incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject git commit: [#6668] Fixed importer login overlay not working due to SSL restrictions
Date Thu, 19 Sep 2013 21:29:32 GMT
Updated Branches:
  refs/heads/cj/6668 [created] 171d23561


[#6668] Fixed importer login overlay not working due to SSL restrictions

Signed-off-by: Cory Johns <cjohns@slashdotmedia.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/171d2356
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/171d2356
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/171d2356

Branch: refs/heads/cj/6668
Commit: 171d23561a9ab0e39e646cd1c6ee542d2851c4ee
Parents: d83c5c2
Author: Cory Johns <cjohns@slashdotmedia.com>
Authored: Thu Sep 19 21:27:16 2013 +0000
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Thu Sep 19 21:27:28 2013 +0000

----------------------------------------------------------------------
 Allura/allura/config/middleware.py     |  3 ++-
 Allura/allura/lib/custom_middleware.py | 16 ++++++++++------
 Allura/development.ini                 |  2 ++
 3 files changed, 14 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/171d2356/Allura/allura/config/middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/config/middleware.py b/Allura/allura/config/middleware.py
index 7395f93..989347a 100644
--- a/Allura/allura/config/middleware.py
+++ b/Allura/allura/config/middleware.py
@@ -144,7 +144,8 @@ def _make_core_app(root, global_conf, full_stack=True, **app_conf):
     app = allura_globals_middleware(app)
     # Ensure https for logged in users, http for anonymous ones
     if asbool(app_conf.get('auth.method', 'local')=='sfx'):
-        app = SSLMiddleware(app, app_conf.get('no_redirect.pattern'))
+        app = SSLMiddleware(app, app_conf.get('no_redirect.pattern'),
+                app_conf.get('force_ssl.pattern'))
     # Setup resource manager, widget context SOP
     app = ew.WidgetMiddleware(
         app,

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/171d2356/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index d4652ab..4a0fcaf 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -141,12 +141,16 @@ class CSRFMiddleware(object):
 class SSLMiddleware(object):
     'Verify the https/http schema is correct'
 
-    def __init__(self, app, no_redirect_pattern=None):
+    def __init__(self, app, no_redirect_pattern=None, force_ssl_pattern=None):
         self.app = app
         if no_redirect_pattern:
             self._no_redirect_re = re.compile(no_redirect_pattern)
         else:
             self._no_redirect_re = re.compile('$$$')
+        if force_ssl_pattern:
+            self._force_ssl_re = re.compile(force_ssl_pattern)
+        else:
+            self._force_ssl_re = re.compile('$$$')
 
     def __call__(self, environ, start_response):
         req = Request(environ)
@@ -158,12 +162,12 @@ class SSLMiddleware(object):
             request_uri.decode('ascii')
         except UnicodeError:
             resp = exc.HTTPNotFound()
-        secure = req.environ.get('HTTP_X_SFINC_SSL', 'false') == 'true'
+        secure = req.url.startswith('https://')
         srv_path = req.url.split('://', 1)[-1]
-        if req.cookies.get('SFUSER'):
-            if not secure:
-                resp = exc.HTTPFound(location='https://' + srv_path)
-        elif secure:
+        force_ssl = req.cookies.get('SFUSER') or self._force_ssl_re.match(environ['PATH_INFO'])
+        if not secure and force_ssl:
+            resp = exc.HTTPFound(location='https://' + srv_path)
+        elif secure and not force_ssl:
             resp = exc.HTTPFound(location='http://' + srv_path)
 
         if not resp:

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/171d2356/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index 2a0b542..8dcf5f7 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -90,6 +90,8 @@ auth.ldap.schroot_name = scm
 #  script_name is the path that is handled by the application
 #  url_base is the prefix that references to the static resources should have
 no_redirect.pattern = ^/nf/\d+/_(ew|static)_/.*|^/rest/.*
+# Pages that must always be SSL, such as ones using the login overlay
+force_ssl.pattern = ^/[a-z0-9-]+/import_project/
 ew.script_name = /nf/%(build_key)s/_ew_/
 ew.url_base = /nf/%(build_key)s/_ew_/
 # ew.url_base = ://a.fsdn.com/allura/nf/%(build_key)s/_ew_/


Mime
View raw message