From 1e20eb363aa84418fbf5c88eb3b45455e2a783cd Mon Sep 17 00:00:00 2001
From: Antony Chazapis <chazapis@gmail.com>
Date: Wed, 14 Dec 2011 16:21:44 +0200
Subject: [PATCH] Replace the request's is_secure call with one that checks
 for the X-Forwarded-Protocol header.

Refs #1765
---
 README.upgrade                 |    4 ++++
 docs/source/adminguide.rst     |    4 ++++
 pithos/middleware/__init__.py  |    1 +
 pithos/middleware/secure.py    |   37 +++++++++++++++++++++++++++++++++++++
 pithos/settings.d/00-apps.conf |    1 +
 5 files changed, 47 insertions(+)
 create mode 100644 pithos/middleware/secure.py

diff --git a/README.upgrade b/README.upgrade
index e8235f1..f7e049d 100644
--- a/README.upgrade
+++ b/README.upgrade
@@ -39,3 +39,7 @@ UPGRADE
 * Reset 'policy' table in mysql (backend):
     
     mysql> update policy set `value`='auto' where `key`='versioning';
+
+0.8.1 -> 0.8.2
+--------------
+* Add the 'X-Forwarded-Protocol' header directive in the apache configuration, as described in the admin guide
diff --git a/docs/source/adminguide.rst b/docs/source/adminguide.rst
index fffcdde..6398c9e 100644
--- a/docs/source/adminguide.rst
+++ b/docs/source/adminguide.rst
@@ -51,6 +51,8 @@ Edit ``/etc/apache2/sites-available/pithos`` (change the ``ServerName`` directiv
     RewriteRule ^/im(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
     RewriteRule ^/login(.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
 
+    RequestHeader set X-Forwarded-Protocol "http"
+
     WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi
     # WSGIDaemonProcess pithos
     # WSGIProcessGroup pithos
@@ -85,6 +87,8 @@ Edit ``/etc/apache2/sites-available/pithos-ssl`` (assuming files in ``/etc/ssl/p
     RewriteRule ^/im(.*) /api/im$1 [PT,NE]
     RewriteRule ^/login(.*) /api/im/login/dummy$1 [PT,NE]
 
+    RequestHeader set X-Forwarded-Protocol "https"
+
     WSGIScriptAlias /api /pithos/pithos/wsgi/pithos.wsgi
     # WSGIDaemonProcess pithos
     # WSGIProcessGroup pithos
diff --git a/pithos/middleware/__init__.py b/pithos/middleware/__init__.py
index dcd24c5..28476e7 100644
--- a/pithos/middleware/__init__.py
+++ b/pithos/middleware/__init__.py
@@ -1,2 +1,3 @@
 from log import LoggingConfigMiddleware
+from secure import SecureMiddleware
 from auth import AuthMiddleware
diff --git a/pithos/middleware/secure.py b/pithos/middleware/secure.py
new file mode 100644
index 0000000..b109fac
--- /dev/null
+++ b/pithos/middleware/secure.py
@@ -0,0 +1,37 @@
+# Copyright 2011 GRNET S.A. All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+# 
+#   1. Redistributions of source code must retain the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer.
+# 
+#   2. Redistributions in binary form must reproduce the above
+#      copyright notice, this list of conditions and the following
+#      disclaimer in the documentation and/or other materials
+#      provided with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
+# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# 
+# The views and conclusions contained in the software and
+# documentation are those of the authors and should not be
+# interpreted as representing official policies, either expressed
+# or implied, of GRNET S.A.
+
+class SecureMiddleware(object):
+    def process_request(self, request):
+        if 'HTTP_X_FORWARDED_PROTOCOL' in request.META:
+            request.is_secure = lambda: request.META['HTTP_X_FORWARDED_PROTOCOL'] == 'https'
diff --git a/pithos/settings.d/00-apps.conf b/pithos/settings.d/00-apps.conf
index 453547b..e5c8d50 100644
--- a/pithos/settings.d/00-apps.conf
+++ b/pithos/settings.d/00-apps.conf
@@ -7,6 +7,7 @@ TEMPLATE_LOADERS = (
 MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'pithos.middleware.LoggingConfigMiddleware',
+    'pithos.middleware.SecureMiddleware',
     'pithos.middleware.AuthMiddleware'
 )
 
-- 
1.7.10.4