mirror of https://github.com/MISP/MISP
Merge pull request #9649 from JakubOnderka/oidc-is-user-valid-fix
fix: [oidc] Use the same handling of org also for Oidc::isUserValidpull/9657/head
commit
10ee756dd3
|
@ -13,7 +13,7 @@ App::uses('Oidc', 'OidcAuth.Lib');
|
|||
* - OidcAuth.organisation_property (default: `organization`)
|
||||
* - OidcAuth.organisation_uuid_property (default: `organization_uuid`)
|
||||
* - OidcAuth.roles_property (default: `roles`)
|
||||
* - OidcAuth.default_org - organisation ID, UUID or name if organsation is not provided by OIDC
|
||||
* - OidcAuth.default_org - organisation ID, UUID or name if organisation is not provided by OIDC
|
||||
* - OidcAuth.unblock (boolean, default: false)
|
||||
* - OidcAuth.offline_access (boolean, default: false)
|
||||
* - OidcAuth.check_user_validity (integer, default `0`)
|
||||
|
|
|
@ -227,13 +227,13 @@ class Oidc
|
|||
$roleProperty = $this->getConfig('roles_property', 'roles');
|
||||
$roles = $claims->{$roleProperty} ?? $oidc->requestUserInfo($roleProperty);
|
||||
if ($roles === null) {
|
||||
$this->log($user['email'], "Role property `$roleProperty` is missing in claims.");
|
||||
$this->log($user['email'], "Role property `$roleProperty` is missing in claims.", LOG_ERR);
|
||||
return false;
|
||||
}
|
||||
|
||||
$roleId = $this->getUserRole($roles, $user['email']);
|
||||
if ($roleId === null) {
|
||||
$this->log($user['email'], 'No role was assigned.');
|
||||
$this->log($user['email'], 'No role was assigned.', LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -244,14 +244,20 @@ class Oidc
|
|||
|
||||
// Check user org
|
||||
$organisationProperty = $this->getConfig('organisation_property', 'organization');
|
||||
$organisationName = $claims->{$organisationProperty} ?? $this->getConfig('default_org');
|
||||
$organisationName = $claims->{$organisationProperty} ?? null;
|
||||
|
||||
$organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid');
|
||||
$organisationUuid = $claims->{$organisationUuidProperty} ?? null;
|
||||
|
||||
$organisationId = $this->checkOrganization($organisationName, $organisationUuid, $user['email']);
|
||||
if (!$organisationId) {
|
||||
return false;
|
||||
$defaultOrganisationId = $this->defaultOrganisationId();
|
||||
if ($defaultOrganisationId) {
|
||||
$organisationId = $defaultOrganisationId;
|
||||
} else {
|
||||
$this->log($user['email'], 'No organisation was assigned.', LOG_WARNING);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if ($update && $user['org_id'] != $organisationId) {
|
||||
|
@ -406,11 +412,11 @@ class Oidc
|
|||
]);
|
||||
if (empty($orgAux)) {
|
||||
if (is_numeric($defaultOrgName)) {
|
||||
$this->log(null, "Could not find default organisation with ID `$defaultOrgName`.");
|
||||
$this->log(null, "Could not find default organisation with ID `$defaultOrgName`.", LOG_ERR);
|
||||
} else if (Validation::uuid($defaultOrgName)) {
|
||||
$this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.");
|
||||
$this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.", LOG_ERR);
|
||||
} else {
|
||||
$this->log(null, "Could not find default organisation with name `$defaultOrgName`.");
|
||||
$this->log(null, "Could not find default organisation with name `$defaultOrgName`.", LOG_ERR);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue