Hi Zach,

I'm not really sure what's going on there. This backend isn't widely-used, so 
it doesn't get a lot of testing.

Sometimes this stuff depends on your server configuration a bit. Can you share 
any modifications to the generated Apache config you may have (or any 
configuration you have if it's not Apache).

Thanks,

Christian

--  
Christian Hammond - christ...@beanbaginc.com  
Review Board - https://www.reviewboard.org  
Beanbag, Inc. - https://www.beanbaginc.com

-----Original Message-----
From: Zach <zach...@gmail.com>
Reply: reviewboard@googlegroups.com <reviewboard@googlegroups.com>>
Date: July 22, 2015 at 8:51:55 AM
To: reviewboard <reviewboard@googlegroups.com>>
Subject:  Re: Support for HTTP Auth?

> Sorry to revive this from the dead, but I'm also trying to use the
> `RemoteUserAuthBackend`, but against reviewboard 2.0.X.
>  
> I have it working from a "I can hit this site and get an account that's
> populated" perspective. We ignore the auth config when hitting any /api/
> routes since some scripts would have to jump through hoops to do things
> other than basic auth for that endpoint. The issue I'm fighting with is
> that when the UI makes AJAX requests to the api, even though it sends the
> session cookie and id, returned from the set-cookie header, I get prompted
> for a username and password (due to the WWW-Authenticate header).
>  
> Do you have any thoughts on this?
>  
> On Tuesday, June 8, 2010 at 2:29:29 PM UTC-4, Christian Hammond wrote:
> >
> > Hi,
> >
> > Someone worked on patches long ago for this but they were never completed.
> > They're a bit outdated now given changes in Review Board.
> >
> > I don't know how your code works, but I believe Django has support for
> > HTTP Auth now (django.contrib.auth.backends.RemoteUserAuthBackend). It
> > actually doesn't completely do what we need. It'll automatically create
> > User objects for any new attempt at login, which is probably bad. What I'd
> > do is subclass this in our own backends.py file and set create_unknown_user
> > to False. I'd also create a new variable we can use to hide the Log In link
> > (maybe "hide_login_page" or something) and check that in the base.html
> > template.
> >
> > This backend must be used in conjunction with
> > django.contrib.auth.middleware.RemoteUserMiddleware. However, the
> > middleware assumes that we're absolutely using RemoteUserAuthBackend, which
> > we won't always be, so you'd also have to subclass that, override
> > process_request, and only call the parent method if the HTTP auth backend
> > is used. That middleware would need to be placed in the middleware list in
> > reviewboard/settings.py.
> >
> > You'd then need to update Review Board to know about it
> > (reviewboard/admin/siteconfig.py and forms.py, I believe).
> >
> > Hope that helps.
> >
> > Christian
> >
> > --
> > Christian Hammond - chi...@chipx86.com  
> > Review Board - http://www.reviewboard.org
> > VMware, Inc. - http://www.vmware.com
> >
> >
> > On Tue, Jun 8, 2010 at 10:27 AM, tuckermi  
> > > wrote:
> >
> >> I am trying to configure ReviewBoard (I'm using 1.5b2) to trust the
> >> REMOTE_USER environment variable that is set by apache when I use
> >> basic HTTP authentication. Has anyone had luck doing something like
> >> this who can steer me in the right direction? I have tried writing my
> >> own backend, which seems like it is probably not the best approach,
> >> but am running into some issues. Specifically, I am still prompted to
> >> login with the ReviewBoard login page after I authenticate through the
> >> HTTP Auth popup.
> >>
> >> I would definitely prefer to use existing tools if they exist -- I
> >> looked through the documentation and didn't see any mention of HTTP
> >> basic auth as an authentication backend. Is there something in Django
> >> that I should look at? Any suggestions would be appreciated.
> >>
> >> Thanks,
> >> Mike
> >>
> >> --
> >> Want to help the Review Board project? Donate today at
> >> http://www.reviewboard.org/donate/
> >> Happy user? Let us know at http://www.reviewboard.org/users/
> >> -~----------~----~----~----~------~----~------~--~---
> >> To unsubscribe from this group, send email to
> >> reviewboard...@googlegroups.com  
> >> For more options, visit this group at
> >> http://groups.google.com/group/reviewboard?hl=en
> >
> >
> >
>  
> --
> Supercharge your Review Board with Power Pack: 
> https://www.reviewboard.org/powerpack/  
> Want us to host Review Board for you? Check out RBCommons: 
> https://rbcommons.com/
> Happy user? Let us know! https://www.reviewboard.org/users/
> ---
> You received this message because you are subscribed to the Google Groups 
> "reviewboard"  
> group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to reviewboard+unsubscr...@googlegroups.com.  
> For more options, visit https://groups.google.com/d/optout.
>  

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to