Remote_User authentication & broken DSN

1

Hi all.

I have a problem with DSN when enable Remote_User authentication. (django.contrib.auth.backends.RemoteUserBackend).

My sentry.conf auth block:

#################################################

SENTRY_USE_REMOTE_USER = False

if SENTRY_USE_REMOTE_USER:
AUTHENTICATION_BACKENDS += (‘django.contrib.auth.backends.RemoteUserBackend’,)

AUTH_REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'
if AUTH_REMOTE_USER_HEADER:
    # The lazy hack is required because importing RemoteUserMiddleware at load time leads to a circular import
    # The name is upper camel case because that's the only way to expose values from this config file
    def build_LAZY_CUSTOM_REMOTE_USER_MIDDLEWARE(header, *args, **kwargs):
        from django.contrib.auth.middleware import RemoteUserMiddleware
        class CustomRemoteUserMiddleware(RemoteUserMiddleware):
           pass
        CustomRemoteUserMiddleware.header = header
        return CustomRemoteUserMiddleware(*args, **kwargs)
    LAZY_CUSTOM_REMOTE_USER_MIDDLEWARE = functools.partial(build_LAZY_CUSTOM_REMOTE_USER_MIDDLEWARE, AUTH_REMOTE_USER_HEADER)
    MIDDLEWARE_CLASSES += ('sentry_config.LAZY_CUSTOM_REMOTE_USER_MIDDLEWARE',)
else:
    MIDDLEWARE_CLASSES += ('django.contrib.auth.middleware.RemoteUserMiddleware',)

#################################################

Nginx config (/etc/nginx/sites-enabled/FQDN.conf):

#################################################

location / {
include /etc/nginx/uauth-nginx-auth/request-FQDN.conf;
proxy_pass http://localhost:9000;
proxy_read_timeout 900;
proxy_connect_timeout 90;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE_USER $uauth_username;
proxy_pass_header Server;
}
#################################################

Web authentication is working, but,
When i tried to use “raven test DSN”, i get an error, because endpoint “FQDN/api/0/projects/” haven’t necessary token with $uauth_username.

If i add new location to nginx config:

#################################################

This block used for REMOTE_USER API. U-auth don’t work.
location /api/0/projects/ {
proxy_pass http://localhost:9000;
proxy_read_timeout 900;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE_USER $HTTP_AUTHORIZATION;
proxy_pass_header Server;
}
#################################################

… DSN works well, but new users, comes from email invite, Is in the “loop” in endpoint FQDN/api/…/organization.

How it working?