From 209acf2429b06e2e8d78218937c59fd7e7edd1be Mon Sep 17 00:00:00 2001
From: Arran Hobson Sayers <32173585+ahobsonsayers@users.noreply.github.com>
Date: Mon, 16 Dec 2024 21:05:13 +0000
Subject: [PATCH] feat: create user on proxy authentication if user does not
 exist (#3569)

---------

Co-authored-by: Oleg Lobanov <oleg@lobanov.me>
---
 auth/proxy.go | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/auth/proxy.go b/auth/proxy.go
index 11a7f9a0..9d140540 100644
--- a/auth/proxy.go
+++ b/auth/proxy.go
@@ -1,9 +1,9 @@
 package auth
 
 import (
+	"crypto/rand"
 	"errors"
 	"net/http"
-	"os"
 
 	fbErrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/settings"
@@ -19,11 +19,40 @@ type ProxyAuth struct {
 }
 
 // Auth authenticates the user via an HTTP header.
-func (a ProxyAuth) Auth(r *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
+func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Settings, srv *settings.Server) (*users.User, error) {
 	username := r.Header.Get(a.Header)
 	user, err := usr.Get(srv.Root, username)
 	if errors.Is(err, fbErrors.ErrNotExist) {
-		return nil, os.ErrPermission
+		randomPasswordBytes := make([]byte, 32) //nolint:gomnd
+		_, err = rand.Read(randomPasswordBytes)
+		if err != nil {
+			return nil, err
+		}
+
+		var hashedRandomPassword string
+		hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes))
+		if err != nil {
+			return nil, err
+		}
+
+		user = &users.User{
+			Username:     username,
+			Password:     hashedRandomPassword,
+			LockPassword: true,
+		}
+		setting.Defaults.Apply(user)
+
+		var userHome string
+		userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
+		if err != nil {
+			return nil, err
+		}
+		user.Scope = userHome
+
+		err = usr.Save(user)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return user, err