Skip to content
Snippets Groups Projects
Verified Commit f7b3bf4a authored by Dominik Frantisek Bucik's avatar Dominik Frantisek Bucik
Browse files

fix: :bug: potential Undefined array keys in IsCesnetEligible

parent e5cc0642
Branches
Tags
1 merge request!63Fixes in AuthProc filters
Pipeline #354759 passed
Stage: .pre
Stage: test
Hide whitespace changes
Inline Side-by-side
lib/Auth/Process/IsCesnetEligible.php
+ 8
8
View file @ f7b3bf4a
...@@ -85,7 +85,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -85,7 +85,7 @@ class IsCesnetEligible extends ProcessingFilter
{ {
parent::__construct($config, $reserved); parent::__construct($config, $reserved);
$conf = Configuration::loadFromArray($config); $conf = Configuration::loadFromArray($config);
if (!isset($config[self::RPC_ATTRIBUTE_NAME]) || empty($config[self::RPC_ATTRIBUTE_NAME])) { if (empty($config[self::RPC_ATTRIBUTE_NAME])) {
throw new Exception( throw new Exception(
'cesnet:IsCesnetEligible - missing mandatory configuration option \'' . self::RPC_ATTRIBUTE_NAME . '\'.' 'cesnet:IsCesnetEligible - missing mandatory configuration option \'' . self::RPC_ATTRIBUTE_NAME . '\'.'
); );
...@@ -96,13 +96,13 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -96,13 +96,13 @@ class IsCesnetEligible extends ProcessingFilter
$this->cesnetLdapConnector = (new AdapterLdap(self::CONFIG_FILE_NAME))->getConnector(); $this->cesnetLdapConnector = (new AdapterLdap(self::CONFIG_FILE_NAME))->getConnector();
$this->rpcAdapter = Adapter::getInstance(Adapter::RPC); $this->rpcAdapter = Adapter::getInstance(Adapter::RPC);
if (isset($config[self::ATTR_NAME]) && !empty($config[self::ATTR_NAME])) { if (!empty($config[self::ATTR_NAME])) {
$this->returnAttrName = $config['attrName']; $this->returnAttrName = $config['attrName'];
} }
if ( if (
isset($config[self::INTERFACE_PROPNAME], $config[self::LDAP_ATTRIBUTE_NAME]) && ($config[self::INTERFACE_PROPNAME] ?? self::RPC) === self::LDAP
$config[self::INTERFACE_PROPNAME] === self::LDAP && !empty($config[self::LDAP_ATTRIBUTE_NAME]) && !empty($config[self::LDAP_ATTRIBUTE_NAME])
) { ) {
$this->interface = $config[self::INTERFACE_PROPNAME]; $this->interface = $config[self::INTERFACE_PROPNAME];
$this->ldapAttrName = $config[self::LDAP_ATTRIBUTE_NAME]; $this->ldapAttrName = $config[self::LDAP_ATTRIBUTE_NAME];
...@@ -119,7 +119,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -119,7 +119,7 @@ class IsCesnetEligible extends ProcessingFilter
$conf->getString(self::PERUN_USER_SPONSORING_ORGANIZATIONS_ATTR_NAME, null); $conf->getString(self::PERUN_USER_SPONSORING_ORGANIZATIONS_ATTR_NAME, null);
$this->userAffiliationsAttrName = $conf->getString(self::PERUN_USER_AFFILIATIONS_ATTR_NAME, null); $this->userAffiliationsAttrName = $conf->getString(self::PERUN_USER_AFFILIATIONS_ATTR_NAME, null);
if (!isset($this->userAffiliationsAttrName, $this->userSponsoringOrganizationsAttrName)) { if (empty($this->userAffiliationsAttrName) || empty($this->userSponsoringOrganizationsAttrName)) {
Logger::warning( Logger::warning(
'cesnet:IsCesnetEligible - One of attributes [' . $this->userAffiliationsAttrName . ', ' . 'cesnet:IsCesnetEligible - One of attributes [' . $this->userAffiliationsAttrName . ', ' .
$this->userSponsoringOrganizationsAttrName . '] wasn\'t set!' $this->userSponsoringOrganizationsAttrName . '] wasn\'t set!'
...@@ -129,7 +129,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -129,7 +129,7 @@ class IsCesnetEligible extends ProcessingFilter
public function process(&$request) public function process(&$request)
{ {
if (isset($request['perun']['user'])) { if (!empty($request['perun']['user'])) {
$user = $request['perun']['user']; $user = $request['perun']['user'];
} else { } else {
Logger::debug( Logger::debug(
...@@ -140,7 +140,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -140,7 +140,7 @@ class IsCesnetEligible extends ProcessingFilter
} }
$this->idpEntityId = $request['saml:sp:IdP']; $this->idpEntityId = $request['saml:sp:IdP'];
if (isset($request['Attributes']['eduPersonScopedAffiliation'])) { if (!empty($request['Attributes']['eduPersonScopedAffiliation'])) {
$this->eduPersonScopedAffiliation $this->eduPersonScopedAffiliation
= $request['Attributes']['eduPersonScopedAffiliation']; = $request['Attributes']['eduPersonScopedAffiliation'];
} else { } else {
...@@ -153,7 +153,7 @@ class IsCesnetEligible extends ProcessingFilter ...@@ -153,7 +153,7 @@ class IsCesnetEligible extends ProcessingFilter
if (!empty($user)) { if (!empty($user)) {
if ($this->interface === self::LDAP) { if ($this->interface === self::LDAP) {
$attrs = $this->adapter->getUserAttributes($user, [$this->ldapAttrName]); $attrs = $this->adapter->getUserAttributes($user, [$this->ldapAttrName]);
if (isset($attrs[$this->ldapAttrName][0])) { if (!empty($attrs[$this->ldapAttrName][0])) {
$this->cesnetEligibleLastSeenValue = $attrs[$this->ldapAttrName][0]; $this->cesnetEligibleLastSeenValue = $attrs[$this->ldapAttrName][0];
} }
} else { } else {
......
lib/Auth/Process/IsEinfraCZEligible.php
+ 1
1
View file @ f7b3bf4a
...@@ -61,7 +61,7 @@ class IsEinfraCZEligible extends ProcessingFilter ...@@ -61,7 +61,7 @@ class IsEinfraCZEligible extends ProcessingFilter
public function process(&$request) public function process(&$request)
{ {
$userScopedAffiliations = []; $userScopedAffiliations = [];
if (isset($request['Attributes'][$this->userAffiliationAttr])) { if (!empty($request['Attributes'][$this->userAffiliationAttr])) {
$userScopedAffiliations $userScopedAffiliations
= $request['Attributes'][$this->userAffiliationAttr]; = $request['Attributes'][$this->userAffiliationAttr];
} else { } else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment