2022-03-19 00:14:20 +01:00
|
|
|
<?php
|
|
|
|
|
|
2022-03-24 14:58:30 +01:00
|
|
|
// Largely inspired by Firefly III remote user implementation (https://github.com/firefly-iii)
|
|
|
|
|
// See https://github.com/firefly-iii/firefly-iii/blob/main/app/Support/Authentication/RemoteUserGuard.php
|
|
|
|
|
|
2022-03-19 00:14:20 +01:00
|
|
|
namespace App\Services\Auth;
|
|
|
|
|
|
|
|
|
|
use Illuminate\Contracts\Auth\Guard;
|
|
|
|
|
use Illuminate\Contracts\Auth\UserProvider;
|
2022-09-07 17:58:34 +02:00
|
|
|
use Illuminate\Auth\GuardHelpers;
|
2022-03-19 00:14:20 +01:00
|
|
|
use Illuminate\Support\Facades\Log;
|
|
|
|
|
|
|
|
|
|
class ReverseProxyGuard implements Guard
|
|
|
|
|
{
|
2022-09-07 17:58:34 +02:00
|
|
|
use GuardHelpers;
|
|
|
|
|
|
2022-03-19 00:14:20 +01:00
|
|
|
/**
|
|
|
|
|
* The currently authenticated user.
|
|
|
|
|
*
|
2022-09-07 17:58:34 +02:00
|
|
|
* @var \Illuminate\Contracts\Auth\Authenticatable|null
|
2022-03-19 00:14:20 +01:00
|
|
|
*/
|
|
|
|
|
protected $user;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create a new authentication guard.
|
|
|
|
|
*
|
2022-08-26 15:57:18 +02:00
|
|
|
* @param \Illuminate\Contracts\Auth\UserProvider $provider
|
2022-03-19 00:14:20 +01:00
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function __construct(UserProvider $provider)
|
|
|
|
|
{
|
|
|
|
|
$this->provider = $provider;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @inheritDoc
|
|
|
|
|
*/
|
|
|
|
|
public function user()
|
|
|
|
|
{
|
|
|
|
|
// If we've already retrieved the user for the current request we can just
|
|
|
|
|
// return it back immediately. We do not want to fetch the user data on
|
|
|
|
|
// every call to this method because that would be tremendously slow.
|
2022-09-07 17:58:34 +02:00
|
|
|
if (! is_null($this->user)) {
|
2022-03-19 00:14:20 +01:00
|
|
|
return $this->user;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the user identifier from $_SERVER or apache filtered headers
|
2022-05-18 23:42:30 +02:00
|
|
|
$remoteUserHeader = config('auth.auth_proxy_headers.user');
|
|
|
|
|
$remoteUserHeader = $remoteUserHeader ?: 'REMOTE_USER';
|
2022-08-26 15:57:18 +02:00
|
|
|
$identifier = array();
|
2022-03-19 00:14:20 +01:00
|
|
|
|
2022-03-31 08:38:35 +02:00
|
|
|
try {
|
|
|
|
|
$identifier['user'] = request()->server($remoteUserHeader) ?? apache_request_headers()[$remoteUserHeader] ?? null;
|
|
|
|
|
}
|
|
|
|
|
catch (\Throwable $e) {
|
|
|
|
|
$identifier['user'] = null;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-18 23:42:30 +02:00
|
|
|
if (!$identifier['user'] || is_array($identifier['user'])) {
|
|
|
|
|
Log::error(sprintf('Proxy remote-user header "%s" is empty or missing.', $remoteUserHeader));
|
2022-03-19 00:14:20 +01:00
|
|
|
return $this->user = null;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-24 14:58:30 +01:00
|
|
|
// Get the email identifier from $_SERVER
|
|
|
|
|
$remoteEmailHeader = config('auth.auth_proxy_headers.email');
|
|
|
|
|
|
|
|
|
|
if ($remoteEmailHeader) {
|
2022-03-31 08:38:35 +02:00
|
|
|
try {
|
|
|
|
|
$remoteEmail = (string)(request()->server($remoteEmailHeader) ?? apache_request_headers()[$remoteEmailHeader] ?? null);
|
|
|
|
|
}
|
|
|
|
|
catch (\Throwable $e) {
|
|
|
|
|
$remoteEmail = null;
|
|
|
|
|
}
|
2022-03-24 14:58:30 +01:00
|
|
|
|
|
|
|
|
if ($remoteEmail) {
|
|
|
|
|
$identifier['email'] = $remoteEmail;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-07 17:58:34 +02:00
|
|
|
return $this->user = $this->provider->retrieveById($identifier);
|
2022-03-19 00:14:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validate a user's credentials.
|
|
|
|
|
*
|
|
|
|
|
* @param array $credentials
|
2022-09-07 17:58:34 +02:00
|
|
|
* @return bool
|
2022-03-31 08:38:35 +02:00
|
|
|
*
|
|
|
|
|
* @codeCoverageIgnore
|
2022-03-19 00:14:20 +01:00
|
|
|
*/
|
|
|
|
|
public function validate(array $credentials = [])
|
|
|
|
|
{
|
2022-09-07 17:58:34 +02:00
|
|
|
return $this->check();
|
2022-03-19 00:14:20 +01:00
|
|
|
}
|
|
|
|
|
}
|
