AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow full name to be retrieved by SSO ReverseProxy 

Expand on #4585 by also getting the user's full name from the Reverse Proxy:
If a ReverseProxy provides more than REMOTE_USER, such as email, it might
as well also provide the user's full name.
This commit is contained in:
peter 2023-02-18 21:27:45 +01:00 committed by Frédéric Guillot
parent e323ce875f
commit af8159b4bb
7 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Auth/ReverseProxyAuth.php
View File

@ -44,10 +44,11 @@ class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterfac
{ {
$username = $this->request->getRemoteUser(); $username = $this->request->getRemoteUser();
$email = $this->request->getRemoteEmail(); $email = $this->request->getRemoteEmail();
$fullname = $this->request->getRemoteName();
if (! empty($username)) { if (! empty($username)) {
$userProfile = $this->userCacheDecorator->getByUsername($username); $userProfile = $this->userCacheDecorator->getByUsername($username);
$this->userInfo = new ReverseProxyUserProvider($username, $email, $userProfile ?: array()); $this->userInfo = new ReverseProxyUserProvider($username, $email, $fullname, $userProfile ?: array());
return true; return true;
} }

11
app/Core/Http/Request.php
View File

@ -291,6 +291,17 @@ class Request extends Base
return $this->getServerVariable(REVERSE_PROXY_EMAIL_HEADER); return $this->getServerVariable(REVERSE_PROXY_EMAIL_HEADER);
} }
/**
* Get remote user full name
*
* @access public
* @return string
*/
public function getRemoteName()
{
return $this->getServerVariable(REVERSE_PROXY_FULLNAME_HEADER);
}
/** /**
* Returns query string * Returns query string
* *

14
app/User/ReverseProxyUserProvider.php
View File

@ -29,6 +29,14 @@ class ReverseProxyUserProvider implements UserProviderInterface
*/ */
protected $email = ''; protected $email = '';
/**
* Full name
*
* @access protected
* @var string
*/
protected $fullname= '';
/** /**
* User profile if the user already exists * User profile if the user already exists
* *
@ -43,11 +51,13 @@ class ReverseProxyUserProvider implements UserProviderInterface
* @access public * @access public
* @param string $username * @param string $username
* @param string $email * @param string $email
* @param string $fullname
*/ */
public function __construct($username, $email, array $userProfile = array()) public function __construct($username, $email, $fullname, array $userProfile = array())
{ {
$this->username = $username; $this->username = $username;
$this->email = $email; $this->email = $email;
$this->fullname = $fullname;
$this->userProfile = $userProfile; $this->userProfile = $userProfile;
} }
@ -133,7 +143,7 @@ class ReverseProxyUserProvider implements UserProviderInterface
*/ */
public function getName() public function getName()
{ {
return ''; return $this->fullname;
} }
/** /**

1
app/constants.php
View File

@ -101,6 +101,7 @@ defined('LDAP_GROUP_SYNC') or define('LDAP_GROUP_SYNC', getenv('LDAP_GROUP_SYNC'
defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', strtolower(getenv('REVERSE_PROXY_AUTH')) === 'true'); defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', strtolower(getenv('REVERSE_PROXY_AUTH')) === 'true');
defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', getenv('REVERSE_PROXY_USER_HEADER') ?: 'REMOTE_USER'); defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', getenv('REVERSE_PROXY_USER_HEADER') ?: 'REMOTE_USER');
defined('REVERSE_PROXY_EMAIL_HEADER') or define('REVERSE_PROXY_EMAIL_HEADER', getenv('REVERSE_PROXY_EMAIL_HEADER') ?: 'REMOTE_EMAIL'); defined('REVERSE_PROXY_EMAIL_HEADER') or define('REVERSE_PROXY_EMAIL_HEADER', getenv('REVERSE_PROXY_EMAIL_HEADER') ?: 'REMOTE_EMAIL');
defined('REVERSE_PROXY_FULLNAME_HEADER') or define('REVERSE_PROXY_FULLNAME_HEADER', getenv('REVERSE_PROXY_FULLNAME_HEADER') ?: 'REMOTE_FULLNAME');
defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', getenv('REVERSE_PROXY_DEFAULT_ADMIN') ?: ''); defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', getenv('REVERSE_PROXY_DEFAULT_ADMIN') ?: '');
defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', getenv('REVERSE_PROXY_DEFAULT_DOMAIN') ?: ''); defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', getenv('REVERSE_PROXY_DEFAULT_DOMAIN') ?: '');

5
config.default.php
View File

@ -211,9 +211,12 @@ define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
// Username of the admin, by default blank // Username of the admin, by default blank
define('REVERSE_PROXY_DEFAULT_ADMIN', ''); define('REVERSE_PROXY_DEFAULT_ADMIN', '');
// Header name to use for the username // Header name to use for the user email
define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL'); define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL');
// Header name to use for the user full name
define('REVERSE_PROXY_FULLNAME_HEADER', 'REMOTE_NAME');
// Default domain to use for setting the email address // Default domain to use for setting the email address
define('REVERSE_PROXY_DEFAULT_DOMAIN', ''); define('REVERSE_PROXY_DEFAULT_DOMAIN', '');

1
docker/etc/php81/php-fpm.d/env.conf
View File

@ -92,6 +92,7 @@ env[LDAP_GROUP_ATTRIBUTE_NAME] = $LDAP_GROUP_ATTRIBUTE_NAME
env[REVERSE_PROXY_AUTH] = $REVERSE_PROXY_AUTH env[REVERSE_PROXY_AUTH] = $REVERSE_PROXY_AUTH
env[REVERSE_PROXY_USER_HEADER] = $REVERSE_PROXY_USER_HEADER env[REVERSE_PROXY_USER_HEADER] = $REVERSE_PROXY_USER_HEADER
env[REVERSE_PROXY_EMAIL_HEADER] = $REVERSE_PROXY_EMAIL_HEADER env[REVERSE_PROXY_EMAIL_HEADER] = $REVERSE_PROXY_EMAIL_HEADER
env[REVERSE_PROXY_FULLNAME_HEADER] = $REVERSE_PROXY_FULLNAME_HEADER
env[REVERSE_PROXY_DEFAULT_ADMIN] = $REVERSE_PROXY_DEFAULT_ADMIN env[REVERSE_PROXY_DEFAULT_ADMIN] = $REVERSE_PROXY_DEFAULT_ADMIN
env[REVERSE_PROXY_DEFAULT_DOMAIN] = $REVERSE_PROXY_DEFAULT_DOMAIN env[REVERSE_PROXY_DEFAULT_DOMAIN] = $REVERSE_PROXY_DEFAULT_DOMAIN

9
tests/units/Core/Http/RequestTest.php
View File

@ -149,6 +149,15 @@ class RequestTest extends Base
$this->assertEquals('test@example.com', $request->getRemoteEmail()); $this->assertEquals('test@example.com', $request->getRemoteEmail());
} }
public function testGetRemoteName()
{
$request = new Request($this->container, array(), array(), array(), array(), array());
$this->assertEmpty($request->getRemoteName());
$request = new Request($this->container, array(REVERSE_PROXY_FULLNAME_HEADER => 'Test Name'), array(), array(), array(), array());
$this->assertEquals('Test Name', $request->getRemoteName());
}
public function testGetQueryString() public function testGetQueryString()
{ {
$request = new Request($this->container, array(), array(), array(), array(), array()); $request = new Request($this->container, array(), array(), array(), array(), array());