[#6668] Fixed importer login overlay not working due to SSL restrictions
Signed-off-by: Cory Johns <cjohns@slashdotmedia.com>
diff --git a/Allura/allura/config/middleware.py b/Allura/allura/config/middleware.py
index 7395f93..989347a 100644
--- a/Allura/allura/config/middleware.py
+++ b/Allura/allura/config/middleware.py
@@ -144,7 +144,8 @@
app = allura_globals_middleware(app)
# Ensure https for logged in users, http for anonymous ones
if asbool(app_conf.get('auth.method', 'local')=='sfx'):
- app = SSLMiddleware(app, app_conf.get('no_redirect.pattern'))
+ app = SSLMiddleware(app, app_conf.get('no_redirect.pattern'),
+ app_conf.get('force_ssl.pattern'))
# Setup resource manager, widget context SOP
app = ew.WidgetMiddleware(
app,
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index d4652ab..4a0fcaf 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -141,12 +141,16 @@
class SSLMiddleware(object):
'Verify the https/http schema is correct'
- def __init__(self, app, no_redirect_pattern=None):
+ def __init__(self, app, no_redirect_pattern=None, force_ssl_pattern=None):
self.app = app
if no_redirect_pattern:
self._no_redirect_re = re.compile(no_redirect_pattern)
else:
self._no_redirect_re = re.compile('$$$')
+ if force_ssl_pattern:
+ self._force_ssl_re = re.compile(force_ssl_pattern)
+ else:
+ self._force_ssl_re = re.compile('$$$')
def __call__(self, environ, start_response):
req = Request(environ)
@@ -158,12 +162,12 @@
request_uri.decode('ascii')
except UnicodeError:
resp = exc.HTTPNotFound()
- secure = req.environ.get('HTTP_X_SFINC_SSL', 'false') == 'true'
+ secure = req.url.startswith('https://')
srv_path = req.url.split('://', 1)[-1]
- if req.cookies.get('SFUSER'):
- if not secure:
- resp = exc.HTTPFound(location='https://' + srv_path)
- elif secure:
+ force_ssl = req.cookies.get('SFUSER') or self._force_ssl_re.match(environ['PATH_INFO'])
+ if not secure and force_ssl:
+ resp = exc.HTTPFound(location='https://' + srv_path)
+ elif secure and not force_ssl:
resp = exc.HTTPFound(location='http://' + srv_path)
if not resp:
diff --git a/Allura/development.ini b/Allura/development.ini
index 2a0b542..8dcf5f7 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -90,6 +90,8 @@
# script_name is the path that is handled by the application
# url_base is the prefix that references to the static resources should have
no_redirect.pattern = ^/nf/\d+/_(ew|static)_/.*|^/rest/.*
+# Pages that must always be SSL, such as ones using the login overlay
+force_ssl.pattern = ^/[a-z0-9-]+/import_project/
ew.script_name = /nf/%(build_key)s/_ew_/
ew.url_base = /nf/%(build_key)s/_ew_/
# ew.url_base = ://a.fsdn.com/allura/nf/%(build_key)s/_ew_/