MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [config] Allow Oidc roles as string

pull/9695/head
christianmg99 2024-04-22 00:23:25 +02:00
parent ddd0a0cd46
commit ce7ab72190
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/Plugin/OidcAuth/Lib/Oidc.php
View File

@ -74,7 +74,6 @@ class Oidc
return false; return false;
} }
$roles = is_string($roles) ? explode($this->getConfig('roles_delimiter', ','), $roles) : $roles;
$roleId = $this->getUserRole($roles, $mispUsername); $roleId = $this->getUserRole($roles, $mispUsername);
if ($roleId === null) { if ($roleId === null) {
$this->log($mispUsername, 'No role was assigned, access prohibited.', LOG_WARNING); $this->log($mispUsername, 'No role was assigned, access prohibited.', LOG_WARNING);
@ -232,7 +231,6 @@ class Oidc
return false; return false;
} }
$roles = is_string($roles) ? explode($this->getConfig('roles_delimiter', ','), $roles) : $roles;
$roleId = $this->getUserRole($roles, $user['email']); $roleId = $this->getUserRole($roles, $user['email']);
if ($roleId === null) { if ($roleId === null) {
$this->log($user['email'], 'No role was assigned.', LOG_WARNING); $this->log($user['email'], 'No role was assigned.', LOG_WARNING);
@ -304,9 +302,10 @@ class Oidc
$providerUrl = $this->getConfig('provider_url'); $providerUrl = $this->getConfig('provider_url');
$clientId = $this->getConfig('client_id'); $clientId = $this->getConfig('client_id');
$clientSecret = $this->getConfig('client_secret'); $clientSecret = $this->getConfig('client_secret');
$issuer = $this->getConfig('issuer', $providerUrl);
if (class_exists("\JakubOnderka\OpenIDConnectClient")) { if (class_exists("\JakubOnderka\OpenIDConnectClient")) {
$oidc = new \JakubOnderka\OpenIDConnectClient($providerUrl, $clientId, $clientSecret); $oidc = new \JakubOnderka\OpenIDConnectClient($providerUrl, $clientId, $clientSecret, $issuer);
} else if (class_exists("\Jumbojett\OpenIDConnectClient")) { } else if (class_exists("\Jumbojett\OpenIDConnectClient")) {
throw new Exception("Jumbojett OIDC implementation is not supported anymore, please use JakubOnderka's client"); throw new Exception("Jumbojett OIDC implementation is not supported anymore, please use JakubOnderka's client");
} else { } else {
@ -444,12 +443,13 @@ class Oidc
} }
/** /**
* @param array $roles Role list provided by OIDC * @param array|string $roles Role list provided by OIDC
* @param string $mispUsername * @param string $mispUsername
* @return int|null Role ID or null if no role matches * @return int|null Role ID or null if no role matches
*/ */
private function getUserRole(array $roles, $mispUsername) private function getUserRole($roles, $mispUsername)
{ {
$roles = is_string($roles) ? explode($this->getConfig('roles_delimiter', ','), $roles) : $roles;
$this->log($mispUsername, 'Provided roles: ' . implode(', ', $roles)); $this->log($mispUsername, 'Provided roles: ' . implode(', ', $roles));
$roleMapper = $this->getConfig('role_mapper'); $roleMapper = $this->getConfig('role_mapper');
if (!is_array($roleMapper)) { if (!is_array($roleMapper)) {

1
app/Plugin/OidcAuth/README.md
View File

@ -32,6 +32,7 @@ $config = array(
... ...
'OidcAuth' = [ 'OidcAuth' = [
'provider_url' => '{{ OIDC_PROVIDER }}', 'provider_url' => '{{ OIDC_PROVIDER }}',
'issuer' => '{{ OIDC_ISSUER }}', // If omitted, it defaults to provider_url
'client_id' => '{{ OIDC_CLIENT_ID }}', 'client_id' => '{{ OIDC_CLIENT_ID }}',
'client_secret' => '{{ OIDC_CLIENT_SECRET }}', 'client_secret' => '{{ OIDC_CLIENT_SECRET }}',
'role_mapper' => [ // if user has multiple roles, first role that match will be assigned to user 'role_mapper' => [ // if user has multiple roles, first role that match will be assigned to user