Allow email to be retrieve by SSO ReverseProxy

If REMOTE_EMAIL header is set, use it as user email.
If REVERSE_PROXY_DEFAULT_DOMAIN is set but not REMOTE_EMAIL, use the current construct.

app/Auth/ReverseProxyAuth.php

@@ -43,10 +43,11 @@ class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterfac
     public function authenticate()
     {
         $username = $this->request->getRemoteUser();
+        $email = $this->request->getRemoteEmail();
 
         if (! empty($username)) {
             $userProfile = $this->userCacheDecorator->getByUsername($username);
-            $this->userInfo = new ReverseProxyUserProvider($username, $userProfile ?: array());
+            $this->userInfo = new ReverseProxyUserProvider($username, $email, $userProfile ?: array());
             return true;
         }
 

app/Core/Http/Request.php

@@ -270,6 +270,17 @@ class Request extends Base
         return $this->getServerVariable(REVERSE_PROXY_USER_HEADER);
     }
 
+    /**
+     * Get remote email
+     *
+     * @access public
+     * @return string
+     */
+    public function getRemoteEmail()
+    {
+        return $this->getServerVariable(REVERSE_PROXY_EMAIL_HEADER);
+    }
+
     /**
      * Returns query string
      *

app/User/ReverseProxyUserProvider.php

@@ -21,6 +21,14 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     protected $username = '';
 
+    /**
+     * Email
+     *
+     * @access protected
+     * @var string
+     */
+    protected $email = '';
+
     /**
      * User profile if the user already exists
      *
@@ -34,10 +42,12 @@ class ReverseProxyUserProvider implements UserProviderInterface
      *
      * @access public
      * @param  string $username
+     * @param  string $email
      */
-    public function __construct($username, array $userProfile = array())
+    public function __construct($username, $email, array $userProfile = array())
     {
         $this->username = $username;
+        $this->email = $email;
         $this->userProfile = $userProfile;
     }
 
@@ -134,7 +144,11 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     public function getEmail()
     {
-        return REVERSE_PROXY_DEFAULT_DOMAIN !== '' ? $this->username.'@'.REVERSE_PROXY_DEFAULT_DOMAIN : '';
+        if (REVERSE_PROXY_DEFAULT_DOMAIN !== '' && $this->email === '') {
+            return $this->username.'@'.REVERSE_PROXY_DEFAULT_DOMAIN;
+        }
+
+        return $this->email;
     }
 
     /**

app/constants.php

@@ -96,6 +96,7 @@ defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', gete
 defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', strtolower(getenv('REVERSE_PROXY_AUTH')) === 'true');
 defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', getenv('REVERSE_PROXY_USER_HEADER') ?: 'REMOTE_USER');
 defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', getenv('REVERSE_PROXY_DEFAULT_ADMIN') ?: '');
+defined('REVERSE_PROXY_EMAIL_HEADER') or define('REVERSE_PROXY_EMAIL_HEADER', getenv('REVERSE_PROXY_EMAIL_HEADER') ?: 'REMOTE_EMAIL');
 defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', getenv('REVERSE_PROXY_DEFAULT_DOMAIN') ?: '');
 
 // Remember me authentication

config.default.php

@@ -201,6 +201,9 @@ define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
 // Username of the admin, by default blank
 define('REVERSE_PROXY_DEFAULT_ADMIN', '');
 
+// Header name to use for the username
+define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL');
+
 // Default domain to use for setting the email address
 define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
 

tests/units/Core/Http/RequestTest.php

@@ -140,6 +140,15 @@ class RequestTest extends Base
         $this->assertEquals('test', $request->getRemoteUser());
     }
 
+    public function testGetRemoteEmail()
+    {
+        $request = new Request($this->container, array(), array(), array(), array(), array());
+        $this->assertEmpty($request->getRemoteEmail());
+
+        $request = new Request($this->container, array(REVERSE_PROXY_EMAIL_HEADER => 'test@example.com'), array(), array(), array(), array());
+        $this->assertEquals('test@example.com', $request->getRemoteEmail());
+    }
+
     public function testGetQueryString()
     {
         $request = new Request($this->container, array(), array(), array(), array(), array());