Review Board 1.6.3

HUE-878: [desktop] Add a remote user backend to better support running Hue behind a proxy server

Review Request #2401 - submitted 1 year, 5 months ago

Joey Echeverria Reviewers
hue
HUE-878
None hue
Created a simple middleware to fix a bug in Django's built-in remote user middleware that properly sets the header name to have the HTTP_ prefix and added a backend that authenticates or creates a user given nothing but the header. I also had to modify the settings.py to load the new middleware class.
I did some testing on a one node virtual cluster running CDH4.1. I applied the patch, set the backend to desktop.auth.backend.RemoteUserDjangoBackend and then used a Firefox add on to set the REMOTE_USER header as if the request came through a proxy. I then changed the backend back to the default one and verified that setting the header had no effect.

Diff revision 3

This is not the most recent revision of the diff. The latest diff is revision 4. See what's changed.

1 2 3 4
1 2 3 4

  1. desktop/core/src/desktop/conf.py: Loading...
  2. desktop/core/src/desktop/middleware.py: Loading...
  3. desktop/core/src/desktop/settings.py: Loading...
  4. desktop/core/src/desktop/auth/backend.py: Loading...
desktop/core/src/desktop/conf.py
Revision cac7b78 New Change
... 268 lines hidden [Expand]
def default_from_email():
269
                   default="desktop.auth.backend.DefaultUserAugmentor",
269
                   default="desktop.auth.backend.DefaultUserAugmentor",
270
                   help=_("Class which defines extra accessor methods for User objects.")),
270
                   help=_("Class which defines extra accessor methods for User objects.")),
271
    PAM_SERVICE=Config("pam_service",
271
    PAM_SERVICE=Config("pam_service",
272
                  default="login",
272
                  default="login",
273
                  help=_("The service to use when querying PAM."
273
                  help=_("The service to use when querying PAM."
274
                         "The service usually corresponds to a single filename in /etc/pam.d"))
274
                         "The service usually corresponds to a single filename in /etc/pam.d")),

   
275
    REMOTE_USER_HEADER=Config("remote_user_header",

   
276
                        default="HTTP_REMOTE_USER",

   
277
                        help=_("The normalized name of the header that contains the remote user. "

   
278
                               "The HTTP header in the request is converted to a key by converting "

   
279
                               "all characters to uppercase, replacing any hyphens with underscores "

   
280
                               "and adding an HTTP_ prefix to the name. So, for example, if the header "

   
281
                               "is called Remote-User that would be configured as HTTP_REMOTE_USER"))
275
))
282
))
276

   
283

   
277
LDAP = ConfigSection(
284
LDAP = ConfigSection(
278
  key="ldap",
285
  key="ldap",
279
  help=_("Configuration options for LDAP connectivity"),
286
  help=_("Configuration options for LDAP connectivity"),
... 192 lines hidden [Expand]
desktop/core/src/desktop/middleware.py
Revision 7404390 New Change
 
desktop/core/src/desktop/settings.py
Revision aee6b57 New Change
 
desktop/core/src/desktop/auth/backend.py
Revision 96be931 New Change
 
  1. desktop/core/src/desktop/conf.py: Loading...
  2. desktop/core/src/desktop/middleware.py: Loading...
  3. desktop/core/src/desktop/settings.py: Loading...
  4. desktop/core/src/desktop/auth/backend.py: Loading...