tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ExternalBackend: Simplify how remote users are identified 

refs #12164
This commit is contained in:
Johannes Meyer 2016-11-16 11:55:54 +01:00
parent 846f8ec3d8
commit 0bd00ba3d0
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
library/Icinga/Authentication/User/ExternalBackend.php
View File

@ -16,7 +16,7 @@ class ExternalBackend implements UserBackendInterface
* *
* @var string[] * @var string[]
*/ */
public static $remoteUserEnvvars = array('REDIRECT_REMOTE_USER', 'REMOTE_USER'); public static $remoteUserEnvvars = array('REMOTE_USER', 'REDIRECT_REMOTE_USER');
/** /**
* The name of this backend * The name of this backend
@ -32,13 +32,6 @@ class ExternalBackend implements UserBackendInterface
*/ */
protected $stripUsernameRegexp; protected $stripUsernameRegexp;
/**
* The name variable where to read the user from
*
* @var string|null
*/
protected $usernameEnvvar;
/** /**
* Create new authentication backend of type "external" * Create new authentication backend of type "external"
* *
@ -47,7 +40,6 @@ class ExternalBackend implements UserBackendInterface
public function __construct(ConfigObject $config) public function __construct(ConfigObject $config)
{ {
$this->stripUsernameRegexp = $config->get('strip_username_regexp'); $this->stripUsernameRegexp = $config->get('strip_username_regexp');
$this->usernameEnvvar = $config->get('username_envvar');
} }
/** /**
@ -70,24 +62,37 @@ class ExternalBackend implements UserBackendInterface
/** /**
* Get the remote user from environment or $_SERVER, if any * Get the remote user from environment or $_SERVER, if any
* *
* @param string|null $variable The name variable where to read the user from * @param string $variable The name of the variable where to read the user from
* *
* @return string|null * @return string|null
*/ */
public static function getRemoteUser($variable = null) public static function getRemoteUser($variable = 'REMOTE_USER')
{ {
if ($variable === null) {
$variable = 'REMOTE_USER';
}
$username = getenv($variable); $username = getenv($variable);
if ($username !== false) { if ($username !== false) {
return $username; return $username;
} }
if (array_key_exists($variable, $_SERVER)) { if (array_key_exists($variable, $_SERVER)) {
return $_SERVER[$variable]; return $_SERVER[$variable];
} }
return null; }
/**
* Get the remote user information from environment or $_SERVER, if any
*
* @return array Contains always two entries, the username and origin which may both set to null.
*/
public static function getRemoteUserInformation()
{
foreach (static::$remoteUserEnvvars as $envVar) {
$username = static::getRemoteUser($envVar);
if ($username !== null) {
return array($username, $envVar);
}
}
return array(null, null);
} }
/** /**
@ -95,9 +100,9 @@ class ExternalBackend implements UserBackendInterface
*/ */
public function authenticate(User $user, $password = null) public function authenticate(User $user, $password = null)
{ {
$username = static::getRemoteUser($this->usernameEnvvar); list($username, $field) = static::getRemoteUserInformation();
if ($username !== null) { if ($username !== null) {
$user->setExternalUserInformation($username, $this->usernameEnvvar); $user->setExternalUserInformation($username, $field);
if ($this->stripUsernameRegexp) { if ($this->stripUsernameRegexp) {
$stripped = preg_replace($this->stripUsernameRegexp, '', $username); $stripped = preg_replace($this->stripUsernameRegexp, '', $username);