From 443a7665405865552eea6e7dd7626221459470bc Mon Sep 17 00:00:00 2001 From: Dominik Frantisek Bucik <bucik@ics.muni.cz> Date: Mon, 27 Nov 2023 10:53:22 +0100 Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Option=20to=20ignore=20l?= =?UTF-8?q?ogins=20by=20SP/IDP=20EntityID=20in=20config?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ability to configure for which matched SP and/or IDP the login insert gets ignored. Particularly usable in case of using API writer. The writing side does not need to take care of filtering out the login record, stats will do it instead. --- config-templates/module_proxystatistics.php | 6 ++++++ lib/Config.php | 10 ++++++++++ lib/DatabaseCommand.php | 18 ++++++++++++++++++ 3 files changed, 34 insertions(+) diff --git a/config-templates/module_proxystatistics.php b/config-templates/module_proxystatistics.php index f1fd423..c0dfbe2 100644 --- a/config-templates/module_proxystatistics.php +++ b/config-templates/module_proxystatistics.php @@ -103,4 +103,10 @@ $config = [ * Password to protect API write endpoint (has no effect if write is disabled) */ //'apiWritePasswordHash' => password_hash('ap1Wr1T3rP@S$'), + + 'ignoredIds' => [ + 'IDP' => ['spentityid1', 'spentityid2', 'spentityid3',], + 'SP' => ['idpentityid1', 'idpentityid2', 'idpentityid3',], + ], + ]; diff --git a/lib/Config.php b/lib/Config.php index e2a9ea9..fd443dd 100644 --- a/lib/Config.php +++ b/lib/Config.php @@ -41,6 +41,8 @@ class Config private const API_WRITE_PASSWORD_HASH = 'apiWritePasswordHash'; + private const IGNORED_IDS = 'ignoredIds'; + private $config; private $store; @@ -63,6 +65,8 @@ class Config private $apiWritePasswordHash; + private $ignoredIds; + private static $instance; private function __construct() @@ -76,6 +80,7 @@ class Config $this->requiredAuthSource = $this->config->getString(self::REQUIRE_AUTH_SOURCE, ''); $this->idAttribute = $this->config->getString(self::USER_ID_ATTRIBUTE, 'uid'); $this->apiWriteEnabled = $this->config->getBoolean(self::API_WRITE_ENABLED, false); + $this->ignoredIds = $this->config->getArray(self::IGNORED_IDS, []); if ($this->apiWriteEnabled) { $this->apiWriteUsername = $this->config->getString(self::API_WRITE_USERNAME); if (empty(trim($this->apiWriteUsername))) { @@ -162,4 +167,9 @@ class Config { return $this->apiWritePasswordHash; } + + public function getIgnoredIds() + { + return $this->ignoredIds; + } } diff --git a/lib/DatabaseCommand.php b/lib/DatabaseCommand.php index 8c92a51..cfe8089 100644 --- a/lib/DatabaseCommand.php +++ b/lib/DatabaseCommand.php @@ -60,6 +60,11 @@ class DatabaseCommand private $mode; + private $ignoredIds = [ + Config::MODE_IDP => [], + Config::MODE_SP => [], + ]; + private $escape_char = '`'; public function __construct() @@ -73,6 +78,7 @@ class DatabaseCommand } else { $this->unknownDriver(); } + $this->ignoredIds = array_merge($this->ignoredIds, $this->config->getIgnoredIds()); $this->tables = array_merge($this->tables, $this->config->getTables()); $this->mode = $this->config->getMode(); } @@ -269,6 +275,18 @@ class DatabaseCommand return; } + $entityId = $entities[$side][self::KEY_ID]; + if (in_array($entityId, $this->ignoredIds[$side])) { + Logger::debug( + sprintf( + "%s EntityId of %s (%s) has been found in the ignored list. Not inserting login.", + self::DEBUG_PREFIX, + $side, + $entityId + ) + ); + return; + } } $ids = []; -- GitLab