From 64d9685260f93b5c2f18cc7abbc862575e5b2904 Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Thu, 19 Apr 2018 13:27:24 +0300
Subject: [PATCH] Add Sproxy backend

---
 .../Icinga/Authentication/User/SproxyBackend.php   | 51 ++++++++++++++++++++++
 library/Icinga/Authentication/User/UserBackend.php |  6 +++
 2 files changed, 57 insertions(+)
 create mode 100644 library/Icinga/Authentication/User/SproxyBackend.php

diff --git a/library/Icinga/Authentication/User/SproxyBackend.php b/library/Icinga/Authentication/User/SproxyBackend.php
new file mode 100644
index 0000000000..f36c362374
--- /dev/null
+++ b/library/Icinga/Authentication/User/SproxyBackend.php
@@ -0,0 +1,51 @@
+<?php
+/* 2016 Zalora South East Asia Pte. Ltd | GPLv2+ */
+
+namespace Icinga\Authentication\User;
+
+use Icinga\Data\ConfigObject;
+use Icinga\User;
+
+/**
+ * Login with Sproxy authentication mechanism.
+ * This is similar to the "external" backend.
+ *
+ * Sproxy provides at least two HTTP headers:
+ *
+ * "From" - the user's email address.
+ * "X-Groups" - a comma-separated list of the user's groups.
+ *
+ *
+ * See <https://hackage.haskell.org/package/sproxy2>,
+ *  or <https://github.com/ip1981/sproxy2>,
+ *  or <https://gitlab.com/ip1981/sproxy2>,
+ *  or <https://bitbucket.org/IgorPashev/sproxy2>.
+ */
+class SproxyBackend extends ExternalBackend
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function authenticate(User $user, $password = null)
+    {
+        if (! empty($_SERVER['HTTP_FROM'])) {
+            $email = $_SERVER['HTTP_FROM'];
+            $user->setUsername($email);
+            $user->setEmail($email);
+            $user->setExternalUserInformation($email, 'HTTP_FROM');
+
+            if (! empty($_SERVER['HTTP_X_GIVEN_NAME'])) {
+              $user->setFirstname($_SERVER['HTTP_X_GIVEN_NAME']);
+            }
+            if (! empty($_SERVER['HTTP_X_GROUPS'])) {
+              $user->setGroups(explode(',', $_SERVER['HTTP_X_GROUPS']));
+            }
+            if (! empty($_SERVER['HTTP_X_FAMILY_NAME'])) {
+              $user->setLastname($_SERVER['HTTP_X_FAMILY_NAME']);
+            }
+
+            return true;
+        }
+        return false;
+    }
+}
diff --git a/library/Icinga/Authentication/User/UserBackend.php b/library/Icinga/Authentication/User/UserBackend.php
index 8130c56cde..366b84fd4f 100644
--- a/library/Icinga/Authentication/User/UserBackend.php
+++ b/library/Icinga/Authentication/User/UserBackend.php
@@ -22,6 +22,7 @@ class UserBackend implements ConfigAwareFactory
      * @var array
      */
     protected static $defaultBackends = array(
+        'sproxy',
         'external',
         'db',
         'ldap',
@@ -176,6 +177,11 @@ public static function create($name, ConfigObject $backendConfig = null)
             $backend->setName($name);
             return $backend;
         }
+        if ($backendType === 'sproxy') {
+            $backend = new SproxyBackend($backendConfig);
+            $backend->setName($name);
+            return $backend;
+        }
         if (in_array($backendType, static::$defaultBackends)) {
             // The default backend check is the first one because of performance reasons:
             // Do not attempt to load a custom user backend unless it's actually required