From 187654d8b35940bc58ad1f58a9f9d160079d6116 Mon Sep 17 00:00:00 2001
From: Marc Ole Bulling <Marc-Ole@gmx.de>
Date: Sun, 16 Jan 2022 14:46:04 +0100
Subject: [PATCH] Added support for reading auth header from env variable
 (#1746)

* Added support for reading auth header from env variable

* Check if variable is set, more accurate error description

* Formatting

Co-authored-by: Bernd Bestel <bernd@berrnd.de>
---
 config-dist.php                           |  2 ++
 middleware/ReverseProxyAuthMiddleware.php | 28 +++++++++++++++++++----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/config-dist.php b/config-dist.php
index 68a6051a..892e2a63 100644
--- a/config-dist.php
+++ b/config-dist.php
@@ -76,6 +76,8 @@ Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
 // When using ReverseProxyAuthMiddleware,
 // the name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
 Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER');
+// When using ReverseProxyAuthMiddleware, set to true if the username is passed as environment variable
+Setting('REVERSE_PROXY_AUTH_USE_ENV', false);
 
 // LDAP options when using LdapAuthMiddleware
 Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
diff --git a/middleware/ReverseProxyAuthMiddleware.php b/middleware/ReverseProxyAuthMiddleware.php
index 185e3364..952cbce0 100644
--- a/middleware/ReverseProxyAuthMiddleware.php
+++ b/middleware/ReverseProxyAuthMiddleware.php
@@ -22,13 +22,31 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
 			return $user;
 		}
 
-		$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
-		if (count($username) !== 1)
+		if (GROCY_REVERSE_PROXY_AUTH_USE_ENV)
 		{
-			// Invalid configuration of Proxy
-			throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');
+			if (!isset($_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER]))
+			{
+				// Variable is not set
+				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is missing (could not be found in $_SERVER array)');
+			}
+
+			$username = $_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER];
+			if (strlen($username) === 0)
+			{
+				// Variable is empty
+				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is invalid');
+			}
+		}
+		else
+		{
+			$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
+			if (count($username) !== 1)
+			{
+				// Invalid configuration of Proxy
+				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');
+			}
+			$username = $username[0];
 		}
-		$username = $username[0];
 
 		$user = $db->users()->where('username', $username)->fetch();
 		if ($user == null)