From 5717612d6b4202d36567a9756d062bf95ba46027 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Alvergnat?= <remi.alvergnat@gfi.fr>
Date: Fri, 5 Apr 2019 10:41:19 +0200
Subject: [PATCH] Support reverse proxy the NextCloud way
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In some network configurations involving a reverse proxy, the base url generated by the underlying SAML library is not consistent with the way it's generated in NextCloud.

For example, it may generate `http://` urls instead of `https://` when the SSL Layer is handled by a proxy, even when NextCloud URLGenerator#getAbsoluteURL effectively generates `https://` urls.

This change setup SAML library to use the Server Protocol and Server Host as returned by the NextCloud Request object to build SAML urls properly.

Signed-off-by: Rémi Alvergnat <remi.alvergnat@gfi.fr>
---
 lib/SAMLSettings.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php
index 6d29d11a0..28e089ef8 100644
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@@ -11,9 +11,11 @@
 use OCA\User_SAML\Db\ConfigurationsMapper;
 use OCP\DB\Exception;
 use OCP\IConfig;
+use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
 use OneLogin\Saml2\Constants;
+use OneLogin\Saml2\Utils;
 
 class SAMLSettings {
 	private const LOADED_NONE = 0;
@@ -77,7 +79,11 @@ public function __construct(
 		private IConfig $config,
 		private ISession $session,
 		private ConfigurationsMapper $mapper,
+		private IRequest $request,
 	) {
+		Utils::setSelfProtocol($this->request->getServerProtocol());
+		Utils::setSelfHost($this->request->getServerHost());
+		Utils::setProxyVars(true);
 	}
 
 	/**