From 985548e0aa6b44906cf590b047dbfe22482e47d6 Mon Sep 17 00:00:00 2001 From: James Brooks Date: Tue, 21 Jan 2025 08:14:36 +0000 Subject: [PATCH 1/3] Support the `HTTP_REMOTE_USER` header --- src/Cachet.php | 11 +++++ .../Middleware/AuthenticateRemoteUser.php | 30 ++++++++++++++ .../Middleware/AuthenticateRemoteUserTest.php | 40 +++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 src/Http/Middleware/AuthenticateRemoteUser.php create mode 100644 tests/Feature/Http/Middleware/AuthenticateRemoteUserTest.php diff --git a/src/Cachet.php b/src/Cachet.php index 3000260d..b3a1ff7f 100644 --- a/src/Cachet.php +++ b/src/Cachet.php @@ -3,6 +3,7 @@ namespace Cachet; use Cachet\Http\Middleware\RedirectIfAuthenticated; +use Illuminate\Database\Eloquent\Model; use Illuminate\Http\Request; use Illuminate\Support\Facades\Route; @@ -34,6 +35,16 @@ public static function user(?Request $request = null) return $request->user($guard); } + /** + * Get the user model used by Cachet. + */ + public static function userModel(): Model + { + $userModel = config('cachet.user_model'); + + return new $userModel; + } + /** * Register the Cachet routes. */ diff --git a/src/Http/Middleware/AuthenticateRemoteUser.php b/src/Http/Middleware/AuthenticateRemoteUser.php new file mode 100644 index 00000000..92d1d0de --- /dev/null +++ b/src/Http/Middleware/AuthenticateRemoteUser.php @@ -0,0 +1,30 @@ +headers->get('REMOTE_USER')) { + $userModel = Cachet::userModel(); + $user = $userModel::where('email', $remoteUser)->firstOrFail(); + + if ($user) { + auth()->login($user); + } + } + + return $next($request); + } +} diff --git a/tests/Feature/Http/Middleware/AuthenticateRemoteUserTest.php b/tests/Feature/Http/Middleware/AuthenticateRemoteUserTest.php new file mode 100644 index 00000000..5f896574 --- /dev/null +++ b/tests/Feature/Http/Middleware/AuthenticateRemoteUserTest.php @@ -0,0 +1,40 @@ +create(['email' => 'test@example.com']); + + $request = Request::create('/test', 'GET', [], [], [], ['HTTP_REMOTE_USER' => 'test@example.com']); + + $next = function ($request) { + return new Response('OK'); + }; + + $middleware = new AuthenticateRemoteUser(); + + $response = $middleware->handle($request, $next); + + expect(Auth::check())->toBeTrue() + ->and(Auth::user()->email)->toBe('test@example.com') + ->and($response->getContent())->toBe('OK'); +}); + +it('does not authenticate remote user if REMOTE_USER header is not present', function () { + $request = Request::create('/test'); + + $next = function ($request) { + return new Response('OK'); + }; + + $middleware = new AuthenticateRemoteUser(); + + $response = $middleware->handle($request, $next); + + expect(Auth::check())->toBeFalse() + ->and($response->getContent())->toBe('OK'); +}); From 258d6825bb008282ece798c88d32d6e7c4667940 Mon Sep 17 00:00:00 2001 From: James Brooks Date: Tue, 21 Jan 2025 08:16:22 +0000 Subject: [PATCH 2/3] Fix PHPStan --- src/Http/Middleware/AuthenticateRemoteUser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Http/Middleware/AuthenticateRemoteUser.php b/src/Http/Middleware/AuthenticateRemoteUser.php index 92d1d0de..ece8ab2b 100644 --- a/src/Http/Middleware/AuthenticateRemoteUser.php +++ b/src/Http/Middleware/AuthenticateRemoteUser.php @@ -18,7 +18,7 @@ public function handle(Request $request, Closure $next): Response { if ($remoteUser = $request->headers->get('REMOTE_USER')) { $userModel = Cachet::userModel(); - $user = $userModel::where('email', $remoteUser)->firstOrFail(); + $user = $userModel::where('email', $remoteUser)->first(); if ($user) { auth()->login($user); From 576f110e3a9eea8971af91234bea2abc347a7e7a Mon Sep 17 00:00:00 2001 From: James Brooks Date: Tue, 21 Jan 2025 21:12:21 +0000 Subject: [PATCH 3/3] Fixes --- config/cachet.php | 1 + src/Http/Middleware/AuthenticateRemoteUser.php | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/config/cachet.php b/config/cachet.php index ff7a9e81..98e1f2e3 100644 --- a/config/cachet.php +++ b/config/cachet.php @@ -70,6 +70,7 @@ */ 'middleware' => [ 'web', +// \Cachet\Http\Middleware\AuthenticateRemoteUser::class, ], 'api_middleware' => [ diff --git a/src/Http/Middleware/AuthenticateRemoteUser.php b/src/Http/Middleware/AuthenticateRemoteUser.php index ece8ab2b..03c8e448 100644 --- a/src/Http/Middleware/AuthenticateRemoteUser.php +++ b/src/Http/Middleware/AuthenticateRemoteUser.php @@ -3,6 +3,7 @@ namespace Cachet\Http\Middleware; use Cachet\Cachet; +use Cachet\Models\User; use Closure; use Illuminate\Http\Request; use Symfony\Component\HttpFoundation\Response; @@ -18,9 +19,10 @@ public function handle(Request $request, Closure $next): Response { if ($remoteUser = $request->headers->get('REMOTE_USER')) { $userModel = Cachet::userModel(); - $user = $userModel::where('email', $remoteUser)->first(); + /** @var User|null $user */ + $user = $userModel::query()->where('email', $remoteUser)->first(); - if ($user) { + if ($user !== null) { auth()->login($user); } }