Add support for reverse proxy header authentication with email alone #19948
Labels
type/feature
Completely new functionality. Can only be merged if feature freeze is not active.
type/proposal
The new feature has not been accepted yet but needs to be discussed first.
Milestone
Comments
mhlakhani
added
type/feature
mhlakhani
added a commit
to mhlakhani/gitea
that referenced
this issue
Jun 12, 2022
This is useful in scenarios where the reverse proxy may have knowledge of user emails, but does not know about usernames set on gitea, as in the feature request in go-gitea#19948. I tested this by setting up a fresh gitea install with one user `mhl` and email `m.hasnain.lakhani@gmail.com`. I then created a private repo, and configured gitea to allow reverse proxy authentication. Via curl I confirmed that these two requests now work and return 200s: curl http://localhost:3000/mhl/private -I --header "X-Webauth-User: mhl" curl http://localhost:3000/mhl/private -I --header "X-Webauth-Email: m.hasnain.lakhani@gmail.com" Before this commit, the second request did not work. I also verified that if I provide an invalid email or user, a 404 is correctly returned as before Closes go-gitea#19948
6543
added a commit
that referenced
this issue
Sep 28, 2022
This is useful in scenarios where the reverse proxy may have knowledge of user emails, but does not know about usernames set on gitea, as in the feature request in #19948. I tested this by setting up a fresh gitea install with one user `mhl` and email `m.hasnain.lakhani@gmail.com`. I then created a private repo, and configured gitea to allow reverse proxy authentication. Via curl I confirmed that these two requests now work and return 200s: curl http://localhost:3000/mhl/private -I --header "X-Webauth-User: mhl" curl http://localhost:3000/mhl/private -I --header "X-Webauth-Email: m.hasnain.lakhani@gmail.com" Before this commit, the second request did not work. I also verified that if I provide an invalid email or user, a 404 is correctly returned as before Closes #19948 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature Description
Hi!
I saw it's possible to authenticate using a reverse proxy by sending an
X-Webauth-Userheader. Optionally (if enabled in settings), if theX-Webauth-Emailheader is provided a user is also auto-registered.For my internal setup at home, my reverse proxy does not have access to gitea usernames, but the sign in system has access to emails. Would it be possible to extend the code to allow authenticating just via the contents of
X-Webauth-Email?I'm happy to try and put up a PR myself if there are no objections to this feature.
Screenshots
No response
The text was updated successfully, but these errors were encountered: