Fix https://github.com/firefly-iii/firefly-iii/issues/3592

.env.example

@@ -179,11 +179,22 @@ AUTHENTICATION_GUARD=web
 # Some systems use X-Auth headers. In that case, use HTTP_X_AUTH_USERNAME or HTTP_X_AUTH_EMAIL
 # Depending on your system, REMOTE_USER may need to be changed to HTTP_REMOTE_USER
 #
-# Firefly III won't be able to send emails when the header you use isn't an email address.
-#
 AUTHENTICATION_GUARD_HEADER=REMOTE_USER
 
-# Likewise, it's impossible to log out users who's authentication is handled by an external system.
+#
+# Firefly III uses email addresses as user identifiers. When you're using an external authentication guard
+# that doesn't do this, Firefly III is incapable of emailing you. Messages sent to "Bill Gates" always fail.
+#
+# However, if you set this value, Firefly III will store the value from this header as the user's backup
+# email address and use it to communicate. So user "Bill Gates" could still have
+# the email address "bill@microsoft.com".
+#
+# Example value: AUTHENTICATION_GUARD_EMAIL=HTTP_X_AUTH_EMAIL
+#
+AUTHENTICATION_GUARD_EMAIL=
+
+
+# It's impossible to log out users who's authentication is handled by an external system.
 # Enter a custom URL here that will force a logout (your authentication provider can tell you).
 # Setting this variable only works when AUTHENTICATION_GUARD != web
 #

app/Handlers/Events/APIEventHandler.php

@@ -54,6 +54,12 @@ class APIEventHandler
             $email     = $user->email;
             $ipAddress = Request::ip();
 
+            // see if user has alternative email address:
+            $pref = app('preferences')->getForUser($user, 'remote_guard_alt_email', null);
+            if (null !== $pref) {
+                $email = $pref->data;
+            }
+
             Log::debug(sprintf('Now in APIEventHandler::accessTokenCreated. Email is %s, IP is %s', $email, $ipAddress));
             try {
                 Log::debug('Trying to send message...');

app/Handlers/Events/AdminEventHandler.php

@@ -52,6 +52,12 @@ class AdminEventHandler
             $email     = $event->user->email;
             $ipAddress = $event->ipAddress;
 
+            // see if user has alternative email address:
+            $pref = app('preferences')->getForUser($event->user, 'remote_guard_alt_email', null);
+            if (null !== $pref) {
+                $email = $pref->data;
+            }
+
             Log::debug(sprintf('Now in sendTestMessage event handler. Email is %s, IP is %s', $email, $ipAddress));
             try {
                 Log::debug('Trying to send message...');

app/Handlers/Events/AutomationHandler.php

@@ -56,9 +56,19 @@ class AutomationHandler
         $repository = app(UserRepositoryInterface::class);
         $user       = $repository->findNull($event->userId);
         if (null !== $user && 0 !== $event->groups->count()) {
+
+            $email     = $user->email;
+
+            // see if user has alternative email address:
+            $pref = app('preferences')->getForUser($user, 'remote_guard_alt_email', null);
+            if (null !== $pref) {
+                $email = $pref->data;
+            }
+
+
             try {
                 Log::debug('Trying to mail...');
-                Mail::to($user->email)->send(new ReportNewJournalsMail($user->email, '127.0.0.1', $event->groups));
+                Mail::to($user->email)->send(new ReportNewJournalsMail($email, '127.0.0.1', $event->groups));
                 // @codeCoverageIgnoreStart
             } catch (Exception $e) {
                 Log::debug('Send message failed! :(');

app/Handlers/Events/UserEventHandler.php

@@ -184,6 +184,12 @@ class UserEventHandler
         $ipAddress = $event->ipAddress;
         $list      = app('preferences')->getForUser($user, 'login_ip_history', [])->data;
 
+        // see if user has alternative email address:
+        $pref = app('preferences')->getForUser($user, 'remote_guard_alt_email', null);
+        if (null !== $pref) {
+            $email = $pref->data;
+        }
+
         /** @var array $entry */
         foreach ($list as $index => $entry) {
             if (false === $entry['notified']) {
@@ -300,6 +306,12 @@ class UserEventHandler
             $uri       = route('index');
             $ipAddress = $event->ipAddress;
 
+            // see if user has alternative email address:
+            $pref = app('preferences')->getForUser($event->user, 'remote_guard_alt_email', null);
+            if (null !== $pref) {
+                $email = $pref->data;
+            }
+
             // send email.
             try {
                 Mail::to($email)->send(new RegisteredUserMail($uri, $ipAddress));

app/Http/Controllers/Admin/HomeController.php

@@ -59,8 +59,15 @@ class HomeController extends Controller
         Log::channel('audit')->info('User visits admin index.');
         $title         = (string) trans('firefly.administration');
         $mainTitleIcon = 'fa-hand-spock-o';
+        $email = auth()->user()->email;
+        $pref = app('preferences')->get('remote_guard_alt_email', null);
+        if(null !== $pref) {
+            $email = $pref->data;
+        }
 
-        return view('admin.index', compact('title', 'mainTitleIcon'));
+
+
+        return view('admin.index', compact('title', 'mainTitleIcon','email'));
     }
 
     /**

app/Providers/EventServiceProvider.php

@@ -147,6 +147,12 @@ class EventServiceProvider extends ServiceProvider
                 $email     = $user->email;
                 $ipAddress = Request::ip();
 
+                // see if user has alternative email address:
+                $pref = app('preferences')->getForUser($user, 'remote_guard_alt_email', null);
+                if (null !== $pref) {
+                    $email = $pref->data;
+                }
+
                 Log::debug(sprintf('Now in EventServiceProvider::registerCreateEvents. Email is %s, IP is %s', $email, $ipAddress));
                 try {
                     Log::debug('Trying to send message...');

app/Support/Authentication/RemoteUserGuard.php

@@ -78,6 +78,15 @@ class RemoteUserGuard implements Guard
         /** @var User $user */
         $user = $this->provider->retrieveById($userID);
 
+        // store email address if present in header and not already set.
+        $header       = config('auth.guard_email');
+        $emailAddress = request()->server($header) ?? null;
+        $preference   = app('preferences')->getForUser($user, 'remote_guard_alt_email', null);
+
+        if (null !== $emailAddress && null === $preference && $emailAddress !== $userID) {
+            app('preferences')->setForUser($user, 'remote_guard_alt_email', $emailAddress);
+        }
+
         Log::debug(sprintf('Result of getting user from provider: %s', $user->email));
         $this->user = $user;
     }

config/auth.php

@@ -38,6 +38,7 @@ return [
         'passwords' => 'users',
     ],
     'guard_header' => envNonEmpty('AUTHENTICATION_GUARD_HEADER', 'REMOTE_USER'),
+    'guard_email'  => envNonEmpty('AUTHENTICATION_GUARD_EMAIL', null),
 
     /*
     |--------------------------------------------------------------------------

resources/views/v1/admin/index.twig

@@ -40,7 +40,7 @@
                 <form action="{{ route('admin.test-message') }}" method="post">
                     <div class="box-body">
                         <p>
-                            {{ trans('firefly.send_test_email_text', {email:Auth.user.email})|raw }}
+                            {{ trans('firefly.send_test_email_text', {email:email})|raw }}
                         </p>
                         <input type="hidden" name="_token" value="{{ csrf_token() }}">
                     </div>