Merge pull request #827 from golharam/patch-2

Add check for HTTP_GX_SECRET
galaxyproject · Oct 14, 2015 · 2d01cae · 2d01cae
2 parents 005561c + e54df2e
commit 2d01cae
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/lib/galaxy/web/framework/middleware/remoteuser.py b/lib/galaxy/web/framework/middleware/remoteuser.py
@@ -75,6 +75,20 @@ def __call__( self, environ, start_response ):
         # Galaxy would not have access to Galaxy itself, and be attempting to
         # attack the system
         if self.config_secret_header is not None:
+            if environ.get('HTTP_GX_SECRET') is None:
+                title = "Access to Galaxy is denied"
+                message = """
+                Galaxy is configured to authenticate users via an external
+                method (such as HTTP authentication in Apache), but
+                no shared secret key was provided by the
+                upstream (proxy) server.</p>
+                <p>Please contact your local Galaxy administrator.  The
+                variable <code>remote_user_secret</code> and
+                <code>GX_SECRET</code> header must be set before you may
+                access Galaxy.
+                """
+                return self.error( start_response, title, message )
+
             if not safe_str_cmp(environ.get('HTTP_GX_SECRET'), self.config_secret_header):
                 title = "Access to Galaxy is denied"
                 message = """