http_x_remote_user web form didn't work

[cdpb]

I want to use radicale 2.1.8 behind a reverse nginx proxy with --auth-type http_x_remote_user

nginx pass all variables to radicale corretly

radicale_1 | 'HTTP_X_FORWARDED_FOR': '172.16.0.1',
radicale_1 | 'HTTP_X_REMOTE_USER': 'test',
radicale_1 | 'HTTP_X_SCRIPT_NAME': '/',

I checked the code, it seems the js form didn't test for complete authentication from the proxy - but I am not into js programming ...
So the default form pops up to fill in credentials

Cheers

[Unrud]

it seems the js form didn't test for complete authentication from the proxy

Right, it doesn't use the HTTP authentication credentials that the browser already has.
The reason is, that you can't easily logout and login with a different user in most browsers. (Although, there are some hacks to let the browser forget the current HTTP credentials.)

So the default form pops up to fill in credentials

You have to enter your username and password again. If you don't like this, you can configure nginx to allow access to the web interface without requiring authentication (or change the JavaScript in fn.js to skip the login form).

[cdpb]

But in fact you cant use reverse proxy authentication anymore since the webform needs another authentication. No client can handle two authentications in a row (without modify them...) I try to login through the form again, but it didn't work. Against what can js proof if the credentials are valid, since there is no password file in radicale. Probably I need to share the password file to radicale as well - what is kind of overkill, since clients can't handle it anyways. It's possible to pass static authentication via nginx to the backend, like

proxy_set_header Authorization "Basic base64password";

But you need to care for this information in the backend as well to fill the form Furthermore its probably possible to use lua to fill in the form If it's not possible to fix in radicale you should update your docs Thanks for help anyways :)

[Unrud]

But in fact you cant use reverse proxy authentication anymore since the webform needs another authentication.

The web interface uses the user name and password from the form to authenticate to the HTTP server. (The reverse proxy in your case.)

Against what can js proof if the credentials are valid, since there is no password file in radicale.

The reverse proxy handles the authentication.

Probably I need to share the password file to radicale as well

No, the password file is not used if you use the http_x_remote_user authentication module. Radicale gets the user from the reverse proxy.

It's possible to pass static authentication via nginx to the backend, like

Radicale ignores the AUTHORIZATION header, it gets the user name from the X-REMOTE-USER header.

If it's not possible to fix in radicale you should update your docs

I don't understand the problem.

[cdpb]

Okay maybe I was not clear in what I want to say.
But I don't understand the option http_x_remote_user at all, you can use it, to hack around if you realy want to use it, but thats propably not the problem of radicale.

In the end I learned something more about basic_auth, thank you :)

[chris2fr]

The issue may be the same as in #1119