Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding header auth for existing users

Browse Source
This commit is contained in:
HadleySo
2026-02-18 17:59:13 -06:00
parent e87ca38c89
commit 44c70816f3
5 changed files with 111 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
application/config/config.sample.php
View File

@@ -100,6 +100,11 @@ $config['qrzru_password'] = '';
| 'auth_mode' Minimum user level required 0 = anonymous, 1 = viewer,
| 2 = editor, 3 = api user, 99 = owner
| 'auth_level[]' Defines level titles
|
| 'auth_header_enable' False disables header based authentication
| 'auth_header_create' False disables user creation if user doesn't exist
| 'auth_header_value' Which header provides authenticated username
| 'auth_header_text' Display text on login screen
*/
$config['use_auth'] = true;
@@ -109,6 +114,11 @@ $config['auth_mode'] = '3';
$config['auth_level'][3] = 'Operator';
$config['auth_level'][99] = 'Administrator';
$config['auth_header_enable'] = false;
$config['auth_header_create'] = false;
$config['auth_header_value'] = "HTTP_X-Username";
$config['auth_header_text'] = "Login with SSO";
/*
|--------------------------------------------------------------------------
| Base Site URL

81
application/controllers/Header_auth.php Normal file
View File

@@ -0,0 +1,81 @@
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/*
Handles header based authentication
*/
class Header_auth extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->model('user_model');
$this->load->library('session');
$this->load->helper('url');
}
/**
* Authenticate using a trusted request header.
* Expected to be called from a login-screen button.
*/
public function login()
{
// Guard: feature must be enabled
if (!$this->config->item('auth_header_enable')) {
$this->session->set_flashdata('error', __('Header authentication is disabled.'));
redirect('user/login');
}
$headerName = $this->config->item('auth_header_value') ?: '';
if (empty($headerName)) {
$this->session->set_flashdata('error', __('Missing header setting.'));
redirect('user/login');
}
$username = $this->input->server($headerName, true);
if (empty($username)) {
$this->session->set_flashdata('error', __('Missing username header.'));
redirect('user/login');
}
// Look up user by the header value
$query = $this->user_model->get($username);
if (!$query || $query->num_rows() !== 1) {
$this->session->set_flashdata('error', __('User not found.'));
redirect('user/login');
}
$user = $query->row();
// Prevent clubstation direct login via header (mirrors User::login)
if (!empty($user->clubstation) && $user->clubstation == 1) {
$this->session->set_flashdata('error', __("You can't login to a clubstation directly. Use your personal account instead."));
redirect('user/login');
}
// Maintenance mode check (admin only allowed)
if (ENVIRONMENT === 'maintenance' && (int)$user->user_type !== 99) {
$this->session->set_flashdata('error', __("Sorry. This instance is currently in maintenance mode. Only administrators are currently allowed to log in."));
redirect('user/login');
}
// Establish session
$this->user_model->update_session($user->user_id);
$this->user_model->set_last_seen($user->user_id);
// Set language cookie (mirrors User::login)
$cookie = [
'name' => $this->config->item('gettext_cookie', 'gettext'),
'value' => $user->user_language,
'expire' => 1000,
'secure' => false,
];
$this->input->set_cookie($cookie);
log_message('info', "User ID [{$user->user_id}] logged in via header auth.");
redirect('dashboard');
}
}

2
application/controllers/User.php
View File

@@ -1211,6 +1211,8 @@ class User extends CI_Controller {
if ($this->form_validation->run() == FALSE) {
$data['page_title'] = __("Login");
$data['https_check'] = $this->https_check();
$data['auth_header_enable'] = $this->config->item('auth_header_enable');
$data['auth_header_text'] = $this->config->item('auth_header_text');
$this->load->view('interface_assets/mini_header', $data);
$this->load->view('user/login');
$this->load->view('interface_assets/footer');

8
application/views/user/login.php
View File

@@ -73,6 +73,14 @@
<label for="floatingPassword"><strong><?= __("Password"); ?></strong></label>
<input type="password" name="user_password" class="form-control" id="floatingPassword" placeholder="<?php if (file_exists('.demo')) { echo "demo"; } else { echo __("Password"); } ?>" autocomplete="current-password">
</div>
<?php // only show if header auth enabled
if ($auth_header_enable == true) { ?>
<div class="mb-2">
<a href="<?php echo site_url('header_auth/login'); ?>" class="btn btn-secondary w-100">
<?= $auth_header_text; ?>
</a>
</div>
<?php } ?>
<div class="mb-2">
<div class="row">
<div class="col text-start">

10
install/config/config.php
View File

@@ -100,6 +100,11 @@ $config['qrzru_password'] = '%qrzru_password%';
| 'auth_mode' Minimum user level required 0 = anonymous, 1 = viewer,
| 2 = editor, 3 = api user, 99 = owner
| 'auth_level[]' Defines level titles
|
| 'auth_header_enable' False disables header based authentication
| 'auth_header_create' False disables user creation if user doesn't exist
| 'auth_header_value' Which header provides authenticated username
| 'auth_header_text' Display text on login screen
*/
$config['use_auth'] = true;
@@ -109,6 +114,11 @@ $config['auth_mode'] = '3';
$config['auth_level'][3] = 'Operator';
$config['auth_level'][99] = 'Administrator';
$config['auth_header_enable'] = false;
$config['auth_header_create'] = false;
$config['auth_header_value'] = "HTTP_X-Username";
$config['auth_header_text'] = "Login with SSO";
/*
|--------------------------------------------------------------------------
| Base Site URL