feat: create user on proxy authentication if user does not exist (#3569)

--------- Co-authored-by: Oleg Lobanov <oleg@lobanov.me>
2025-05-08 03:12:09 +00:00 · 2024-12-16 21:05:13 +00:00 · 2024-12-16 21:05:13 +00:00 · 209acf2429
commit 209acf2429
parent 25372edb5c
1 changed files with 32 additions and 3 deletions
--- a/auth/proxy.go
+++ b/auth/proxy.go
@ -1,9 +1,9 @@
 package auth

 import (
+	"crypto/rand"
 	"errors"
 	"net/http"
-	"os"

 	fbErrors "github.com/filebrowser/filebrowser/v2/errors"
 	"github.com/filebrowser/filebrowser/v2/settings"
@ -19,11 +19,40 @@ type ProxyAuth struct {
 }

 // Auth authenticates the user via an HTTP header.
-func (a ProxyAuth) Auth(r *http.Request, usr users.Store, _ *settings.Settings, srv *settings.Server) (*users.User, error) {
+func (a ProxyAuth) Auth(r *http.Request, usr users.Store, setting *settings.Settings, srv *settings.Server) (*users.User, error) {
 	username := r.Header.Get(a.Header)
 	user, err := usr.Get(srv.Root, username)
 	if errors.Is(err, fbErrors.ErrNotExist) {
-		return nil, os.ErrPermission
+		randomPasswordBytes := make([]byte, 32) //nolint:gomnd
+		_, err = rand.Read(randomPasswordBytes)
+		if err != nil {
+			return nil, err
+		}
+
+		var hashedRandomPassword string
+		hashedRandomPassword, err = users.HashPwd(string(randomPasswordBytes))
+		if err != nil {
+			return nil, err
+		}
+
+		user = &users.User{
+			Username:     username,
+			Password:     hashedRandomPassword,
+			LockPassword: true,
+		}
+		setting.Defaults.Apply(user)
+
+		var userHome string
+		userHome, err = setting.MakeUserDir(user.Username, user.Scope, srv.Root)
+		if err != nil {
+			return nil, err
+		}
+		user.Scope = userHome
+
+		err = usr.Save(user)
+		if err != nil {
+			return nil, err
+		}
 	}

 	return user, err