kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-29 09:39:57 +00:00
Code Issues Projects Releases Wiki Activity

Allow API keys in ReverseProxyAuthMiddleware (closes #1216)

Browse Source
This commit is contained in:
Bernd Bestel 2020-12-24 10:00:51 +01:00
parent 2e3c237648
commit 4766c81580
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog/61_UNRELEASED_xxxx-xx-xx.md
View File

@ -6,6 +6,7 @@
- Improved the prerequisites checker (added missing required PHP extension `ctype`) (thanks @Forceu)
- Added validation checks for most `data/config.php` settings to prevent using invalid ones (thanks @Forceu)
- When using reverse proxy authentication (`ReverseProxyAuthMiddleware`), _additionally_ a valid key can now also be used for authentication (if you want don't want to protect the API endpoints via your reverse proxy, however)
- Fixed that some number inputs were broken when the new decimal places setting were set to `0`
- Fixed that browser camera barcode scanning did not work on the product edit page for adding product barcodes
- Fixed that the new product option "Never show on stock overview" was unintentionally set by default for new products

1
middleware/LdapAuthMiddleware.php
View File

@ -16,7 +16,6 @@ class LdapAuthMiddleware extends AuthMiddleware
// First try to authenticate by API key
$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request);
if ($user !== null)
{
return $user;

13
middleware/ReverseProxyAuthMiddleware.php
View File

@ -10,25 +10,30 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
{
public function authenticate(Request $request)
{
$db = DatabaseService::getInstance()->GetDbConnection();
if (!defined('GROCY_SHOW_AUTH_VIEWS'))
{
define('GROCY_SHOW_AUTH_VIEWS', false);
}
$db = DatabaseService::getInstance()->GetDbConnection();
// API key authentication is also ok
$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
$user = $auth->authenticate($request);
if ($user !== null)
{
return $user;
}
$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
if (count($username) !== 1)
{
// Invalid configuration of Proxy
throw new \Exception('ReverseProxyAuthMiddleware: Invalid username from proxy: ' . var_dump($username));
}
$username = $username[0];
$user = $db->users()->where('username', $username)->fetch();
if ($user == null)
{
$user = UsersService::getInstance()->CreateUser($username, '', '', '');