Feature Request: Use HAs ingress auth

[MrEbbinghaus]

Hey,

Home Assistant allows sending the authenticated username via the X-Remote-User-Name header: https://developers.home-assistant.io/docs/add-ons/security#authenticating-a-user-when-using-ingress

And Paperless seems to be able to receive such a header: https://docs.paperless-ngx.com/configuration/#PAPERLESS_ENABLE_HTTP_REMOTE_USER

So it should be possible to use the HA auth to authenticate against a paperless user, which would improve UX by skipping the paperless login.

[BenoitAnastay]

I'll probably add this as a toggable feature,

You can already update paperless.conf manually.

Some users are using external auth providers and use direct access to the add-on, so ingress auth doesn't match all user`s needs

[klassm]

This would be an amazing feature :-). I just wonder what this would mean to migrating to this approach - would this have any effects on user roles and such?

[BenoitAnastay]

@klassm you will just be logged in to the username corresponding to the home assistant one.

[MrEbbinghaus]

I'll probably add this as a toggable feature,

You can already update paperless.conf manually.

Some users are using external auth providers and use direct access to the add-on, so ingress auth doesn't match all user`s needs

I tried that with:

PAPERLESS_ENABLE_HTTP_REMOTE_USER=true
PAPERLESS_ENABLE_HTTP_REMOTE_USER_API=true
PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME=HTTP_X_REMOTE_USER_NAME

But that didn't work out. Afterwards, I didn't look any further.

[BenoitAnastay]

There's a nginx proxy https://github.com/BenoitAnastay/paperless-home-assistant-addon/blob/main/paperless-ngx/rootfs/etc/nginx/templates/ingress.gtpl

I need to add the header there, my comment wasn't accurate then.

[BenoitAnastay]

There is something wierd with paperless, it seems that ingress path interfer with remote user header somehow

Edit : ingress url start with /api, I need to enable API remote user auth

[BenoitAnastay]

Implemented in the last release