aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWill Norris <will@willnorris.com>2022-08-15 23:30:27 -0700
committerGitHub <noreply@github.com>2022-08-16 14:30:27 +0800
commit82f89ff996b40e30a7790d13dfa5fa8949a6d620 (patch)
tree14a6e7016178e346a798d6c30af382d35b71d3f7
parent1f146090ecbd9876ed41ddccc4d05ee1bedbb48e (diff)
downloadgitea-82f89ff996b40e30a7790d13dfa5fa8949a6d620.tar.gz
gitea-82f89ff996b40e30a7790d13dfa5fa8949a6d620.zip
auth/reverseproxy: Add support for full name (#20776)
This adds support for getting the user's full name from the reverse proxy in addition to username and email. Tested locally with caddy serving as reverse proxy with Tailscale authentication. Signed-off-by: Will Norris <will@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
-rw-r--r--custom/conf/app.example.ini4
-rw-r--r--docs/content/doc/advanced/config-cheat-sheet.en-us.md4
-rw-r--r--modules/setting/service.go2
-rw-r--r--modules/setting/setting.go2
-rw-r--r--routers/web/admin/admin.go1
-rw-r--r--services/auth/reverseproxy.go10
6 files changed, 20 insertions, 3 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index dd4d5a4cbb..5e612fb428 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -377,9 +377,10 @@ INTERNAL_TOKEN=
;; Name of cookie used to store authentication information.
;COOKIE_REMEMBER_NAME = gitea_incredible
;;
-;; Reverse proxy authentication header name of user name and email
+;; Reverse proxy authentication header name of user name, email, and full name
;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME
;;
;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
;REVERSE_PROXY_LIMIT = 1
@@ -694,6 +695,7 @@ ROUTER = console
;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
;ENABLE_REVERSE_PROXY_EMAIL = false
+;ENABLE_REVERSE_PROXY_FULL_NAME = false
;;
;; Enable captcha validation for registration
;ENABLE_CAPTCHA = false
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index 2cd4795e68..37f887d4aa 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -492,6 +492,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
authentication.
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
authentication provided email.
+- `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`: **X-WEBAUTH-FULLNAME**: Header name for reverse proxy
+ authentication provided full name.
- `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
Number of trusted proxy count. Set to zero to not use these headers.
- `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
@@ -577,6 +579,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
for reverse authentication.
- `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
provided email rather than a generated email.
+- `ENABLE_REVERSE_PROXY_FULL_NAME`: **false**: Enable this to allow to auto-registration with a
+ provided full name for the user.
- `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
- `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA`.
diff --git a/modules/setting/service.go b/modules/setting/service.go
index af8a72cc6d..10e3899950 100644
--- a/modules/setting/service.go
+++ b/modules/setting/service.go
@@ -38,6 +38,7 @@ var Service = struct {
EnableReverseProxyAuth bool
EnableReverseProxyAutoRegister bool
EnableReverseProxyEmail bool
+ EnableReverseProxyFullName bool
EnableCaptcha bool
RequireExternalRegistrationCaptcha bool
RequireExternalRegistrationPassword bool
@@ -127,6 +128,7 @@ func newService() {
Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool()
Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool()
Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool()
+ Service.EnableReverseProxyFullName = sec.Key("ENABLE_REVERSE_PROXY_FULL_NAME").MustBool()
Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false)
Service.RequireExternalRegistrationCaptcha = sec.Key("REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA").MustBool(Service.EnableCaptcha)
Service.RequireExternalRegistrationPassword = sec.Key("REQUIRE_EXTERNAL_REGISTRATION_PASSWORD").MustBool()
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 0af743dd97..3ab25fef6e 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -186,6 +186,7 @@ var (
CookieRememberName string
ReverseProxyAuthUser string
ReverseProxyAuthEmail string
+ ReverseProxyAuthFullName string
ReverseProxyLimit int
ReverseProxyTrustedProxies []string
MinPasswordLength int
@@ -909,6 +910,7 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL")
+ ReverseProxyAuthFullName = sec.Key("REVERSE_PROXY_AUTHENTICATION_FULL_NAME").MustString("X-WEBAUTH-FULLNAME")
ReverseProxyLimit = sec.Key("REVERSE_PROXY_LIMIT").MustInt(1)
ReverseProxyTrustedProxies = sec.Key("REVERSE_PROXY_TRUSTED_PROXIES").Strings(",")
diff --git a/routers/web/admin/admin.go b/routers/web/admin/admin.go
index ebe5066d2c..c773034c53 100644
--- a/routers/web/admin/admin.go
+++ b/routers/web/admin/admin.go
@@ -257,6 +257,7 @@ func Config(ctx *context.Context) {
ctx.Data["ScriptType"] = setting.ScriptType
ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser
ctx.Data["ReverseProxyAuthEmail"] = setting.ReverseProxyAuthEmail
+ ctx.Data["ReverseProxyAuthFullName"] = setting.ReverseProxyAuthFullName
ctx.Data["SSH"] = setting.SSH
ctx.Data["LFS"] = setting.LFS
diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go
index 05d6af78f1..d9d1b63e8f 100644
--- a/services/auth/reverseproxy.go
+++ b/services/auth/reverseproxy.go
@@ -105,9 +105,15 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
}
}
+ var fullname string
+ if setting.Service.EnableReverseProxyFullName {
+ fullname = req.Header.Get(setting.ReverseProxyAuthFullName)
+ }
+
user := &user_model.User{
- Name: username,
- Email: email,
+ Name: username,
+ Email: email,
+ FullName: fullname,
}
overwriteDefault := user_model.CreateUserOverwriteOptions{