MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Fixes to various issues with the cert auth

pull/2469/head
iglocska 2017-09-06 23:26:21 +02:00
parent 4730549f7c
commit 4230601116
2 changed files with 49 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Model/User.php
View File

@ -583,6 +583,7 @@ class User extends AppModel {
// get the current user and rearrange it to be in the same format as in the auth component
public function getAuthUser($id) {
if (empty($id)) throw new Exception('Invalid user ID.');
$conditions = array('User.id' => $id);
$user = $this->find('first', array('conditions' => $conditions, 'recursive' => -1,'contain' => array('Organisation', 'Role', 'Server')));
if (empty($user)) return $user;

124
app/Plugin/CertAuth/Controller/Component/Auth/CertificateAuthenticate.php
View File

@ -127,97 +127,69 @@ class CertificateAuthenticate extends BaseAuthenticate
// to enable stateless authentication
public function getUser(CakeRequest $request)
{
if (is_null(self::$user)) {
if (empty(self::$user)) {
if (self::$client) {
self::$user = self::$client;
// If $sync is true, allow the creation of the user from the certificate
$sync = Configure::read('CertAuth.syncUser');
if ($sync) {
self::getRestUser();
}
// find and fill user with model
$cn = Configure::read('CertAuth.userModel');
if ($cn) {
$k = Configure::read('CertAuth.userModelKey');
if ($k) {
$q = array($k=>self::$user[$k]);
} else {
$q = self::$user;
}
$User = ClassRegistry::init($cn);
$U = $User->find('first', array(
'conditions' => $q,
'recursive' => false
));
if ($U) {
if ($sync) {
$write = array();
if (!isset(self::$user['org_id']) && isset(self::$user['org'])) {
self::$user['org_id']=$User->Organisation->createOrgFromName(self::$user['org'], $User->id, true);
// reset user defaults in case it's a different org_id
if(self::$user['org_id'] && $U[$cn]['org_id']!=self::$user['org_id']) {
$d = Configure::read('CertAuth.userDefaults');
if ($d && is_array($d)) {
self::$user = $d + self::$user;
}
unset($d);
}
unset(self::$user['org']);
}
foreach (self::$user as $k=>$v) {
if (array_key_exists($k, $U[$cn]) && trim($U[$cn][$k])!=trim($v)) {
$write[] = $k;
$U[$cn][$k] = trim($v);
}
unset($k, $v);
}
if ($write && !$User->save($U[$cn], true, $write)) {
CakeLog::write('alert', 'Could not update model at database with RestAPI data.');
}
unset($write);
}
self::$user = $User->getAuthUser($U[$cn]['id']);
if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']);
} else if ($sync && self::$user) {
$User->create();
$org=null;
$userModelKey = empty(Configure::read('CertAuth.userModelKey')) ? 'email' : Configure::read('CertAuth.userModelKey');
$userDefaults = Configure::read('CertAuth.userDefaults');
$this->User = ClassRegistry::init('User');
$existingUser = $this->User->find('first', array(
'conditions' => array($userModelKey => self::$user[$userModelKey]),
'recursive' => false
));
if ($existingUser) {
if ($sync) {
if (!isset(self::$user['org_id']) && isset(self::$user['org'])) {
$org = self::$user['org'];
self::$user['org_id'] = $this->User->Organisation->createOrgFromName(self::$user['org'], $existingUser['User']['id'], true);
// reset user defaults in case it's a different org_id
if (self::$user['org_id'] && $existingUser['User']['org_id'] != self::$user['org_id']) {
if ($userDefaults && is_array($userDefaults)) {
self::$user = array_merge($userDefaults + self::$user);
}
}
unset(self::$user['org']);
}
$d = Configure::read('CertAuth.userDefaults');
if ($d && is_array($d)) {
self::$user += $d;
}
unset($d);
if ($User->save(self::$user, true)) {
$id = $User->id;
if ($org) {
self::$user['id'] = $id;
self::$user['org_id']=$User->Organisation->createOrgFromName($org, $User->id, true);
$User->save(self::$user, true, array('org_id'));
$write = array();
foreach (self::$user as $k => $v) {
if (isset($existingUser['User'][$k]) && trim($existingUser['User'][$k]) != trim($v)) {
$write[] = $k;
$existingUser['User'][$k] = trim($v);
}
self::$user = $User->getAuthUser($id);
unset($id);
if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']);
} else {
CakeLog::write('alert', 'Could not insert model at database from RestAPI data.');
}
unset($org);
} else {
// No match -- User doesn't exist !!!
self::$user = false;
if (!empty($write) && !$this->User->save($existingUser['User'], true, $write)) {
CakeLog::write('alert', 'Could not update model at database with RestAPI data.');
}
}
unset($U, $User, $q, $k);
self::$user = $this->User->getAuthUser($existingUser['User']['id']);
if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']);
} else if ($sync && !empty(self::$user)) {
$org=null;
if (!isset(self::$user['org_id']) && isset(self::$user['org'])) {
self::$user['org_id'] = $this->User->Organisation->createOrgFromName($org, 0, true);
unset(self::$user['org']);
}
if ($userDefaults && is_array($userDefaults)) {
self::$user = array_merge(self::$user, $userDefaults);
}
$this->User->create();
if ($this->User->save(self::$user)) {
$id = $this->User->id;
self::$user = $this->User->getAuthUser($id);
if (isset(self::$user['gpgkey'])) unset(self::$user['gpgkey']);
} else {
CakeLog::write('alert', 'Could not insert model at database from RestAPI data. Reason: ' . json_encode($this->User->validationErrors));
}
} else {
// No match -- User doesn't exist !!!
self::$user = false;
}
unset($cn);
}
}