Support Google Cloud IAP (#8768)

Following up on 7c2da81, this extends the logic, adding support for Google Cloud IAP.
snipe · Feb 3, 2021 · 5edbb4b · 5edbb4b
1 parent c40b833
commit 5edbb4b
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -157,9 +157,26 @@ private function loginViaRemoteUser(Request $request)
  if (Setting::getSettings()->login_remote_user_enabled == "1" && isset($remote_user) && !empty($remote_user)) {
  Log::debug("Authenticating via HTTP header $header_name.");
 
- $pos = strpos($remote_user, '\\');
+ $strip_prefixes = [
+ // IIS/AD
+ // https://github.com/snipe/snipe-it/pull/5862
+ '\\',
+
+ // Google Cloud IAP
+ // https://cloud.google.com/iap/docs/identity-howto#getting_the_users_identity_with_signed_headers
+ 'accounts.google.com:',
+ ];
+
+ $pos = 0;
+ foreach ($strip_prefixes as $needle) {
+ if (($pos = strpos($remote_user, $needle)) !== FALSE) {
+ $pos += strlen($needle);
+ break;
+ }
+ }
+
  if ($pos > 0) {
- $remote_user = substr($remote_user, $pos + 1);
+ $remote_user = substr($remote_user, $pos);
  };
 
  try {