Skip to content

Commit

Permalink
Merge pull request #9630 from JakubOnderka/oidc-default-org-handling
Browse files Browse the repository at this point in the history 
fix: [OIDC] Default organisation handling if not provided by OIDC
  • Loading branch information
@JakubOnderka
JakubOnderka committed Mar 21, 2024
2 parents ec0b072 + e95b333 commit de6c920
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 15 deletions.
6 changes: 3 additions & 3 deletions app/Console/Command/AdminShell.php
View file
Expand Up @@ -616,9 +616,9 @@ public function redisReady()
try {
$redis = RedisTool::init();
for ($i = 0; $i < 10; $i++) {
$persistence = $redis->info('persistence');
if (isset($persistence['loading']) && $persistence['loading']) {
$this->out('Redis is still loading...');
$pong = $redis->ping();
if ($pong !== true) {
$this->out('Redis is still loading... ' . $pong);
sleep(1);
} else {
break;
Expand Down
9 changes: 6 additions & 3 deletions app/Controller/Component/CompressedRequestHandlerComponent.php
View file
Expand Up @@ -37,14 +37,17 @@ public function supportedEncodings()
private function decodeGzipEncodedContent(Controller $controller)
{
if (function_exists('gzdecode')) {
$decoded = gzdecode($controller->request->input());
$input = $controller->request->input();
if (empty($input)) {
throw new BadRequestException('Request data should be gzip encoded, but request is empty.');
}
$decoded = gzdecode($input);
if ($decoded === false) {
throw new BadRequestException('Invalid compressed data.');
}
return $decoded;
} else {
throw new BadRequestException("This server doesn't support GZIP compressed requests.");
}
throw new BadRequestException("This server doesn't support GZIP compressed requests.");
}

/**
Expand Down
4 changes: 2 additions & 2 deletions app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php
View file
Expand Up @@ -182,10 +182,10 @@ public static function handleError($code, $description, $file = null, $line = nu
}

/**
* @param Exception $exception
* @param Throwable $exception
* @return void
*/
public static function handleException(Exception $exception)
public static function handleException(Throwable $exception)
{
$code = $exception->getCode();
$code = ($code && is_int($code)) ? $code : 1;
Expand Down
2 changes: 1 addition & 1 deletion app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php
View file
Expand Up @@ -13,7 +13,7 @@
* - OidcAuth.organisation_property (default: `organization`)
* - OidcAuth.organisation_uuid_property (default: `organization_uuid`)
* - OidcAuth.roles_property (default: `roles`)
* - OidcAuth.default_org
* - OidcAuth.default_org - organisation ID, UUID or name if organsation is not provided by OIDC
* - OidcAuth.unblock (boolean, default: false)
* - OidcAuth.offline_access (boolean, default: false)
* - OidcAuth.check_user_validity (integer, default `0`)
Expand Down
52 changes: 47 additions & 5 deletions app/Plugin/OidcAuth/Lib/Oidc.php
View file
Expand Up @@ -49,17 +49,22 @@ public function authenticate(array $settings)
}

$organisationProperty = $this->getConfig('organisation_property', 'organization');
$organisationName = $claims->{$organisationProperty} ?? $this->getConfig('default_org');
$organisationName = $claims->{$organisationProperty} ?? null;

$organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid');
$organisationUuid = $claims->{$organisationUuidProperty} ?? null;

$organisationId = $this->checkOrganization($organisationName, $organisationUuid, $mispUsername);
if (!$organisationId) {
if ($user) {
$this->block($user);
$defaultOrganisationId = $this->defaultOrganisationId();
if ($defaultOrganisationId) {
$organisationId = $defaultOrganisationId;
} else {
if ($user) {
$this->block($user);
}
return false;
}
return false;
}

$roleProperty = $this->getConfig('roles_property', 'roles');
Expand Down Expand Up @@ -123,7 +128,7 @@ public function authenticate(array $settings)
return $user;
}

$this->log($mispUsername, 'User not found in database.');
$this->log($mispUsername, 'User not found in database, creating new one.');

$time = time();
$userData = [
Expand Down Expand Up @@ -320,6 +325,8 @@ private function prepareClient()
}

/**
* Fetch organisation ID from database by provided name and UUID. If organisation is not found, it is created. If
* organisation with given UUID has different name, then is renamed.
* @param string $orgName Organisation name or UUID
* @param string|null $orgUuid Organisation UUID
* @param string $mispUsername
Expand Down Expand Up @@ -376,6 +383,41 @@ private function checkOrganization($orgName, $orgUuid, $mispUsername)
return $orgId;
}

/**
* @return false|int Organisation ID or false if org not found
*/
private function defaultOrganisationId()
{
$defaultOrgName = $this->getConfig('default_org');
if (empty($defaultOrgName)) {
return false;
}

if (is_numeric($defaultOrgName)) {
$conditions = ['id' => $defaultOrgName];
} else if (Validation::uuid($defaultOrgName)) {
$conditions = ['uuid' => strtolower($defaultOrgName)];
} else {
$conditions = ['name' => $defaultOrgName];
}
$orgAux = $this->User->Organisation->find('first', [
'fields' => ['Organisation.id'],
'conditions' => $conditions,
]);
if (empty($orgAux)) {
if (is_numeric($defaultOrgName)) {
$this->log(null, "Could not find default organisation with ID `$defaultOrgName`.");
} else if (Validation::uuid($defaultOrgName)) {
$this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.");
} else {
$this->log(null, "Could not find default organisation with name `$defaultOrgName`.");
}
return false;
}

return $orgAux['Organisation']['id'];
}

/**
* @param int $orgId
* @param string $newName
Expand Down
3 changes: 2 additions & 1 deletion tests/logs_fail_regexes.txt
View file
Expand Up @@ -2,4 +2,5 @@
# Whenever the regex matches, the Logs job will fail and report the error.
class="cake-error"
Error: [ParseError]
Error: [PDOException]
Error: [PDOException]
Error: [BadRequestException]

0 comments on commit de6c920

Please sign in to comment.