Merge pull request #412 from vincentbitter/remote_user-login

Fix auto-login using REMOTE_USER variable
2026-02-21 12:10:34 +09:00 · 2020-01-06 08:44:06 +00:00
parent 3a372107ba c43fc929f7
commit e7a6ac5a75
1 changed files with 6 additions and 3 deletions
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -72,7 +72,8 @@ class AppServiceProvider extends ServiceProvider
                explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
            }
            if(!\Auth::check()) {
-                if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+                if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])
+                        && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
                    $credentials = ['username' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']];
                    
                    if (\Auth::attempt($credentials, true)) {
@@ -84,8 +85,10 @@ class AppServiceProvider extends ServiceProvider
                }
                elseif(isset($_SERVER['REMOTE_USER']) && !empty($_SERVER['REMOTE_USER'])) {
                    $user = User::where('username', $_SERVER['REMOTE_USER'])->first();
-                    \Auth::login($user, true);
-                    session(['current_user' => $user]);   
+                    if ($user) {
+                        \Auth::login($user, true);
+                        session(['current_user' => $user]);
+                    }
                }
            }