simplify idp-groups with spaces

2026-01-12 07:44:08 -07:00 · 2025-12-16 21:07:09 +00:00 · 2025-12-16 21:07:09 +00:00 · 5e1d9a58d8
parent 336842192c
commit 5e1d9a58d8
3 changed files with 18 additions and 2 deletions
--- a/copyparty/main.py
+++ b/copyparty/main.py
@ -1338,6 +1338,7 @@ def add_auth(ap):
    ap2.add_argument("--idp-h-grp", metavar="HN", type=u, default="", help="assume the request-header \033[33mHN\033[0m contains the groupname of the requesting user; can be referenced in config files for group-based access control")
    ap2.add_argument("--idp-h-key", metavar="HN", type=u, default="", help="optional but recommended safeguard; your reverse-proxy will insert a secret header named \033[33mHN\033[0m into all requests, and the other IdP headers will be ignored if this header is not present")
    ap2.add_argument("--idp-gsep", metavar="RE", type=u, default="|:;+,", help="if there are multiple groups in \033[33m--idp-h-grp\033[0m, they are separated by one of the characters in \033[33mRE\033[0m")
+    ap2.add_argument("--idp-chsub", metavar="TXT", type=u, default="", help="characters to replace in usernames/groupnames; a list of pairs of characters separated by | so for example | _| will replace spaces with _ to make configuration easier, or |%%_|^_|@_| will replace %%/^/@ with _")
    ap2.add_argument("--idp-db", metavar="PATH", type=u, default=idp_db, help="where to store the known IdP users/groups (if you run multiple copyparty instances, make sure they use different DBs)")
    ap2.add_argument("--idp-store", metavar="N", type=int, default=1, help="how to use \033[33m--idp-db\033[0m; [\033[32m0\033[0m] = entirely disable, [\033[32m1\033[0m] = write-only (effectively disabled), [\033[32m2\033[0m] = remember users, [\033[32m3\033[0m] = remember users and groups.\nNOTE: Will remember and restore the IdP-volumes of all users for all eternity if set to 2 or 3, even when user is deleted from your IdP")
    ap2.add_argument("--idp-adm", metavar="U,U", type=u, default="", help="comma-separated list of users allowed to use /?idp (the cache management UI)")
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -691,6 +691,9 @@ class HttpCli(object):
                    if self.args.idp_h_grp
                    else ""
                )
+                if self.args.idp_chsub:
+                    idp_usr = idp_usr.translate(self.args.idp_chsub_tr)
+                    idp_grp = idp_grp.translate(self.args.idp_chsub_tr)

                if not trusted_xff:
                    pip = self.conn.addr[0]
--- a/copyparty/svchub.py
+++ b/copyparty/svchub.py
@ -79,6 +79,7 @@ from .util import (
    start_stackmon,
    termsize,
    ub64enc,
+    umktrans,
 )

 if HAVE_SQLITE3:
@ -1131,8 +1132,19 @@ class SvcHub(object):
            except:
                raise Exception("invalid --idp-hm-usr [%s]" % (zs0,))

-        al.ftp_ipa_nm = build_netmap(al.ftp_ipa or al.ipa, True)
-        al.tftp_ipa_nm = build_netmap(al.tftp_ipa or al.ipa, True)
+        zs1 = ""
+        zs2 = ""
+        zs = al.idp_chsub
+        while zs:
+            if zs[:1] != "|":
+                raise Exception("invalid --idp-chsub; expected another | but got " + zs)
+            zs1 += zs[1:2]
+            zs2 += zs[2:3]
+            zs = zs[3:]
+        al.idp_chsub_tr = umktrans(zs1, zs2)
+
+        al.ftp_ipa_nm = build_netmap(al.ftp_ipa or al.ipa or al.ipar, True)
+        al.tftp_ipa_nm = build_netmap(al.tftp_ipa or al.ipa or al.ipar, True)

        mte = ODict.fromkeys(DEF_MTE.split(","), True)
        al.mte = odfusion(mte, al.mte)