diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index dd4d5a4cbb3..5e612fb4286 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -377,9 +377,10 @@ INTERNAL_TOKEN= ;; Name of cookie used to store authentication information. ;COOKIE_REMEMBER_NAME = gitea_incredible ;; -;; Reverse proxy authentication header name of user name and email +;; Reverse proxy authentication header name of user name, email, and full name ;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER ;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL +;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME ;; ;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request ;REVERSE_PROXY_LIMIT = 1 @@ -694,6 +695,7 @@ ROUTER = console ;ENABLE_REVERSE_PROXY_AUTHENTICATION = false ;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false ;ENABLE_REVERSE_PROXY_EMAIL = false +;ENABLE_REVERSE_PROXY_FULL_NAME = false ;; ;; Enable captcha validation for registration ;ENABLE_CAPTCHA = false diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 2cd4795e680..37f887d4aa3 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -492,6 +492,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o authentication. - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy authentication provided email. +- `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`: **X-WEBAUTH-FULLNAME**: Header name for reverse proxy + authentication provided full name. - `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request. Number of trusted proxy count. Set to zero to not use these headers. - `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all. @@ -577,6 +579,8 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o for reverse authentication. - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a provided email rather than a generated email. +- `ENABLE_REVERSE_PROXY_FULL_NAME`: **false**: Enable this to allow to auto-registration with a + provided full name for the user. - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration. - `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA`. diff --git a/modules/setting/service.go b/modules/setting/service.go index af8a72cc6db..10e38999503 100644 --- a/modules/setting/service.go +++ b/modules/setting/service.go @@ -38,6 +38,7 @@ var Service = struct { EnableReverseProxyAuth bool EnableReverseProxyAutoRegister bool EnableReverseProxyEmail bool + EnableReverseProxyFullName bool EnableCaptcha bool RequireExternalRegistrationCaptcha bool RequireExternalRegistrationPassword bool @@ -127,6 +128,7 @@ func newService() { Service.EnableReverseProxyAuth = sec.Key("ENABLE_REVERSE_PROXY_AUTHENTICATION").MustBool() Service.EnableReverseProxyAutoRegister = sec.Key("ENABLE_REVERSE_PROXY_AUTO_REGISTRATION").MustBool() Service.EnableReverseProxyEmail = sec.Key("ENABLE_REVERSE_PROXY_EMAIL").MustBool() + Service.EnableReverseProxyFullName = sec.Key("ENABLE_REVERSE_PROXY_FULL_NAME").MustBool() Service.EnableCaptcha = sec.Key("ENABLE_CAPTCHA").MustBool(false) Service.RequireExternalRegistrationCaptcha = sec.Key("REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA").MustBool(Service.EnableCaptcha) Service.RequireExternalRegistrationPassword = sec.Key("REQUIRE_EXTERNAL_REGISTRATION_PASSWORD").MustBool() diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 0af743dd97c..3ab25fef6ea 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -186,6 +186,7 @@ var ( CookieRememberName string ReverseProxyAuthUser string ReverseProxyAuthEmail string + ReverseProxyAuthFullName string ReverseProxyLimit int ReverseProxyTrustedProxies []string MinPasswordLength int @@ -909,6 +910,7 @@ func loadFromConf(allowEmpty bool, extraConfig string) { ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL") + ReverseProxyAuthFullName = sec.Key("REVERSE_PROXY_AUTHENTICATION_FULL_NAME").MustString("X-WEBAUTH-FULLNAME") ReverseProxyLimit = sec.Key("REVERSE_PROXY_LIMIT").MustInt(1) ReverseProxyTrustedProxies = sec.Key("REVERSE_PROXY_TRUSTED_PROXIES").Strings(",") diff --git a/routers/web/admin/admin.go b/routers/web/admin/admin.go index ebe5066d2cf..c773034c533 100644 --- a/routers/web/admin/admin.go +++ b/routers/web/admin/admin.go @@ -257,6 +257,7 @@ func Config(ctx *context.Context) { ctx.Data["ScriptType"] = setting.ScriptType ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser ctx.Data["ReverseProxyAuthEmail"] = setting.ReverseProxyAuthEmail + ctx.Data["ReverseProxyAuthFullName"] = setting.ReverseProxyAuthFullName ctx.Data["SSH"] = setting.SSH ctx.Data["LFS"] = setting.LFS diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go index 05d6af78f17..d9d1b63e8fe 100644 --- a/services/auth/reverseproxy.go +++ b/services/auth/reverseproxy.go @@ -105,9 +105,15 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User { } } + var fullname string + if setting.Service.EnableReverseProxyFullName { + fullname = req.Header.Get(setting.ReverseProxyAuthFullName) + } + user := &user_model.User{ - Name: username, - Email: email, + Name: username, + Email: email, + FullName: fullname, } overwriteDefault := user_model.CreateUserOverwriteOptions{