starred/anonaddy
1
0
Fork 0
mirror of https://github.com/anonaddy/anonaddy.git synced 2026-04-25 14:15:53 +03:00
Code Issues 103 Projects Releases 5 Packages Wiki Activity

[PR #695] [MERGED] Proxy authentication support (eq. oauth2-proxy) #1174

New issue
Closed
opened 2026-03-14 11:50:59 +03:00 by kerem · 0 comments
kerem commented 2026-03-14 11:50:59 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/anonaddy/anonaddy/pull/695
Author: @nielscil
Created: 11/11/2024
Status: Merged
Merged: 1/9/2026
Merged by: @willbrowningme

Base: masterHead: feature/ProxyAuthenticationSupport

📝 Commits (10+)

  • 7c2825c begin using proxy authentication
  • deed8c3 cleanup code
  • 111346f rename
  • 411ab4e Added env to example file
  • 54a632f use constant for session key
  • 4e365e8 automatic verified email when using proxy authentication
  • 01f16f1 removed parent from middleware
  • c6787c6 moved redirect logic to helper and use it in ProxyAuthentication middleware + LogicController
  • 0a51509 naming
  • bf4982e tests + login redirect in middleware

📊 Changes

33 files changed (+1130 additions, -65 deletions)

View changed files

📝 .env.example (+8 -1)
app/Console/Commands/RemoveUsernameExternalId.php (+75 -0)
app/Console/Commands/SetUsernameExternalId.php (+84 -0)
📝 app/Helpers/Helper.php (+73 -0)
📝 app/Http/Controllers/Api/LoginableUsernameController.php (+4 -0)
📝 app/Http/Controllers/Api/UsernameController.php (+1 -1)
📝 app/Http/Controllers/Auth/ApiAuthenticationController.php (+4 -0)
📝 app/Http/Controllers/Auth/LoginController.php (+1 -18)
📝 app/Http/Controllers/Auth/PersonalAccessTokenController.php (+1 -1)
📝 app/Http/Controllers/Auth/RegisterController.php (+2 -25)
📝 app/Http/Controllers/DefaultUsernameController.php (+4 -0)
📝 app/Http/Middleware/HandleInertiaRequests.php (+1 -0)
app/Http/Middleware/ProxyAuthentication.php (+204 -0)
📝 app/Http/Middleware/VerifyTwoFactorAuthMethods.php (+2 -2)
📝 app/Http/Requests/StorePersonalAccessTokenRequest.php (+9 -4)
📝 app/Models/Username.php (+2 -0)
📝 bootstrap/app.php (+1 -0)
📝 config/anonaddy.php (+41 -0)
database/migrations/2024_11_18_104417_add_external_id_to_username.php (+32 -0)
📝 resources/js/Layouts/AppLayout.vue (+1 -1)

...and 13 more files

📄 Description

Introduction
When searching for SSO support in the issues, I came across https://github.com/anonaddy/anonaddy/issues/248#issuecomment-1407264756 where is being discussed to support proxy authentication like oauth2-proxy. @Queuecumber would make a PR for this, but I couldn't find it, so I made it myself.

Changes in this PR

  • Moved redirect logic from LoginController to helper class.
  • Moved user creation logic from RegisterController to helper class.
  • Added config/env entries for:
    • enabling proxy (use_proxy_authentication and ANONADDY_USE_PROXY_AUTHENTICATION).
    • User Id header naming (proxy_authentication_external_user_id_header and ANONADDY_PROXY_AUTHENTICATION_USER_ID_HEADER).
    • User header naming (proxy_authentication_username_header and ANONADDY_PROXY_AUTHENTICATION_NAME_HEADER).
    • Email header naming (proxy_authentication_email_header and ANONADDY_PROXY_AUTHENTICATION_EMAIL_HEADER).
  • Added Middleware ProxyAuthentication.
  • Added ProxyAuthenticationTest for testing the middleware.
  • Added externalId to username model for saving provided proxy authentication user id.
  • Added command options to make./remove existing usernames as external.
  • Only main username has CanLogin when using proxy authentication, other usernames can be added but not used for login.
  • Blocked change of default username when external user (and hide option in ui).
  • Blocked account removal when external user.
  • Allow creation of PAT without password when external user (and hide in UI the password input).
  • Skip 2fa when external user.
  • Blocked logout from UI.
  • Hide security and delete account settings pages when external user.
  • Hide update email option in settings when external user.
  • Updated (unit)tests to reflect made changes.

Proxy Authentication flow

  • Check if proxy is enabled, if not; go to next middleware.
  • Check if currently logged in (using proxy or normal login flow).
  • If there is a change (other proxy user, normal flow to proxy flow or no proxy headers anymore), the current user is logged out.
  • If there are headers provided.
    • create user when not in db. Try using the preferred username, and suffix when not available.
    • login.
  • if logged in, redirect to right location.
  • if logged out, redirect to login page.
  • else go to next middleware.

notes

  • This change only works for the web part, not the api. The app and browser should still use the api keys from settings page.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/anonaddy/anonaddy/pull/695 **Author:** [@nielscil](https://github.com/nielscil) **Created:** 11/11/2024 **Status:** ✅ Merged **Merged:** 1/9/2026 **Merged by:** [@willbrowningme](https://github.com/willbrowningme) **Base:** `master` ← **Head:** `feature/ProxyAuthenticationSupport` --- ### 📝 Commits (10+) - [`7c2825c`](https://github.com/anonaddy/anonaddy/commit/7c2825cf38b870414bc4082f7190d49b5ebe1c21) begin using proxy authentication - [`deed8c3`](https://github.com/anonaddy/anonaddy/commit/deed8c30a204fb4673e327c86b32d80459da9a10) cleanup code - [`111346f`](https://github.com/anonaddy/anonaddy/commit/111346f7426f4c6dc37041deedca04a6b90fcf96) rename - [`411ab4e`](https://github.com/anonaddy/anonaddy/commit/411ab4e5e3dd2a76dbde30996896dfa05f00ad8e) Added env to example file - [`54a632f`](https://github.com/anonaddy/anonaddy/commit/54a632f334636c61ed6224500a583eb459e60e94) use constant for session key - [`4e365e8`](https://github.com/anonaddy/anonaddy/commit/4e365e8000d5b5e412d9cfa2bfac1246069758c5) automatic verified email when using proxy authentication - [`01f16f1`](https://github.com/anonaddy/anonaddy/commit/01f16f16444019417a1b8009bca5f4b6da445429) removed parent from middleware - [`c6787c6`](https://github.com/anonaddy/anonaddy/commit/c6787c65bc6402553d65e5ba76fb0922a7502de1) moved redirect logic to helper and use it in ProxyAuthentication middleware + LogicController - [`0a51509`](https://github.com/anonaddy/anonaddy/commit/0a51509a4845f7ddd46701ef1d08278d5c9d44c7) naming - [`bf4982e`](https://github.com/anonaddy/anonaddy/commit/bf4982e61b222ae2adda9ed7c43b1cb991d3ae98) tests + login redirect in middleware ### 📊 Changes **33 files changed** (+1130 additions, -65 deletions) <details> <summary>View changed files</summary> 📝 `.env.example` (+8 -1) ➕ `app/Console/Commands/RemoveUsernameExternalId.php` (+75 -0) ➕ `app/Console/Commands/SetUsernameExternalId.php` (+84 -0) 📝 `app/Helpers/Helper.php` (+73 -0) 📝 `app/Http/Controllers/Api/LoginableUsernameController.php` (+4 -0) 📝 `app/Http/Controllers/Api/UsernameController.php` (+1 -1) 📝 `app/Http/Controllers/Auth/ApiAuthenticationController.php` (+4 -0) 📝 `app/Http/Controllers/Auth/LoginController.php` (+1 -18) 📝 `app/Http/Controllers/Auth/PersonalAccessTokenController.php` (+1 -1) 📝 `app/Http/Controllers/Auth/RegisterController.php` (+2 -25) 📝 `app/Http/Controllers/DefaultUsernameController.php` (+4 -0) 📝 `app/Http/Middleware/HandleInertiaRequests.php` (+1 -0) ➕ `app/Http/Middleware/ProxyAuthentication.php` (+204 -0) 📝 `app/Http/Middleware/VerifyTwoFactorAuthMethods.php` (+2 -2) 📝 `app/Http/Requests/StorePersonalAccessTokenRequest.php` (+9 -4) 📝 `app/Models/Username.php` (+2 -0) 📝 `bootstrap/app.php` (+1 -0) 📝 `config/anonaddy.php` (+41 -0) ➕ `database/migrations/2024_11_18_104417_add_external_id_to_username.php` (+32 -0) 📝 `resources/js/Layouts/AppLayout.vue` (+1 -1) _...and 13 more files_ </details> ### 📄 Description **Introduction** When searching for SSO support in the issues, I came across https://github.com/anonaddy/anonaddy/issues/248#issuecomment-1407264756 where is being discussed to support proxy authentication like oauth2-proxy. @Queuecumber would make a PR for this, but I couldn't find it, so I made it myself. **Changes in this PR** - Moved redirect logic from `LoginController` to helper class. - Moved user creation logic from `RegisterController` to helper class. - Added config/env entries for: - enabling proxy (`use_proxy_authentication` and `ANONADDY_USE_PROXY_AUTHENTICATION`). - User Id header naming (`proxy_authentication_external_user_id_header` and `ANONADDY_PROXY_AUTHENTICATION_USER_ID_HEADER`). - User header naming (`proxy_authentication_username_header` and `ANONADDY_PROXY_AUTHENTICATION_NAME_HEADER`). - Email header naming (`proxy_authentication_email_header` and `ANONADDY_PROXY_AUTHENTICATION_EMAIL_HEADER`). - Added Middleware `ProxyAuthentication`. - Added `ProxyAuthenticationTest` for testing the middleware. - Added externalId to username model for saving provided proxy authentication user id. - Added command options to make./remove existing usernames as external. - Only main username has `CanLogin` when using proxy authentication, other usernames can be added but not used for login. - Blocked change of default username when external user (and hide option in ui). - Blocked account removal when external user. - Allow creation of PAT without password when external user (and hide in UI the password input). - Skip 2fa when external user. - Blocked logout from UI. - Hide security and delete account settings pages when external user. - Hide update email option in settings when external user. - Updated (unit)tests to reflect made changes. **Proxy Authentication flow** - Check if proxy is enabled, if not; go to next middleware. - Check if currently logged in (using proxy or normal login flow). - If there is a change (other proxy user, normal flow to proxy flow or no proxy headers anymore), the current user is logged out. - If there are headers provided. - create user when not in db. Try using the preferred username, and suffix when not available. - login. - if logged in, redirect to right location. - if logged out, redirect to login page. - else go to next middleware. **notes** - This change only works for the web part, not the api. The app and browser should still use the api keys from settings page. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-14 11:50:59 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.5.0
v1.4.1
v1.4.0
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.14.1
v0.14.0
v0.13.13
v0.13.12
v0.13.11
v0.13.10
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/anonaddy#1174
No description provided.