Explicitly trigger addition of a user when using container-based authentication

Issue #60 closed
Stefan Walter created an issue

With the Kallithea instance I'm hosting, authentication is done by an Apache HTTPD proxying to Kallithea. Kallithea creates a new user if the authenticated one does not exist, yet. That works fine, but it still requires that in order to set up access permissions for a new user, that user first needs to log in at least once. It would be nice if there was a simple way for me to trigger the creation of the Kallithea user account without requiring the user to log in, either via a script or via the web interface.

Comments (7)

  1. Mads Kiilerich

    You might be able to do it with the API and polling.

    I don't know how a generic solution to that would look like. You can perhaps come up with something that works for you and then we can see if we can generalize it to something upstream.

  2. Søren Løvborg

    Not sure if I'm missing a subtlety in the question, but when using reverse proxy container authentication as described, simulating a user login is easy. Hence, to create a user, just run the following on the Kallithea server (here assuming default configuration):

    curl -H "X-Forwarded-User: john.d.username"

    or in Python:

    import urllib2
    urllib2.urlopen(urllib2.Request('', headers={'X-Forwarded-User': 'john.d.username'}))

    Note that this sends a request directly to Kallithea, bypassing Apache and its authentication.

  3. Stefan Walter reporter

    Thank you for your suggestion, @kwi. In my case, Kallithea is run via mod_wsgi, so that solution might not apply here.

    I'll see if I can find some time to dig into Kallithea's API and come up with a potential solution...

  4. Søren Løvborg

    Alright then, if that's how you run, it can also be done directly against the WSGI layer. :-)

    from paste.deploy import loadapp
    kallithea = loadapp('config:/full/path/to/kallithea.ini')
    def create_user(username):
        def dummy_start_response(*args):
            'REMOTE_USER': username,
            'REQUEST_METHOD': 'GET',
            'SERVER_NAME': 'localhost',
            'SERVER_PORT': '80',
            'SCRIPT_NAME': '',
            'PATH_INFO': '/_admin/login',
            'wsgi.version': (1, 0),
            'wsgi.url_scheme': 'http'
        }, dummy_start_response)
  5. Stefan Walter reporter

    Ah, OK. I'll try that as soon as I get to it and will provide feedback here. Thank you!

  6. Stefan Walter reporter

    Sorry for the delay - I finally got to test it. Looks like the script that @kwi posted helps. Thanks!

  7. Log in to comment