ -271,6 +271,16 @@
{% endif %} {% endif %} +
+ + +
+
+
+ + +
+
From 3dc372c5737b50e7bfc59bbf4cbd9241bbbdd1fe Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Thu, 12 Dec 2019 21:38:45 -0500 Subject: [PATCH 8/8] fixed typo --- cps/web.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cps/web.py b/cps/web.py index e88d423d..c6a3e1c4 100644 --- a/cps/web.py +++ b/cps/web.py @@ -135,7 +135,7 @@ def load_user_from_request(request): if config.config_allow_reverse_proxy_header_login: rp_header_name = config.config_reverse_proxy_login_header_name if rp_header_name: - rp_header = request.headers.get(rp_header_name) + rp_header_username = request.headers.get(rp_header_name) if rp_header_username: user = _fetch_user_by_name(rp_header_username) if user: