Review Board 1.6.3

HUE-878: [desktop] Add a remote user backend to better support running Hue behind a proxy server

Review Request #2401 - submitted 1 year, 5 months ago

Joey Echeverria Reviewers
hue
HUE-878
None hue
Created a simple middleware to fix a bug in Django's built-in remote user middleware that properly sets the header name to have the HTTP_ prefix and added a backend that authenticates or creates a user given nothing but the header. I also had to modify the settings.py to load the new middleware class.
I did some testing on a one node virtual cluster running CDH4.1. I applied the patch, set the backend to desktop.auth.backend.RemoteUserDjangoBackend and then used a Firefox add on to set the REMOTE_USER header as if the request came through a proxy. I then changed the backend back to the default one and verified that setting the header had no effect.

Diff revision 1

This is not the most recent revision of the diff. The latest diff is revision 4. See what's changed.

1 2 3 4
1 2 3 4

  1. desktop/core/src/desktop/middleware.py: Loading...
  2. desktop/core/src/desktop/settings.py: Loading...
  3. desktop/core/src/desktop/auth/backend.py: Loading...
desktop/core/src/desktop/middleware.py
Revision 7404390 New Change
... 20 lines hidden [Expand]
21
import tempfile
21
import tempfile
22

   
22

   
23
from django.conf import settings
23
from django.conf import settings
24
from django.contrib import messages
24
from django.contrib import messages
25
from django.contrib.auth import REDIRECT_FIELD_NAME
25
from django.contrib.auth import REDIRECT_FIELD_NAME

   
26
from django.contrib.auth.middleware import RemoteUserMiddleware
26
from django.core import exceptions, urlresolvers
27
from django.core import exceptions, urlresolvers
27
import django.db
28
import django.db
28
from django.http import HttpResponseRedirect, HttpResponse
29
from django.http import HttpResponseRedirect, HttpResponse
29
from django.utils.http import urlquote
30
from django.utils.http import urlquote
30
from django.utils.encoding import iri_to_uri
31
from django.utils.encoding import iri_to_uri
... 434 lines hidden [Expand]
def _filter_warnings(self, err_list):
465
  def _is_html(self, request, response):
466
  def _is_html(self, request, response):
466
    return not request.is_ajax() and \
467
    return not request.is_ajax() and \
467
        'html' in response['Content-Type'] and \
468
        'html' in response['Content-Type'] and \
468
        200 <= response.status_code < 300
469
        200 <= response.status_code < 300
469

   
470

   

   
471
class HueRemoteUserMiddleware(RemoteUserMiddleware):

   
472
  header = 'HTTP_REMOTE_USER'
desktop/core/src/desktop/settings.py
Revision aee6b57 New Change
 
desktop/core/src/desktop/auth/backend.py
Revision 96be931 New Change
 
  1. desktop/core/src/desktop/middleware.py: Loading...
  2. desktop/core/src/desktop/settings.py: Loading...
  3. desktop/core/src/desktop/auth/backend.py: Loading...