Add username to Apache request object

[jesusbagpuss]

This comes from a question asked on the mailing list (2024-02-27).

Requests that hit the EPrints::Apache::Auth::auth_basic function will log the username to the Apache access.log file (if %u is in the log format definition). This is caused by this link:

eprints3.4/perl_lib/EPrints/Apache/Auth.pm

Line 292 in 13690e7

$r->user( $username );

There are various places that a similar line could be added - but I'm not quite sure where the right place is - possibly somewhere in EPrints::Apache::Rewrite before the URL_REWRITE triggers are called.

A config option may also be a sensible option to control whether the usernames are logged.
$c->{log_usernames_in_apache_logfile} = 0;

I'm not sure if all authentication routes result in a sensible value from $repo->current_user->value( "username" );?
If not, an archive-level config method to allow something sensible to be added to $r->user( ... ); would be good.

[drn05r]

I think by default I would want to have this switched off, as I cannot ascertain why this was not already being set in the EPrints::Apache::Auth::auth_cookie function. It concerns me that there may previously have been a decision was taken to not set this for data privacy reasons.

[jesusbagpuss]

I'd say that's the right decision.

I guess is should be consistent between basic_auth and cookie_auth (and other auths).

[drn05r]

I thought it better to call this $c->{cookie_auth_set_user} as this is already an option called $c->{cookie_auth} so it is easier to appreciate this are related. I will add the option, disabled by default in lib/cfg.d/misc.pl. The code to set the user needs to be in perl_lib/EPrints/Apache/Rewrite.pm.