diff --git a/backend/src/auth/config.rs b/backend/src/auth/config.rs index 857f2d920..02e53eb7d 100644 --- a/backend/src/auth/config.rs +++ b/backend/src/auth/config.rs @@ -29,23 +29,6 @@ pub(crate) struct AuthConfig { #[config(nested)] pub(crate) callback: CallbackConfig, - /// The header containing a unique and stable username of the current user. - #[config(default = "x-tobira-username")] - pub(crate) username_header: String, - - /// The header containing the human-readable name of the current user - /// (e.g. "Peter Lustig"). - #[config(default = "x-tobira-user-display-name")] - pub(crate) display_name_header: String, - - /// The header containing the email address of the current user. - #[config(default = "x-tobira-user-email")] - pub(crate) email_header: String, - - /// The header containing a comma-separated list of roles of the current user. - #[config(default = "x-tobira-user-roles")] - pub(crate) roles_header: String, - /// If a user has this role, they are treated as a moderator in Tobira, /// giving them the ability to modify the realm structure among other /// things. diff --git a/backend/src/auth/mod.rs b/backend/src/auth/mod.rs index 1cda66568..9c3ae298e 100644 --- a/backend/src/auth/mod.rs +++ b/backend/src/auth/mod.rs @@ -34,6 +34,12 @@ const ROLE_ANONYMOUS: &str = "ROLE_ANONYMOUS"; const SESSION_COOKIE: &str = "tobira-session"; +// Auth headers +const AUTH_HEADER_USERNAME: &str = "x-tobira-username"; +const AUTH_HEADER_DISPLAY_NAME: &str = "x-tobira-user-display-name"; +const AUTH_HEADER_EMAIL: &str = "x-tobira-user-email"; +const AUTH_HEADER_ROLES: &str = "x-tobira-user-roles"; + /// Information about whether or not, and if so how @@ -136,13 +142,13 @@ impl User { // Get required headers. If these are not set and valid, we treat it as // if there is no user session. - let username = get_header(&auth_config.username_header)?; - let display_name = get_header(&auth_config.display_name_header)?; - let email = get_header(&auth_config.email_header); + let username = get_header(AUTH_HEADER_USERNAME)?; + let display_name = get_header(AUTH_HEADER_DISPLAY_NAME)?; + let email = get_header(AUTH_HEADER_EMAIL); // Get roles from the user. let mut roles = HashSet::from([ROLE_ANONYMOUS.to_string()]); - let roles_raw = get_header(&auth_config.roles_header)?; + let roles_raw = get_header(AUTH_HEADER_ROLES)?; roles.extend(roles_raw.split(',').map(|role| role.trim().to_owned())); let user_role = auth_config .find_user_role(&username, roles.iter().map(|s| s.as_str()))? diff --git a/docs/docs/setup/config.toml b/docs/docs/setup/config.toml index ed5b80ece..8cf5e73ed 100644 --- a/docs/docs/setup/config.toml +++ b/docs/docs/setup/config.toml @@ -203,27 +203,6 @@ # send a `DELETE` request to `/~session`. #logout_link = -# The header containing a unique and stable username of the current user. -# -# Default value: "x-tobira-username" -#username_header = "x-tobira-username" - -# The header containing the human-readable name of the current user -# (e.g. "Peter Lustig"). -# -# Default value: "x-tobira-user-display-name" -#display_name_header = "x-tobira-user-display-name" - -# The header containing the email address of the current user. -# -# Default value: "x-tobira-user-email" -#email_header = "x-tobira-user-email" - -# The header containing a comma-separated list of roles of the current user. -# -# Default value: "x-tobira-user-roles" -#roles_header = "x-tobira-user-roles" - # If a user has this role, they are treated as a moderator in Tobira, # giving them the ability to modify the realm structure among other # things.