tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-26 23:34:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

External authentication: respect REDIRECT_REMOTE_USER as well

Browse Source 
refs #12164
This commit is contained in:
Alexander A. Klimov 2016-10-17 16:19:26 +02:00
parent 3caffb0026
commit 29c221418b
3 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
library/Icinga/Authentication/User/ExternalBackend.php
View File

@ -55,12 +55,13 @@ class ExternalBackend implements UserBackendInterface
/** /**
* Get the remote user from environment or $_SERVER, if any * Get the remote user from environment or $_SERVER, if any
* *
* @param string $variable The name variable where to read the user from * @param string|null $variable The name variable where to read the user from
* *
* @return string|null * @return string|null
*/ */
public static function getRemoteUser($variable = 'REMOTE_USER') public static function getRemoteUser($variable = 'REMOTE_USER')
{ {
foreach (($variable === null ? array('REMOTE_USER', 'REDIRECT_REMOTE_USER') : array($variable)) as $variable) {
$username = getenv($variable); $username = getenv($variable);
if ($username !== false) { if ($username !== false) {
return $username; return $username;
@ -68,6 +69,7 @@ class ExternalBackend implements UserBackendInterface
if (array_key_exists($variable, $_SERVER)) { if (array_key_exists($variable, $_SERVER)) {
return $_SERVER[$variable]; return $_SERVER[$variable];
} }
}
return null; return null;
} }
@ -77,9 +79,9 @@ class ExternalBackend implements UserBackendInterface
*/ */
public function authenticate(User $user, $password = null) public function authenticate(User $user, $password = null)
{ {
$username = static::getRemoteUser(); $username = static::getRemoteUser(null);
if ($username !== null) { if ($username !== null) {
$user->setExternalUserInformation($username, 'REMOTE_USER'); $user->setExternalUserInformation($username, null);
if ($this->stripUsernameRegexp) { if ($this->stripUsernameRegexp) {
$stripped = preg_replace($this->stripUsernameRegexp, '', $username); $stripped = preg_replace($this->stripUsernameRegexp, '', $username);

5
modules/setup/application/forms/AdminAccountPage.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Module\Setup\Forms;
use Exception; use Exception;
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Authentication\User\ExternalBackend;
use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\UserBackend;
use Icinga\Authentication\User\DbUserBackend; use Icinga\Authentication\User\DbUserBackend;
use Icinga\Authentication\User\LdapUserBackend; use Icinga\Authentication\User\LdapUserBackend;
@ -269,8 +270,8 @@ class AdminAccountPage extends Form
*/ */
protected function getUsername() protected function getUsername()
{ {
$name = getenv('REMOTE_USER'); $name = ExternalBackend::getRemoteUser(null);
if ($name === false) { if ($name === null) {
return ''; return '';
} }

4
modules/setup/application/forms/AuthenticationPage.php
View File

@ -3,6 +3,7 @@
namespace Icinga\Module\Setup\Forms; namespace Icinga\Module\Setup\Forms;
use Icinga\Authentication\User\ExternalBackend;
use Icinga\Web\Form; use Icinga\Web\Form;
use Icinga\Application\Platform; use Icinga\Application\Platform;
@ -30,7 +31,8 @@ class AuthenticationPage extends Form
*/ */
public function createElements(array $formData) public function createElements(array $formData)
{ {
if (isset($formData['type']) && $formData['type'] === 'external' && getenv('REMOTE_USER') === false) { if (isset($formData['type']) && $formData['type'] === 'external'
&& ExternalBackend::getRemoteUser(null) === null) {
$this->info( $this->info(
$this->translate( $this->translate(
'You\'re currently not authenticated using any of the web server\'s authentication ' 'You\'re currently not authenticated using any of the web server\'s authentication '