From a8d28ad665ef4461047dade3320c3d9ad3a6fb84 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Thu, 18 Apr 2024 15:53:26 +0200 Subject: [PATCH] Fix: Broken Swagger when Remote User enabled --- dojo/remote_user.py | 11 ++++++++++- unittests/test_remote_user.py | 13 +++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/dojo/remote_user.py b/dojo/remote_user.py index 7ed5f0a6a4a..a82ae52a31d 100644 --- a/dojo/remote_user.py +++ b/dojo/remote_user.py @@ -98,4 +98,13 @@ class RemoteUserScheme(OpenApiAuthenticationExtension): priority = 1 def get_security_definition(self, auto_schema): - return settings.SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['remoteUserAuth'] + header_name = settings.AUTH_REMOTEUSER_USERNAME_HEADER + if header_name.startswith('HTTP_'): + header_name = header_name[5:] + header_name = header_name.replace('_', '-').capitalize() + + return { + 'type': 'apiKey', + 'in': 'header', + 'name': header_name, + } diff --git a/unittests/test_remote_user.py b/unittests/test_remote_user.py index d764358e11e..5d09cac9220 100644 --- a/unittests/test_remote_user.py +++ b/unittests/test_remote_user.py @@ -1,6 +1,7 @@ from django.test import Client, override_settings from netaddr import IPSet from dojo.models import User, Dojo_Group, Dojo_Group_Member +from dojo.remote_user import RemoteUserScheme from .dojo_test_case import DojoTestCase @@ -193,3 +194,15 @@ def test_untrusted_proxy(self): ) self.assertEqual(resp.status_code, 302) self.assertIn('Requested came from untrusted proxy', cm.output[0]) + + @override_settings( + AUTH_REMOTEUSER_ENABLED=True, + AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_OUR_REMOTE_USER", + ) + def test_api_schema(self): + security_definition = RemoteUserScheme.get_security_definition(None, None) + self.assertEqual(security_definition, { + "type": "apiKey", + "in": "header", + "name": "Our-remote-user", + })