HomeLab/ldap-user-manager
2
0
Fork 0
mirror of https://github.com/wheelybird/ldap-user-manager.git synced 2025-01-18 23:42:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Feature/http header username (#120)

Browse Source 
* Implement Remote Headers Auth

* Hide Logout on Remote Sessions

* Add Explanation for REMOTRE_HTTP_HEADERS_LOGIN settiing

Co-authored-by: Damian Galli <damian.galli@galli.site>
This commit is contained in:
Damian Galli 2022-03-09 17:00:44 +01:00 committed by GitHub
parent 4de7877b19
commit 4e01a09399
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -157,6 +157,7 @@ These settings should only be changed if you're trying to make the user manager
* `ACCEPT_WEAK_PASSWORDS` (default: *FALSE*): Set this to *TRUE* to prevent a password being rejected for being too weak. The password strength indicators will still gauge the strength of the password. Don't enable this in a production environment. * `ACCEPT_WEAK_PASSWORDS` (default: *FALSE*): Set this to *TRUE* to prevent a password being rejected for being too weak. The password strength indicators will still gauge the strength of the password. Don't enable this in a production environment.
* `REMOTE_HTTP_HEADERS_LOGIN`(default: *FALSE*) Enables session managment from a external Service like Authelia. This setting compromisses your security if your not using a Auth-Proxy infront of this application
#### Email sending settings #### Email sending settings

6
www/includes/config.inc.php
View File

@ -110,6 +110,12 @@
### ###
###
$REMOTE_HTTP_HEADERS_LOGIN = ((strcasecmp(getenv('REMOTE_HTTP_HEADERS_LOGIN'),'TRUE') == 0) ? TRUE : FALSE);
###
$errors = ""; $errors = "";
if (empty($LDAP['uri'])) { if (empty($LDAP['uri'])) {

4
www/includes/modules.inc.php
View File

@ -11,11 +11,13 @@
'log_in' => 'hidden_on_login', 'log_in' => 'hidden_on_login',
'change_password' => 'auth', 'change_password' => 'auth',
'account_manager' => 'admin', 'account_manager' => 'admin',
'log_out' => 'auth'
); );
if ($ACCOUNT_REQUESTS_ENABLED == TRUE) { if ($ACCOUNT_REQUESTS_ENABLED == TRUE) {
$MODULES['request_account'] = 'hidden_on_login'; $MODULES['request_account'] = 'hidden_on_login';
} }
if (!$REMOTE_HTTP_HEADERS_LOGIN) {
$MODULES['log_out'] = 'auth';
}
?> ?>

17
www/includes/web_functions.inc.php
View File

@ -1,5 +1,4 @@
<?php <?php
#Security level vars #Security level vars
$VALIDATED = FALSE; $VALIDATED = FALSE;
@ -45,8 +44,12 @@ $DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT),
validate_passkey_cookie(); validate_passkey_cookie();
if($REMOTE_HTTP_HEADERS_LOGIN) {
login_via_headers();
} else {
validate_passkey_cookie();
}
###################################################### ######################################################
function generate_passkey() { function generate_passkey() {
$rnd1 = rand(10000000, (int)100000000000); $rnd1 = rand(10000000, (int)100000000000);
@ -84,7 +87,16 @@ function set_passkey_cookie($user_id,$is_admin) {
$VALIDATED = TRUE; $VALIDATED = TRUE;
} }
function login_via_headers() {
global $IS_ADMIN, $USER_ID, $VALIDATED, $LDAP;
//['admins_group'];
$USER_ID = $_SERVER['HTTP_REMOTE_USER'];
$remote_groups = explode(',',$_SERVER['HTTP_REMOTE_GROUPS']);
$IS_ADMIN = in_array($LDAP['admins_group'],$remote_groups);
// users are always validated as we assume, that the auth server does this
$VALIDATED = true;
}
###################################################### ######################################################
@ -136,7 +148,6 @@ function validate_passkey_cookie() {
} }
} }
} }
} }