Your ROOT_URL in app.ini is https://source.parasitstudio.de:63000/ but you are visiting https://source.parasitstudio.de/wirtz/scriptform/commit/c00d308fef9b17a3bf7e42dce31616698277c87a
You should set ROOT_URL correctly, otherwise the web may not work correctly.
3 changed files with
38 additions and
6 deletions
README.md
doc/MANUAL.md
src/webapp.py
@ -218,15 +218,16 @@ them in the local directory.
To run ScriptForm in the foreground, specify the `-f` option.
If you're going to use basic authentication, you can generate a password for
your user with the `--generate-pw` option:
If you're going to use built-in b asic authentication, you can generate a
password for your user with the `--generate-pw` option:
$ scriptform --generate-pw
Password:
Repeat password:
2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae
You can paste the generated password into the password field. For more
You can paste the generated password into the password field. You can also use
an Apache (or other webserver) frontend for authentication. For more
information, see the User Manual.
## Documentation
@ -51,6 +51,7 @@ This is the manual for version %%VERSION%%.
- [Passwords ](#users_passwords )
- [Form limiting ](#users_formlimit )
- [Security considerations ](#users_security )
- [Pre-authentication with Apache ](#users_preauth )
1. [Form customization ](#cust )
- [Custom CSS ](#cust_css )
1. [Security ](#security )
@ -1221,7 +1222,31 @@ For an example, see the [beginning of this chapter](#users).
*does* support HTTPS, such as Apache. For more information on that, see the
"Invocations" chapter.
### < a name = "users_preauth" > Pre-authentication with Apache< / a >
If you're running behind Apache or another webserver, you can use
features in Apache to do the authentication for you. This allows you to use
LDAP or OpenID (SSO) authentication.
You must pass the `REMOTE_USER` header (not environment variable!) to
Scriptform to get this working. For example, in Apache:
RequestHeader set REMOTE_USER %{REMOTE_USER}s
Redirect permanent /scriptform /scriptform/
ProxyPass /scriptform/ http://localhost:8081/
ProxyPassReverse /scriptform/ http://localhost:8081/
< Location / scriptform >
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile "/var/www/users"
Require valid-user
< / Location >
If such a header is seen, Scriptform won't perform validation of the password
and just assumes the username is correct.
## < a name = "cust" > Form customization< / a >
@ -181,13 +181,19 @@ class ScriptFormWebApp(RequestHandler):
def auth ( self ) :
"""
Verify that the user is authenticated . This is required if the form
definition contains a ' users ' field . Returns the username if the user
is validated or None if no validation is required . . Otherwise , raises a
401 HTTP back to the client .
definition contains a ' users ' field ( unless pre - auth from a front - end
such as Apache is used ) . Returns the username if the user is validated
or None if no validation is required . Otherwise , raises a 401 HTTP
back to the client .
"""
form_config = self . scriptform . get_form_config ( )
username = None
# Allow pre-auth from e.g. Apache htauth
if ' REMOTE_USER ' in self . headers :
username = self . headers . get ( ' REMOTE_USER ' )
return self . headers . get ( ' REMOTE_USER ' )
# If a 'users' element was present in the form configuration file, the
# user must be authenticated.
if form_config . users :