From 2380b4466b2cc2adbaf2383c3c0ab6e01e13463d Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 21 Mar 2024 10:19:57 +0100 Subject: [PATCH 1/5] fix: [OIDC] Default organisation handling if not provided by OIDC --- .../Component/Auth/OidcAuthenticate.php | 2 +- app/Plugin/OidcAuth/Lib/Oidc.php | 52 +++++++++++++++++-- 2 files changed, 48 insertions(+), 6 deletions(-) diff --git a/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php b/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php index 6de926003..057e986a7 100644 --- a/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php +++ b/app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php @@ -13,7 +13,7 @@ App::uses('Oidc', 'OidcAuth.Lib'); * - OidcAuth.organisation_property (default: `organization`) * - OidcAuth.organisation_uuid_property (default: `organization_uuid`) * - OidcAuth.roles_property (default: `roles`) - * - OidcAuth.default_org + * - OidcAuth.default_org - organisation ID, UUID or name if organsation is not provided by OIDC * - OidcAuth.unblock (boolean, default: false) * - OidcAuth.offline_access (boolean, default: false) * - OidcAuth.check_user_validity (integer, default `0`) diff --git a/app/Plugin/OidcAuth/Lib/Oidc.php b/app/Plugin/OidcAuth/Lib/Oidc.php index 5390078a9..c3283a123 100644 --- a/app/Plugin/OidcAuth/Lib/Oidc.php +++ b/app/Plugin/OidcAuth/Lib/Oidc.php @@ -49,17 +49,22 @@ class Oidc } $organisationProperty = $this->getConfig('organisation_property', 'organization'); - $organisationName = $claims->{$organisationProperty} ?? $this->getConfig('default_org'); + $organisationName = $claims->{$organisationProperty} ?? null; $organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid'); $organisationUuid = $claims->{$organisationUuidProperty} ?? null; $organisationId = $this->checkOrganization($organisationName, $organisationUuid, $mispUsername); if (!$organisationId) { - if ($user) { - $this->block($user); + $defaultOrganisationId = $this->defaultOrganisationId(); + if ($defaultOrganisationId) { + $organisationId = $defaultOrganisationId; + } else { + if ($user) { + $this->block($user); + } + return false; } - return false; } $roleProperty = $this->getConfig('roles_property', 'roles'); @@ -123,7 +128,7 @@ class Oidc return $user; } - $this->log($mispUsername, 'User not found in database.'); + $this->log($mispUsername, 'User not found in database, creating new one.'); $time = time(); $userData = [ @@ -320,6 +325,8 @@ class Oidc } /** + * Fetch organisation ID from database by provided name and UUID. If organisation is not found, it is created. If + * organisation with given UUID has different name, then is renamed. * @param string $orgName Organisation name or UUID * @param string|null $orgUuid Organisation UUID * @param string $mispUsername @@ -376,6 +383,41 @@ class Oidc return $orgId; } + /** + * @return false|int Organisation ID or false if org not found + */ + private function defaultOrganisationId() + { + $defaultOrgName = $this->getConfig('default_org'); + if (empty($defaultOrgName)) { + return false; + } + + if (is_numeric($defaultOrgName)) { + $conditions = ['id' => $defaultOrgName]; + } else if (Validation::uuid($defaultOrgName)) { + $conditions = ['uuid' => strtolower($defaultOrgName)]; + } else { + $conditions = ['name' => $defaultOrgName]; + } + $orgAux = $this->User->Organisation->find('first', [ + 'fields' => ['Organisation.id'], + 'conditions' => $conditions, + ]); + if (empty($orgAux)) { + if (is_numeric($defaultOrgName)) { + $this->log(null, "Could not find default organisation with ID `$defaultOrgName`."); + } else if (Validation::uuid($defaultOrgName)) { + $this->log(null, "Could not find default organisation with UUID `$defaultOrgName`."); + } else { + $this->log(null, "Could not find default organisation with name `$defaultOrgName`."); + } + return false; + } + + return $orgAux['Organisation']['id']; + } + /** * @param int $orgId * @param string $newName From f4b540b48c8fd8497350a1949e0cb1fc82ff758c Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 21 Mar 2024 10:39:16 +0100 Subject: [PATCH 2/5] chg: [internal] Better error handling --- .../Component/CompressedRequestHandlerComponent.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/Controller/Component/CompressedRequestHandlerComponent.php b/app/Controller/Component/CompressedRequestHandlerComponent.php index 4aa1135c0..7442bd6da 100644 --- a/app/Controller/Component/CompressedRequestHandlerComponent.php +++ b/app/Controller/Component/CompressedRequestHandlerComponent.php @@ -37,14 +37,17 @@ class CompressedRequestHandlerComponent extends Component private function decodeGzipEncodedContent(Controller $controller) { if (function_exists('gzdecode')) { - $decoded = gzdecode($controller->request->input()); + $input = $controller->request->input(); + if (empty($input)) { + throw new BadRequestException('Request data should be gzip encoded, but request is empty.'); + } + $decoded = gzdecode($input); if ($decoded === false) { throw new BadRequestException('Invalid compressed data.'); } return $decoded; - } else { - throw new BadRequestException("This server doesn't support GZIP compressed requests."); } + throw new BadRequestException("This server doesn't support GZIP compressed requests."); } /** From 8f6c6b9ef34155f53da10653e7f9eb350c28cf0e Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 21 Mar 2024 10:45:05 +0100 Subject: [PATCH 3/5] chg: [CI] Mark BadRequestException as fail log --- tests/logs_fail_regexes.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/logs_fail_regexes.txt b/tests/logs_fail_regexes.txt index 3a6af9e63..73dd1728e 100644 --- a/tests/logs_fail_regexes.txt +++ b/tests/logs_fail_regexes.txt @@ -2,4 +2,5 @@ # Whenever the regex matches, the Logs job will fail and report the error. class="cake-error" Error: [ParseError] -Error: [PDOException] \ No newline at end of file +Error: [PDOException] +Error: [BadRequestException] \ No newline at end of file From 5bbdeb0ee665c492b2118bdff789808ba5bae6ac Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 21 Mar 2024 12:12:01 +0100 Subject: [PATCH 4/5] fix: [ECS] Change type from Exception to Throwable --- app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php b/app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php index 4e08b1eb3..c15e2ae72 100644 --- a/app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php +++ b/app/Plugin/EcsLog/Lib/Log/Engine/EcsLog.php @@ -182,10 +182,10 @@ class EcsLog implements CakeLogInterface } /** - * @param Exception $exception + * @param Throwable $exception * @return void */ - public static function handleException(Exception $exception) + public static function handleException(Throwable $exception) { $code = $exception->getCode(); $code = ($code && is_int($code)) ? $code : 1; From e95b3330966335394ad692061519400a0823beb8 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Thu, 21 Mar 2024 12:25:37 +0100 Subject: [PATCH 5/5] fix: [CLI] Fix redisReady for dragonfly --- app/Console/Command/AdminShell.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Console/Command/AdminShell.php b/app/Console/Command/AdminShell.php index 544e3a54f..3555fcfd2 100644 --- a/app/Console/Command/AdminShell.php +++ b/app/Console/Command/AdminShell.php @@ -616,9 +616,9 @@ class AdminShell extends AppShell try { $redis = RedisTool::init(); for ($i = 0; $i < 10; $i++) { - $persistence = $redis->info('persistence'); - if (isset($persistence['loading']) && $persistence['loading']) { - $this->out('Redis is still loading...'); + $pong = $redis->ping(); + if ($pong !== true) { + $this->out('Redis is still loading... ' . $pong); sleep(1); } else { break;