1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
From 64d9685260f93b5c2f18cc7abbc862575e5b2904 Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Thu, 19 Apr 2018 13:27:24 +0300
Subject: [PATCH] Add Sproxy backend
---
.../Icinga/Authentication/User/SproxyBackend.php | 51 ++++++++++++++++++++++
library/Icinga/Authentication/User/UserBackend.php | 6 +++
2 files changed, 57 insertions(+)
create mode 100644 library/Icinga/Authentication/User/SproxyBackend.php
diff --git a/library/Icinga/Authentication/User/SproxyBackend.php b/library/Icinga/Authentication/User/SproxyBackend.php
new file mode 100644
index 0000000000..f36c362374
--- /dev/null
+++ b/library/Icinga/Authentication/User/SproxyBackend.php
@@ -0,0 +1,51 @@
+<?php
+/* 2016 Zalora South East Asia Pte. Ltd | GPLv2+ */
+
+namespace Icinga\Authentication\User;
+
+use Icinga\Data\ConfigObject;
+use Icinga\User;
+
+/**
+ * Login with Sproxy authentication mechanism.
+ * This is similar to the "external" backend.
+ *
+ * Sproxy provides at least two HTTP headers:
+ *
+ * "From" - the user's email address.
+ * "X-Groups" - a comma-separated list of the user's groups.
+ *
+ *
+ * See <https://hackage.haskell.org/package/sproxy2>,
+ * or <https://github.com/ip1981/sproxy2>,
+ * or <https://gitlab.com/ip1981/sproxy2>,
+ * or <https://bitbucket.org/IgorPashev/sproxy2>.
+ */
+class SproxyBackend extends ExternalBackend
+{
+ /**
+ * {@inheritdoc}
+ */
+ public function authenticate(User $user, $password = null)
+ {
+ if (! empty($_SERVER['HTTP_FROM'])) {
+ $email = $_SERVER['HTTP_FROM'];
+ $user->setUsername($email);
+ $user->setEmail($email);
+ $user->setExternalUserInformation($email, 'HTTP_FROM');
+
+ if (! empty($_SERVER['HTTP_X_GIVEN_NAME'])) {
+ $user->setFirstname($_SERVER['HTTP_X_GIVEN_NAME']);
+ }
+ if (! empty($_SERVER['HTTP_X_GROUPS'])) {
+ $user->setGroups(explode(',', $_SERVER['HTTP_X_GROUPS']));
+ }
+ if (! empty($_SERVER['HTTP_X_FAMILY_NAME'])) {
+ $user->setLastname($_SERVER['HTTP_X_FAMILY_NAME']);
+ }
+
+ return true;
+ }
+ return false;
+ }
+}
diff --git a/library/Icinga/Authentication/User/UserBackend.php b/library/Icinga/Authentication/User/UserBackend.php
index 8130c56cde..366b84fd4f 100644
--- a/library/Icinga/Authentication/User/UserBackend.php
+++ b/library/Icinga/Authentication/User/UserBackend.php
@@ -22,6 +22,7 @@ class UserBackend implements ConfigAwareFactory
* @var array
*/
protected static $defaultBackends = array(
+ 'sproxy',
'external',
'db',
'ldap',
@@ -176,6 +177,11 @@ public static function create($name, ConfigObject $backendConfig = null)
$backend->setName($name);
return $backend;
}
+ if ($backendType === 'sproxy') {
+ $backend = new SproxyBackend($backendConfig);
+ $backend->setName($name);
+ return $backend;
+ }
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user backend unless it's actually required
|
