Create accounts automatically when authenticating from HTTP header (#2087)

* Create accounts automatically when authenticating from HTTP header * Disable password check when header auth is enabled * Formatting * Password change is valid when no password (old or new) is provided * Test suite runs with header auth disabled (mock config) Prevents nil pointer access (panic) while testing password validating logic * Use a constant prefix for autogenerated passwords (header auth case) * Add tests * Add context to log messages Co-authored-by: Deluan <deluan@navidrome.org>
2025-04-03 20:47:35 +03:00 · 2023-01-25 02:18:10 +01:00 · 2023-01-25 02:18:10 +01:00 · 1e24809ed6
commit 1e24809ed6
parent 9721ef8974
4 changed files with 60 additions and 7 deletions
--- a/server/auth.go
+++ b/server/auth.go
@ -285,8 +285,25 @@ func handleLoginFromHeaders(ds model.DataStore, r *http.Request) map[string]inte
 	userRepo := ds.User(r.Context())
 	user, err := userRepo.FindByUsernameWithPassword(username)
 	if user == nil || err != nil {
-		log.Warn(r, "User passed in header not found", "user", username)
-		return nil
+		log.Info(r, "User passed in header not found", "user", username)
+		newUser := model.User{
+			ID:          uuid.NewString(),
+			UserName:    username,
+			Name:        username,
+			Email:       "",
+			NewPassword: consts.PasswordAutogenPrefix + uuid.NewString(),
+			IsAdmin:     false,
+		}
+		err := userRepo.Put(&newUser)
+		if err != nil {
+			log.Error(r, "Could not create new user", "user", username, err)
+			return nil
+		}
+		user, err = userRepo.FindByUsernameWithPassword(username)
+		if user == nil || err != nil {
+			log.Error(r, "Created user but failed to fetch it", "user", username)
+			return nil
+		}
 	}

 	err = userRepo.UpdateLastLoginAt(user.ID)