diff options
| -rw-r--r-- | app/controllers/application.rb | 13 | ||||
| -rw-r--r-- | config/httpd.conf | 19 |
2 files changed, 19 insertions, 13 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 7935cc461..dd762480c 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.47 2008-05-21 23:36:52 francis Exp $ +# $Id: application.rb,v 1.48 2008-06-10 15:12:02 francis Exp $ class ApplicationController < ActionController::Base @@ -125,10 +125,15 @@ class ApplicationController < ActionController::Base # For administration interface, return display name of authenticated user def admin_http_auth_user - if not request.env["REMOTE_USER"] - return "*unknown*"; - else + # This needs special magic in mongrel: http://www.ruby-forum.com/topic/83067 + # Hence the second clause which reads X-Forwarded-User header if available. + # See the rewrite rules in conf/httpd.conf which set X-Forwarded-User + if request.env["REMOTE_USER"] return request.env["REMOTE_USER"] + elsif request.env["HTTP_X_FORWARDED_USER"] + return request.env["HTTP_X_FORWARDED_USER"] + else + return "*unknown*"; end end def assign_http_auth_user diff --git a/config/httpd.conf b/config/httpd.conf index 902aa6935..b6a1804ee 100644 --- a/config/httpd.conf +++ b/config/httpd.conf @@ -1,4 +1,4 @@ -# Apache configuration for FOI site. +# Apache configuracreated_attion for FOI site. # # For development ignore this, you can just run ./scripts/server as for any # Ruby on Rails application. @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org # -# $Id: httpd.conf,v 1.12 2008-06-04 20:20:58 francis Exp $ +# $Id: httpd.conf,v 1.13 2008-06-10 15:12:02 francis Exp $ # This is needed for the PHP spell checker <Location /fcgi> @@ -25,6 +25,14 @@ RewriteRule /(.+).cgi /down.html [R] RewriteCond %{DOCUMENT_ROOT}/down.html !-s RewriteRule /down.html / [R] +# Pass through the HTTP basic authentication to mongrel. See also +# admin_http_auth_user in app/controllers/application.rb +# Note: Apache 2 only. Doesn't work in Apache 1.3, you'll need to live without +# it. +RewriteCond %{LA-U:REMOTE_USER} (.+) +RewriteRule . - [E=RU:%1] +RequestHeader add X-Forwarded-User %{RU}e + # Use Mongrel as the main webserver (more reliable than FastCGI for Rails) RewriteCond %{REQUEST_URI} !^/jslib/ RewriteCond %{REQUEST_URI} !^/fcgi/ @@ -32,10 +40,3 @@ RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f RewriteRule ^/(.*) http://localhost:3000/$1 [P] # This is roughly equivalent to ProxyPass, but lets Apache serve the static files. # ProxyPass / http://localhost:3000/ - -# Pass through the HTTP basic authentication to mongrel -# Note: Doesn't work in apache 1.3, remove it. -RewriteCond %{LA-U:REMOTE_USER} (.+) -RewriteRule . - [E=RU:%1] -RequestHeader add X-Forwarded-User %{RU}e - |