MISP · JakubOnderka · Mar 21, 2024 · Mar 21, 2024 · Mar 21, 2024 · Mar 21, 2024
diff --git a/app/Console/Command/AdminShell.php b/app/Console/Command/AdminShell.php
@@ -616,9 +616,9 @@ public function redisReady()
         try {
             $redis = RedisTool::init();
             for ($i = 0; $i < 10; $i++) {
-                $persistence = $redis->info('persistence');
-                if (isset($persistence['loading']) && $persistence['loading']) {
-                    $this->out('Redis is still loading...');
+                $pong = $redis->ping();
+                if ($pong !== true) {
+                    $this->out('Redis is still loading... ' . $pong);
                     sleep(1);
                 } else {
                     break;

diff --git a/app/Controller/Component/CompressedRequestHandlerComponent.php b/app/Controller/Component/CompressedRequestHandlerComponent.php
@@ -37,14 +37,17 @@ public function supportedEncodings()
     private function decodeGzipEncodedContent(Controller $controller)
     {
         if (function_exists('gzdecode')) {
-            $decoded = gzdecode($controller->request->input());
+            $input = $controller->request->input();
+            if (empty($input)) {
+                throw new BadRequestException('Request data should be gzip encoded, but request is empty.');
+            }
+            $decoded = gzdecode($input);
             if ($decoded === false) {
                 throw new BadRequestException('Invalid compressed data.');
             }
             return $decoded;
-        } else {
-            throw new BadRequestException("This server doesn't support GZIP compressed requests.");
         }
+        throw new BadRequestException("This server doesn't support GZIP compressed requests.");
     }
 
     /**

diff --git a/app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php b/app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php
@@ -182,10 +182,10 @@ public static function handleError($code, $description, $file = null, $line = nu
     }
 
     /**
-     * @param Exception $exception
+     * @param Throwable $exception
      * @return void
      */
-    public static function handleException(Exception $exception)
+    public static function handleException(Throwable $exception)
     {
         $code = $exception->getCode();
         $code = ($code && is_int($code)) ? $code : 1;

diff --git a/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php b/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php
@@ -13,7 +13,7 @@
  *  - OidcAuth.organisation_property (default: `organization`)
  *  - OidcAuth.organisation_uuid_property (default: `organization_uuid`)
  *  - OidcAuth.roles_property (default: `roles`)
- *  - OidcAuth.default_org
+ *  - OidcAuth.default_org - organisation ID, UUID or name if organsation is not provided by OIDC
  *  - OidcAuth.unblock (boolean, default: false)
  *  - OidcAuth.offline_access (boolean, default: false)
  *  - OidcAuth.check_user_validity (integer, default `0`)

diff --git a/app/Plugin/OidcAuth/Lib/Oidc.php b/app/Plugin/OidcAuth/Lib/Oidc.php
@@ -49,17 +49,22 @@ public function authenticate(array $settings)
         }
 
         $organisationProperty = $this->getConfig('organisation_property', 'organization');
-        $organisationName = $claims->{$organisationProperty} ?? $this->getConfig('default_org');
+        $organisationName = $claims->{$organisationProperty} ?? null;
 
         $organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid');
         $organisationUuid = $claims->{$organisationUuidProperty} ?? null;
 
         $organisationId = $this->checkOrganization($organisationName, $organisationUuid, $mispUsername);
         if (!$organisationId) {
-            if ($user) {
-                $this->block($user);
+            $defaultOrganisationId = $this->defaultOrganisationId();
+            if ($defaultOrganisationId) {
+                $organisationId = $defaultOrganisationId;
+            } else {
+                if ($user) {
+                    $this->block($user);
+                }
+                return false;
             }
-            return false;
         }
 
         $roleProperty = $this->getConfig('roles_property', 'roles');
@@ -123,7 +128,7 @@ public function authenticate(array $settings)
             return $user;
         }
 
-        $this->log($mispUsername, 'User not found in database.');
+        $this->log($mispUsername, 'User not found in database, creating new one.');
 
         $time = time();
         $userData = [
@@ -320,6 +325,8 @@ private function prepareClient()
     }
 
     /**
+     * Fetch organisation ID from database by provided name and UUID. If organisation is not found, it is created. If
+     * organisation with given UUID has different name, then is renamed.
      * @param string $orgName Organisation name or UUID
      * @param string|null $orgUuid Organisation UUID
      * @param string $mispUsername
@@ -376,6 +383,41 @@ private function checkOrganization($orgName, $orgUuid, $mispUsername)
         return $orgId;
     }
 
+    /**
+     * @return false|int Organisation ID or false if org not found
+     */
+    private function defaultOrganisationId()
+    {
+        $defaultOrgName = $this->getConfig('default_org');
+        if (empty($defaultOrgName)) {
+            return false;
+        }
+
+        if (is_numeric($defaultOrgName)) {
+            $conditions = ['id' => $defaultOrgName];
+        } else if (Validation::uuid($defaultOrgName)) {
+            $conditions = ['uuid' => strtolower($defaultOrgName)];
+        } else {
+            $conditions = ['name' => $defaultOrgName];
+        }
+        $orgAux = $this->User->Organisation->find('first', [
+            'fields' => ['Organisation.id'],
+            'conditions' => $conditions,
+        ]);
+        if (empty($orgAux)) {
+            if (is_numeric($defaultOrgName)) {
+                $this->log(null, "Could not find default organisation with ID `$defaultOrgName`.");
+            } else if (Validation::uuid($defaultOrgName)) {
+                $this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.");
+            } else {
+                $this->log(null, "Could not find default organisation with name `$defaultOrgName`.");
+            }
+            return false;
+        }
+
+        return $orgAux['Organisation']['id'];
+    }
+
     /**
      * @param int $orgId
      * @param string $newName

diff --git a/tests/logs_fail_regexes.txt b/tests/logs_fail_regexes.txt
@@ -2,4 +2,5 @@
 # Whenever the regex matches, the Logs job will fail and report the error.
 class="cake-error"
 Error: [ParseError]
-Error: [PDOException]
+Error: [PDOException]
+Error: [BadRequestException]