diff -r 91ae685405ba roundup/cgi/client.py --- a/roundup/cgi/client.py Wed May 26 12:04:06 2021 -0400 +++ b/roundup/cgi/client.py Thu May 27 00:41:02 2021 -0400 @@ -997,17 +997,18 @@ user = None # first up, try http authorization if enabled cfg = self.instance.config + remote_user_header = cfg.WEB_HTTP_AUTH_HEADER or 'REMOTE_USER' if cfg.WEB_COOKIE_TAKES_PRECEDENCE: user = self.session_api.get('user') if user: # update session lifetime datestamp self.session_api.update() - if 'REMOTE_USER' in self.env: - del self.env['REMOTE_USER'] + if remote_user_header in self.env: + del self.env[remote_user_header] if not user and cfg.WEB_HTTP_AUTH: - if 'REMOTE_USER' in self.env: + if remote_user_header in self.env: # we have external auth (e.g. by Apache) - user = self.env['REMOTE_USER'] + user = self.env[remote_user_header] if cfg.WEB_HTTP_AUTH_CONVERT_REALM_TO_LOWERCASE and '@' in user: u, d = user.split ('@', 1) user = '@'.join ((u, d.lower())) diff -r 91ae685405ba roundup/configuration.py --- a/roundup/configuration.py Wed May 26 12:04:06 2021 -0400 +++ b/roundup/configuration.py Thu May 27 00:41:02 2021 -0400 @@ -836,10 +836,16 @@ "trust *all* users uploading content to your tracker."), (BooleanOption, 'http_auth', "yes", "Whether to use HTTP Basic Authentication, if present.\n" - "Roundup will use either the REMOTE_USER or HTTP_AUTHORIZATION\n" + "Roundup will use either the REMOTE_USER (the value set \n" + "by http_auth_header) or HTTP_AUTHORIZATION\n" "variables supplied by your web server (in that order).\n" "Set this option to 'no' if you do not wish to use HTTP Basic\n" "Authentication in your web interface."), + (Option, "http_auth_header", "", + "The HTTP header that holds the user authentication information.\n" + "If empty (default) the REMOTE_USER header is used.\n" + "This is used when the upstream HTTP server authenticates\n" + "the user and passes the username using this HTTP header."), (BooleanOption, 'http_auth_convert_realm_to_lowercase', "no", "If usernames consist of a name and a domain/realm part of\n" "the form user@realm and we're using REMOTE_USER for\n" diff -r 91ae685405ba roundup/scripts/roundup_server.py --- a/roundup/scripts/roundup_server.py Wed May 26 12:04:06 2021 -0400 +++ b/roundup/scripts/roundup_server.py Thu May 27 00:41:02 2021 -0400 @@ -406,6 +406,12 @@ if co: env['HTTP_COOKIE'] = ', '.join(co) env['HTTP_AUTHORIZATION'] = self.headers.get('authorization') + # self.CONFIG['INCLUDE_HEADERS'] is a list. + for h in self.CONFIG['INCLUDE_HEADERS']: + env[h] = self.headers.get(h, None) + # if header is MISSING + if env[h] is None: + del(env[h]) env['SCRIPT_NAME'] = '' env['SERVER_NAME'] = self.server.server_name env['SERVER_PORT'] = str(self.server.server_port) @@ -626,6 +632,12 @@ (configuration.NullableFilePathOption, "pem", "", "PEM file used for SSL. A temporary self-signed certificate\n" "will be used if left blank."), + (configuration.WordListOption, "include_headers", "", + "Comma separated list of extra headers that should\n" + "be copied into the CGI environment.\n" + "E.G. if you want to acces the REMOTE_USER and\n" + "X-Proxy-User headers in the back end,\n" + "set to the value REMOTE_USER,X-Proxy-User."), )), ("trackers", (), "Roundup trackers to serve.\n" "Each option in this section defines single Roundup tracker.\n" @@ -650,6 +662,7 @@ "loghttpvialogger": 'L', "ssl": "s", "pem": "e:", + "include_headers": "I:", } def __init__(self, config_file=None): @@ -864,6 +877,7 @@ connections, defaults to localhost, use 0.0.0.0 to bind to all network interfaces -p set the port to listen on (default: %(port)s) + -I list of headers to pass to the backend -l log to the file indicated by fname instead of stderr/stdout -N log client machine names instead of IP addresses (much slower) -i set tracker index template