Skip to content

adds support for auth proxy header #1859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rolandgeider merged 9 commits into from
May 11, 2025
Merged

adds support for auth proxy header #1859

rolandgeider merged 9 commits into from
May 11, 2025

Conversation

@eyJhb
Copy link
Contributor

@eyJhb eyJhb commented Jan 2, 2025
edited
Loading

Useful if you have authentication in front of wger, and want to use that instead of wgers authentication/signup methods.

Proposed Changes

Added a new setting, which can be used to setup proxy auth header, e.g. using Authelia to authenticate + create users on the instance.

Fixes #1847 , and potential VERY SIMPLE solution for #1805 ( #1797 )

Please check that the PR fulfills these requirements

  • Tests for the changes have been added (for bug fixes / features)
  • Added yourself to AUTHORS.rst

Other questions

  • Do users need to run some commmands in their local instances due to this PR
    (e.g. database migration)? No

Remaining work

  • Add to documentation.
  • Flutter needs to support setting API key, instead of username/password.

@eyJhb eyJhb force-pushed the proxyauthheader branch 4 times, most recently from 714efe6 to 2a306f4 Compare January 2, 2025 11:43
@eyJhb eyJhb changed the title adds support for proxy auth header adds support for auth proxy header Jan 2, 2025
@eyJhb eyJhb force-pushed the proxyauthheader branch 2 times, most recently from d46d469 to 7a7a494 Compare January 2, 2025 12:10
@eyJhb
adds support for proxy auth header
331b2d5 
Useful if you have authentication in front of wger, and want to use
that instead of wgers authentication/signup methods.
@eyJhb
Copy link
Contributor Author

eyJhb commented Jan 2, 2025

Maybe this should only be checked for / like in Miniflux here 1pav/miniflux@5a40096 , but I'm unsure what would be best tbh.

@eyJhb eyJhb mentioned this pull request Jan 3, 2025
Merged
5 tasks
@rolandgeider
Copy link
Member

rolandgeider commented Jan 23, 2025

BTW I haven't forgotte about this PR, but since it would add a new auth method I'd like to make sure we do it right. I've added this to the 2.4 backlog (so after the flexible routines get merged)

@rolandgeider rolandgeider moved this to Backlog in Release 2.4 Mar 11, 2025
@rolandgeider rolandgeider requested a review from Copilot April 17, 2025 16:35
Copilot AI reviewed Apr 17, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for authentication via a proxy header by introducing new settings, middleware, and an authentication backend, along with tests to verify the feature.

  • Added new settings and middleware in wger/settings_global.py to support proxy-based authentication.
  • Introduced AuthProxyHeaderMiddleware and AuthProxyUserBackend in wger/core to authenticate users based on a trusted header.
  • Added comprehensive tests in wger/core/tests to validate the auth proxy behavior and updated the production settings.

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
wger/settings_global.py Added new settings and registered the auth proxy middleware and backend.
wger/settings.tpl Documented usage of the auth proxy header setting.
wger/core/tests/test_auch_proxy_middleware.py Added tests covering various auth proxy scenarios.
wger/core/middleware.py Introduced middleware to authenticate users via a trusted proxy header.
wger/core/backends.py Implemented a custom backend for proxy header-based authentication.
extras/docker/production/settings.py Configured the necessary auth proxy settings for the production environment.
Comments suppressed due to low confidence (1)

wger/core/tests/test_auch_proxy_middleware.py:1

  • [nitpick] The file name 'test_auch_proxy_middleware.py' appears to have a typo; consider renaming it to 'test_auth_proxy_middleware.py' for clarity.
# This file is part of wger Workout Manager.

@rolandgeider
Fix typo in file name
42f69d6
@rolandgeider
Fix tests
4ec6905 
Had the guest user option deactivated in the dev-settings
@rolandgeider
Enable login redirection and improve authentication handling
3413420 
We now properly redirect logged-out users to the login page, instead of only
showing a permission denied error. If a user is already logged in, and they visit
the page, they are redirected to the url in "next". We also now only apply
the auth header checks there.
@rolandgeider
Add auth proxy headers for email and name
f9b1b88 
This allows setting directly these values for new users created through
the auth proxy.
@rolandgeider
Redirect the user directly in the middleware after logging in
e374712 
Otherwise, it is possible to land on the login page being logged-in, but
having to do a reload first to actually being redirected to the dashboard.
@rolandgeider rolandgeider merged commit bce70be into wger-project:master May 11, 2025
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for Proxy Auth via. HTTP header

2 participants

@eyJhb @rolandgeider