Submitter:	Xavier Duret	Reviewers
Branch:		Groups:	reviewboard
Bugs:	513	People:	chipx86
Change Number:	None	Repository:	Review Board SVN

Description:

This patch aims to increase awareness of a specific need related to the use of Review Board in a corporate environment: the use of single sign on logins. In this case, the user authenticates once and the Apache server communicates the user name to Review board through Django. There is no more need for login and logout links as authentication is done when the user logs in its terminal or through its browser.

Because the current patch waiting for inclusion into Django's repository does not provide for a system to detect that web authentication is performed, a new variable called WEBAUTH is introduced in "settings". Its use in the template is straightforward. The manner in which the detection of web authentication is inelegant. Maybe this patch can be improved or maybe it is preferable to improve the patch for Django.

Testing Done:

The change (with commented out code activated) have been deployed on my company servers which runs with the latest patch (t689-r7609.diff) for Django ticket #689. Review board is installed on a Centos 5 Apache box. It works properly.

Diff revision 2 (Latest)

Jump to revision:	1 2
Changes between r2 and:	1 2

Files Changed:

trunk/reviewboard/settings.py: 3 changes [ 1 2 3 ]
trunk/reviewboard/templates/base.html: 5 changes [ 1 2 3 4 5 ]
trunk/reviewboard/templates/accounts/prefs.html: 2 changes [ 1 2 ]

trunk/reviewboard/settings.py

Revision 1388

New Change

...

39 lines hidden [Expand]

    'django.middleware.common.CommonMiddleware',

    'django.middleware.common.CommonMiddleware',

    'django.middleware.doc.XViewMiddleware',

    'django.middleware.doc.XViewMiddleware',

    'django.middleware.locale.LocaleMiddleware',

    'django.middleware.locale.LocaleMiddleware',

    'django.contrib.sessions.middleware.SessionMiddleware',

    'django.contrib.sessions.middleware.SessionMiddleware',

    'django.contrib.auth.middleware.AuthenticationMiddleware',

    'django.contrib.auth.middleware.AuthenticationMiddleware',

# The following line can be uncommented once Django ticket #689 is resolved

#    'django.contrib.auth.middleware.RemoteUserAuthMiddleware',

TEMPLATE_CONTEXT_PROCESSORS = (

TEMPLATE_CONTEXT_PROCESSORS = (

    'django.core.context_processors.auth',

    'django.core.context_processors.auth',

    'django.core.context_processors.debug',

    'django.core.context_processors.debug',

    'django.core.context_processors.i18n',

    'django.core.context_processors.i18n',

    'django.core.context_processors.media',

    'django.core.context_processors.media',

    'django.core.context_processors.request',

    'django.core.context_processors.request',

    'djblets.util.context_processors.settingsVars',

    'djblets.util.context_processors.settingsVars',

    'djblets.util.context_processors.siteRoot',

    'djblets.util.context_processors.siteRoot',

# Uncomment the following lines if you wish to use the authentication

# provided by the web server.

#AUTHENTICATION_BACKENDS = (

#    'django.contrib.auth.backends.RemoteUserAuthBackend',

#)

#REMOTE_USER_AUTH_AUTO_CREATE = True

SITE_ROOT_URLCONF = 'reviewboard.urls'

SITE_ROOT_URLCONF = 'reviewboard.urls'

ROOT_URLCONF = 'djblets.util.rooturl'

ROOT_URLCONF = 'djblets.util.rooturl'

REVIEWBOARD_ROOT = os.path.abspath(os.path.split(__file__)[0])

REVIEWBOARD_ROOT = os.path.abspath(os.path.split(__file__)[0])

...

37 lines hidden [Expand]

# Whether to use django's built-in system for users.  This turns on certain

108

# Whether to use django's built-in system for users.  This turns on certain

100

# features like the registration page and profile editing.  If you're tying

109

# features like the registration page and profile editing.  If you're tying

101

# reviewboard in to an existing authentication environment (such as NIS),

110

# reviewboard in to an existing authentication environment (such as NIS),

102

# this data will come in from outside.

111

# this data will come in from outside.

103

BUILTIN_AUTH = True

112

BUILTIN_AUTH = True

113

WEBAUTH = ('django.contrib.auth.backends.RemoteUserAuthBackend' in AUTHENTICATION_BACKENDS)

104

AUTH_PROFILE_MODULE = "accounts.Profile"

114

AUTH_PROFILE_MODULE = "accounts.Profile"

105

115

106

# Default repository path to use for the source code.

116

# Default repository path to use for the source code.

107

DEFAULT_REPOSITORY_PATH = None

117

DEFAULT_REPOSITORY_PATH = None

108

118

...

90 lines hidden [Expand]

trunk/reviewboard/templates/base.html

Revision 1388

New Change

...

40 lines hidden [Expand]

     {% blocktrans with user|realname|escape as username %}<li>Welcome, <b>{{username}}</b></li>{% endblocktrans %}

     {% blocktrans with user|realname|escape as username %}<li>Welcome, <b>{{username}}</b></li>{% endblocktrans %}

     <li>- <a href="{% url user-preferences %}">{% trans "My account" %}</a></li>

     <li>- <a href="{% url user-preferences %}">{% trans "My account" %}</a></li>

{% if user.is_staff %}

{% if user.is_staff %}

     <li>- <a href="{% url django.contrib.admin.views.main.index %}">{% trans "Admin" %}</a></li>

     <li>- <a href="{% url django.contrib.admin.views.main.index %}">{% trans "Admin" %}</a></li>

{% endif %}

{% endif %}

     {% if not settings.WEBAUTH %}

     <li>- <a href="{% url logout %}">{% trans "Log out" %}</a></li>

     <li>- <a href="{% url logout %}">{% trans "Log out" %}</a></li>

     {% endif %}

    {% else %}

    {% else %}

     {% if not settings.WEBAUTH %}

     <li><a href="{% url login %}?next_page={{request.path}}">{% trans "Log in" %}</a></li>

     <li><a href="{% url login %}?next_page={{request.path}}">{% trans "Log in" %}</a></li>

     {% if settings.BUILTIN_AUTH %}

     {% endif %}

     {% if settings.BUILTIN_AUTH and not settings.WEBAUTH %}

     <li>- <a href="{% url register %}">{% trans "Register" %}</a></li>

     <li>- <a href="{% url register %}">{% trans "Register" %}</a></li>

     {% endif %}

     {% endif %}

    {% endif %}

    {% endif %}

     <li>- <a href="http://code.google.com/p/reviewboard/issues/list">{% trans "Bugs" %}</a></li>

     <li>- <a href="http://code.google.com/p/reviewboard/issues/list">{% trans "Bugs" %}</a></li>

     <li>- <a href="http://code.google.com/p/reviewboard/issues/entry">{% trans "Report bug" %}</a></li>

     <li>- <a href="http://code.google.com/p/reviewboard/issues/entry">{% trans "Report bug" %}</a></li>

...

30 lines hidden [Expand]

trunk/reviewboard/templates/accounts/prefs.html

Revision 1388

New Change

...

33 lines hidden [Expand]

   </tr>

   </tr>

   <tr>

   <tr>

    <td><label for="id_email">{% trans "Email:" %}</label></td>

    <td><label for="id_email">{% trans "Email:" %}</label></td>

    <td>{{form.email}} {{form.errors.email}}</td>

    <td>{{form.email}} {{form.errors.email}}</td>

   </tr>

   </tr>

   {% if not settings.WEBAUTH %}

   <tr>

   <tr>

    <td><label for="id_password">{% trans "Change Password:" %}</label></td>

    <td><label for="id_password">{% trans "Change Password:" %}</label></td>

    <td>{{form.password1}}</td>

    <td>{{form.password1}}</td>

   </tr>

   </tr>

   <tr>

   <tr>

    <td><label for="id_password2">{% trans "Verify New Password:" %}</label></td>

    <td><label for="id_password2">{% trans "Verify New Password:" %}</label></td>

    <td>{{form.password2}} {{form.errors.password2}}</td>

    <td>{{form.password2}} {{form.errors.password2}}</td>

   </tr>

   </tr>

   {% endif %}

   {% endif %}

   {% endif %}

{% if settings.DIFF_SYNTAX_HIGHLIGHTING %}

{% if settings.DIFF_SYNTAX_HIGHLIGHTING %}

   <tr>

   <tr>

    <td></td>

    <td></td>

    <td>{{form.syntax_highlighting}} {{form.syntax_highlighting.label}}</td>

    <td>{{form.syntax_highlighting}} {{form.syntax_highlighting.label}}</td>

   </tr>

   </tr>

...

17 lines hidden [Expand]

Review Board

beta

Improvements for authentication using REMOTE_USER

Diff revision 2 (Latest)

Other reviews

Your comment