From a033d1498d28a09123dcbd5790c7709318e1eff3 Mon Sep 17 00:00:00 2001 From: James Brooks Date: Thu, 3 Jan 2019 19:45:43 +0000 Subject: [PATCH] Add support for authentication via REMOTE_USER --- .../Providers/RouteServiceProvider.php | 4 +- app/Http/Kernel.php | 22 +++++----- .../Middleware/RemoteUserAuthenticate.php | 44 +++++++++++++++++++ 3 files changed, 59 insertions(+), 11 deletions(-) create mode 100644 app/Http/Middleware/RemoteUserAuthenticate.php diff --git a/app/Foundation/Providers/RouteServiceProvider.php b/app/Foundation/Providers/RouteServiceProvider.php index 9a17c2a6..26171a78 100644 --- a/app/Foundation/Providers/RouteServiceProvider.php +++ b/app/Foundation/Providers/RouteServiceProvider.php @@ -28,6 +28,7 @@ use Illuminate\Routing\Middleware\SubstituteBindings; use Illuminate\Routing\Router; use Illuminate\Session\Middleware\StartSession; use Illuminate\View\Middleware\ShareErrorsFromSession; +use CachetHQ\Cachet\Http\Middleware\RemoteUserAuthenticate; /** * This is the route service provider. @@ -149,9 +150,10 @@ class RouteServiceProvider extends ServiceProvider VerifyCsrfToken::class, SubstituteBindings::class, ]; - + if ($applyAlwaysAuthenticate && !$this->isWhiteListedAuthRoute($routes)) { $middleware[] = Authenticate::class; + $middleware[] = RemoteUserAuthenticate::class; } $router->group(['middleware' => $middleware], function (Router $router) use ($routes) { diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 775f4691..565e064b 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -24,6 +24,7 @@ use CachetHQ\Cachet\Http\Middleware\TrustProxies; use Illuminate\Auth\Middleware\Authorize; use Illuminate\Foundation\Http\Kernel as HttpKernel; use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode; +use CachetHQ\Cachet\Http\Middleware\RemoteUserAuthenticate; class Kernel extends HttpKernel { @@ -43,15 +44,16 @@ class Kernel extends HttpKernel * @var array */ protected $routeMiddleware = [ - 'admin' => Admin::class, - 'can' => Authorize::class, - 'auth' => Authenticate::class, - 'auth.api' => ApiAuthentication::class, - 'guest' => RedirectIfAuthenticated::class, - 'localize' => Localize::class, - 'ready' => ReadyForUse::class, - 'setup' => SetupAlreadyCompleted::class, - 'subscribers' => SubscribersConfigured::class, - 'throttle' => ThrottlingMiddleware::class, + 'admin' => Admin::class, + 'can' => Authorize::class, + 'auth' => Authenticate::class, + 'auth.api' => ApiAuthentication::class, + 'auth.remoteuser' => RemoteUserAuthenticate::class, + 'guest' => RedirectIfAuthenticated::class, + 'localize' => Localize::class, + 'ready' => ReadyForUse::class, + 'setup' => SetupAlreadyCompleted::class, + 'subscribers' => SubscribersConfigured::class, + 'throttle' => ThrottlingMiddleware::class, ]; } diff --git a/app/Http/Middleware/RemoteUserAuthenticate.php b/app/Http/Middleware/RemoteUserAuthenticate.php new file mode 100644 index 00000000..5bf6cf7f --- /dev/null +++ b/app/Http/Middleware/RemoteUserAuthenticate.php @@ -0,0 +1,44 @@ +auth = $auth; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * + * @return mixed + */ + public function handle(Request $request, Closure $next) + { + if ($remoteUser = $request->server('REMOTE_USER')) { + $user = User::where('email', '=', $remoteUser)->first(); + + if ($user instanceof User && $this->auth->guest()) { + $this->auth->login($user); + } + } + + return $next($request); + } +}