Simple plugin to allow custom headers. Don’t judge my php, I’ve been drinking.
I left the author alone cuz its a copy of auth_remote. Works great in docker (k8s) with TTRSS_AUTH_HEADER_USERNAME=HTTP_X_WHATEVER_HEADER_USER
. The fullname is untested but email worked.
<?php
class Auth_Header extends Auth_Base {
/** redirect user to this URL after logout; .env:
* TTRSS_AUTH_HEADER_POST_LOGOUT_URL=http://127.0.0.1/logout-redirect
*/
const AUTH_HEADER_POST_LOGOUT_URL = "AUTH_HEADER_POST_LOGOUT_URL";
const AUTH_HEADER_EXTERNAL_USERNAME = "AUTH_HEADER_EXTERNAL_USERNAME";
const AUTH_HEADER_EXTERNAL_FULLNAME = "AUTH_HEADER_EXTERNAL_FULLNAME";
const AUTH_HEADER_EXTERNAL_EMAIL = "AUTH_HEADER_EXTERNAL_EMAIL";
function about() {
return array(null,
"Authenticates against external passwords (HTTP Authentication) via header",
"fox?",
true);
}
function init($host) {
$host->add_hook($host::HOOK_AUTH_USER, $this);
Config::add(self::AUTH_HEADER_POST_LOGOUT_URL, "", Config::T_STRING);
Config::add(self::AUTH_HEADER_EXTERNAL_USERNAME, "REMOTE_USER", Config::T_STRING);
Config::add(self::AUTH_HEADER_EXTERNAL_FULLNAME, "HTTP_USER", Config::T_STRING);
Config::add(self::AUTH_HEADER_EXTERNAL_EMAIL, "HTTP_USER_MAIL", Config::T_STRING);
if (Config::get(self::AUTH_HEADER_POST_LOGOUT_URL) != "") {
$host->add_hook($host::HOOK_POST_LOGOUT, $this);
}
}
function authenticate($login, $password, $service = '') {
$try_login = "";
if (!empty($_SERVER[Config::get(self::AUTH_HEADER_EXTERNAL_USERNAME)])) {
$try_login = $_SERVER[Config::get(self::AUTH_HEADER_EXTERNAL_USERNAME)];
}
if ($try_login) {
$user_id = $this->auto_create_user($try_login, $password);
if ($user_id) {
$_SESSION["fake_login"] = $try_login;
$_SESSION["fake_password"] = "******";
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
$_SESSION["bw_limit"] = false;
// LemonLDAP can send user informations via HTTP HEADER
if (Config::get(Config::AUTH_AUTO_CREATE)) {
// update user name
$fullname = isset($_SERVER[Config::get(self::AUTH_HEADER_EXTERNAL_FULLNAME)]) ? $_SERVER[Config::get(self::AUTH_HEADER_EXTERNAL_FULLNAME)] : "";
if ($fullname){
$sth = $this->pdo->prepare("UPDATE ttrss_users SET full_name = ? WHERE id = ?");
$sth->execute([$fullname, $user_id]);
}
// update user mail
$email = isset($_SERVER[Config::get(self::AUTH_HEADER_EXTERNAL_EMAIL)]) ? $_SERVER[Config::get(self::AUTH_HEADER_EXTERNAL_EMAIL)] : "";
if ($email){
$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ? WHERE id = ?");
$sth->execute([$email, $user_id]);
}
}
return $user_id;
}
}
return false;
}
function hook_post_logout($login, $user_id) {
return [
Config::get(self::AUTH_HEADER_POST_LOGOUT_URL)
];
}
function api_version() {
return 2;
}
}