Allow API keys in ReverseProxyAuthMiddleware (closes #1216)

This commit is contained in:
Bernd Bestel
2020-12-24 10:00:51 +01:00
parent 2e3c237648
commit 4766c81580
3 changed files with 10 additions and 5 deletions

View File

@@ -10,25 +10,30 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
{
public function authenticate(Request $request)
{
$db = DatabaseService::getInstance()->GetDbConnection();
if (!defined('GROCY_SHOW_AUTH_VIEWS'))
{
define('GROCY_SHOW_AUTH_VIEWS', false);
}
$db = DatabaseService::getInstance()->GetDbConnection();
// API key authentication is also ok
$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request);
if ($user !== null)
{
return $user;
}
$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
if (count($username) !== 1)
{
// Invalid configuration of Proxy
throw new \Exception('ReverseProxyAuthMiddleware: Invalid username from proxy: ' . var_dump($username));
}
$username = $username[0];
$user = $db->users()->where('username', $username)->fetch();
if ($user == null)
{
$user = UsersService::getInstance()->CreateUser($username, '', '', '');