From 33c3b32cda4e95fdbb13f958917f462081b2a670 Mon Sep 17 00:00:00 2001 From: mildis Date: Sat, 29 Aug 2020 07:59:59 +0200 Subject: [PATCH] Allow email to be retrieve by SSO ReverseProxy If REMOTE_EMAIL header is set, use it as user email. If REVERSE_PROXY_DEFAULT_DOMAIN is set but not REMOTE_EMAIL, use the current construct. --- app/Auth/ReverseProxyAuth.php | 3 ++- app/Core/Http/Request.php | 11 +++++++++++ app/User/ReverseProxyUserProvider.php | 18 ++++++++++++++++-- app/constants.php | 1 + config.default.php | 3 +++ tests/units/Core/Http/RequestTest.php | 9 +++++++++ 6 files changed, 42 insertions(+), 3 deletions(-) diff --git a/app/Auth/ReverseProxyAuth.php b/app/Auth/ReverseProxyAuth.php index bf71e71eb..ae4716d84 100644 --- a/app/Auth/ReverseProxyAuth.php +++ b/app/Auth/ReverseProxyAuth.php @@ -43,10 +43,11 @@ class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterfac public function authenticate() { $username = $this->request->getRemoteUser(); + $email = $this->request->getRemoteEmail(); if (! empty($username)) { $userProfile = $this->userCacheDecorator->getByUsername($username); - $this->userInfo = new ReverseProxyUserProvider($username, $userProfile ?: array()); + $this->userInfo = new ReverseProxyUserProvider($username, $email, $userProfile ?: array()); return true; } diff --git a/app/Core/Http/Request.php b/app/Core/Http/Request.php index f7d29ab9b..5fd96b722 100644 --- a/app/Core/Http/Request.php +++ b/app/Core/Http/Request.php @@ -270,6 +270,17 @@ class Request extends Base return $this->getServerVariable(REVERSE_PROXY_USER_HEADER); } + /** + * Get remote email + * + * @access public + * @return string + */ + public function getRemoteEmail() + { + return $this->getServerVariable(REVERSE_PROXY_EMAIL_HEADER); + } + /** * Returns query string * diff --git a/app/User/ReverseProxyUserProvider.php b/app/User/ReverseProxyUserProvider.php index 34d2187d6..4a3d8978a 100644 --- a/app/User/ReverseProxyUserProvider.php +++ b/app/User/ReverseProxyUserProvider.php @@ -21,6 +21,14 @@ class ReverseProxyUserProvider implements UserProviderInterface */ protected $username = ''; + /** + * Email + * + * @access protected + * @var string + */ + protected $email = ''; + /** * User profile if the user already exists * @@ -34,10 +42,12 @@ class ReverseProxyUserProvider implements UserProviderInterface * * @access public * @param string $username + * @param string $email */ - public function __construct($username, array $userProfile = array()) + public function __construct($username, $email, array $userProfile = array()) { $this->username = $username; + $this->email = $email; $this->userProfile = $userProfile; } @@ -134,7 +144,11 @@ class ReverseProxyUserProvider implements UserProviderInterface */ public function getEmail() { - return REVERSE_PROXY_DEFAULT_DOMAIN !== '' ? $this->username.'@'.REVERSE_PROXY_DEFAULT_DOMAIN : ''; + if (REVERSE_PROXY_DEFAULT_DOMAIN !== '' && $this->email === '') { + return $this->username.'@'.REVERSE_PROXY_DEFAULT_DOMAIN; + } + + return $this->email; } /** diff --git a/app/constants.php b/app/constants.php index 8ffb4c40a..b49e2f0f4 100644 --- a/app/constants.php +++ b/app/constants.php @@ -96,6 +96,7 @@ defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', gete defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', strtolower(getenv('REVERSE_PROXY_AUTH')) === 'true'); defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', getenv('REVERSE_PROXY_USER_HEADER') ?: 'REMOTE_USER'); defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', getenv('REVERSE_PROXY_DEFAULT_ADMIN') ?: ''); +defined('REVERSE_PROXY_EMAIL_HEADER') or define('REVERSE_PROXY_EMAIL_HEADER', getenv('REVERSE_PROXY_EMAIL_HEADER') ?: 'REMOTE_EMAIL'); defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', getenv('REVERSE_PROXY_DEFAULT_DOMAIN') ?: ''); // Remember me authentication diff --git a/config.default.php b/config.default.php index 2f70a6126..833cbc975 100644 --- a/config.default.php +++ b/config.default.php @@ -201,6 +201,9 @@ define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER'); // Username of the admin, by default blank define('REVERSE_PROXY_DEFAULT_ADMIN', ''); +// Header name to use for the username +define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL'); + // Default domain to use for setting the email address define('REVERSE_PROXY_DEFAULT_DOMAIN', ''); diff --git a/tests/units/Core/Http/RequestTest.php b/tests/units/Core/Http/RequestTest.php index 697c3c0f1..462ac26d2 100644 --- a/tests/units/Core/Http/RequestTest.php +++ b/tests/units/Core/Http/RequestTest.php @@ -140,6 +140,15 @@ class RequestTest extends Base $this->assertEquals('test', $request->getRemoteUser()); } + public function testGetRemoteEmail() + { + $request = new Request($this->container, array(), array(), array(), array(), array()); + $this->assertEmpty($request->getRemoteEmail()); + + $request = new Request($this->container, array(REVERSE_PROXY_EMAIL_HEADER => 'test@example.com'), array(), array(), array(), array()); + $this->assertEquals('test@example.com', $request->getRemoteEmail()); + } + public function testGetQueryString() { $request = new Request($this->container, array(), array(), array(), array(), array());