From 2da9d8f7d275b447c597dcdff306044f516e40fd Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 18 Feb 2022 11:47:33 +0100 Subject: [PATCH 1/3] new: [keycloak] log enrollment outcome in the audit log --- src/Model/Behavior/AuthKeycloakBehavior.php | 24 +++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php index 12bb3e2..7cbb5ca 100644 --- a/src/Model/Behavior/AuthKeycloakBehavior.php +++ b/src/Model/Behavior/AuthKeycloakBehavior.php @@ -137,6 +137,30 @@ class AuthKeycloakBehavior extends Behavior ] ] ); + $logChange = [ + 'username' => $data['username'], + 'individual_id' => $data['individual_id'], + 'role_id' => $data['role_id'] + ]; + if (!$response->isOk()) { + $logChange['error_code'] = $response->getStatusCode(); + $logChange['error_body'] = $response->getStringBody(); + $this->_table->auditLogs()->insert([ + 'request_action' => 'enrollUser', + 'model' => 'User', + 'model_id' => 0, + 'model_title' => __('Failed Keycloak enrollment for user {0}', $data['username']), + 'changed' => $logChange + ]); + } else { + $this->_table->auditLogs()->insert([ + 'request_action' => 'enrollUser', + 'model' => 'User', + 'model_id' => 0, + 'model_title' => __('Successful Keycloak enrollment for user {0}', $data['username']), + 'changed' => $logChange + ]); + } return true; } From 8a6f0ed7512cf380781877c04f1856a913593b8f Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Feb 2022 10:23:23 +0100 Subject: [PATCH 2/3] fix: [settings] invalid setting name fixed --- src/Model/Behavior/AuthKeycloakBehavior.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php index 7cbb5ca..fb73bdd 100644 --- a/src/Model/Behavior/AuthKeycloakBehavior.php +++ b/src/Model/Behavior/AuthKeycloakBehavior.php @@ -134,7 +134,8 @@ class AuthKeycloakBehavior extends Behavior 'headers' => [ 'Content-Type' => 'application/json', 'Authorization' => 'Bearer ' . $token - ] + ], + 'ssl_verify_peer' => false ] ); $logChange = [ From 61cda0af3353f6ac48110a6317ff5f78f82bb581 Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 28 Feb 2022 10:27:17 +0100 Subject: [PATCH 3/3] fix: [minor fixes] with the keycloak integration --- src/Model/Behavior/AuthKeycloakBehavior.php | 3 +-- src/Model/Table/SettingProviders/CerebrateSettingsProvider.php | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php index fb73bdd..7cbb5ca 100644 --- a/src/Model/Behavior/AuthKeycloakBehavior.php +++ b/src/Model/Behavior/AuthKeycloakBehavior.php @@ -134,8 +134,7 @@ class AuthKeycloakBehavior extends Behavior 'headers' => [ 'Content-Type' => 'application/json', 'Authorization' => 'Bearer ' . $token - ], - 'ssl_verify_peer' => false + ] ] ); $logChange = [ diff --git a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php index 5ed9f3b..9cf755d 100644 --- a/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php +++ b/src/Model/Table/SettingProviders/CerebrateSettingsProvider.php @@ -398,7 +398,7 @@ class CerebrateSettingValidator extends SettingValidator $foundEnabledAuth = __('Cannot make change - this would disable every possible authentication method.'); foreach ($providers as $provider) { if ($provider !== $setting['authentication_type']) { - if (Configure::read($provider . '.enable')) { + if (Configure::read($provider . '.enabled')) { $foundEnabledAuth = true; } }