From 5e1d9a58d87d5920356986d5c1efce51b3534442 Mon Sep 17 00:00:00 2001 From: ed Date: Tue, 16 Dec 2025 21:07:09 +0000 Subject: [PATCH] simplify idp-groups with spaces --- copyparty/__main__.py | 1 + copyparty/httpcli.py | 3 +++ copyparty/svchub.py | 16 ++++++++++++++-- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/copyparty/__main__.py b/copyparty/__main__.py index 856a9757..cef1a1f8 100644 --- a/copyparty/__main__.py +++ b/copyparty/__main__.py @@ -1338,6 +1338,7 @@ def add_auth(ap): ap2.add_argument("--idp-h-grp", metavar="HN", type=u, default="", help="assume the request-header \033[33mHN\033[0m contains the groupname of the requesting user; can be referenced in config files for group-based access control") ap2.add_argument("--idp-h-key", metavar="HN", type=u, default="", help="optional but recommended safeguard; your reverse-proxy will insert a secret header named \033[33mHN\033[0m into all requests, and the other IdP headers will be ignored if this header is not present") ap2.add_argument("--idp-gsep", metavar="RE", type=u, default="|:;+,", help="if there are multiple groups in \033[33m--idp-h-grp\033[0m, they are separated by one of the characters in \033[33mRE\033[0m") + ap2.add_argument("--idp-chsub", metavar="TXT", type=u, default="", help="characters to replace in usernames/groupnames; a list of pairs of characters separated by | so for example | _| will replace spaces with _ to make configuration easier, or |%%_|^_|@_| will replace %%/^/@ with _") ap2.add_argument("--idp-db", metavar="PATH", type=u, default=idp_db, help="where to store the known IdP users/groups (if you run multiple copyparty instances, make sure they use different DBs)") ap2.add_argument("--idp-store", metavar="N", type=int, default=1, help="how to use \033[33m--idp-db\033[0m; [\033[32m0\033[0m] = entirely disable, [\033[32m1\033[0m] = write-only (effectively disabled), [\033[32m2\033[0m] = remember users, [\033[32m3\033[0m] = remember users and groups.\nNOTE: Will remember and restore the IdP-volumes of all users for all eternity if set to 2 or 3, even when user is deleted from your IdP") ap2.add_argument("--idp-adm", metavar="U,U", type=u, default="", help="comma-separated list of users allowed to use /?idp (the cache management UI)") diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py index 6f448ade..86bfca65 100644 --- a/copyparty/httpcli.py +++ b/copyparty/httpcli.py @@ -691,6 +691,9 @@ class HttpCli(object): if self.args.idp_h_grp else "" ) + if self.args.idp_chsub: + idp_usr = idp_usr.translate(self.args.idp_chsub_tr) + idp_grp = idp_grp.translate(self.args.idp_chsub_tr) if not trusted_xff: pip = self.conn.addr[0] diff --git a/copyparty/svchub.py b/copyparty/svchub.py index 17f794c0..11b52a63 100644 --- a/copyparty/svchub.py +++ b/copyparty/svchub.py @@ -79,6 +79,7 @@ from .util import ( start_stackmon, termsize, ub64enc, + umktrans, ) if HAVE_SQLITE3: @@ -1131,8 +1132,19 @@ class SvcHub(object): except: raise Exception("invalid --idp-hm-usr [%s]" % (zs0,)) - al.ftp_ipa_nm = build_netmap(al.ftp_ipa or al.ipa, True) - al.tftp_ipa_nm = build_netmap(al.tftp_ipa or al.ipa, True) + zs1 = "" + zs2 = "" + zs = al.idp_chsub + while zs: + if zs[:1] != "|": + raise Exception("invalid --idp-chsub; expected another | but got " + zs) + zs1 += zs[1:2] + zs2 += zs[2:3] + zs = zs[3:] + al.idp_chsub_tr = umktrans(zs1, zs2) + + al.ftp_ipa_nm = build_netmap(al.ftp_ipa or al.ipa or al.ipar, True) + al.tftp_ipa_nm = build_netmap(al.tftp_ipa or al.ipa or al.ipar, True) mte = ODict.fromkeys(DEF_MTE.split(","), True) al.mte = odfusion(mte, al.mte)