extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-04-01 19:36:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix #84 - Reverse proxy guard authenticates even with invalid headers

Browse Source
This commit is contained in:
Bubka 2022-05-18 23:42:30 +02:00
parent c2edd69c54
commit 0199ad3a77
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Services/Auth/ReverseProxyGuard.php
View File

@ -69,7 +69,8 @@ public function user()
$user = null;
// Get the user identifier from $_SERVER or apache filtered headers
$remoteUserHeader = config('auth.auth_proxy_headers.user', 'REMOTE_USER');
$remoteUserHeader = config('auth.auth_proxy_headers.user');
$remoteUserHeader = $remoteUserHeader ?: 'REMOTE_USER';
try {
$identifier['user'] = request()->server($remoteUserHeader) ?? apache_request_headers()[$remoteUserHeader] ?? null;
@ -78,8 +79,8 @@ public function user()
$identifier['user'] = null;
}
if (! $identifier['user']) {
Log::error(sprintf('No user in header "%s".', $remoteUserHeader));
if (!$identifier['user'] || is_array($identifier['user'])) {
Log::error(sprintf('Proxy remote-user header "%s" is empty or missing.', $remoteUserHeader));
return $this->user = null;
}