adds support for proxy auth header

Useful if you have authentication in front of wger, and want to use that instead of wgers authentication/signup methods.
wger-project · Jan 2, 2025 · 7a7a494 · 7a7a494
1 parent 30871d6
commit 7a7a494
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/wger/settings.tpl b/wger/settings.tpl
@@ -15,6 +15,10 @@ WGER_SETTINGS["ALLOW_GUEST_USERS"] = True
 WGER_SETTINGS["ALLOW_UPLOAD_VIDEOS"] = False
 WGER_SETTINGS["MIN_ACCOUNT_AGE_TO_TRUST"] = 21  # in days
 WGER_SETTINGS["EXERCISE_CACHE_TTL"] = 3600  # in seconds
+# can be used if there is authentication in front of wger, e.g.
+# if authelia is used to authenticate the users. Users will be 
+# created with this username.
+# WGER_SETTINGS["AUTH_PROXY_HEADER"] = "Remote-User"
 
 DATABASES = {{
     'default': {{

diff --git a/wger/utils/middleware.py b/wger/utils/middleware.py
@@ -22,6 +22,7 @@
 from django.conf import settings
 from django.contrib import auth
 from django.contrib.auth import login as django_login
+from django.contrib.auth.models import User
 from django.utils.deprecation import MiddlewareMixin
 from django.utils.functional import SimpleLazyObject
 
@@ -62,8 +63,25 @@ def get_user(request):
         if not request.session.get('has_demo_data'):
             request.session['has_demo_data'] = False
 
+        # if auth proxy header is setup, then create the user
+        # as authentication has already happened.
+        auth_proxy_header = settings.WGER_SETTINGS.get("AUTH_PROXY_HEADER")
+        if auth_proxy_header:
+            auth_proxy_header_django = "HTTP_" + auth_proxy_header.replace("-", "_").upper()
+            username = request.META.get(auth_proxy_header_django)
+            logger.debug(f'using auth_proxy_header "{auth_proxy_header}" got username "{username}"')
+
+            if username:
+                user_query = User.objects.filter(username=username)
+                if user_query.exists():
+                    user = user_query.first()
+                else:
+                    user = User.objects.create_user(username)
+                    user.save()
+
+                django_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
         # Django didn't find a user, so create one now
-        if (
+        elif (
             settings.WGER_SETTINGS['ALLOW_GUEST_USERS']
             and request.method == 'GET'
             and create_user

diff --git a/wger/utils/tests/test_auth_proxy_header.py b/wger/utils/tests/test_auth_proxy_header.py
@@ -0,0 +1,26 @@
+# Django
+from django.urls import reverse
+
+# wger
+from wger.core.tests.base_testcase import WgerTestCase
+
+
+class ProxyAuthHeaderTestCase(WgerTestCase):
+    """
+    Tests using proxy auth for authentication
+    """
+
+    def test_basic_auth_proxy_header(self):
+        """
+        Tests that the proxy auth header works for authenticating
+        the user
+        """
+        with self.settings(
+            WGER_SETTINGS={
+                "AUTH_PROXY_HEADER": "Remote-User",
+                "ALLOW_REGISTRATION": False,
+                "ALLOW_GUEST_USERS": False,
+            }
+        ):
+            response = self.client.get(reverse("core:dashboard"), HTTP_REMOTE_USER="testuser")
+            self.assertEqual(response.status_code, 200)