grocy/middleware/ReverseProxyAuthMiddleware.php

<?php

namespace Grocy\Middleware;

use Grocy\Services\DatabaseService;
use Grocy\Services\UsersService;
use Psr\Http\Message\ServerRequestInterface as Request;

class ReverseProxyAuthMiddleware extends AuthMiddleware
{
	public function authenticate(Request $request)
	{
		define('GROCY_EXTERNALLY_MANAGED_AUTHENTICATION', true);

		$db = DatabaseService::getInstance()->GetDbConnection();

		// API key authentication is also ok
		$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);
		$user = $auth->authenticate($request);
		if ($user !== null)
		{
			return $user;
		}

		if (GROCY_REVERSE_PROXY_AUTH_USE_ENV)
		{
			if (!isset($_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER]))
			{
				// Variable is not set
				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is missing (could not be found in $_SERVER array)');
			}

			$username = $_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER];
			if (strlen($username) === 0)
			{
				// Variable is empty
				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is invalid');
			}
		}
		else
		{
			$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);
			if (count($username) !== 1)
			{
				// Invalid configuration of Proxy
				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');
			}
			$username = $username[0];
		}

		$user = $db->users()->where('username', $username)->fetch();
		if ($user == null)
		{
			$user = UsersService::getInstance()->CreateUser($username, '', '', '');
		}

		return $user;
	}

	public static function ProcessLogin(array $postParams)
	{
		throw new \Exception('Not implemented');
	}
}
Refactor Authentication and add proxy-authentication (#921) * Refactor Authentication-Middlewares * Add Proxy-Authentication * Disable "Logout" & "Manage Users" when using ProxyAuth * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de> 2020-08-19 19:23:13 +02:00			`<?php`

			`namespace Grocy\Middleware;`

			`use Grocy\Services\DatabaseService;`
			`use Grocy\Services\UsersService;`
Applied PHP formatting rules 2020-08-31 20:40:31 +02:00			`use Psr\Http\Message\ServerRequestInterface as Request;`
Refactor Authentication and add proxy-authentication (#921) * Refactor Authentication-Middlewares * Add Proxy-Authentication * Disable "Logout" & "Manage Users" when using ProxyAuth * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de> 2020-08-19 19:23:13 +02:00
			`class ReverseProxyAuthMiddleware extends AuthMiddleware`
			`{`
Applied PHP-CS-Fixer rules 2020-09-01 21:29:47 +02:00			`public function authenticate(Request $request)`
Applied EditorConfig settings to all files 2020-08-29 16:41:27 +02:00			`{`
Reworked authentication related menu item handling (fixes #1462) 2021-07-03 19:40:42 +02:00			`define('GROCY_EXTERNALLY_MANAGED_AUTHENTICATION', true);`
Allow API keys in ReverseProxyAuthMiddleware (closes #1216) 2020-12-24 10:00:51 +01:00
Reworked authentication related menu item handling (fixes #1462) 2021-07-03 19:40:42 +02:00			`$db = DatabaseService::getInstance()->GetDbConnection();`
Applied EditorConfig settings to all files 2020-08-29 16:41:27 +02:00
Allow API keys in ReverseProxyAuthMiddleware (closes #1216) 2020-12-24 10:00:51 +01:00			`// API key authentication is also ok`
			`$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory);`
			`$user = $auth->authenticate($request);`
			`if ($user !== null)`
			`{`
			`return $user;`
			`}`
Applied EditorConfig settings to all files 2020-08-29 16:41:27 +02:00
Added support for reading auth header from env variable (#1746) * Added support for reading auth header from env variable * Check if variable is set, more accurate error description * Formatting Co-authored-by: Bernd Bestel <bernd@berrnd.de> 2022-01-16 14:46:04 +01:00			`if (GROCY_REVERSE_PROXY_AUTH_USE_ENV)`
Applied EditorConfig settings to all files 2020-08-29 16:41:27 +02:00			`{`
Added support for reading auth header from env variable (#1746) * Added support for reading auth header from env variable * Check if variable is set, more accurate error description * Formatting Co-authored-by: Bernd Bestel <bernd@berrnd.de> 2022-01-16 14:46:04 +01:00			`if (!isset($_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER]))`
			`{`
			`// Variable is not set`
			`throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is missing (could not be found in $_SERVER array)');`
			`}`

			`$username = $_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER];`
			`if (strlen($username) === 0)`
			`{`
			`// Variable is empty`
			`throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is invalid');`
			`}`
			`}`
			`else`
			`{`
			`$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER);`
			`if (count($username) !== 1)`
			`{`
			`// Invalid configuration of Proxy`
			`throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid');`
			`}`
			`$username = $username[0];`
Applied EditorConfig settings to all files 2020-08-29 16:41:27 +02:00			`}`

			`$user = $db->users()->where('username', $username)->fetch();`
			`if ($user == null)`
			`{`
			`$user = UsersService::getInstance()->CreateUser($username, '', '', '');`
			`}`

			`return $user;`
			`}`
More authentication refactoring to also provide "plugable" credentials handling (references #921, needed for #305) 2020-10-19 18:38:12 +02:00
			`public static function ProcessLogin(array $postParams)`
			`{`
			`throw new \Exception('Not implemented');`
			`}`
Refactor Authentication and add proxy-authentication (#921) * Refactor Authentication-Middlewares * Add Proxy-Authentication * Disable "Logout" & "Manage Users" when using ProxyAuth * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de> 2020-08-19 19:23:13 +02:00			`}`