[icinga-checkins] icinga.org: icingaweb2/bugfix/evaluate-redirect_remote_user-12164: External authentication: respect REDIRECT_REMOTE_USER as well

git at icinga.org git at icinga.org
Mon Oct 17 16:22:23 CEST 2016


Module: icingaweb2
Branch: bugfix/evaluate-redirect_remote_user-12164
Commit: 29c221418b4049aab1d20c316806a5440b312fae
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=29c221418b4049aab1d20c316806a5440b312fae

Author: Alexander A. Klimov <alexander.klimov at icinga.com>
Date:   Mon Oct 17 16:19:26 2016 +0200

External authentication: respect REDIRECT_REMOTE_USER as well

refs #12164

---

 .../Icinga/Authentication/User/ExternalBackend.php |   20 +++++++++++---------
 .../setup/application/forms/AdminAccountPage.php   |    5 +++--
 .../setup/application/forms/AuthenticationPage.php |    4 +++-
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/library/Icinga/Authentication/User/ExternalBackend.php b/library/Icinga/Authentication/User/ExternalBackend.php
index 3baf1c8..7e9f7ba 100644
--- a/library/Icinga/Authentication/User/ExternalBackend.php
+++ b/library/Icinga/Authentication/User/ExternalBackend.php
@@ -55,18 +55,20 @@ class ExternalBackend implements UserBackendInterface
     /**
      * Get the remote user from environment or $_SERVER, if any
      *
-     * @param   string  $variable   The name variable where to read the user from
+     * @param   string|null $variable   The name variable where to read the user from
      *
      * @return  string|null
      */
     public static function getRemoteUser($variable = 'REMOTE_USER')
     {
-        $username = getenv($variable);
-        if ($username !== false) {
-            return $username;
-        }
-        if (array_key_exists($variable, $_SERVER)) {
-            return $_SERVER[$variable];
+        foreach (($variable === null ? array('REMOTE_USER', 'REDIRECT_REMOTE_USER') : array($variable)) as $variable) {
+            $username = getenv($variable);
+            if ($username !== false) {
+                return $username;
+            }
+            if (array_key_exists($variable, $_SERVER)) {
+                return $_SERVER[$variable];
+            }
         }
         return null;
     }
@@ -77,9 +79,9 @@ class ExternalBackend implements UserBackendInterface
      */
     public function authenticate(User $user, $password = null)
     {
-        $username = static::getRemoteUser();
+        $username = static::getRemoteUser(null);
         if ($username !== null) {
-            $user->setExternalUserInformation($username, 'REMOTE_USER');
+            $user->setExternalUserInformation($username, null);
 
             if ($this->stripUsernameRegexp) {
                 $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
diff --git a/modules/setup/application/forms/AdminAccountPage.php b/modules/setup/application/forms/AdminAccountPage.php
index 439a3be..6e8fe26 100644
--- a/modules/setup/application/forms/AdminAccountPage.php
+++ b/modules/setup/application/forms/AdminAccountPage.php
@@ -5,6 +5,7 @@ namespace Icinga\Module\Setup\Forms;
 
 use Exception;
 use Icinga\Application\Config;
+use Icinga\Authentication\User\ExternalBackend;
 use Icinga\Authentication\User\UserBackend;
 use Icinga\Authentication\User\DbUserBackend;
 use Icinga\Authentication\User\LdapUserBackend;
@@ -269,8 +270,8 @@ class AdminAccountPage extends Form
      */
     protected function getUsername()
     {
-        $name = getenv('REMOTE_USER');
-        if ($name === false) {
+        $name = ExternalBackend::getRemoteUser(null);
+        if ($name === null) {
             return '';
         }
 
diff --git a/modules/setup/application/forms/AuthenticationPage.php b/modules/setup/application/forms/AuthenticationPage.php
index 132f937..d90b52a 100644
--- a/modules/setup/application/forms/AuthenticationPage.php
+++ b/modules/setup/application/forms/AuthenticationPage.php
@@ -3,6 +3,7 @@
 
 namespace Icinga\Module\Setup\Forms;
 
+use Icinga\Authentication\User\ExternalBackend;
 use Icinga\Web\Form;
 use Icinga\Application\Platform;
 
@@ -30,7 +31,8 @@ class AuthenticationPage extends Form
      */
     public function createElements(array $formData)
     {
-        if (isset($formData['type']) && $formData['type'] === 'external' && getenv('REMOTE_USER') === false) {
+        if (isset($formData['type']) && $formData['type'] === 'external'
+            && ExternalBackend::getRemoteUser(null) === null) {
             $this->info(
                 $this->translate(
                     'You\'re currently not authenticated using any of the web server\'s authentication '



More information about the icinga-checkins mailing list