src/hg/hgSession/hgSession.c e2316d8ff89ed1beb085f9169c4c7ca344affb20

e2316d8ff89ed1beb085f9169c4c7ca344affb20
max
  Tue May 16 14:55:40 2017 -0700
Changes to hgLogin and hgSession to replace hgLogin with Apache's Basic authentication system, refs #19424,
primarily motivated by CIRM but hopefully useful in other contexts

diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index 2725b89..a38a2a6 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -54,41 +54,51 @@
 return decStr;
 }
 
 
 void welcomeUser(char *wikiUserName)
 /* Tell the user they are not logged in to the wiki or other login
  * system and tell them how to do so. */
 {
 char *wikiHost = wikiLinkHost();
 
 cartWebStart(cart, NULL, "Welcome %s", wikiUserName);
 jsInit();
 
 jsIncludeDataTablesLibs();
 
-if (loginSystemEnabled()) /* Using the new hgLogin CGI for login? */
+if (loginSystemEnabled()) /* Using the new hgLogin CGI for login */
     {
     printf("<h4 style=\"margin: 0pt 0pt 7px;\">Your Account Information</h4>"
         "<ul style=\"list-style: none outside none; margin: 0pt; padding: 0pt;\">"
         "<li>Username:  %s</li>",wikiUserName);
+
+    if (loginUseBasicAuth())
+        printf("<li>The Genome Browser is configured to use HTTP Basic Authentication, so the password cannot be changed here.</li></ul>");
+    else
         printf("<li><A HREF=\"%s\">Change password</A></li></ul>",
             wikiLinkChangePasswordUrl(cartSessionId(cart)));
-    printf("<p><A HREF=\"%s\">Sign out</A></p>",
+
+    printf("<p><A id='logoutLink' HREF=\"%s\">Sign out</A></p>",
         wikiLinkUserLogoutUrl(cartSessionId(cart)));
+
+    if (loginUseBasicAuth())
+            wikiFixLogoutLinkWithJs();
     }
+
 else
+/* this part is not used anymore at UCSC since 2014 */
     {
     printf("If you are not %s (on the wiki at "
         "<A HREF=\"http://%s/\" TARGET=_BLANK>%s</A>) "
         "and would like to sign out or change identity, \n",
         wikiUserName, wikiHost, wikiHost);
     printf("<A HREF=\"%s\"><B>click here to sign out.</B></A>\n",
         wikiLinkUserLogoutUrl(cartSessionId(cart)));
     }
 }
 
 void offerLogin()
 /* Tell the user they are not logged in to the system and tell them how to
  * do so. */
 {
 char *wikiHost = wikiLinkHost();
@@ -152,33 +162,33 @@
 	path[0] = '\0';
     else
 	*(ptr+1) = '\0';
     safef(buf, sizeof(buf), "%s%s", path, "hgTracks");
     thePath = cloneString(buf);
     }
 return thePath;
 }
 
 void addSessionLink(struct dyString *dy, char *userName, char *sessionName,
 		    boolean encode)
 /* Add to dy an URL that tells hgSession to load a saved session.
  * If encode, cgiEncodeFull the URL. */
 {
 struct dyString *dyTmp = dyStringNew(1024);
-dyStringPrintf(dyTmp, "http%s://%s%s?hgS_doOtherUser=submit&"
+dyStringPrintf(dyTmp, "%s%s?hgS_doOtherUser=submit&"
 	       "hgS_otherUserName=%s&hgS_otherUserSessionName=%s",
-	       cgiAppendSForHttps(), cgiServerNamePort(), destAppScriptName(), userName, sessionName);
+	       wikiServerAndCgiDir(), destAppScriptName(), userName, sessionName);
 if (encode)
     {
     dyStringPrintf(dy, "%s", cgiEncodeFull(dyTmp->string));
     }
 else
     {
     dyStringPrintf(dy, "%s", dyTmp->string);
     }
 dyStringFree(&dyTmp);
 }
 
 char *getSessionLink(char *encUserName, char *encSessionName)
 /* Form a link that will take the user to a bookmarkable page that
  * will load the given session. */
 {
@@ -197,32 +207,32 @@
 dyStringPrintf(dy, "<A HREF=\"mailto:?subject=UCSC browser session %s&"
 	       "body=Here is a UCSC browser session I%%27d like to share with "
 	       "you:%%20",
 	       cgiDecodeClone(encSessionName));
 addSessionLink(dy, encUserName, encSessionName, TRUE);
 dyStringPrintf(dy, "\">Email</A>\n");
 return dyStringCannibalize(&dy);
 }
 
 void addUrlLink(struct dyString *dy, char *url, boolean encode)
 /* Add to dy an URL that tells hgSession to load settings from the given url.
  * If encode, cgiEncodeFull the whole thing. */
 {
 struct dyString *dyTmp = dyStringNew(1024);
 char *encodedUrl = cgiEncodeFull(url);
-dyStringPrintf(dyTmp, "http%s://%s%s?hgS_doLoadUrl=submit&hgS_loadUrlName=%s",
-	       cgiAppendSForHttps(), cgiServerNamePort(), destAppScriptName(), encodedUrl);
+dyStringPrintf(dyTmp, "%s%s?hgS_doLoadUrl=submit&hgS_loadUrlName=%s",
+	       wikiServerAndCgiDir(), destAppScriptName(), encodedUrl);
 if (encode)
     {
     dyStringPrintf(dy, "%s", cgiEncodeFull(dyTmp->string));
     }
 else
     {
     dyStringPrintf(dy, "%s", dyTmp->string);
     }
 freeMem(encodedUrl);
 dyStringFree(&dyTmp);
 }
 
 char *getUrlLink(char *url)
 /* Form a link that will take the user to a bookmarkable page that
  * will load the given url. */
@@ -585,31 +595,31 @@
        "<li>Each previously saved named session also appears with "
            "a checkbox to add the session to our "
            "<a href=\"../cgi-bin/hgPublicSessions?%s\">Public Sessions</a> "
            "listing. Adding a session to this listing allows other "
            "browser users to view the description and a thumbnail "
            "image of your session, and to load the session if they "
            "are interested.</li>\n", cartSidUrlString(cart));
     }
 else if (loginSystemEnabled() || wikiLinkEnabled())
     {
      printf("<LI>If you <A HREF=\"%s\">sign in</A>, you will be able " 
             " to save named sessions which will be displayed with "
             " Browser and Email links.</LI>\n",
             wikiLinkUserLoginUrl(cartSessionId(cart)));
     }
-dyStringPrintf(dyUrl, "http%s://%s%s", cgiAppendSForHttps(), cgiServerNamePort(), cgiScriptName());
+dyStringPrintf(dyUrl, "%s%s", wikiServerAndCgiDir(), cgiScriptName());
 
 printf("<LI>If you have saved your settings to a local file, you can send "
        "email to others with the file as an attachment and direct them to "
        "<A HREF=\"%s\">%s</A> .</LI>\n",
        dyUrl->string, dyUrl->string);
 dyStringPrintf(dyUrl, "?hgS_doLoadUrl=submit&hgS_loadUrlName=");
 printf("<LI>If a saved settings file is available from a web server, "
        "you can send email to others with a link such as "
        "%s<B>U</B> where <B>U</B> is the URL of your "
        "settings file, e.g. http://www.mysite.edu/~me/mySession.txt .  "
        "In this type of link, you can replace "
        "\"hgSession\" with \"hgTracks\" in order to proceed directly to "
        "the Genome Browser. For an example page using such links "
        "please see the <A HREF=\"../goldenPath/help/sessions.html\" "
        "TARGET=_BLANK>Session Gallery</A>.</LI>\n",
@@ -1273,32 +1283,32 @@
 			   "<B>%s</B>.  Please submit plain text or "
 			   "compressed text in one of the formats offered in "
 			   "<B>Save Settings</B>.", fileName);
 	}
     else
 	{
 	dyStringAppend(dyMessage, "Sorry, your web browser seems to have "
 		       "posted no data");
 	if (isNotEmpty(fileName))
 	    dyStringPrintf(dyMessage, ", only the filename <B>%s</B>",
 			   fileName);
 	dyStringAppend(dyMessage, ".  Your settings have not been changed.");
 	lf = NULL;
 	}
     dyStringPrintf(dyMessage, "&nbsp;&nbsp;"
-	   "<A HREF=\"http%s://%s%s?%s=%s\">Browser</A>",
-	   cgiAppendSForHttps(), cgiServerNamePort(), destAppScriptName(),
+	   "<A HREF=\"%s%s?%s=%s\">Browser</A>",
+	   wikiServerAndCgiDir(), destAppScriptName(),
 	   cartSessionVarName(), cartSessionId(cart));
     }
 if (lf != NULL)
     {
     cartLoadSettings(lf, cart, NULL, actionVar);
     cartHideDefaultTracks(cart);
     hubConnectLoadHubs(cart);
     cartCopyCustomTracks(cart);
     cartCheckForCustomTracks(cart, dyMessage);
     lineFileClose(&lf);
     }
 return dyStringCannibalize(&dyMessage);
 }
 
 void renamePrefixedCartVar(char *prefix, char *oldName, char *newName)