[https] Allow configuration of anonymous access on https (closes #1971992)
For now any anonymous access in denied on secured connection (https-url). This patch
introduce a configuration option to control this behaviour.
New instance will allow it.
Old instance should stay as is during migration.
--- a/etwist/server.py Tue Jan 03 17:00:43 2012 +0100
+++ b/etwist/server.py Tue Jan 03 17:59:31 2012 +0100
@@ -340,7 +340,7 @@
self.appli.connect(req)
except Redirect, ex:
return self.redirect(request=req, location=ex.location)
- if https and req.session.anonymous_session:
+ if https and req.session.anonymous_session and self.config['https-deny-anonymous']:
# don't allow anonymous on https connection
return self.request_auth(request=req)
if self.url_rewriter is not None:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/migration/3.14.3_Any.py Tue Jan 03 17:59:31 2012 +0100
@@ -0,0 +1,2 @@
+# keep the same behavior on existing instance but use the new one on new instance.
+config['https-deny-anonymous'] = True
--- a/web/webconfig.py Tue Jan 03 17:00:43 2012 +0100
+++ b/web/webconfig.py Tue Jan 03 17:59:31 2012 +0100
@@ -115,6 +115,16 @@
'where the cubicweb web server is listening on port 8080.',
'group': 'main', 'level': 3,
}),
+ ('https-deny-anonymous',
+ {'type': 'string',
+ 'default': False,
+ 'help': 'Prevent anonymous user to browse thought https version of '
+ 'the site (https-url). Login form will then be displayed '
+ 'until logged',
+ 'group': 'web',
+ 'level': 2
+ }
+ ),
('auth-mode',
{'type' : 'choice',
'choices' : ('cookie', 'http'),