MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [oidc] Use the same handling of org also for Oidc::isUserValid

pull/9649/head
Jakub Onderka 2024-03-29 09:04:08 +01:00
parent 95e5faa911
commit 55a2054448
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php
View File

@ -13,7 +13,7 @@ App::uses('Oidc', 'OidcAuth.Lib');
* - OidcAuth.organisation_property (default: `organization`)
* - OidcAuth.organisation_uuid_property (default: `organization_uuid`)
* - OidcAuth.roles_property (default: `roles`)
* - OidcAuth.default_org - organisation ID, UUID or name if organsation is not provided by OIDC
* - OidcAuth.default_org - organisation ID, UUID or name if organisation is not provided by OIDC
* - OidcAuth.unblock (boolean, default: false)
* - OidcAuth.offline_access (boolean, default: false)
* - OidcAuth.check_user_validity (integer, default `0`)

20
app/Plugin/OidcAuth/Lib/Oidc.php
View File

@ -227,13 +227,13 @@ class Oidc
$roleProperty = $this->getConfig('roles_property', 'roles');
$roles = $claims->{$roleProperty} ?? $oidc->requestUserInfo($roleProperty);
if ($roles === null) {
$this->log($user['email'], "Role property `$roleProperty` is missing in claims.");
$this->log($user['email'], "Role property `$roleProperty` is missing in claims.", LOG_ERR);
return false;
}
$roleId = $this->getUserRole($roles, $user['email']);
if ($roleId === null) {
$this->log($user['email'], 'No role was assigned.');
$this->log($user['email'], 'No role was assigned.', LOG_WARNING);
return false;
}
@ -244,14 +244,20 @@ class Oidc
// Check user org
$organisationProperty = $this->getConfig('organisation_property', 'organization');
$organisationName = $claims->{$organisationProperty} ?? $this->getConfig('default_org');
$organisationName = $claims->{$organisationProperty} ?? null;
$organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid');
$organisationUuid = $claims->{$organisationUuidProperty} ?? null;
$organisationId = $this->checkOrganization($organisationName, $organisationUuid, $user['email']);
if (!$organisationId) {
return false;
$defaultOrganisationId = $this->defaultOrganisationId();
if ($defaultOrganisationId) {
$organisationId = $defaultOrganisationId;
} else {
$this->log($user['email'], 'No organisation was assigned.', LOG_WARNING);
return false;
}
}
if ($update && $user['org_id'] != $organisationId) {
@ -406,11 +412,11 @@ class Oidc
]);
if (empty($orgAux)) {
if (is_numeric($defaultOrgName)) {
$this->log(null, "Could not find default organisation with ID `$defaultOrgName`.");
$this->log(null, "Could not find default organisation with ID `$defaultOrgName`.", LOG_ERR);
} else if (Validation::uuid($defaultOrgName)) {
$this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.");
$this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.", LOG_ERR);
} else {
$this->log(null, "Could not find default organisation with name `$defaultOrgName`.");
$this->log(null, "Could not find default organisation with name `$defaultOrgName`.", LOG_ERR);
}
return false;
}