Add additional safeties for the fallback user

2023-04-02 02:22:01 +02:00 · 2023-04-02 02:22:01 +02:00 · a2864eab92
parent 496706ea59
commit a2864eab92
2 changed files with 10 additions and 6 deletions
--- a/trainav.web/Pages/Shared/_Layout.cshtml
+++ b/trainav.web/Pages/Shared/_Layout.cshtml
@ -1,4 +1,7 @@
-<!DOCTYPE html>
+@using trainav.web.Utils
+@using trainav.web.database
+@using Microsoft.AspNetCore.Mvc.TagHelpers
+<!DOCTYPE html>
 <html lang="en">
 <head>
 	<meta charset="utf-8"/>
@ -31,6 +34,11 @@
 </header>
 <div class="container">
 	<main role="main" class="pb-3">
+		@if (AuthUtil.GetRemoteUser(Context, new Database.DbConn()) == "_debuguser") {
+			<div class="alert alert-warning" role="alert">
+				You are connected as the fallback user '@AuthUtil.GetRemoteUser(Context, new Database.DbConn())' because no 'Remote-User' header was received. If this is a production deployment, please make sure your configuration is correct.
+			</div>
+		}
 		@RenderBody()
 	</main>
 </div>
--- a/trainav.web/Utils/AuthUtil.cs
+++ b/trainav.web/Utils/AuthUtil.cs
@ -8,11 +8,7 @@ namespace trainav.web.Utils;

 public static class AuthUtil {
 	public static string GetRemoteUser(HttpContext ctx, Database.DbConn db) {
-		#if (DEBUG)
-		const string remoteUser = "debuguser";
-		#else
-		var remoteUser = ctx.Request.Headers["Remote-User"];
-		#endif
+		var remoteUser = ctx.Request.Headers.ContainsKey("Remote-User") ? ctx.Request.Headers["Remote-User"].ToString() : "_debuguser";

 		if (!db.Users.Any(p => p.Username == remoteUser)) {
 			db.InsertWithInt32Identity(new User { Username = remoteUser });