Merge branch 'feature/custom-guard-header' into develop

.env.example

@@ -182,12 +182,23 @@ LOGIN_PROVIDER=eloquent
 # It's also possible to change the way users are authenticated. You could use Authelia for example.
 # Authentication via the REMOTE_USER header is supported. Change the value below to "remote_user_guard".
 #
+# This will also allow Windows SSO.
+#
 # If you do this please read the documentation for instructions and warnings:
 # https://docs.firefly-iii.org/advanced-installation/authentication
 #
 # This function is available in Firefly III v5.3.0 and higher.
 AUTHENTICATION_GUARD=web
 
+#
+# By default, Firefly III uses the 'REMOTE_USER' header as per RFC 3875.
+# You can also use another header, like AUTH_USER when using Windows SSO.
+# Some systems use X-Auth headers. In that case, use HTTP_X_AUTH_USERNAME or HTTP_X_AUTH_EMAIL
+#
+# Firefly III won't be able to send emails when the header you use isn't an email address.
+#
+AUTHENTICATION_GUARD_HEADER=REMOTE_USER
+
 #
 # Likewise, it's impossible to log out users who's authentication is handled by an external system.
 # Enter a custom URL here that will force a logout (your authentication provider can tell you).
@@ -236,12 +247,6 @@ ADLDAP_LOGIN_FALLBACK=false
 ADLDAP_DISCOVER_FIELD=distinguishedname
 ADLDAP_AUTH_FIELD=distinguishedname
 
-# Will allow SSO if your server provides an AUTH_USER field.
-# You can set the following variables from a file by appending them with _FILE:
-WINDOWS_SSO_ENABLED=false
-WINDOWS_SSO_DISCOVER=samaccountname
-WINDOWS_SSO_KEY=AUTH_USER
-
 # field to sync as local username.
 # You can set the following variable from a file by appending it with _FILE:
 ADLDAP_SYNC_FIELD=userprincipalname

app/Support/Authentication/RemoteUserGuard.php

@@ -69,16 +69,13 @@ class RemoteUserGuard implements Guard
             return;
         }
         // Get the user identifier from $_SERVER
-        $userID = request()->server('REMOTE_USER') ?? null;
+        $header = config('auth.guard_header', 'REMOTE_USER');
+        $userID = request()->server($header) ?? null;
         if (null === $userID) {
-            Log::debug('No user in REMOTE_USER.');
+            Log::error(sprintf('No user in header "%s".', $header));
-            throw new FireflyException('The REMOTE_USER header was unexpectedly empty.');
+            throw new FireflyException('The guard header was unexpectedly empty. See the logs.');
         }
 
-
-        // do some basic debugging here:
-        // $userID = 'test@firefly';
-
         /** @var User $user */
         $user = $this->provider->retrieveById($userID);
 

config/auth.php

@@ -33,10 +33,11 @@ return [
     |
     */
 
-    'defaults' => [
+    'defaults'     => [
         'guard'     => envNonEmpty('AUTHENTICATION_GUARD', 'web'),
         'passwords' => 'users',
     ],
+    'guard_header' => envNonEmpty('AUTHENTICATION_GUARD_HEADER', 'REMOTE_USER'),
 
     /*
     |--------------------------------------------------------------------------

config/ldap_auth.php

@@ -245,9 +245,9 @@ return [
         */
 
         'windows' => [
-            'enabled'         => envNonEmpty('WINDOWS_SSO_ENABLED', false),
+            'enabled'         => false,
-            'locate_users_by' => envNonEmpty('WINDOWS_SSO_DISCOVER', 'samaccountname'),
+            'locate_users_by' => 'samaccountname',
-            'server_key'      => envNonEmpty('WINDOWS_SSO_KEY', 'AUTH_USER'),
+            'server_key'      => 'AUTH_USER',
         ],
     ],