External authentication: respect REDIRECT_REMOTE_USER as well

refs #12164
This commit is contained in:
Alexander A. Klimov 2016-10-17 16:19:26 +02:00
parent 3caffb0026
commit 29c221418b
3 changed files with 17 additions and 12 deletions

View File

@ -55,18 +55,20 @@ class ExternalBackend implements UserBackendInterface
/**
* Get the remote user from environment or $_SERVER, if any
*
* @param string $variable The name variable where to read the user from
* @param string|null $variable The name variable where to read the user from
*
* @return string|null
*/
public static function getRemoteUser($variable = 'REMOTE_USER')
{
$username = getenv($variable);
if ($username !== false) {
return $username;
}
if (array_key_exists($variable, $_SERVER)) {
return $_SERVER[$variable];
foreach (($variable === null ? array('REMOTE_USER', 'REDIRECT_REMOTE_USER') : array($variable)) as $variable) {
$username = getenv($variable);
if ($username !== false) {
return $username;
}
if (array_key_exists($variable, $_SERVER)) {
return $_SERVER[$variable];
}
}
return null;
}
@ -77,9 +79,9 @@ class ExternalBackend implements UserBackendInterface
*/
public function authenticate(User $user, $password = null)
{
$username = static::getRemoteUser();
$username = static::getRemoteUser(null);
if ($username !== null) {
$user->setExternalUserInformation($username, 'REMOTE_USER');
$user->setExternalUserInformation($username, null);
if ($this->stripUsernameRegexp) {
$stripped = preg_replace($this->stripUsernameRegexp, '', $username);

View File

@ -5,6 +5,7 @@ namespace Icinga\Module\Setup\Forms;
use Exception;
use Icinga\Application\Config;
use Icinga\Authentication\User\ExternalBackend;
use Icinga\Authentication\User\UserBackend;
use Icinga\Authentication\User\DbUserBackend;
use Icinga\Authentication\User\LdapUserBackend;
@ -269,8 +270,8 @@ class AdminAccountPage extends Form
*/
protected function getUsername()
{
$name = getenv('REMOTE_USER');
if ($name === false) {
$name = ExternalBackend::getRemoteUser(null);
if ($name === null) {
return '';
}

View File

@ -3,6 +3,7 @@
namespace Icinga\Module\Setup\Forms;
use Icinga\Authentication\User\ExternalBackend;
use Icinga\Web\Form;
use Icinga\Application\Platform;
@ -30,7 +31,8 @@ class AuthenticationPage extends Form
*/
public function createElements(array $formData)
{
if (isset($formData['type']) && $formData['type'] === 'external' && getenv('REMOTE_USER') === false) {
if (isset($formData['type']) && $formData['type'] === 'external'
&& ExternalBackend::getRemoteUser(null) === null) {
$this->info(
$this->translate(
'You\'re currently not authenticated using any of the web server\'s authentication '