From b92935d2dc7e02b19f60fef37e6139197b054e30 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 13 Aug 2014 12:47:17 -0700
Subject: Add ReverseProxy authentication (pull-request #199)

---
 app/Controller/Base.php | 43 ++++++++++++++++++++++++-------------------
 1 file changed, 24 insertions(+), 19 deletions(-)

(limited to 'app/Controller/Base.php')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 2739c5ac..7b1cfd85 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -12,22 +12,24 @@ use Model\LastLogin;
  *
  * @package  controller
  * @author   Frederic Guillot
- * @property \Model\Acl         $acl
- * @property \Model\Action      $action
- * @property \Model\Board       $board
- * @property \Model\Category    $category
- * @property \Model\Comment     $comment
- * @property \Model\Config      $config
- * @property \Model\File        $file
- * @property \Model\Google      $google
- * @property \Model\GitHub      $gitHub
- * @property \Model\LastLogin   $lastLogin
- * @property \Model\Ldap        $ldap
- * @property \Model\Project     $project
- * @property \Model\RememberMe  $rememberMe
- * @property \Model\SubTask     $subTask
- * @property \Model\Task        $task
- * @property \Model\User        $user
+ *
+ * @property \Model\Acl                $acl
+ * @property \Model\Action             $action
+ * @property \Model\Board              $board
+ * @property \Model\Category           $category
+ * @property \Model\Comment            $comment
+ * @property \Model\Config             $config
+ * @property \Model\File               $file
+ * @property \Model\Google             $google
+ * @property \Model\GitHub             $gitHub
+ * @property \Model\LastLogin          $lastLogin
+ * @property \Model\Ldap               $ldap
+ * @property \Model\Project            $project
+ * @property \Model\RememberMe         $rememberMe
+ * @property \Model\ReverseProxyAuth   $reverseProxyAuth
+ * @property \Model\SubTask            $subTask
+ * @property \Model\Task               $task
+ * @property \Model\User               $user
  */
 abstract class Base
 {
@@ -123,11 +125,14 @@ abstract class Base
         // Authentication
         if (! $this->acl->isLogged() && ! $this->acl->isPublicAction($controller, $action)) {
 
-            // Try the remember me authentication first
+            // Try the "remember me" authentication first
             if (! $this->rememberMe->authenticate()) {
 
-                // Redirect to the login form if not authenticated
-                $this->response->redirect('?controller=user&action=login');
+                // Automatic reverse proxy header authentication
+                if(! (REVERSE_PROXY_AUTH && $this->reverseProxyAuth->authenticate()) ) {
+                    // Redirect to the login form if not authenticated
+                    $this->response->redirect('?controller=user&action=login');
+                }
             }
             else {
 
-- 
cgit v1.2.3