kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-15 10:14:39 +00:00
Code Issues Projects Releases Wiki Activity

Allow API keys in ReverseProxyAuthMiddleware (closes #1216)

Browse Source
This commit is contained in:
Bernd Bestel
2020-12-24 10:00:51 +01:00
parent 2e3c237648
commit 4766c81580
3 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
changelog/61_UNRELEASED_xxxx-xx-xx.md
View File

@@ -6,6 +6,7 @@
- Improved the prerequisites checker (added missing required PHP extension `ctype`) (thanks @Forceu) - Improved the prerequisites checker (added missing required PHP extension `ctype`) (thanks @Forceu)
- Added validation checks for most `data/config.php` settings to prevent using invalid ones (thanks @Forceu) - Added validation checks for most `data/config.php` settings to prevent using invalid ones (thanks @Forceu)
- When using reverse proxy authentication (`ReverseProxyAuthMiddleware`), _additionally_ a valid key can now also be used for authentication (if you want don't want to protect the API endpoints via your reverse proxy, however)
- Fixed that some number inputs were broken when the new decimal places setting were set to `0` - Fixed that some number inputs were broken when the new decimal places setting were set to `0`
- Fixed that browser camera barcode scanning did not work on the product edit page for adding product barcodes - Fixed that browser camera barcode scanning did not work on the product edit page for adding product barcodes
- Fixed that the new product option "Never show on stock overview" was unintentionally set by default for new products - Fixed that the new product option "Never show on stock overview" was unintentionally set by default for new products

1
middleware/LdapAuthMiddleware.php
View File

@@ -16,7 +16,6 @@ class LdapAuthMiddleware extends AuthMiddleware
// First try to authenticate by API key // First try to authenticate by API key
$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory); $auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request); $user = $auth->authenticate($request);
if ($user !== null) if ($user !== null)
{ {
return $user; return $user;

13
middleware/ReverseProxyAuthMiddleware.php
View File

@@ -10,25 +10,30 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
{ {
public function authenticate(Request $request) public function authenticate(Request $request)
{ {
$db = DatabaseService::getInstance()->GetDbConnection();
if (!defined('GROCY_SHOW_AUTH_VIEWS')) if (!defined('GROCY_SHOW_AUTH_VIEWS'))
{ {
define('GROCY_SHOW_AUTH_VIEWS', false); define('GROCY_SHOW_AUTH_VIEWS', false);
} }
$db = DatabaseService::getInstance()->GetDbConnection(); // API key authentication is also ok
$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request);
if ($user !== null)
{
return $user;
}
$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER); $username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
if (count($username) !== 1) if (count($username) !== 1)
{ {
// Invalid configuration of Proxy // Invalid configuration of Proxy
throw new \Exception('ReverseProxyAuthMiddleware: Invalid username from proxy: ' . var_dump($username)); throw new \Exception('ReverseProxyAuthMiddleware: Invalid username from proxy: ' . var_dump($username));
} }
$username = $username[0]; $username = $username[0];
$user = $db->users()->where('username', $username)->fetch(); $user = $db->users()->where('username', $username)->fetch();
if ($user == null) if ($user == null)
{ {
$user = UsersService::getInstance()->CreateUser($username, '', '', ''); $user = UsersService::getInstance()->CreateUser($username, '', '', '');