Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Message ID: 69847     Entry time: Sun Dec 8 22:00:32 2024
Icon: Idea  Author: Liam Gaffney  Author Email: liam.gaffney@liverpool.ac.uk 
Category: Request  OS: Linux  ELOG Version: commit 6ee1005 
Subject: Reuqest to extract X-Forwarded-Name and X-Forwarded-Email when using webserver 

When using the Webserver authentication in combination with "File" and "Self register = 3", it is possible to keep track of registrations and control access still. This is very useful, and upon clicking on the logbook for the first time, the user is asked to register by typing their username, full name and email address.

First issue here is that they can still edit the box with their username, which might cause confusion if somebody decides to choose a different username and is then surprised about why they cannot automatically login again. Is it possible to lock this field from being edited?

The second issue is more minor, but the user has to manually type their name and email address, even though the webserver may already be able to provide this information in the headers. Specifically, it would be useful to read the name from the X-Forwarded-Name header and email address from the X-Forwarded-Email header. 

My config file snippet is below:

Authentication = Webserver, File
allow password change = 0
Password file = webserver.passwords
Self register    = 3
 

ELOG V3.1.5-3fb85fa6