| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67882
|
Wed May 6 11:00:14 2015 |
 | Christof Hanke | hanke@rzg.mpg.de | Request | All | 3.1.0 | logout to external page | Hi Stefan,
I am happy to see that you include the webserver authentication.
So I can now login at some other page and then access elog.
However, I would also need some means of logging out some where else.
For this I propose a new Configuration option "Logout to page" which redirects to another page if set and "Logout to main" is 0.
See the attached patch (against git HEAD)
Does this make sense to you ?
Christof
PS: Many thanks for the autosave mode, I already used it ;-)
|
| Attachment 1: logout_to_page.patch
|
diff --git a/src/elogd.c b/src/elogd.c
index 601639c..0f976be 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -27975,6 +27975,11 @@ void interprete(char *lbook, char *path)
if (getcfg(lbs->name, "Logout to main", str, sizeof(str)) && atoi(str) == 1) {
sprintf(str, "../");
setparam("redir", str);
+ } else {
+ getcfg(lbs->name, "Logout to page", str, sizeof(str));
+ if (str[0]) {
+ setparam("redir", str);
+ }
}
set_sid_cookie(lbs, "", "");
sid_remove(getparam("sid"));
|
|
67883
|
Wed May 6 12:31:04 2015 |
 | Christof Hanke | hanke@rzg.mpg.de | Comment | All | 3.1.0 | Documentation of the webserver authentication | Hi Stefan,
here is a draft of how you could describe the webserver authentication in your docs.
T/Christof |
| Attachment 1: webserver_auth_doc.patch
|
diff --git a/doc/adminguide.html b/doc/adminguide.html
index da25388..0568ae3 100755
--- a/doc/adminguide.html
+++ b/doc/adminguide.html
@@ -243,6 +243,37 @@ URL = http://your.proxy.host/subdir/
into elogd.cfg.<p>
+<h3><hr><i>Using apache authentication:</i></h3>
+It is also possible to login via an apache-auth module.
+In elogd.cfg you should use the keyword "Webserver" for Authentication:
+
+<ul><pre>
+Authentication = Webserver
+</pre></ul>
+This triggers elogd to use the environment variable "X-Forwarded-User" as the logged in user.
+A simple example of a apache configuration (including the proxy) is :
+<ul><pre>
+# this required to pass on the generated env-variable X-Forwarded-User to the proxy
+ProxyPassInterpolateEnv On
+
+ProxyPass /elog/ http://your.host.domain:8080/
+
+<Location "/elog">
+ Order allow,deny
+ Allow from all
+ AuthType Basic
+ AuthName "elog-server"
+ AuthUserFile "/opt/elog/htpasswd"
+ require valid-user
+ RequestHeader unset Authorization
+ RequestHeader add X-Forwarded-User %{REMOTE_USER}s
+ # elog doesn't like the '@', so we need to cut it
+ RequestHeader edit X-Forwarded-User "@(.*)$" ""
+</Location>
+</pre></ul>
+
+
+
<hr><a name="imagemagick"> <div class=section> Installing ImageMagick </div> <p>
When images are attached to ELOG entries, thumbnails can be created for quick preview.
This works also for PDF and PostScript files. ELOG forwards any image operation
diff --git a/doc/config.html b/doc/config.html
index 9848f58..9e98855 100755
--- a/doc/config.html
+++ b/doc/config.html
@@ -2207,6 +2207,22 @@ Options Location = Main Building{a}, New Building{b}, Old Building{c}
you have to change your password by other means (such as via the Windows
login if you use a Windows Domain).
</p>
+ <p>
+ Beside the Kerberos authentication, elogd version 3.0 and higher can be configured to accept a authentication done
+ by the webserver.
+ <ul>
+ <li>
+ <b><code>Authentication = Webserver</code></b>
+ </li>
+ </ul>
+ </p>
+ <p>
+ You can also combine it with other authentication methods as shown for Kerberos.
+ </p>
+ <p>
+ Elogd is then accepting the username set in the Request-Header "X-Forwarded-User" as already logged in.<br/>
+ To make this work, you need to configure the webserver correctly, as describe in the adminguide.
+ </p>
<p>
<a name="email" id="email"></a>
|
|
67884
|
Wed May 6 15:13:11 2015 |
 | Christof Hanke | hanke@rzg.mpg.de | Bug fix | All | 3.1.0 | parse a correctly the username in save_user_config when using Webserver authentication | Hi Stefan,
When we use Webserver authentication, we have the correct username already in the variable http_user.
The old way of copying this http_user to "user" is wrong since we don't use the size of http_user.
Instead, just encode the http_user variable directly.
See attached patch against git HEAD.
Christof
|
| Attachment 1: parse_http_user_correctly.patch
|
diff --git a/src/elogd.c b/src/elogd.c
index 601639c..de4734b 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -13142,12 +13142,13 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
- if ( stristr(str, "Webserver")) {
- strlcpy(user, http_user, sizeof(user));
- }
/* do not allow HTML in user name */
- strencode2(user_enc, user, sizeof(user_enc));
+ if ( stristr(str, "Webserver")) {
+ strencode2(user_enc, http_user, sizeof(user_enc));
+ } else {
+ strencode2(user_enc, user, sizeof(user_enc));
+ }
/* check for user name */
if (!isparam("new_user_name") || *getparam("new_user_name") == 0) {
|
|
67982
|
Tue Jun 9 16:58:28 2015 |
 | Christof Hanke | hanke@rzg.mpg.de | Request | All | 3.1.0 | Re: logout to external page | Yes, I saw it on bitbucket, also all the commits. Thanks!
| Stefan Ritt wrote: |
|
I implemented it, but actually called it Logout to URL = <URL>
| Christof Hanke wrote: |
|
Hi Stefan,
I am happy to see that you include the webserver authentication.
So I can now login at some other page and then access elog.
However, I would also need some means of logging out some where else.
For this I propose a new Configuration option "Logout to page" which redirects to another page if set and "Logout to main" is 0.
See the attached patch (against git HEAD)
Does this make sense to you ?
Christof
PS: Many thanks for the autosave mode, I already used it ;-)
|
|
|
|
68621
|
Wed May 17 08:42:17 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > Hi,
> I have an elog server which uses apache/ldap for authentication.
> I would like to have the username used for ldap to be set automatically as author field in the elog.
>
> I'm using:
> Authentication = Webserver
> and I do set the env-variable X-Forwarded-User correctly to the ldap username
>
> GET /test/?cmd=New HTTP/1.1
> Host: localhost:8080
> Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt
> ...
> Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0
> ...
> X-Forwarded-User: lacaprar
>
> How can I preset author to X-Forwarded-User?
> Preset Author = $??
> I've tried $short_name/$long_name but I got Anonymous.
> I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth?
>
> thanks in advance,
> Stefano
Hi,
I use an older version of elog, but
Preset Author = $short_name <$long_name>
works for me.
One thing to note is that I also have :
Self register = 1
So at first login, the user has to type in his name and email adress,
maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
HTH,
Christof |
|
68623
|
Thu May 18 10:37:16 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > > I use an older version of elog, but
> >
> > Preset Author = $short_name <$long_name>
> >
> > works for me.
> >
> > One thing to note is that I also have :
> > Self register = 1
> >
> > So at first login, the user has to type in his name and email adress,
> > maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
> >
> > HTH,
> >
> > Christof
>
> Many thanks for your answer.
> however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one.
>
No, I'm also using the webserver authentication.
May I ask why you think "password" auth is required ?
The elog has an internal userdatabase with longname, shortname, email etc.
Even if you are authenticated via the webserver, you also have to have an entry in that userdatabase.
This entry has to be created by the user who is allowed to get into elog by the webserver.
Thus, the Self register option.
Bests,
Christof |
|
68624
|
Thu May 18 10:51:05 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > > > I use an older version of elog, but
> > >
> > > Preset Author = $short_name <$long_name>
> > >
> > > works for me.
> > >
> > > One thing to note is that I also have :
> > > Self register = 1
> > >
> > > So at first login, the user has to type in his name and email adress,
> > > maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
> > >
> > > HTH,
> > >
> > > Christof
> >
> > Many thanks for your answer.
> > however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one.
> >
> No, I'm also using the webserver authentication.
> May I ask why you think "password" auth is required ?
>
> The elog has an internal userdatabase with longname, shortname, email etc.
> Even if you are authenticated via the webserver, you also have to have an entry in that userdatabase.
> This entry has to be created by the user who is allowed to get into elog by the webserver.
> Thus, the Self register option.
>
> Bests,
>
> Christof
Sorry, I just double-checked, this userdatabase, I was talking about is the Password-file...
Please try the following snippet :
allow password change = 0
Authentication = Webserver, File
Preset Author = $short_name <$long_name>
Locked Attributes = Author
Password file = PASSWD.file
Christof |
|
68465
|
Wed Nov 23 09:25:15 2016 |
| Christine Quicot | christine.quicot@meteo.fr | Request | All | 3.1.2 | Re: Cancel button missing when editing an entry | Hello,
In my opinion, there should be a "close/return" button (discard changes), even with the drafts enabled, but effectively there will have to be several saves made (at least before/after).
I chose to unable the drafts because of this unwanted behaviour: when I modify an entry without any change and click on another tab/logbook without saving, then choose to close the window, the entry is deleted.
Chris
| Stefan Ritt wrote: |
|
Well, the "undesired effect" you describe is exactly the reason for having drafts. Somebody works on a lengthy message, then the browser dies, or the user by accident hits the "back" button and (by accidnt, ehem...) confirms the dialog popping up which says "changes will be lost". In that case the draft mechanism should take care of that the lengthy message is not lost. That's where it is for. If one does not like it, one can always turn it off. If one now hits "New", there is the option to continue the previous draft message rather than creating a blank message. Originally, draft messages were shown on the list of entries in a different colors, but people got confused by that, since the draft message appears already during the editing of the message by the user writing it. So upon request I removed it from the listing. Actually the system cannot differentiate between "user still has the message open and works on it" and "browser has crashed". So there is no elegant way to make everybody happy. The only option I can think of is to make the listing of draft messages optioinal (with a new flag in the config file). Would that make sense? Or does anybody see another conecpt?
Stefan
| Grant Jeffcote wrote: |
|
Andreas,
Doesn't using the Save Drafts = 0 option result in the old 'Back' button returning (replacing the Delete option) meaning you can revert back to your old (unmodified) version without saving, sure it doesn't save a draft but I'd rather be able to return back and lose the changes I didn't want then mess up an old entry, I guess the back button on the browser could also do what you want?
The issue I had was that entries were being deleted accidently by persons other than those that created them, I reduced the edit time to try and mitigate it but ended up going back to what we had in Ver 2.9.2, a 'Back' button.
Grant
| Stefan Ritt wrote: |
|
The problem is that the elog database does not allow for a copy of an entry before you make modifications (and therefore get a "draft"). This is actually very simila to other note taking programs. I use Evernote, which constantly synchronizes between devices, and there I also cannot go back to the version before I started making modification. What one would need is a version system (and Evernote has one), so you can go back to the previous verison, the pre-previous version and so on. But this requires a complete redesign of the elog database.
A quick and dirty solution would be to store the origianal entry inside the browser (using JavaScript). You could then restore the initial version with a "cancel" button. But this mechanism relies then on the browser. If you just leave the page, there is no way the browser can put back the old version.
Stefan
| Andreas Luedeke wrote: |
|
If I edit an old entry, and do some mistake while editing, then there is currently no way to savely discard the changes.
The problem is that the entry will become a draft: if I close the window without saving, then the whole entry is gone: it will be converted into a draft entry. But the draft does contain my changes, it is not the originally saved entry!
The draft mechanism should keep a copy of the entry before I opened it in edit mode, and allow to go back to that copy. The edit form has currently the buttons "Submit", "Save", "Preview" and "Delete"; it should have in addition the button "Cancel", that just closes the edit window without saving the entry and even deleting the draft that was saved while the entry was modified. This should bring you back to the previous list view.
Is anyone out there in favour of this change?
|
|
|
|
|
|