cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

chg: [security] keycloak enabled - disallow multiple users from being created for the same individual 

- as reported by SK-CERT
cli-modification-summary
iglocska 2022-09-18 19:26:24 +02:00
parent 10ea126a93
commit 254fdc3b84
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Controller/UsersController.php
View File

@ -90,6 +90,12 @@ class UsersController extends AppController
if (empty($data['individual_id'])) { if (empty($data['individual_id'])) {
throw new MethodNotAllowedException(__('No valid individual found. Either supply it in the request or set the individual_id to a valid value.')); throw new MethodNotAllowedException(__('No valid individual found. Either supply it in the request or set the individual_id to a valid value.'));
} }
if (Configure::read('keycloak.enabled')) {
$existingUserForIndividual = $this->Users->find()->where(['individual_id' => $data['individual_id']])->first();
if (!empty($existingUserForIndividual)) {
throw new MethodNotAllowedException(__('Invalid individual selected - when KeyCloak is enabled, only one user account may be assigned to an individual.'));
}
}
$this->Users->enrollUserRouter($data); $this->Users->enrollUserRouter($data);
return $data; return $data;
} }