Added support for reading auth header from env variable (#1746)

* Added support for reading auth header from env variable * Check if variable is set, more accurate error description * Formatting Co-authored-by: Bernd Bestel <bernd@berrnd.de>
2025-04-29 01:32:38 +00:00 · 2022-01-16 14:46:04 +01:00 · 2022-01-16 14:46:04 +01:00 · 187654d8b3
commit 187654d8b3
parent 8ec0d9319b
2 changed files with 25 additions and 5 deletions
--- a/config-dist.php
+++ b/config-dist.php
@ -76,6 +76,8 @@ Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
 // When using ReverseProxyAuthMiddleware,
 // the name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
 Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER');
+// When using ReverseProxyAuthMiddleware, set to true if the username is passed as environment variable
+Setting('REVERSE_PROXY_AUTH_USE_ENV', false);

 // LDAP options when using LdapAuthMiddleware
 Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
--- a/middleware/ReverseProxyAuthMiddleware.php
+++ b/middleware/ReverseProxyAuthMiddleware.php
@ -22,13 +22,31 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
 			return $user;
 		}

-		$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
-		if (count($username) !== 1)
+		if (GROCY_REVERSE_PROXY_AUTH_USE_ENV)
 		{
-			// Invalid configuration of Proxy
-			throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');
+			if (!isset($_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER]))
+			{
+				// Variable is not set
+				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is missing (could not be found in $_SERVER array)');
+			}
+
+			$username = $_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER];
+			if (strlen($username) === 0)
+			{
+				// Variable is empty
+				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is invalid');
+			}
+		}
+		else
+		{
+			$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
+			if (count($username) !== 1)
+			{
+				// Invalid configuration of Proxy
+				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');
+			}
+			$username = $username[0];
 		}
-		$username = $username[0];

 		$user = $db->users()->where('username', $username)->fetch();
 		if ($user == null)