Remove config options for changing the auth header names (BREAKING)

The original idea behind these were that some service, like Shibboleth,
already sets the correct data in some other header, so you can just
configure Tobira to check a different header. However, our auth headers
by now have quite some requirements (like being base64 encoded) so that
it's incredibly unlikely that the exact correct data is already in a
header set by another application. I'm positive that all users of Tobira
using `auth-proxy` will need to have their own code logic already, so
there is no reason why they can't use specific names. I also have not
seen any installation out there that actually changes these header
names.

backend/src/auth/config.rs

@@ -29,23 +29,6 @@ pub(crate) struct AuthConfig {
     #[config(nested)]
     pub(crate) callback: CallbackConfig,
 
-    /// The header containing a unique and stable username of the current user.
-    #[config(default = "x-tobira-username")]
-    pub(crate) username_header: String,
-
-    /// The header containing the human-readable name of the current user
-    /// (e.g. "Peter Lustig").
-    #[config(default = "x-tobira-user-display-name")]
-    pub(crate) display_name_header: String,
-
-    /// The header containing the email address of the current user.
-    #[config(default = "x-tobira-user-email")]
-    pub(crate) email_header: String,
-
-    /// The header containing a comma-separated list of roles of the current user.
-    #[config(default = "x-tobira-user-roles")]
-    pub(crate) roles_header: String,
-
     /// If a user has this role, they are treated as a moderator in Tobira,
     /// giving them the ability to modify the realm structure among other
     /// things.

backend/src/auth/mod.rs

@@ -34,6 +34,12 @@ const ROLE_ANONYMOUS: &str = "ROLE_ANONYMOUS";
 
 const SESSION_COOKIE: &str = "tobira-session";
 
+// Auth headers
+const AUTH_HEADER_USERNAME: &str = "x-tobira-username";
+const AUTH_HEADER_DISPLAY_NAME: &str = "x-tobira-user-display-name";
+const AUTH_HEADER_EMAIL: &str = "x-tobira-user-email";
+const AUTH_HEADER_ROLES: &str = "x-tobira-user-roles";
+
 
 
 /// Information about whether or not, and if so how
@@ -136,13 +142,13 @@ impl User {
 
         // Get required headers. If these are not set and valid, we treat it as
         // if there is no user session.
-        let username = get_header(&auth_config.username_header)?;
-        let display_name = get_header(&auth_config.display_name_header)?;
-        let email = get_header(&auth_config.email_header);
+        let username = get_header(AUTH_HEADER_USERNAME)?;
+        let display_name = get_header(AUTH_HEADER_DISPLAY_NAME)?;
+        let email = get_header(AUTH_HEADER_EMAIL);
 
         // Get roles from the user.
         let mut roles = HashSet::from([ROLE_ANONYMOUS.to_string()]);
-        let roles_raw = get_header(&auth_config.roles_header)?;
+        let roles_raw = get_header(AUTH_HEADER_ROLES)?;
         roles.extend(roles_raw.split(',').map(|role| role.trim().to_owned()));
         let user_role = auth_config
             .find_user_role(&username, roles.iter().map(|s| s.as_str()))?

docs/docs/setup/config.toml

@@ -203,27 +203,6 @@
 # send a `DELETE` request to `/~session`.
 #logout_link =
 
-# The header containing a unique and stable username of the current user.
-#
-# Default value: "x-tobira-username"
-#username_header = "x-tobira-username"
-
-# The header containing the human-readable name of the current user
-# (e.g. "Peter Lustig").
-#
-# Default value: "x-tobira-user-display-name"
-#display_name_header = "x-tobira-user-display-name"
-
-# The header containing the email address of the current user.
-#
-# Default value: "x-tobira-user-email"
-#email_header = "x-tobira-user-email"
-
-# The header containing a comma-separated list of roles of the current user.
-#
-# Default value: "x-tobira-user-roles"
-#roles_header = "x-tobira-user-roles"
-
 # If a user has this role, they are treated as a moderator in Tobira,
 # giving them the ability to modify the realm structure among other
 # things.