Authenticate with REMOTE_USER

app/Foundation/Providers/RouteServiceProvider.php

@@ -13,6 +13,7 @@
 
 use CachetHQ\Cachet\Http\Middleware\Acceptable;
 use CachetHQ\Cachet\Http\Middleware\Authenticate;
+use CachetHQ\Cachet\Http\Middleware\RemoteUserAuthenticate;
 use CachetHQ\Cachet\Http\Middleware\Timezone;
 use CachetHQ\Cachet\Http\Middleware\VerifyCsrfToken;
 use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
@@ -151,6 +152,7 @@ protected function mapForBrowser(Router $router, $routes, $applyAlwaysAuthentica
 
         if ($applyAlwaysAuthenticate && !$this->isWhiteListedAuthRoute($routes)) {
             $middleware[] = Authenticate::class;
+            $middleware[] = RemoteUserAuthenticate::class;
         }
 
         $router->group(['middleware' => $middleware], function (Router $router) use ($routes) {

app/Http/Kernel.php

@@ -19,6 +19,7 @@
 use CachetHQ\Cachet\Http\Middleware\Localize;
 use CachetHQ\Cachet\Http\Middleware\ReadyForUse;
 use CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated;
+use CachetHQ\Cachet\Http\Middleware\RemoteUserAuthenticate;
 use CachetHQ\Cachet\Http\Middleware\SetupAlreadyCompleted;
 use CachetHQ\Cachet\Http\Middleware\SubscribersConfigured;
 use CachetHQ\Cachet\Http\Middleware\Throttler;
@@ -45,17 +46,18 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
-        'admin'       => Admin::class,
-        'can'         => Authorize::class,
-        'cors'        => HandleCors::class,
-        'cache'       => CacheControl::class,
-        'auth'        => Authenticate::class,
-        'auth.api'    => ApiAuthentication::class,
-        'guest'       => RedirectIfAuthenticated::class,
-        'localize'    => Localize::class,
-        'ready'       => ReadyForUse::class,
-        'setup'       => SetupAlreadyCompleted::class,
-        'subscribers' => SubscribersConfigured::class,
-        'throttle'    => Throttler::class,
+        'admin'           => Admin::class,
+        'auth.api'        => ApiAuthentication::class,
+        'auth.remoteuser' => RemoteUserAuthenticate::class,
+        'auth'            => Authenticate::class,
+        'cache'           => CacheControl::class,
+        'can'             => Authorize::class,
+        'cors'            => HandleCors::class,
+        'guest'           => RedirectIfAuthenticated::class,
+        'localize'        => Localize::class,
+        'ready'           => ReadyForUse::class,
+        'setup'           => SetupAlreadyCompleted::class,
+        'subscribers'     => SubscribersConfigured::class,
+        'throttle'        => Throttler::class,
     ];
 }

app/Http/Middleware/RemoteUserAuthenticate.php

@@ -0,0 +1,53 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use CachetHQ\Cachet\Models\User;
+use Closure;
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Http\Request;
+
+class RemoteUserAuthenticate
+{
+    /**
+     * Create a new remote user authenticate instance.
+     *
+     * @param \Illuminate\Contracts\Auth\Guard $auth
+     *
+     * @return void
+     */
+    public function __construct(Guard $auth)
+    {
+        $this->auth = $auth;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure                 $next
+     *
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if ($remoteUser = $request->server('REMOTE_USER')) {
+            $user = User::where('email', '=', $remoteUser)->first();
+
+            if ($user instanceof User && $this->auth->guest()) {
+                $this->auth->login($user);
+            }
+        }
+
+        return $next($request);
+    }
+}