From 38999a162beec0235a2e2b738d98a16d5efa3098 Mon Sep 17 00:00:00 2001
From: Oliver Gorwits <oliver@cpan.org>
Date: Sat, 1 Oct 2016 17:50:47 +0100
Subject: [PATCH] strip realm from username (B. Marshall)

---
 Netdisco/Changes                       | 1 +
 Netdisco/lib/App/Netdisco/Web/AuthN.pm | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Netdisco/Changes b/Netdisco/Changes
index ee33591f..238af33c 100644
--- a/Netdisco/Changes
+++ b/Netdisco/Changes
@@ -10,6 +10,7 @@
   * systemd deployment guide
   * document env var for https reverse proxy (B. Marshall)
   * [#279] Web sessions use cookies instead of files on disk (M. Johnson)
+  * strip realm from username (B. Marshall)
 
   [BUG FIXES]
 
diff --git a/Netdisco/lib/App/Netdisco/Web/AuthN.pm b/Netdisco/lib/App/Netdisco/Web/AuthN.pm
index e3f63ea8..ca761d44 100644
--- a/Netdisco/lib/App/Netdisco/Web/AuthN.pm
+++ b/Netdisco/lib/App/Netdisco/Web/AuthN.pm
@@ -12,13 +12,17 @@ hook 'before' => sub {
         if (setting('trust_x_remote_user')
           and scalar request->header('X-REMOTE_USER')
           and length scalar request->header('X-REMOTE_USER')) {
-            session(logged_in_user => scalar request->header('X-REMOTE_USER'));
+
+            (my $user = scalar request->header('X-REMOTE_USER')) =~ s/@[^@]*$//;
+            session(logged_in_user => $user);
             session(logged_in_user_realm => 'users');
         }
         elsif (setting('trust_remote_user')
           and defined $ENV{REMOTE_USER}
           and length  $ENV{REMOTE_USER}) {
-            session(logged_in_user => $ENV{REMOTE_USER});
+
+            (my $user = $ENV{REMOTE_USER}) =~ s/@[^@]*$//;
+            session(logged_in_user => $user);
             session(logged_in_user_realm => 'users');
         }
         elsif (setting('no_auth')) {