Commit Graph

22 Commits

Author SHA1 Message Date
Rafael dos Santos Silva 511cfe8dd5 FEATURE: Filter groups 2017-10-26 18:49:29 -02:00
Rafael dos Santos Silva 22af9254a5 Feature: Group handling 2017-10-25 23:32:39 -02:00
Matt Palmer 2d8643d593 Don't panic if we don't find the nonce in the cache 2017-10-03 20:33:47 +11:00
Matt Palmer febc3e4fe3 Support HTTP basic auth, allow username header name to be overridden
The big change here is to support an extremely limited form of HTTP basic
auth, for those situations when you've got some subset of requests coming in
which still need to be authenticated, but which aren't able to authenticate
via Discourse SSO.  The intended use case is for webhooks and other
progammatic access methods.  It is not intended to be a fully-featured HTTP
auth method (it only supports a single hard-coded user/password pair), but
instead an extremely simplistic "escape hatch".

If you need more complicated HTTP authentication, you probably want to
install nginx and do some crazy proxy chain games.  Best of luck to you with
that.

To avoid getting in the way of the SSO flow, the HTTP authentication is done
"blind"; that is, a `WWW-Authenticate` is never sent in a response.  This
may get up the nose of some user agents, however I can't see an easy way
around this.

Allowing the username header to be changed to something other than
Discourse-User-Name is a smaller change, needed to support third-party
software which looks for the authenticated username in a different header,
and which can't be overridden without a hammer and chisel.
2017-09-28 11:09:18 +10:00
Sam cace4f18a6 Merge pull request #5 from soulshake/admin-only
Add -allow-all flag to grant auth-proxy access to non-admin users
2017-06-08 09:53:12 -04:00
AJ Bowen b604480504
Invert admin restriction UX 2017-06-07 19:49:18 +02:00
AJ Bowen abe0105423
Only restrict auth-proxy access to admin users if -admin-only flag is provided 2017-06-07 18:48:56 +02:00
Guo Xiang Tan cfa7d348a2 Merge pull request #3 from tgxworld/google_code_has_shutdown
Replace package that is no longer available.
2016-07-19 11:21:04 +08:00
Guo Xiang Tan 524f0697de Replace package that is no longer available. 2016-07-14 15:07:55 +08:00
Sam 774ddf4690 Merge pull request #2 from riking/patch-1
Update README with new usage, fix the build
2015-08-25 10:17:40 +10:00
Kane York aeca145eda Update README with new usage, fix the build 2015-08-24 17:10:27 -07:00
Sam bae4b44a9c Merge pull request #1 from riking/patch-1
Add support for separate listen & proxy URIs
2015-08-25 10:07:11 +10:00
Kane York 1a8ea2e630 Add diagram to README 2015-08-24 17:05:33 -07:00
Kane York 1535c15f98 Add support for separate listen & proxy URIs 2015-08-22 13:37:21 -07:00
Sam 253f4b5f89 update readme 2015-04-15 15:12:27 +10:00
Sam d6a035edc2 correct demo 2015-04-15 15:10:58 +10:00
Sam 37ac0a471a correct missing cookie behavior 2015-04-15 15:04:16 +10:00
Sam 8d5fcbee7f wrapper scripts for launching 2015-04-15 14:55:20 +10:00
Sam 6171da53db correct bug 2015-04-15 14:17:42 +10:00
Sam 7b3345bacc improve build 2015-04-15 14:16:39 +10:00
Sam 31b15c200e work in progress dockerfile 2015-04-15 14:02:33 +10:00
Sam 729f57a166 Initial commit 2015-04-15 13:18:18 +10:00