From bdc1ef924166c72f9716781b63408193467cffe1 Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Thu, 7 Dec 2023 12:31:06 +0100 Subject: [PATCH 1/6] fix: [login_history] fixes str_contains #9433 --- app/View/Users/view_login_history.ctp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/View/Users/view_login_history.ctp b/app/View/Users/view_login_history.ctp index 3accb8c17..44bb2b83f 100644 --- a/app/View/Users/view_login_history.ctp +++ b/app/View/Users/view_login_history.ctp @@ -19,6 +19,12 @@ echo sprintf('', !$this->request->is('ajax') ? ' class="index"' : ''); } Date: Thu, 7 Dec 2023 12:31:06 +0100 Subject: [PATCH 2/6] fix: [login_history] fixes str_contains #9433 --- app/View/Users/view_login_history.ctp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/View/Users/view_login_history.ctp b/app/View/Users/view_login_history.ctp index 3accb8c17..44bb2b83f 100644 --- a/app/View/Users/view_login_history.ctp +++ b/app/View/Users/view_login_history.ctp @@ -19,6 +19,12 @@ echo sprintf('', !$this->request->is('ajax') ? ' class="index"' : ''); } Date: Thu, 7 Dec 2023 15:17:58 +0100 Subject: [PATCH 3/6] chg: [logging] fail silently if logging entry can't be saved - can happen when the log change is too large for example - no need to roll back / break sync for example if a log entry is too large, just fail silently. --- app/Controller/Component/ACLComponent.php | 2 +- app/Controller/EventDelegationsController.php | 8 ++++---- app/Controller/EventsController.php | 2 +- app/Controller/NoticelistsController.php | 6 +++--- app/Controller/ObjectTemplatesController.php | 6 +++--- app/Controller/ServersController.php | 2 +- app/Controller/ShadowAttributesController.php | 4 ++-- app/Controller/UsersController.php | 2 +- app/Controller/WarninglistsController.php | 6 +++--- app/Model/AppModel.php | 18 +++++++++--------- app/Model/DecayingModel.php | 2 +- app/Model/Event.php | 8 ++++---- app/Model/Feed.php | 2 +- app/Model/Galaxy.php | 2 +- app/Model/Log.php | 9 +++++++++ app/Model/Organisation.php | 6 +++--- app/Model/Server.php | 8 ++++---- app/Model/ShadowAttribute.php | 8 ++++---- app/Model/SharingGroup.php | 4 ++-- app/Model/SharingGroupBlueprint.php | 2 +- app/Model/User.php | 8 ++++---- .../Auth/AadAuthenticateAuthenticate.php | 2 +- .../models/behaviors/LogableBehavior.php | 2 +- .../Model/Behavior/SysLogLogableBehavior.php | 2 +- 24 files changed, 65 insertions(+), 56 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index 381fe77be..0c90da758 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -1148,7 +1148,7 @@ class ACLComponent extends Component if ($hit) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['id'], diff --git a/app/Controller/EventDelegationsController.php b/app/Controller/EventDelegationsController.php index 91ba32e2c..beb578f53 100644 --- a/app/Controller/EventDelegationsController.php +++ b/app/Controller/EventDelegationsController.php @@ -73,7 +73,7 @@ class EventDelegationsController extends AppController $this->Log = ClassRegistry::init('Log'); $this->Log->create(); if (empty($result)) { - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Event', 'model_id' => $event['Event']['id'], @@ -85,7 +85,7 @@ class EventDelegationsController extends AppController )); throw new InvalidArgumentException('Invalid input, could not create the Delegation Request.'); } - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Event', 'model_id' => $event['Event']['id'], @@ -150,7 +150,7 @@ class EventDelegationsController extends AppController if ($this->request->is('post')) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Event', 'model_id' => $delegation['Event']['id'], @@ -164,7 +164,7 @@ class EventDelegationsController extends AppController $this->EventDelegation->delete($delegation['EventDelegation']['id']); if ($result) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Event', 'model_id' => 0, diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index d2d4bbb64..67175c2f0 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -4669,7 +4669,7 @@ class EventsController extends AppController ) ); if (!$result) { - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Event', 'model_id' => 0, diff --git a/app/Controller/NoticelistsController.php b/app/Controller/NoticelistsController.php index db8922aa7..09ed5c8c6 100644 --- a/app/Controller/NoticelistsController.php +++ b/app/Controller/NoticelistsController.php @@ -47,7 +47,7 @@ class NoticelistsController extends AppController $change = $success['name'] . ' v' . $success['new'] . ' installed'; } $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Noticelist', 'model_id' => $id, @@ -63,7 +63,7 @@ class NoticelistsController extends AppController if (isset($result['fails'])) { foreach ($result['fails'] as $id => $fail) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Noticelist', 'model_id' => $id, @@ -78,7 +78,7 @@ class NoticelistsController extends AppController } } else { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Noticelist', 'model_id' => 0, diff --git a/app/Controller/ObjectTemplatesController.php b/app/Controller/ObjectTemplatesController.php index f536b978b..54c04c73a 100644 --- a/app/Controller/ObjectTemplatesController.php +++ b/app/Controller/ObjectTemplatesController.php @@ -220,7 +220,7 @@ class ObjectTemplatesController extends AppController $change = $success['name'] . ' v' . $success['new'] . ' installed'; } $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'ObjectTemplate', 'model_id' => $id, @@ -236,7 +236,7 @@ class ObjectTemplatesController extends AppController if (isset($result['fails'])) { foreach ($result['fails'] as $id => $fail) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'ObjectTemplate', 'model_id' => $id, @@ -251,7 +251,7 @@ class ObjectTemplatesController extends AppController } } else { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'ObjectTemplate', 'model_id' => 0, diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php index 93a30882a..5f0dc0f9b 100644 --- a/app/Controller/ServersController.php +++ b/app/Controller/ServersController.php @@ -1554,7 +1554,7 @@ class ServersController extends AppController if (!Configure::read('MISP.system_setting_db') && !is_writeable(APP . 'Config/config.php')) { $this->loadModel('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Server', 'model_id' => 0, diff --git a/app/Controller/ShadowAttributesController.php b/app/Controller/ShadowAttributesController.php index bfaf2be34..23ac2c528 100644 --- a/app/Controller/ShadowAttributesController.php +++ b/app/Controller/ShadowAttributesController.php @@ -101,7 +101,7 @@ class ShadowAttributesController extends AppController $this->Event->unpublishEvent($activeAttribute['Attribute']['event_id'], true); $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org_id' => $this->Auth->user('org_id'), 'model' => 'ShadowAttribute', 'model_id' => $id, @@ -145,7 +145,7 @@ class ShadowAttributesController extends AppController } $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org_id' => $this->Auth->user('org_id'), 'model' => 'ShadowAttribute', 'model_id' => $id, diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index cc1720c32..94a00155d 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -2815,7 +2815,7 @@ class UsersController extends AppController } else { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'User', 'model_id' => 0, diff --git a/app/Controller/WarninglistsController.php b/app/Controller/WarninglistsController.php index 8cb04c42a..a7561abef 100644 --- a/app/Controller/WarninglistsController.php +++ b/app/Controller/WarninglistsController.php @@ -78,7 +78,7 @@ class WarninglistsController extends AppController $change = $success['name'] . ' v' . $success['new'] . ' installed'; } $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Warninglist', 'model_id' => $id, @@ -94,7 +94,7 @@ class WarninglistsController extends AppController if (isset($result['fails'])) { foreach ($result['fails'] as $id => $fail) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Warninglist', 'model_id' => $id, @@ -109,7 +109,7 @@ class WarninglistsController extends AppController } } else { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $this->Auth->user('Organisation')['name'], 'model' => 'Warninglist', 'model_id' => 0, diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php index aa0edb0cf..f5c8b1986 100644 --- a/app/Model/AppModel.php +++ b/app/Model/AppModel.php @@ -311,7 +311,7 @@ class AppModel extends Model } else { $entry['change'] = 'Tried adding new feeds but something went wrong.'; } - $this->Log->save($entry); + $this->Log->saveOrFailSilently($entry); } // SQL scripts for updates @@ -2123,7 +2123,7 @@ class AppModel extends Model $this->__setUpdateProgress($i, false); $this->query($sql); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -2158,7 +2158,7 @@ class AppModel extends Model } else { $logMessage['change'] = $logMessage['change'] . PHP_EOL . __('However, as this error is allowed, the update went through.'); } - $this->Log->save($logMessage); + $this->Log->saveOrFailSilently($logMessage); } } } @@ -2200,7 +2200,7 @@ class AppModel extends Model } if ($flagStop && $errorCount > 0) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -2276,7 +2276,7 @@ class AppModel extends Model $result = false; } $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -2313,7 +2313,7 @@ class AppModel extends Model $result = false; } $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -2474,7 +2474,7 @@ class AppModel extends Model // is only to limit the load. if ($this->isUpdateLocked()) { // prevent creation of useless workers $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -2531,7 +2531,7 @@ class AppModel extends Model // (could happens if multiple prio workers are up) if ($this->isUpdateLocked()) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -3491,7 +3491,7 @@ class AppModel extends Model 'title' => 'Bumped the timestamps of locked events containing object references.', 'change' => sprintf('Event timestamps updated: %s; Object timestamps updated: %s', count($event_ids), count($object_ids)) ); - $this->Log->save($entry); + $this->Log->saveOrFailSilently($entry); } return true; } diff --git a/app/Model/DecayingModel.php b/app/Model/DecayingModel.php index 220aed04e..51d845de5 100644 --- a/app/Model/DecayingModel.php +++ b/app/Model/DecayingModel.php @@ -404,7 +404,7 @@ class DecayingModel extends AppModel } catch (Exception $e) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'DecayingModel', 'model_id' => 0, diff --git a/app/Model/Event.php b/app/Model/Event.php index f9da0f7ed..5b15fb915 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -2118,7 +2118,7 @@ class Event extends AppModel if ($event['Event']['distribution'] == 4 && !in_array($event['Event']['sharing_group_id'], $sgids)) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Event', 'model_id' => $event['Event']['id'], @@ -3107,7 +3107,7 @@ class Event extends AppModel if (Configure::read('MISP.disable_emailing')) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Event', 'model_id' => $id, @@ -3125,7 +3125,7 @@ class Event extends AppModel $banError = $banStatus['error'] || $banStatusUser['error']; $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Event', 'model_id' => $id, @@ -7418,7 +7418,7 @@ class Event extends AppModel if ($largest_event/$memory_scaling_factor > $memory_in_mb) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Event', 'model_id' => 0, diff --git a/app/Model/Feed.php b/app/Model/Feed.php index e3ee0c5fd..185b9253b 100644 --- a/app/Model/Feed.php +++ b/app/Model/Feed.php @@ -2158,7 +2158,7 @@ class Feed extends AppModel } $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Feed', 'model_id' => $id, diff --git a/app/Model/Galaxy.php b/app/Model/Galaxy.php index 72a001b57..906b506f6 100644 --- a/app/Model/Galaxy.php +++ b/app/Model/Galaxy.php @@ -202,7 +202,7 @@ class Galaxy extends AppModel if (is_array($v)) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Galaxy', 'model_id' => 0, diff --git a/app/Model/Log.php b/app/Model/Log.php index c2bddd6ac..0dd1c8bb5 100644 --- a/app/Model/Log.php +++ b/app/Model/Log.php @@ -1175,4 +1175,13 @@ class Log extends AppModel } return $this->elasticSearchClient; } + + public function saveOrFailSilently($data, $options = null) + { + try { + return $this->save($data, $options); + } catch (Exception $e) { + return false; + } + } } diff --git a/app/Model/Organisation.php b/app/Model/Organisation.php index 23d6daabd..730944b19 100644 --- a/app/Model/Organisation.php +++ b/app/Model/Organisation.php @@ -322,7 +322,7 @@ class Organisation extends AppModel } $backupFile->append($sql . PHP_EOL); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Organisation', 'model_id' => $currentOrg['Organisation']['id'], @@ -359,7 +359,7 @@ class Organisation extends AppModel $sql = 'UPDATE "' . $data['table'] . '" SET "' . $field . '" = ' . $currentOrg['Organisation']['id'] . ' WHERE "id" IN (' . implode(',', $dataMoved['values_changed'][$model][$field]) . ');'; } $backupFile->append($sql . PHP_EOL); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Organisation', 'model_id' => $currentOrg['Organisation']['id'], @@ -370,7 +370,7 @@ class Organisation extends AppModel 'change' => '', )); } catch (Exception $e) { - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Organisation', 'model_id' => $currentOrg['Organisation']['id'], diff --git a/app/Model/Server.php b/app/Model/Server.php index d1139c374..3ddb59334 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -1069,7 +1069,7 @@ class Server extends AppModel $message = __('Push to server %s failed. Reason: %s', $id, $push); $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Server', 'model_id' => $id, @@ -1233,7 +1233,7 @@ class Server extends AppModel $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Server', 'model_id' => $id, @@ -2366,7 +2366,7 @@ class Server extends AppModel if ($beforeResult !== true) { $this->Log = ClassRegistry::init('Log'); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'Server', 'model_id' => 0, @@ -3898,7 +3898,7 @@ class Server extends AppModel 'change' => sprintf(__('Stopping a worker. Worker was of type %s with pid %s'), $queue, $pid) ) ); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => $user['Organisation']['name'], 'model' => 'User', 'model_id' => $user['id'], diff --git a/app/Model/ShadowAttribute.php b/app/Model/ShadowAttribute.php index a6f4478ec..30737902b 100644 --- a/app/Model/ShadowAttribute.php +++ b/app/Model/ShadowAttribute.php @@ -781,7 +781,7 @@ class ShadowAttribute extends AppModel $this->Log = ClassRegistry::init('Log'); if (!Configure::read('MISP.background_jobs')) { $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -794,7 +794,7 @@ class ShadowAttribute extends AppModel $count = $this->generateCorrelation(); $this->Log->create(); if (is_numeric($count)) { - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -805,7 +805,7 @@ class ShadowAttribute extends AppModel 'change' => 'The generation of Proposal correlations as part of the 2.4.20 datamodel upgrade is completed. ' . $count . ' proposals used.' )); } else { - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, @@ -840,7 +840,7 @@ class ShadowAttribute extends AppModel ); $this->Log->create(); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'Server', 'model_id' => 0, diff --git a/app/Model/SharingGroup.php b/app/Model/SharingGroup.php index bcccfe6be..43a46d9d8 100644 --- a/app/Model/SharingGroup.php +++ b/app/Model/SharingGroup.php @@ -932,7 +932,7 @@ class SharingGroup extends AppModel 'user_id' => 0, 'title' => 'Tried to update a sharing group as part of the 2.4.49 update, but the user used for creating the sharing group locally doesn\'t exist any longer.' ); - $this->Log->save($entry); + $this->Log->saveOrFailSilently($entry); unset($syncUsers[$sg['SharingGroup']['sync_user_id']]); continue; } @@ -951,7 +951,7 @@ class SharingGroup extends AppModel 'user_id' => 0, 'title' => 'Tried to update a sharing group as part of the 2.4.49 update, but saving the changes has resulted in the following error: ' . json_encode($this->SharingGroupOrg->validationErrors) ); - $this->Log->save($entry); + $this->Log->saveOrFailSilently($entry); } } } diff --git a/app/Model/SharingGroupBlueprint.php b/app/Model/SharingGroupBlueprint.php index 6b6c1c9c5..daefb8240 100644 --- a/app/Model/SharingGroupBlueprint.php +++ b/app/Model/SharingGroupBlueprint.php @@ -181,7 +181,7 @@ class SharingGroupBlueprint extends AppModel 'title' => 'Updated the sharing group.', 'change' => __('Updated sharing group. Added %s and removed %s organisations', $added, $removed) ); - $this->Log->save($entry); + $this->Log->saveOrFailSilently($entry); return true; } return false; diff --git a/app/Model/User.php b/app/Model/User.php index f9708bb1f..4505ffb0c 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -875,7 +875,7 @@ class User extends AppModel } catch (SendEmailException $e) { $this->logException("Exception during sending e-mail", $e); $log->create(); - $log->save(array( + $Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], @@ -892,7 +892,7 @@ class User extends AppModel $logTitle .= $replyToLog . ' to ' . $user['User']['email'] . ' sent, titled "' . $result['subject'] . '".'; $log->create(); - $log->save(array( + $Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], @@ -1410,7 +1410,7 @@ class User extends AppModel $error[$key] = $key . ': ' . implode(', ', $errors); } $error = implode(PHP_EOL, $error); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $added_by['id'], @@ -1425,7 +1425,7 @@ class User extends AppModel 'recursive' => -1, 'conditions' => array('id' => $this->id) )); - $this->Log->save(array( + $this->Log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $added_by['id'], diff --git a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php index 11c43ff0f..55265ecde 100755 --- a/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php +++ b/app/Plugin/AadAuth/Controller/Component/Auth/AadAuthenticateAuthenticate.php @@ -120,7 +120,7 @@ class AadAuthenticateAuthenticate extends BaseAuthenticate 'action' => 'auth', 'title' => $logmessage ]; - $this->Log->save($log); + $this->Log->saveOrFailSilently($log); CakeLog::write($level, $logmessage); return true; diff --git a/app/Plugin/Assets/models/behaviors/LogableBehavior.php b/app/Plugin/Assets/models/behaviors/LogableBehavior.php index a0ce0ba3f..34776bf81 100644 --- a/app/Plugin/Assets/models/behaviors/LogableBehavior.php +++ b/app/Plugin/Assets/models/behaviors/LogableBehavior.php @@ -539,7 +539,7 @@ class LogableBehavior extends ModelBehavior { $logData['Log']['description'] .= '.'; } $this->Log->create($logData); - $this->Log->save(null, array( + $this->Log->saveOrFailSilently(null, array( 'validate' => false, 'callbacks' => false)); } diff --git a/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php b/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php index 61d7783c1..f3a91f0b1 100644 --- a/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php +++ b/app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php @@ -259,7 +259,7 @@ class SysLogLogableBehavior extends LogableBehavior } } $this->Log->create($logData); - $this->Log->save(null, array('validate' => false)); + $this->Log->saveOrFailSilently(null, array('validate' => false)); } function setup(Model $Model, $config = array()) From e5809fdccfc0a0f8f250f6a0c36bb5461e683365 Mon Sep 17 00:00:00 2001 From: iglocska Date: Thu, 7 Dec 2023 16:14:12 +0100 Subject: [PATCH 4/6] fix: [case sensitivity] fix --- app/Model/User.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Model/User.php b/app/Model/User.php index 4505ffb0c..d56899f19 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -875,7 +875,7 @@ class User extends AppModel } catch (SendEmailException $e) { $this->logException("Exception during sending e-mail", $e); $log->create(); - $Log->saveOrFailSilently(array( + $log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], @@ -892,7 +892,7 @@ class User extends AppModel $logTitle .= $replyToLog . ' to ' . $user['User']['email'] . ' sent, titled "' . $result['subject'] . '".'; $log->create(); - $Log->saveOrFailSilently(array( + $log->saveOrFailSilently(array( 'org' => 'SYSTEM', 'model' => 'User', 'model_id' => $user['User']['id'], From 92888b1376246c0f20c256aaa3c57b6f12115fa1 Mon Sep 17 00:00:00 2001 From: iglocska Date: Tue, 12 Dec 2023 10:04:28 +0100 Subject: [PATCH 5/6] fix: [security] new audit logs lack of ACL controls - added proper ACL handling to the new audit logs - as reported by fukusuket(Fukusuke Takahashi) --- app/Controller/AuditLogsController.php | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/app/Controller/AuditLogsController.php b/app/Controller/AuditLogsController.php index a58135d42..2ed9067aa 100644 --- a/app/Controller/AuditLogsController.php +++ b/app/Controller/AuditLogsController.php @@ -91,6 +91,21 @@ class AuditLogsController extends AppController ]; } + private function __applyAuditACL(array $user) + { + $acl = []; + if (empty($user['Role']['perm_site_admin'])) { + if (!empty($user['Role']['perm_admin'])) { + // ORG admins can see their own org info + $acl = ['AuditLog.org_id' => $user['org_id']]; + } else { + // users can see their own info + $acl = ['AuditLog.user_id' => $user['id']]; + } + } + return $acl; + } + public function admin_index() { $this->paginate['fields'][] = 'ip'; @@ -119,6 +134,10 @@ class AuditLogsController extends AppController ]); $this->paginate['conditions'] = $this->__searchConditions($params); + $acl = $this->__applyAuditACL($this->Auth->user()); + if ($acl) { + $this->paginate['conditions']['AND'][] = $acl; + } $list = $this->paginate(); if ($this->_isRest()) { @@ -156,7 +175,6 @@ class AuditLogsController extends AppController if (empty($event)) { throw new NotFoundException('Invalid event.'); } - $this->paginate['conditions'] = $this->__createEventIndexConditions($event); $this->set('passedArgsArray', ['eventId' => $eventId, 'org' => $org]); @@ -233,6 +251,7 @@ class AuditLogsController extends AppController */ private function __searchConditions(array $params) { + $conditions = []; $qbRules = []; foreach ($params as $key => $value) { if ($key === 'model' && strpos($value, ':') !== false) { @@ -263,7 +282,6 @@ class AuditLogsController extends AppController } $this->set('qbRules', $qbRules); - $conditions = []; if (isset($params['user'])) { if (strtoupper($params['user']) === 'SYSTEM') { $conditions['AuditLog.user_id'] = 0; @@ -351,7 +369,6 @@ class AuditLogsController extends AppController // Site admins and event owners can see all changes return ['event_id' => $event['Event']['id']]; } - $event = $this->AuditLog->Event->fetchEvent($this->Auth->user(), [ 'eventid' => $event['Event']['id'], 'sgReferenceOnly' => 1, @@ -361,7 +378,6 @@ class AuditLogsController extends AppController 'includeEventCorrelations' => false, 'excludeGalaxy' => true, ])[0]; - $attributeIds = []; $objectIds = []; $proposalIds = array_column($event['ShadowAttribute'], 'id'); From e319a6a2349334390a36556f011fbd334719d87c Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Wed, 13 Dec 2023 11:26:20 +0100 Subject: [PATCH 6/6] fix: [TOTP] allow deletion of TOTP from edit page --- app/View/Users/admin_edit.ctp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/app/View/Users/admin_edit.ctp b/app/View/Users/admin_edit.ctp index 1c7cc6243..e23b60996 100644 --- a/app/View/Users/admin_edit.ctp +++ b/app/View/Users/admin_edit.ctp @@ -52,6 +52,18 @@ echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required'))); ?> + request->data['User']['totp']) ? true : false; + if ($isTotp) { + echo sprintf( + '
%s
', + __('Delete TOTP token'), + h($baseurl), + h($this->request->data['User']['id']), + __('Delete TOTP token') + ); + } + ?>