Basic http preauthentication

[szatmariandras]

Provides an optional basic http authentication.
It can be used to host private packagist service behind any kind of http authentication (htpasswd, apache with mod_ldap, etc).
This modification solves #265 without having bigger modifications on the current running instances.

The two new options are preauthenticated_provider.enabled and preauthenticated_provider.default_email_domain.
With the enabled flag you can enable http authentication listener and user provider. If you leave it false, no further modifications required.
If enabled, the userprovider is being put behind a userproviderproxy object, which proxies all the method calls to the userprovider instance, but when no user is found, it creates one.
The default_email_domain is used to create an email address for the new user as email is not nullable.

[stof]

this seems a really bad idea

[szatmariandras]

If the http authentication is enabled, the password is only used when you want to change your email address.
Can you suggest an alternative solution?
I was thinking about putting condictions on the code to not display the password field on the edit profile page, and into the validator in the controller, since in the http authentication usecase password has no meaning.

[szatmariandras]

@stof Do you have any thoughts on that, or should I go with the idea of removing password field?
In this case I'll wait what comes up with #361 and after that I can move the conditions from there about "is github connected" to a class about "is password field hidden".

[xproax]

👍

[szatmariandras]

@stof still no thoughts on this?

[Seldaek]

Closing as I'd rather have people use https://toranproxy.com than private packagist since the latter will evolve without care for non-packagist.org users of the code.