[galaxy-commits] galaxy-dist commit c653ccfa1a1e: Allow access to /api without HTTP_REMOTE_USER set if use_remote_user = True, since the API controllers handle authentication internally.

commits-noreply at bitbucket.org commits-noreply at bitbucket.org
Fri Jul 30 09:29:51 EDT 2010 

# HG changeset patch -- Bitbucket.org
# Project galaxy-dist
# URL http://bitbucket.org/galaxy/galaxy-dist/overview
# User Nate Coraor <nate at bx.psu.edu>
# Date 1280416580 14400
# Node ID c653ccfa1a1ef7c2a384ee4b3ab72da0b391ae14
# Parent  ab48c0e20a948f310ad3b072c23560faa8433aa3
Allow access to /api without HTTP_REMOTE_USER set if use_remote_user = True, since the API controllers handle authentication internally.

--- a/lib/galaxy/web/framework/middleware/remoteuser.py
+++ b/lib/galaxy/web/framework/middleware/remoteuser.py
@@ -75,8 +75,8 @@ class RemoteUser( object ):
         # Apache sets REMOTE_USER to the string '(null)' when using the
         # Rewrite* method for passing REMOTE_USER and a user is
         # un-authenticated.  Any other possible values need to go here as well.
+        path_info = environ.get('PATH_INFO', '')
         if environ.has_key( 'HTTP_REMOTE_USER' ) and environ[ 'HTTP_REMOTE_USER' ] != '(null)':
-            path_info = environ.get('PATH_INFO', '')
             if not environ[ 'HTTP_REMOTE_USER' ].count( '@' ):
                 if self.maildomain is not None:
                     environ[ 'HTTP_REMOTE_USER' ] += '@' + self.maildomain
@@ -96,7 +96,7 @@ class RemoteUser( object ):
             if path_info.startswith( '/user/create' ) and environ[ 'HTTP_REMOTE_USER' ] in self.admin_users:
                 pass # admins can create users
             elif path_info.startswith( '/user/api_keys' ):
-                pass
+                pass # api keys can be managed when remote_user is in use
             elif path_info.startswith( '/user' ):
                 title = "Access to Galaxy user controls is disabled"
                 message = """
@@ -105,6 +105,9 @@ class RemoteUser( object ):
                 """
                 return self.error( start_response, title, message )
             return self.app( environ, start_response )
+        elif path_info.startswith( '/api/' ):
+            # The API handles its own authentication via keys
+            return self.app( environ, start_response )
         else:
             title = "Access to Galaxy is denied"
             message = """

More information about the galaxy-commits mailing list