From 3dcef9aac9dfd7edc85e1160c296106b9579f572 Mon Sep 17 00:00:00 2001
From: Martin Berg <2682426+mbrrg@users.noreply.github.com>
Date: Tue, 3 Sep 2019 20:07:26 +0200
Subject: [PATCH] Add support for custom remote user header (#7370)

---
 app/Http/Controllers/Auth/LoginController.php |  5 +--
 app/Http/Controllers/SettingsController.php   |  1 +
 app/Models/Setting.php                        |  1 +
 ...0_084049_add_custom_remote_user_header.php | 32 +++++++++++++++++++
 resources/lang/en/admin/settings/general.php  |  2 ++
 .../lang/sv-SE/admin/settings/general.php     |  2 ++
 resources/views/settings/security.blade.php   |  7 ++++
 7 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 database/migrations/2019_08_20_084049_add_custom_remote_user_header.php

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 6dc691be9..f53c8e2f2 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -99,9 +99,10 @@ class LoginController extends Controller
 
     private function loginViaRemoteUser(Request $request)
     {
-        $remote_user = $request->server('REMOTE_USER');
+        $header_name = Setting::getSettings()->login_remote_user_header_name ?: 'REMOTE_USER';
+        $remote_user = $request->server($header_name);
         if (Setting::getSettings()->login_remote_user_enabled == "1" && isset($remote_user) && !empty($remote_user)) {
-            Log::debug("Authenticatiing via REMOTE_USER.");
+            Log::debug("Authenticating via HTTP header $header_name.");
 
             $pos = strpos($remote_user, '\\');
             if ($pos > 0) {
diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
index d9f4f3deb..0af5eb742 100755
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -572,6 +572,7 @@ class SettingsController extends Controller
             $setting->login_remote_user_enabled           = (int) $request->input('login_remote_user_enabled');
             $setting->login_common_disabled               = (int) $request->input('login_common_disabled');
             $setting->login_remote_user_custom_logout_url = $request->input('login_remote_user_custom_logout_url');
+            $setting->login_remote_user_header_name = $request->input('login_remote_user_header_name');
         }
 
         $setting->pwd_secure_uncommon   = (int) $request->input('pwd_secure_uncommon');
diff --git a/app/Models/Setting.php b/app/Models/Setting.php
index 437938423..96de9fdfb 100755
--- a/app/Models/Setting.php
+++ b/app/Models/Setting.php
@@ -71,6 +71,7 @@ class Setting extends Model
           'login_remote_user_enabled'           => 'numeric|nullable',
           'login_common_disabled'               => 'numeric|nullable',
           'login_remote_user_custom_logout_url' => 'string|nullable',
+          'login_remote_user_header_name'       => 'string|nullable',
           'thumbnail_max_h'                     => 'numeric|max:500|min:25',
           'pwd_secure_min'                      => 'numeric|required|min:5',
           'audit_warning_days'                  => 'numeric|nullable',
diff --git a/database/migrations/2019_08_20_084049_add_custom_remote_user_header.php b/database/migrations/2019_08_20_084049_add_custom_remote_user_header.php
new file mode 100644
index 000000000..81b8b94f5
--- /dev/null
+++ b/database/migrations/2019_08_20_084049_add_custom_remote_user_header.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddCustomRemoteUserHeader extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('settings', function (Blueprint $table) {
+            $table->string('login_remote_user_header_name')->default("");
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('settings', function (Blueprint $table) {
+            $table->dropColumn('login_remote_user_header_name');
+        });
+    }
+}
diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
index c6717fda7..26b75e073 100644
--- a/resources/lang/en/admin/settings/general.php
+++ b/resources/lang/en/admin/settings/general.php
@@ -94,6 +94,8 @@ return array(
     'login_common_disabled_help' => 'This option disables other authentication mechanisms. Just enable this option if you are sure that your REMOTE_USER login is already working',
     'login_remote_user_custom_logout_url_text' => 'Custom logout URL',
     'login_remote_user_custom_logout_url_help' => 'If a url is provided here, users will get redirected to this URL after the user logs out of Snipe-IT. This is useful to close the user sessions of your Authentication provider correctly.',
+    'login_remote_user_header_name_text' => 'Custom user name header',
+    'login_remote_user_header_name_help' => 'Use the specified header instead of REMOTE_USER',
     'logo'                    	=> 'Logo',
     'logo_print_assets'         => 'Use in Print',
     'logo_print_assets_help'    => 'Use branding on printable asset lists ',
diff --git a/resources/lang/sv-SE/admin/settings/general.php b/resources/lang/sv-SE/admin/settings/general.php
index b72ed688f..e505fd4e6 100644
--- a/resources/lang/sv-SE/admin/settings/general.php
+++ b/resources/lang/sv-SE/admin/settings/general.php
@@ -87,6 +87,8 @@ return array(
     'login_common_disabled_help' => 'This option disables other authentication mechanisms. Just enable this option if you are sure that your REMOTE_USER login is already working',
     'login_remote_user_custom_logout_url_text' => 'Anpassad logga ut URL',
     'login_remote_user_custom_logout_url_help' => 'Om en URL tillhandahålls här kommer användarna att omdirigeras till den här webbadressen efter att användaren loggat ut från Snipe-IT. Det här är användbart för att stänga användarsessionerna i din autentiseringsleverantör korrekt.',
+    'login_remote_user_header_name_text' => 'Anpassat headernamn',
+    'login_remote_user_header_name_help' => 'Använd en annan header för inloggning än REMOTE_USER',
     'logo'                    	=> 'Logotyp',
     'logo_print_assets'         => 'Använd vid utskrift',
     'logo_print_assets_help'    => 'Använda branding på utskrivbara tillgångs-listor ',
diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php
index e9589b169..bf17493b2 100644
--- a/resources/views/settings/security.blade.php
+++ b/resources/views/settings/security.blade.php
@@ -133,6 +133,13 @@
                                     <p class="help-block">
                                         {{ trans('admin/settings/general.login_remote_user_enabled_help') }}
                                     </p>
+                                    <!-- Use custom remote user header name -->
+                                    {{ Form::label('login_remote_user_header_name',  trans('admin/settings/general.login_remote_user_header_name_text')) }}
+                                    {{ Form::text('login_remote_user_header_name', Input::old('login_remote_user_header_name', $setting->login_remote_user_header_name),array('class' => 'form-control')) }}
+                                    {!! $errors->first('login_remote_user_header_name', '<span class="alert-msg">:message</span>') !!}
+                                    <p class="help-block">
+                                        {{ trans('admin/settings/general.login_remote_user_header_name_help') }}
+                                    </p>
                                     <!-- Custom logout url to redirect to authentication provider -->
                                     {{ Form::label('login_remote_user_custom_logout_url',  trans('admin/settings/general.login_remote_user_custom_logout_url_text')) }}
                                     {{ Form::text('login_remote_user_custom_logout_url', Input::old('login_remote_user_custom_logout_url', $setting->login_remote_user_custom_logout_url),array('class' => 'form-control')) }}