DefectDojo · blakeaowens · Apr 22, 2024 · Apr 18, 2024
diff --git a/dojo/remote_user.py b/dojo/remote_user.py
@@ -98,4 +98,13 @@ class RemoteUserScheme(OpenApiAuthenticationExtension):
     priority = 1
 
     def get_security_definition(self, auto_schema):
-        return settings.SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['remoteUserAuth']
+        header_name = settings.AUTH_REMOTEUSER_USERNAME_HEADER
+        if header_name.startswith('HTTP_'):
+            header_name = header_name[5:]
+        header_name = header_name.replace('_', '-').capitalize()
+
+        return {
+            'type': 'apiKey',
+            'in': 'header',
+            'name': header_name,
+        }
diff --git a/unittests/test_remote_user.py b/unittests/test_remote_user.py
@@ -1,6 +1,7 @@
 from django.test import Client, override_settings
 from netaddr import IPSet
 from dojo.models import User, Dojo_Group, Dojo_Group_Member
+from dojo.remote_user import RemoteUserScheme
 from .dojo_test_case import DojoTestCase
 
 
@@ -193,3 +194,15 @@ def test_untrusted_proxy(self):
                                     )
         self.assertEqual(resp.status_code, 302)
         self.assertIn('Requested came from untrusted proxy', cm.output[0])
+
+    @override_settings(
+        AUTH_REMOTEUSER_ENABLED=True,
+        AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_OUR_REMOTE_USER",
+    )
+    def test_api_schema(self):
+        security_definition = RemoteUserScheme.get_security_definition(None, None)
+        self.assertEqual(security_definition, {
+            "type": "apiKey",
+            "in": "header",
+            "name": "Our-remote-user",
+        })