1 files changed, 76 insertions, 0 deletions

diff --git a/app/Auth/ReverseProxyAuth.php b/app/Auth/ReverseProxyAuth.php
new file mode 100644
index 00000000..b9730c5c
--- /dev/null
+++ b/app/Auth/ReverseProxyAuth.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace Kanboard\Auth;
+
+use Kanboard\Core\Base;
+use Kanboard\Core\Security\PreAuthenticationProviderInterface;
+use Kanboard\Core\Security\SessionCheckProviderInterface;
+use Kanboard\User\ReverseProxyUserProvider;
+
+/**
+ * Reverse-Proxy Authentication Provider
+ *
+ * @package  auth
+ * @author   Frederic Guillot
+ */
+class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterface, SessionCheckProviderInterface
+{
+    /**
+     * User properties
+     *
+     * @access protected
+     * @var \Kanboard\User\ReverseProxyUserProvider
+     */
+    protected $userInfo = null;
+
+    /**
+     * Get authentication provider name
+     *
+     * @access public
+     * @return string
+     */
+    public function getName()
+    {
+        return 'ReverseProxy';
+    }
+
+    /**
+     * Authenticate the user
+     *
+     * @access public
+     * @return boolean
+     */
+    public function authenticate()
+    {
+        $username = $this->request->getRemoteUser();
+
+        if (! empty($username)) {
+            $this->userInfo = new ReverseProxyUserProvider($username);
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Check if the user session is valid
+     *
+     * @access public
+     * @return boolean
+     */
+    public function isValidSession()
+    {
+        return $this->request->getRemoteUser() === $this->userSession->getUsername();
+    }
+
+    /**
+     * Get user object
+     *
+     * @access public
+     * @return ReverseProxyUserProvider
+     */
+    public function getUser()
+    {
+        return $this->userInfo;
+    }
+}