Refactor Authentication and add proxy-authentication (#921)

* Refactor Authentication-Middlewares * Add Proxy-Authentication * Disable "Logout" & "Manage Users" when using ProxyAuth * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de>
2025-08-13 17:27:23 +00:00 · 2020-08-19 19:23:13 +02:00
parent 5b475d9307
commit d60d981fd1
10 changed files with 247 additions and 150 deletions
--- a/middleware/ReverseProxyAuthMiddleware.php
+++ b/middleware/ReverseProxyAuthMiddleware.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Grocy\Middleware;
+
+use Psr\Http\Message\ServerRequestInterface as Request;
+
+use Grocy\Services\DatabaseService;
+use Grocy\Services\UsersService;
+
+class ReverseProxyAuthMiddleware extends AuthMiddleware
+{
+    function authenticate(Request $request)
+    {
+        if (!defined('GROCY_SHOW_AUTH_VIEWS'))
+        {
+            define('GROCY_SHOW_AUTH_VIEWS', false);
+        }
+
+        $db = DatabaseService::getInstance()->GetDbConnection();
+
+        $username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
+        
+        if (count($username) !== 1)
+        {
+            // Invalid configuration of Proxy
+            throw new \Exception("ReverseProxyAuthMiddleware: Invalid username from proxy: " . var_dump($username));
+        }
+
+        $username = $username[0];
+
+        $user = $db->users()->where('username', $username)->fetch();
+        
+        if ($user == null)
+        {
+            $user = UsersService::getInstance()->CreateUser($username, '', '', '');
+        }
+
+        return $user;
+    }
+}