Allow full name to be retrieved by SSO ReverseProxy

Expand on #4585 by also getting the user's full name from the Reverse Proxy: If a ReverseProxy provides more than REMOTE_USER, such as email, it might as well also provide the user's full name.
2023-02-18 21:27:45 +01:00 · 2023-02-18 21:27:45 +01:00 · af8159b4bb
parent e323ce875f
commit af8159b4bb
7 changed files with 40 additions and 4 deletions
--- a/app/Auth/ReverseProxyAuth.php
+++ b/app/Auth/ReverseProxyAuth.php
@ -44,10 +44,11 @@ class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterfac
    {
        $username = $this->request->getRemoteUser();
        $email = $this->request->getRemoteEmail();
+        $fullname = $this->request->getRemoteName();

        if (! empty($username)) {
            $userProfile = $this->userCacheDecorator->getByUsername($username);
-            $this->userInfo = new ReverseProxyUserProvider($username, $email, $userProfile ?: array());
+            $this->userInfo = new ReverseProxyUserProvider($username, $email, $fullname, $userProfile ?: array());
            return true;
        }

--- a/app/Core/Http/Request.php
+++ b/app/Core/Http/Request.php
@ -291,6 +291,17 @@ class Request extends Base
        return $this->getServerVariable(REVERSE_PROXY_EMAIL_HEADER);
    }

+    /**
+     * Get remote user full name
+     *
+     * @access public
+     * @return string
+     */
+    public function getRemoteName()
+    {
+        return $this->getServerVariable(REVERSE_PROXY_FULLNAME_HEADER);
+    }
+
    /**
     * Returns query string
     *
--- a/app/User/ReverseProxyUserProvider.php
+++ b/app/User/ReverseProxyUserProvider.php
@ -29,6 +29,14 @@ class ReverseProxyUserProvider implements UserProviderInterface
     */
    protected $email = '';

+    /**
+     * Full name
+     *
+     * @access protected
+     * @var string
+     */
+    protected $fullname= '';
+
    /**
     * User profile if the user already exists
     *
@ -43,11 +51,13 @@ class ReverseProxyUserProvider implements UserProviderInterface
     * @access public
     * @param  string $username
     * @param  string $email
+     * @param  string $fullname
     */
-    public function __construct($username, $email, array $userProfile = array())
+    public function __construct($username, $email, $fullname, array $userProfile = array())
    {
        $this->username = $username;
        $this->email = $email;
+        $this->fullname = $fullname;
        $this->userProfile = $userProfile;
    }

@ -133,7 +143,7 @@ class ReverseProxyUserProvider implements UserProviderInterface
     */
    public function getName()
    {
-        return '';
+        return $this->fullname;
    }

    /**
--- a/app/constants.php
+++ b/app/constants.php
@ -101,6 +101,7 @@ defined('LDAP_GROUP_SYNC') or define('LDAP_GROUP_SYNC', getenv('LDAP_GROUP_SYNC'
 defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', strtolower(getenv('REVERSE_PROXY_AUTH')) === 'true');
 defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', getenv('REVERSE_PROXY_USER_HEADER') ?: 'REMOTE_USER');
 defined('REVERSE_PROXY_EMAIL_HEADER') or define('REVERSE_PROXY_EMAIL_HEADER', getenv('REVERSE_PROXY_EMAIL_HEADER') ?: 'REMOTE_EMAIL');
+defined('REVERSE_PROXY_FULLNAME_HEADER') or define('REVERSE_PROXY_FULLNAME_HEADER', getenv('REVERSE_PROXY_FULLNAME_HEADER') ?: 'REMOTE_FULLNAME');
 defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', getenv('REVERSE_PROXY_DEFAULT_ADMIN') ?: '');
 defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', getenv('REVERSE_PROXY_DEFAULT_DOMAIN') ?: '');

--- a/config.default.php
+++ b/config.default.php
@ -211,9 +211,12 @@ define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
 // Username of the admin, by default blank
 define('REVERSE_PROXY_DEFAULT_ADMIN', '');

-// Header name to use for the username
+// Header name to use for the user email
 define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL');

+// Header name to use for the user full name
+define('REVERSE_PROXY_FULLNAME_HEADER', 'REMOTE_NAME');
+
 // Default domain to use for setting the email address
 define('REVERSE_PROXY_DEFAULT_DOMAIN', '');

--- a/docker/etc/php81/php-fpm.d/env.conf
+++ b/docker/etc/php81/php-fpm.d/env.conf
@ -92,6 +92,7 @@ env[LDAP_GROUP_ATTRIBUTE_NAME] = $LDAP_GROUP_ATTRIBUTE_NAME
 env[REVERSE_PROXY_AUTH] = $REVERSE_PROXY_AUTH
 env[REVERSE_PROXY_USER_HEADER] = $REVERSE_PROXY_USER_HEADER
 env[REVERSE_PROXY_EMAIL_HEADER] = $REVERSE_PROXY_EMAIL_HEADER
+env[REVERSE_PROXY_FULLNAME_HEADER] = $REVERSE_PROXY_FULLNAME_HEADER
 env[REVERSE_PROXY_DEFAULT_ADMIN] = $REVERSE_PROXY_DEFAULT_ADMIN
 env[REVERSE_PROXY_DEFAULT_DOMAIN] = $REVERSE_PROXY_DEFAULT_DOMAIN

--- a/tests/units/Core/Http/RequestTest.php
+++ b/tests/units/Core/Http/RequestTest.php
@ -149,6 +149,15 @@ class RequestTest extends Base
        $this->assertEquals('test@example.com', $request->getRemoteEmail());
    }

+    public function testGetRemoteName()
+    {
+        $request = new Request($this->container, array(), array(), array(), array(), array());
+        $this->assertEmpty($request->getRemoteName());
+
+        $request = new Request($this->container, array(REVERSE_PROXY_FULLNAME_HEADER => 'Test Name'), array(), array(), array(), array());
+        $this->assertEquals('Test Name', $request->getRemoteName());
+    }
+
    public function testGetQueryString()
    {
        $request = new Request($this->container, array(), array(), array(), array(), array());