[Bug] Switching User Organisation failes using header variable authentication

[crackytsi]

Bug

Work Environment

Question	Answer
OS version (server)	Debian
OS version (client)	10
TheHive version / git hash	4 RC3
Package Type	DEB

Problem Description

If I login using user/password authentication, I can correctly change the organisation. The change is correctly performed.
If I login using header variable authentication, I can change the organisation, but always one organisation is shown. Expected is the same behaviour as doing authentication using user/password.

Additional question:
If I have in multiple organisations the same user with different passwords set: Which password is used?

[To-om]

The organisation information is stored in the session (inside the cookie THE_HIVE_SESSION). If you don't use session to authenticate the users, organisation switch can't work. You can send the current organisation in the http header X-Organisation.
I recommend you to put {name: session} in the first position in auth.providers array.

[crackytsi]

Hmm with the same config it is working if I logout explizitly from header variable authentication and relogin using user/password. During that step, I don't do any config-file modification or thehive restart.

My configuration looks like this, and already includes the session:

auth {
  providers = [
    {name: session}
    {name: basic, realm: thehive}
    {name: header, userHeader:AUTH_USER}
    {name: key}
    {name: local}
  ]
}

[To-om]

I see, the session is not used if the user is authenticated by the header. The organisation must be store outside the session.