diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php index 392a59d71..814f1366e 100644 --- a/library/Icinga/Authentication/Auth.php +++ b/library/Icinga/Authentication/Auth.php @@ -240,10 +240,10 @@ class Auth public function authenticateFromSession() { $this->user = Session::getSession()->get('user'); - if ($this->user !== null && $this->user->isExternalUser() === true) { + if ($this->user !== null && $this->user->isExternalUser()) { list($originUsername, $field) = $this->user->getExternalUserInformation(); - $username = getenv($field); // usually REMOTE_USER here - if ( !$username || $username !== $originUsername) { + $username = ExternalBackend::getRemoteUser($field); + if ($username === null || $username !== $originUsername) { $this->removeAuthorization(); } } diff --git a/library/Icinga/Authentication/User/ExternalBackend.php b/library/Icinga/Authentication/User/ExternalBackend.php index e2cb44716..3baf1c8e0 100644 --- a/library/Icinga/Authentication/User/ExternalBackend.php +++ b/library/Icinga/Authentication/User/ExternalBackend.php @@ -52,14 +52,33 @@ class ExternalBackend implements UserBackendInterface return $this; } + /** + * Get the remote user from environment or $_SERVER, if any + * + * @param string $variable The name variable where to read the user from + * + * @return string|null + */ + public static function getRemoteUser($variable = 'REMOTE_USER') + { + $username = getenv($variable); + if ($username !== false) { + return $username; + } + if (array_key_exists($variable, $_SERVER)) { + return $_SERVER[$variable]; + } + return null; + } + /** * {@inheritdoc} */ public function authenticate(User $user, $password = null) { - $username = getenv('REMOTE_USER'); - if ($username !== false) { + $username = static::getRemoteUser(); + if ($username !== null) { $user->setExternalUserInformation($username, 'REMOTE_USER'); if ($this->stripUsernameRegexp) {