From ffd0637e05172d24b7ebaed396d8f7f209cc2e5b Mon Sep 17 00:00:00 2001
From: Oliver Falk <oliver@linux-kernel.at>
Date: Wed, 14 Nov 2018 14:15:34 +0100
Subject: [PATCH 1/5] Use Python 3.6 now

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 19e8483..a17d14f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: centos:centos7
 
 before_script:
   - yum install -y -t https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-  - yum -y -t install python34 python34-pip python34-devel unzip mysql-devel gcc git openldap-devel
+  - yum -y -t install python36 python36-pip python36-devel unzip mysql-devel gcc git openldap-devel
   - pip3 install virtualenv --upgrade
   - virtualenv -p python3 /tmp/.virtualenv
   - source /tmp/.virtualenv/bin/activate

From 3bde5e8da26a5081df352f9b595af458f01b69b4 Mon Sep 17 00:00:00 2001
From: Oliver Falk <oliver@linux-kernel.at>
Date: Wed, 14 Nov 2018 14:24:31 +0100
Subject: [PATCH 2/5] Still need to use pip from py 3.4

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a17d14f..9906831 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: centos:centos7
 
 before_script:
   - yum install -y -t https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-  - yum -y -t install python36 python36-pip python36-devel unzip mysql-devel gcc git openldap-devel
+  - yum -y -t install python36 python34-pip python36-devel unzip mysql-devel gcc git openldap-devel
   - pip3 install virtualenv --upgrade
   - virtualenv -p python3 /tmp/.virtualenv
   - source /tmp/.virtualenv/bin/activate

From 8bd5fb03d1078209a583a2efd084a3513897079c Mon Sep 17 00:00:00 2001
From: Oliver Falk <oliver@linux-kernel.at>
Date: Wed, 14 Nov 2018 14:26:26 +0100
Subject: [PATCH 3/5] Make sure we use py 3.6 for virtualenv

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9906831..8c3369b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@ before_script:
   - yum install -y -t https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   - yum -y -t install python36 python34-pip python36-devel unzip mysql-devel gcc git openldap-devel
   - pip3 install virtualenv --upgrade
-  - virtualenv -p python3 /tmp/.virtualenv
+  - virtualenv -p python3.6 /tmp/.virtualenv
   - source /tmp/.virtualenv/bin/activate
   - pip install -r requirements.txt
   - pip install python-coveralls

From b72eb289f4ddf37fa411d456e03e9a9851af2275 Mon Sep 17 00:00:00 2001
From: Oliver Falk <oliver@linux-kernel.at>
Date: Wed, 14 Nov 2018 14:40:02 +0100
Subject: [PATCH 4/5] Use latest pip

---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8c3369b..de476e1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,7 +3,8 @@ image: centos:centos7
 before_script:
   - yum install -y -t https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
   - yum -y -t install python36 python34-pip python36-devel unzip mysql-devel gcc git openldap-devel
-  - pip3 install virtualenv --upgrade
+  - pip3 install pip --upgrade
+  - pip install virtualenv --upgrade
   - virtualenv -p python3.6 /tmp/.virtualenv
   - source /tmp/.virtualenv/bin/activate
   - pip install -r requirements.txt

From 033a288b8d183d6777e22c324576ea19a9d76301 Mon Sep 17 00:00:00 2001
From: Oliver Falk <oliver@linux-kernel.at>
Date: Mon, 19 Nov 2018 16:03:41 +0100
Subject: [PATCH 5/5] Middleware for multiple proxies

---
 config.py            | 22 ++++++++++++++--------
 ivatar/middleware.py | 26 ++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 8 deletions(-)
 create mode 100644 ivatar/middleware.py

diff --git a/config.py b/config.py
index 9bec80d..93fdab6 100644
--- a/config.py
+++ b/config.py
@@ -4,14 +4,16 @@ Configuration overrides for settings.py
 
 import os
 import sys
-from socket import gethostname, gethostbyname
 from django.urls import reverse_lazy
 from ivatar.settings import BASE_DIR
 
-ADMIN_USERS = []
-ALLOWED_HOSTS = [ '*' ]
+from ivatar.settings import MIDDLEWARE
+from ivatar.settings import INSTALLED_APPS
+from ivatar.settings import TEMPLATES
+
+ADMIN_USERS = []
+ALLOWED_HOSTS = ['*']
 
-from ivatar.settings import INSTALLED_APPS  # noqa
 INSTALLED_APPS.extend([
     'django_extensions',
     'django_openid_auth',
@@ -22,10 +24,12 @@ INSTALLED_APPS.extend([
     'ivatar.tools',
 ])
 
-from ivatar.settings import MIDDLEWARE  # noqa
 MIDDLEWARE.extend([
     'django.middleware.locale.LocaleMiddleware',
 ])
+MIDDLEWARE.insert(
+    0, 'ivatar.middleware.MultipleProxyMiddleware',
+)
 
 AUTHENTICATION_BACKENDS = (
     # Enable this to allow LDAP authentication.
@@ -35,7 +39,6 @@ AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
 )
 
-from ivatar.settings import TEMPLATES  # noqa
 TEMPLATES[0]['DIRS'].extend([
     os.path.join(BASE_DIR, 'templates'),
 ])
@@ -76,7 +79,8 @@ BOOTSTRAP4 = {
     'javascript_in_head': False,
     'css_url': {
         'href': '/static/css/bootstrap.min.css',
-        'integrity': 'sha384-WskhaSGFgHYWDcbwN70/dfYBj47jz9qbsMId/iRN3ewGhXQFZCSftd1LZCfmhktB',  # noqa
+        'integrity':
+            'sha384-WskhaSGFgHYWDcbwN70/dfYBj47jz9qbsMId/iRN3ewGhXQFZCSftd1LZCfmhktB',
         'crossorigin': 'anonymous',
     },
     'javascript_url': {
@@ -86,7 +90,8 @@ BOOTSTRAP4 = {
     },
     'popper_url': {
         'url': '/static/js/popper.min.js',
-        'integrity': 'sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49',  # noqa
+        'integrity':
+            'sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49',
         'crossorigin': 'anonymous',
     },
 }
@@ -134,3 +139,4 @@ if os.path.isfile(os.path.join(BASE_DIR, 'config_local.py')):
 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
 
 USE_X_FORWARDED_HOST = True
+ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = ['avatars.linux-kernel.at', 'localhost',]
diff --git a/ivatar/middleware.py b/ivatar/middleware.py
new file mode 100644
index 0000000..1520fee
--- /dev/null
+++ b/ivatar/middleware.py
@@ -0,0 +1,26 @@
+"""
+Middleware classes
+"""
+from django.utils.deprecation import MiddlewareMixin
+
+class MultipleProxyMiddleware(MiddlewareMixin):  # pylint: disable=too-few-public-methods
+    """
+    Middleware to rewrite proxy headers for deployments
+    multiple proxies
+    """
+    FORWARDED_FOR_FIELDS = [
+        'HTTP_X_FORWARDED_FOR',
+        'HTTP_X_FORWARDED_HOST',
+        'HTTP_X_FORWARDED_SERVER',
+    ]
+
+    def process_request(self, request):
+        """
+        Rewrites the proxy headers so that only the most
+        recent proxy is used.
+        """
+        for field in self.FORWARDED_FOR_FIELDS:
+            if field in request.META:
+                if ',' in request.META[field]:
+                    parts = request.META[field].split(',')
+                    request.META[field] = parts[-1].strip()