Hi Zach, I'm not really sure what's going on there. This backend isn't widely-used, so it doesn't get a lot of testing.
Sometimes this stuff depends on your server configuration a bit. Can you share any modifications to the generated Apache config you may have (or any configuration you have if it's not Apache). Thanks, Christian -- Christian Hammond - christ...@beanbaginc.com Review Board - https://www.reviewboard.org Beanbag, Inc. - https://www.beanbaginc.com -----Original Message----- From: Zach <zach...@gmail.com> Reply: firstname.lastname@example.org <email@example.com>> Date: July 22, 2015 at 8:51:55 AM To: reviewboard <firstname.lastname@example.org>> Subject: Re: Support for HTTP Auth? > Sorry to revive this from the dead, but I'm also trying to use the > `RemoteUserAuthBackend`, but against reviewboard 2.0.X. > > I have it working from a "I can hit this site and get an account that's > populated" perspective. We ignore the auth config when hitting any /api/ > routes since some scripts would have to jump through hoops to do things > other than basic auth for that endpoint. The issue I'm fighting with is > that when the UI makes AJAX requests to the api, even though it sends the > session cookie and id, returned from the set-cookie header, I get prompted > for a username and password (due to the WWW-Authenticate header). > > Do you have any thoughts on this? > > On Tuesday, June 8, 2010 at 2:29:29 PM UTC-4, Christian Hammond wrote: > > > > Hi, > > > > Someone worked on patches long ago for this but they were never completed. > > They're a bit outdated now given changes in Review Board. > > > > I don't know how your code works, but I believe Django has support for > > HTTP Auth now (django.contrib.auth.backends.RemoteUserAuthBackend). It > > actually doesn't completely do what we need. It'll automatically create > > User objects for any new attempt at login, which is probably bad. What I'd > > do is subclass this in our own backends.py file and set create_unknown_user > > to False. I'd also create a new variable we can use to hide the Log In link > > (maybe "hide_login_page" or something) and check that in the base.html > > template. > > > > This backend must be used in conjunction with > > django.contrib.auth.middleware.RemoteUserMiddleware. However, the > > middleware assumes that we're absolutely using RemoteUserAuthBackend, which > > we won't always be, so you'd also have to subclass that, override > > process_request, and only call the parent method if the HTTP auth backend > > is used. That middleware would need to be placed in the middleware list in > > reviewboard/settings.py. > > > > You'd then need to update Review Board to know about it > > (reviewboard/admin/siteconfig.py and forms.py, I believe). > > > > Hope that helps. > > > > Christian > > > > -- > > Christian Hammond - chi...@chipx86.com > > Review Board - http://www.reviewboard.org > > VMware, Inc. - http://www.vmware.com > > > > > > On Tue, Jun 8, 2010 at 10:27 AM, tuckermi > > > wrote: > > > >> I am trying to configure ReviewBoard (I'm using 1.5b2) to trust the > >> REMOTE_USER environment variable that is set by apache when I use > >> basic HTTP authentication. Has anyone had luck doing something like > >> this who can steer me in the right direction? I have tried writing my > >> own backend, which seems like it is probably not the best approach, > >> but am running into some issues. Specifically, I am still prompted to > >> login with the ReviewBoard login page after I authenticate through the > >> HTTP Auth popup. > >> > >> I would definitely prefer to use existing tools if they exist -- I > >> looked through the documentation and didn't see any mention of HTTP > >> basic auth as an authentication backend. Is there something in Django > >> that I should look at? Any suggestions would be appreciated. > >> > >> Thanks, > >> Mike > >> > >> -- > >> Want to help the Review Board project? Donate today at > >> http://www.reviewboard.org/donate/ > >> Happy user? Let us know at http://www.reviewboard.org/users/ > >> -~----------~----~----~----~------~----~------~--~--- > >> To unsubscribe from this group, send email to > >> reviewboard...@googlegroups.com > >> For more options, visit this group at > >> http://groups.google.com/group/reviewboard?hl=en > > > > > > > > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "reviewboard" > group. > To unsubscribe from this group and stop receiving emails from it, send an > email to reviewboard+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.