search

dominik-th / matomo-plugin-LoginOIDC

external authentication services for matomo
https://plugins.matomo.org/LoginOIDC/
GNU General Public License v3.0
42 stars 30 forks source link

Support the configured proxy to reach the identity provider #52

Open mverbert opened 3 years ago

mverbert commented 3 years ago

Hi, our matomo server cannot access the Internet directly so it has to use a http proxy to reach the identity provider. Fortunately configuring a proxy is already supported, so I only had to copy/paste some existing code in order to have a working login. My PHP is really bad, so I came up with the following patch:


--- ./plugins/LoginOIDC/Controller.php.orig 2021-05-17 16:22:08.102029847 +0200
+++ ./plugins/LoginOIDC/Controller.php  2021-05-17 16:33:51.485152188 +0200
@@ -214,7 +214,22 @@
         );
         $dataString = http_build_query($data);

+   // proxy configuration
+        $proxyHost = Config::getInstance()->proxy['host'];
+        $proxyPort = Config::getInstance()->proxy['port'];
+        $proxyUser = Config::getInstance()->proxy['username'];
+        $proxyPassword = Config::getInstance()->proxy['password'];
+
         $curl = curl_init();
+
+   if (!empty($proxyHost) && !empty($proxyPort)) {
+            curl_setopt($curl, CURLOPT_PROXY, $proxyHost . ':' . $proxyPort);
+            if (!empty($proxyUser) && !empty($proxyPassword)) {
+               // PROXYAUTH defaults to BASIC
+               curl_setopt($curl, CURLOPT_PROXYUSERPWD, $proxyUser . ':' . $proxyPassword);
+            }
+        }
+
         curl_setopt($curl, CURLOPT_POST, 1);
         curl_setopt($curl, CURLOPT_POSTFIELDS, $dataString);
         curl_setopt($curl, CURLOPT_HTTPHEADER, array(
@@ -238,6 +253,15 @@
         $_SESSION['loginoidc_auth'] = true;

         $curl = curl_init();
+
+   if (!empty($proxyHost) && !empty($proxyPort)) {
+            curl_setopt($curl, CURLOPT_PROXY, $proxyHost . ':' . $proxyPort);
+            if (!empty($proxyUser) && !empty($proxyPassword)) {
+               // PROXYAUTH defaults to BASIC
+               curl_setopt($curl, CURLOPT_PROXYUSERPWD, $proxyUser . ':' . $proxyPassword);
+            }
+        }
+
         curl_setopt($curl, CURLOPT_HTTPHEADER, array(
             "Authorization: Bearer " . $result->access_token,
             "Accept: application/json",

I can only recommend to rewrite it to avoid code duplication, but at least it works for me. Thanks for your consideration.

christophvw commented 1 year ago

There should be an option in the LoginOIDC settings like "use configured Proxy server" to enable/disable to proxy code path.