grocy

mirror of https://github.com/grocy/grocy.git synced 2026-03-30 17:49:26 +02:00

Author	SHA1	Message	Date
Geoffrey “Frogeye” Preud'homme	1734484ba7	Forbid empty username header for reverse proxy authentication Consider the case where a Grocy user wants to use reverse proxy authentication OR authentication with an API key. By default, authenticating reverse proxy will unconditionally perform user authentication, before allowing a request to be passed to Grocy which will verify an API key, rendering them virtually useless. So the proxy needs to be configured not to perform authentication in certain cases, for example the presence of the `Grocy-Api-Key` HTTP header, or the path being a subdirectory of `/api/`. It can however be tricky to configure this though. For example, nginx does not allow conditional authentication, or conditional header setting. In those cases, when the condition is met, the username header would still be returned, albeit empty. Grocy will then create an user with empty username (not normally possible). It default to having all permissions, and while most are removable, reading chores/stock/etc. do not seem to be, and would thus be public. This returns an error when the username is empty, to accomodate for those cases.	2025-11-30 00:30:34 +01:00
Marc Ole Bulling	187654d8b3	Added support for reading auth header from env variable (#1746 ) * Added support for reading auth header from env variable * Check if variable is set, more accurate error description * Formatting Co-authored-by: Bernd Bestel <bernd@berrnd.de>	2022-01-16 14:46:04 +01:00
Bernd Bestel	22db124624	Optimized ReverseProxyAuthMiddleware error message	2021-08-22 12:55:09 +02:00
Bernd Bestel	47c936e026	Reworked authentication related menu item handling (fixes #1462 )	2021-07-03 19:40:42 +02:00
Bernd Bestel	4766c81580	Allow API keys in ReverseProxyAuthMiddleware (closes #1216 )	2020-12-24 10:00:51 +01:00
Bernd Bestel	94214b867a	More authentication refactoring to also provide "plugable" credentials handling (references #921 , needed for #305 )	2020-10-19 18:38:12 +02:00
Bernd Bestel	836bcc82e5	Applied PHP-CS-Fixer rules	2020-09-01 21:29:47 +02:00
Bernd Bestel	d4c5da2173	Applied PHP formatting rules	2020-08-31 20:40:31 +02:00
Bernd Bestel	3b0d29bed0	Applied EditorConfig settings to all files	2020-08-29 16:41:27 +02:00
fipwmaqzufheoxq92ebc	d60d981fd1	Refactor Authentication and add proxy-authentication (#921 ) * Refactor Authentication-Middlewares * Add Proxy-Authentication * Disable "Logout" & "Manage Users" when using ProxyAuth * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de>	2020-08-19 19:23:13 +02:00

10 Commits