tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/evaluate-redirect_remote_user-12164'

Browse Source 
fixes #12164
This commit is contained in:
Johannes Meyer 2016-11-21 08:53:35 +01:00
commit 78be71bc92
3 changed files with 50 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
library/Icinga/Authentication/User/ExternalBackend.php
View File

@ -3,6 +3,7 @@
namespace Icinga\Authentication\User; namespace Icinga\Authentication\User;
use Icinga\Application\Logger;
use Icinga\Data\ConfigObject; use Icinga\Data\ConfigObject;
use Icinga\User; use Icinga\User;
@ -11,6 +12,13 @@ use Icinga\User;
*/ */
class ExternalBackend implements UserBackendInterface class ExternalBackend implements UserBackendInterface
{ {
/**
* Possible variables where to read the user from
*
* @var string[]
*/
public static $remoteUserEnvvars = array('REMOTE_USER', 'REDIRECT_REMOTE_USER');
/** /**
* The name of this backend * The name of this backend
* *
@ -55,7 +63,7 @@ class ExternalBackend implements UserBackendInterface
/** /**
* Get the remote user from environment or $_SERVER, if any * Get the remote user from environment or $_SERVER, if any
* *
* @param string $variable The name variable where to read the user from * @param string $variable The name of the variable where to read the user from
* *
* @return string|null * @return string|null
*/ */
@ -65,29 +73,46 @@ class ExternalBackend implements UserBackendInterface
if ($username !== false) { if ($username !== false) {
return $username; return $username;
} }
if (array_key_exists($variable, $_SERVER)) { if (array_key_exists($variable, $_SERVER)) {
return $_SERVER[$variable]; return $_SERVER[$variable];
} }
return null;
} }
/**
* Get the remote user information from environment or $_SERVER, if any
*
* @return array Contains always two entries, the username and origin which may both set to null.
*/
public static function getRemoteUserInformation()
{
foreach (static::$remoteUserEnvvars as $envVar) {
$username = static::getRemoteUser($envVar);
if ($username !== null) {
return array($username, $envVar);
}
}
return array(null, null);
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function authenticate(User $user, $password = null) public function authenticate(User $user, $password = null)
{ {
$username = static::getRemoteUser(); list($username, $field) = static::getRemoteUserInformation();
if ($username !== null) { if ($username !== null) {
$user->setExternalUserInformation($username, 'REMOTE_USER'); $user->setExternalUserInformation($username, $field);
if ($this->stripUsernameRegexp) { if ($this->stripUsernameRegexp) {
$stripped = preg_replace($this->stripUsernameRegexp, '', $username); $stripped = @preg_replace($this->stripUsernameRegexp, '', $username);
if ($stripped !== null) { if ($stripped === false) {
// TODO(el): PHP issues a warning when PHP cannot compile the regular expression. Should we log an Logger::error('Failed to strip external username. The configured regular expression is invalid.');
// additional message in that case? return false;
$username = $stripped;
} }
$username = $stripped;
} }
$user->setUsername($username); $user->setUsername($username);

5
modules/setup/application/forms/AdminAccountPage.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Module\Setup\Forms;
use Exception; use Exception;
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Authentication\User\ExternalBackend;
use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\UserBackend;
use Icinga\Authentication\User\DbUserBackend; use Icinga\Authentication\User\DbUserBackend;
use Icinga\Authentication\User\LdapUserBackend; use Icinga\Authentication\User\LdapUserBackend;
@ -269,8 +270,8 @@ class AdminAccountPage extends Form
*/ */
protected function getUsername() protected function getUsername()
{ {
$name = getenv('REMOTE_USER'); list($name, $_) = ExternalBackend::getRemoteUserInformation();
if ($name === false) { if ($name === null) {
return ''; return '';
} }

6
modules/setup/application/forms/AuthenticationPage.php
View File

@ -3,6 +3,7 @@
namespace Icinga\Module\Setup\Forms; namespace Icinga\Module\Setup\Forms;
use Icinga\Authentication\User\ExternalBackend;
use Icinga\Web\Form; use Icinga\Web\Form;
use Icinga\Application\Platform; use Icinga\Application\Platform;
@ -30,7 +31,9 @@ class AuthenticationPage extends Form
*/ */
public function createElements(array $formData) public function createElements(array $formData)
{ {
if (isset($formData['type']) && $formData['type'] === 'external' && getenv('REMOTE_USER') === false) { if (isset($formData['type']) && $formData['type'] === 'external') {
list($username, $_) = ExternalBackend::getRemoteUserInformation();
if ($username === null) {
$this->info( $this->info(
$this->translate( $this->translate(
'You\'re currently not authenticated using any of the web server\'s authentication ' 'You\'re currently not authenticated using any of the web server\'s authentication '
@ -40,6 +43,7 @@ class AuthenticationPage extends Form
false false
); );
} }
}
$backendTypes = array(); $backendTypes = array();
if (Platform::hasMysqlSupport() || Platform::hasPostgresqlSupport()) { if (Platform::hasMysqlSupport() || Platform::hasPostgresqlSupport()) {