MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [oidc] Use the same handling of org also for Oidc::isUserValid

pull/9649/head
Jakub Onderka 2024-03-29 09:04:08 +01:00
parent 95e5faa911
commit 55a2054448
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php
View File

@ -13,7 +13,7 @@ App::uses('Oidc', 'OidcAuth.Lib');
* - OidcAuth.organisation_property (default: `organization`) * - OidcAuth.organisation_property (default: `organization`)
* - OidcAuth.organisation_uuid_property (default: `organization_uuid`) * - OidcAuth.organisation_uuid_property (default: `organization_uuid`)
* - OidcAuth.roles_property (default: `roles`) * - OidcAuth.roles_property (default: `roles`)
* - OidcAuth.default_org - organisation ID, UUID or name if organsation is not provided by OIDC * - OidcAuth.default_org - organisation ID, UUID or name if organisation is not provided by OIDC
* - OidcAuth.unblock (boolean, default: false) * - OidcAuth.unblock (boolean, default: false)
* - OidcAuth.offline_access (boolean, default: false) * - OidcAuth.offline_access (boolean, default: false)
* - OidcAuth.check_user_validity (integer, default `0`) * - OidcAuth.check_user_validity (integer, default `0`)

20
app/Plugin/OidcAuth/Lib/Oidc.php
View File

@ -227,13 +227,13 @@ class Oidc
$roleProperty = $this->getConfig('roles_property', 'roles'); $roleProperty = $this->getConfig('roles_property', 'roles');
$roles = $claims->{$roleProperty} ?? $oidc->requestUserInfo($roleProperty); $roles = $claims->{$roleProperty} ?? $oidc->requestUserInfo($roleProperty);
if ($roles === null) { if ($roles === null) {
$this->log($user['email'], "Role property `$roleProperty` is missing in claims."); $this->log($user['email'], "Role property `$roleProperty` is missing in claims.", LOG_ERR);
return false; return false;
} }
$roleId = $this->getUserRole($roles, $user['email']); $roleId = $this->getUserRole($roles, $user['email']);
if ($roleId === null) { if ($roleId === null) {
$this->log($user['email'], 'No role was assigned.'); $this->log($user['email'], 'No role was assigned.', LOG_WARNING);
return false; return false;
} }
@ -244,14 +244,20 @@ class Oidc
// Check user org // Check user org
$organisationProperty = $this->getConfig('organisation_property', 'organization'); $organisationProperty = $this->getConfig('organisation_property', 'organization');
$organisationName = $claims->{$organisationProperty} ?? $this->getConfig('default_org'); $organisationName = $claims->{$organisationProperty} ?? null;
$organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid'); $organisationUuidProperty = $this->getConfig('organisation_uuid_property', 'organization_uuid');
$organisationUuid = $claims->{$organisationUuidProperty} ?? null; $organisationUuid = $claims->{$organisationUuidProperty} ?? null;
$organisationId = $this->checkOrganization($organisationName, $organisationUuid, $user['email']); $organisationId = $this->checkOrganization($organisationName, $organisationUuid, $user['email']);
if (!$organisationId) { if (!$organisationId) {
return false; $defaultOrganisationId = $this->defaultOrganisationId();
if ($defaultOrganisationId) {
$organisationId = $defaultOrganisationId;
} else {
$this->log($user['email'], 'No organisation was assigned.', LOG_WARNING);
return false;
}
} }
if ($update && $user['org_id'] != $organisationId) { if ($update && $user['org_id'] != $organisationId) {
@ -406,11 +412,11 @@ class Oidc
]); ]);
if (empty($orgAux)) { if (empty($orgAux)) {
if (is_numeric($defaultOrgName)) { if (is_numeric($defaultOrgName)) {
$this->log(null, "Could not find default organisation with ID `$defaultOrgName`."); $this->log(null, "Could not find default organisation with ID `$defaultOrgName`.", LOG_ERR);
} else if (Validation::uuid($defaultOrgName)) { } else if (Validation::uuid($defaultOrgName)) {
$this->log(null, "Could not find default organisation with UUID `$defaultOrgName`."); $this->log(null, "Could not find default organisation with UUID `$defaultOrgName`.", LOG_ERR);
} else { } else {
$this->log(null, "Could not find default organisation with name `$defaultOrgName`."); $this->log(null, "Could not find default organisation with name `$defaultOrgName`.", LOG_ERR);
} }
return false; return false;
} }