External authentication: respect REDIRECT_REMOTE_USER as well

refs #12164
2025-07-28 08:14:03 +02:00 · 2016-10-17 16:19:26 +02:00 · 2016-10-17 16:19:26 +02:00 · 29c221418b
commit 29c221418b
parent 3caffb0026
3 changed files with 17 additions and 12 deletions
--- a/library/Icinga/Authentication/User/ExternalBackend.php
+++ b/library/Icinga/Authentication/User/ExternalBackend.php
@ -55,18 +55,20 @@ class ExternalBackend implements UserBackendInterface
    /**
     * Get the remote user from environment or $_SERVER, if any
     *
-     * @param   string  $variable   The name variable where to read the user from
+     * @param   string|null $variable   The name variable where to read the user from
     *
     * @return  string|null
     */
    public static function getRemoteUser($variable = 'REMOTE_USER')
    {
-        $username = getenv($variable);
-        if ($username !== false) {
-            return $username;
-        }
-        if (array_key_exists($variable, $_SERVER)) {
-            return $_SERVER[$variable];
+        foreach (($variable === null ? array('REMOTE_USER', 'REDIRECT_REMOTE_USER') : array($variable)) as $variable) {
+            $username = getenv($variable);
+            if ($username !== false) {
+                return $username;
+            }
+            if (array_key_exists($variable, $_SERVER)) {
+                return $_SERVER[$variable];
+            }
        }
        return null;
    }
@ -77,9 +79,9 @@ class ExternalBackend implements UserBackendInterface
     */
    public function authenticate(User $user, $password = null)
    {
-        $username = static::getRemoteUser();
+        $username = static::getRemoteUser(null);
        if ($username !== null) {
-            $user->setExternalUserInformation($username, 'REMOTE_USER');
+            $user->setExternalUserInformation($username, null);

            if ($this->stripUsernameRegexp) {
                $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
--- a/modules/setup/application/forms/AdminAccountPage.php
+++ b/modules/setup/application/forms/AdminAccountPage.php
@ -5,6 +5,7 @@ namespace Icinga\Module\Setup\Forms;

 use Exception;
 use Icinga\Application\Config;
+use Icinga\Authentication\User\ExternalBackend;
 use Icinga\Authentication\User\UserBackend;
 use Icinga\Authentication\User\DbUserBackend;
 use Icinga\Authentication\User\LdapUserBackend;
@ -269,8 +270,8 @@ class AdminAccountPage extends Form
     */
    protected function getUsername()
    {
-        $name = getenv('REMOTE_USER');
-        if ($name === false) {
+        $name = ExternalBackend::getRemoteUser(null);
+        if ($name === null) {
            return '';
        }

--- a/modules/setup/application/forms/AuthenticationPage.php
+++ b/modules/setup/application/forms/AuthenticationPage.php
@ -3,6 +3,7 @@

 namespace Icinga\Module\Setup\Forms;

+use Icinga\Authentication\User\ExternalBackend;
 use Icinga\Web\Form;
 use Icinga\Application\Platform;

@ -30,7 +31,8 @@ class AuthenticationPage extends Form
     */
    public function createElements(array $formData)
    {
-        if (isset($formData['type']) && $formData['type'] === 'external' && getenv('REMOTE_USER') === false) {
+        if (isset($formData['type']) && $formData['type'] === 'external'
+            && ExternalBackend::getRemoteUser(null) === null) {
            $this->info(
                $this->translate(
                    'You\'re currently not authenticated using any of the web server\'s authentication '