From 43337d58c0be097ca510f2abd1497f13f25bda5b Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 2 Jul 2016 17:44:45 -0400
Subject: Preserve role for existing users when using ReverseProxy
 authentication

---
 app/Auth/ReverseProxyAuth.php         |  3 ++-
 app/User/ReverseProxyUserProvider.php | 21 +++++++++++++++++++--
 2 files changed, 21 insertions(+), 3 deletions(-)

(limited to 'app')

diff --git a/app/Auth/ReverseProxyAuth.php b/app/Auth/ReverseProxyAuth.php
index b9730c5c..fdf936b1 100644
--- a/app/Auth/ReverseProxyAuth.php
+++ b/app/Auth/ReverseProxyAuth.php
@@ -45,7 +45,8 @@ class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterfac
         $username = $this->request->getRemoteUser();
 
         if (! empty($username)) {
-            $this->userInfo = new ReverseProxyUserProvider($username);
+            $userProfile = $this->userModel->getByUsername($username);
+            $this->userInfo = new ReverseProxyUserProvider($username, $userProfile ?: array());
             return true;
         }
 
diff --git a/app/User/ReverseProxyUserProvider.php b/app/User/ReverseProxyUserProvider.php
index 723b8155..34d2187d 100644
--- a/app/User/ReverseProxyUserProvider.php
+++ b/app/User/ReverseProxyUserProvider.php
@@ -21,15 +21,24 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     protected $username = '';
 
+    /**
+     * User profile if the user already exists
+     *
+     * @access protected
+     * @var array
+     */
+    private $userProfile = array();
+
     /**
      * Constructor
      *
      * @access public
      * @param  string $username
      */
-    public function __construct($username)
+    public function __construct($username, array $userProfile = array())
     {
         $this->username = $username;
+        $this->userProfile = $userProfile;
     }
 
     /**
@@ -84,7 +93,15 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     public function getRole()
     {
-        return REVERSE_PROXY_DEFAULT_ADMIN === $this->username ? Role::APP_ADMIN : Role::APP_USER;
+        if (REVERSE_PROXY_DEFAULT_ADMIN === $this->username) {
+            return Role::APP_ADMIN;
+        }
+
+        if (isset($this->userProfile['role'])) {
+            return $this->userProfile['role'];
+        }
+
+        return Role::APP_USER;
     }
 
     /**
-- 
cgit v1.2.3