From 020495a6271e90247f226c59bc302f502d4be105 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Sun, 30 May 2021 01:51:50 +0200 Subject: [PATCH 01/13] Add variables for substitutions on openid_connect_redirect_url --- www/class/centreonAuth.SSO.class.php | 7 ++++++- www/include/Administration/parameters/general/help.php | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 9e96678d752..0499b6481e5 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -85,7 +85,12 @@ public function __construct( ) { $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; - $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; + $redirectSubstitutions = [ + '{$scheme}' => $_SERVER['REQUEST_SCHEME'], + '{$hostname}' => $_SERVER['SERVER_NAME'], + '{$port}' => $_SERVER['SERVER_PORT'] + ]; + $redirectNoEncode = strtr($this->ssoOptions['openid_connect_redirect_url'], $redirectSubstitutions); $baseUrl = rtrim($this->ssoOptions['openid_connect_base_url'], "/"); $authEndpoint = $baseUrl . rtrim($this->ssoOptions['openid_connect_authorization_endpoint'], "/"); $tokenEndpoint = $baseUrl . rtrim($this->ssoOptions['openid_connect_token_endpoint'], "/"); diff --git a/www/include/Administration/parameters/general/help.php b/www/include/Administration/parameters/general/help.php index a5bfe906eb7..971fd5bfc45 100644 --- a/www/include/Administration/parameters/general/help.php +++ b/www/include/Administration/parameters/general/help.php @@ -174,7 +174,7 @@ ); $help['openid_connect_redirect_url'] = dgettext( 'help', - 'Your OpenId Connect redirect url (this server).' + 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions).' ); $help['openid_connect_client_id'] = dgettext( 'help', From d220697887967f06c583a7e908697036e81c9cc9 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Tue, 13 Jul 2021 20:44:02 +0200 Subject: [PATCH 02/13] Use a default redirect_url if empty --- www/class/centreonAuth.SSO.class.php | 8 ++++++-- www/include/Administration/parameters/general/help.php | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index f7345cfd288..33d9a96aa4a 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -94,7 +94,6 @@ public function __construct( && !empty($this->ssoOptions['openid_connect_authorization_endpoint']) && !empty($this->ssoOptions['openid_connect_token_endpoint']) && !empty($this->ssoOptions['openid_connect_introspection_endpoint']) - && !empty($this->ssoOptions['openid_connect_redirect_url']) && !empty($this->ssoOptions['openid_connect_client_id']) && !empty($this->ssoOptions['openid_connect_client_secret']) ) { @@ -103,12 +102,17 @@ public function __construct( # Get configured values $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; + if (empty($this->ssoOptions['openid_connect_redirect_url'])) { + $redirectNoEncode = '{$scheme}://{$hostname}:{$port}/centreon/index.php'; + } else { + $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; + } $redirectSubstitutions = [ '{$scheme}' => $_SERVER['REQUEST_SCHEME'], '{$hostname}' => $_SERVER['SERVER_NAME'], '{$port}' => $_SERVER['SERVER_PORT'] ]; - $redirectNoEncode = strtr($this->ssoOptions['openid_connect_redirect_url'], $redirectSubstitutions); + $redirectNoEncode = strtr($redirectNoEncode, $redirectSubstitutions); $verifyPeer = $this->ssoOptions['openid_connect_verify_peer']; # Build endpoint urls diff --git a/www/include/Administration/parameters/general/help.php b/www/include/Administration/parameters/general/help.php index dc5453df52e..52945b0bfd7 100644 --- a/www/include/Administration/parameters/general/help.php +++ b/www/include/Administration/parameters/general/help.php @@ -178,7 +178,7 @@ ); $help['openid_connect_redirect_url'] = dgettext( 'help', - 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions).' + 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions, default is {$scheme}://{$hostname}:{$port}/centreon/index.php if left empty).' ); $help['openid_connect_client_id'] = dgettext( 'help', From 9d892a2bddb34784a12c7c7a3bb7667cbffdaa31 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Tue, 13 Jul 2021 20:50:00 +0200 Subject: [PATCH 03/13] remove tabs, again --- www/class/centreonAuth.SSO.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 33d9a96aa4a..c52bcaf5cce 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -102,7 +102,7 @@ public function __construct( # Get configured values $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; - if (empty($this->ssoOptions['openid_connect_redirect_url'])) { + if (empty($this->ssoOptions['openid_connect_redirect_url'])) { $redirectNoEncode = '{$scheme}://{$hostname}:{$port}/centreon/index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; From 02f2e9b1755582bfdb628f702fbb41084e0fc665 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Tue, 13 Jul 2021 21:11:55 +0200 Subject: [PATCH 04/13] Split string into two lines to match centreon coding style --- www/include/Administration/parameters/general/help.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/www/include/Administration/parameters/general/help.php b/www/include/Administration/parameters/general/help.php index 52945b0bfd7..c3db27c96ce 100644 --- a/www/include/Administration/parameters/general/help.php +++ b/www/include/Administration/parameters/general/help.php @@ -178,7 +178,8 @@ ); $help['openid_connect_redirect_url'] = dgettext( 'help', - 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions, default is {$scheme}://{$hostname}:{$port}/centreon/index.php if left empty).' + 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions,' + . ' default is {$scheme}://{$hostname}:{$port}/centreon/index.php if left empty).' ); $help['openid_connect_client_id'] = dgettext( 'help', From 4603386a2a90bf1a2784523bbe8b245a7543b8ae Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Wed, 28 Jul 2021 21:02:29 +0200 Subject: [PATCH 05/13] use configured Centreon path as default --- www/class/centreonAuth.SSO.class.php | 11 ++++++++++- .../Administration/parameters/general/help.php | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index c52bcaf5cce..f0a2433929b 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -103,7 +103,16 @@ public function __construct( $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { - $redirectNoEncode = '{$scheme}://{$hostname}:{$port}/centreon/index.php'; + /* + * we can not access $centreon->optGen["oreon_web_path"] before authentication and have to query the DB directly + */ + $DBRESULT = CentreonDBInstance::getConfInstance()->query("SELECT `value` FROM `options` WHERE `key` = 'oreon_web_path'"); + while ($opt = $DBRESULT->fetch()) { + $path = $opt["value"]; + } + $DBRESULT = null; + unset($opt); + $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' . ($path ?? '/centreon/') . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; } diff --git a/www/include/Administration/parameters/general/help.php b/www/include/Administration/parameters/general/help.php index c3db27c96ce..797905666e1 100644 --- a/www/include/Administration/parameters/general/help.php +++ b/www/include/Administration/parameters/general/help.php @@ -179,7 +179,7 @@ $help['openid_connect_redirect_url'] = dgettext( 'help', 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions,' - . ' default is {$scheme}://{$hostname}:{$port}/centreon/index.php if left empty).' + . ' default is {$scheme}://{$hostname}:{$port}/your_centreon_path/index.php if left empty).' ); $help['openid_connect_client_id'] = dgettext( 'help', From 7f6c964343f2d5dbcf84442c13ee6bf1390b7734 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Wed, 28 Jul 2021 21:29:49 +0200 Subject: [PATCH 06/13] reduce line lenght to match Centreon style guides --- www/class/centreonAuth.SSO.class.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index f0a2433929b..132b77aadda 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -104,9 +104,11 @@ public function __construct( $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { /* - * we can not access $centreon->optGen["oreon_web_path"] before authentication and have to query the DB directly + * we can not access $centreon->optGen["oreon_web_path"] before authentication and have to query the + * DB directly */ - $DBRESULT = CentreonDBInstance::getConfInstance()->query("SELECT `value` FROM `options` WHERE `key` = 'oreon_web_path'"); + $pathSql = "SELECT `value` FROM `options` WHERE `key` = 'oreon_web_path'"; + $DBRESULT = CentreonDBInstance::getConfInstance()->query($pathSql); while ($opt = $DBRESULT->fetch()) { $path = $opt["value"]; } From 4555835de767b195b17ef1a9e8b31cab4ee36618 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Wed, 28 Jul 2021 21:36:44 +0200 Subject: [PATCH 07/13] Improve closing DB cursor --- www/class/centreonAuth.SSO.class.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 132b77aadda..8b23cb7de21 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -112,8 +112,7 @@ public function __construct( while ($opt = $DBRESULT->fetch()) { $path = $opt["value"]; } - $DBRESULT = null; - unset($opt); + $DBRESULT->closeCursor(); $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' . ($path ?? '/centreon/') . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; From f2dd662346d5561d8a1387b4b89d2d6b956804c5 Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Tue, 7 Sep 2021 20:56:38 +0200 Subject: [PATCH 08/13] Replace SQL query for oreon_web_path with ssoOptions --- www/class/centreonAuth.SSO.class.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 8b23cb7de21..3804fc1f54a 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -103,17 +103,7 @@ public function __construct( $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { - /* - * we can not access $centreon->optGen["oreon_web_path"] before authentication and have to query the - * DB directly - */ - $pathSql = "SELECT `value` FROM `options` WHERE `key` = 'oreon_web_path'"; - $DBRESULT = CentreonDBInstance::getConfInstance()->query($pathSql); - while ($opt = $DBRESULT->fetch()) { - $path = $opt["value"]; - } - $DBRESULT->closeCursor(); - $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' . ($path ?? '/centreon/') . 'index.php'; + $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' . $this->ssoOptions['oreon_web_path'] . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; } From 8d49eaaebc1e14e120ca2a0de6d627c79790bc0d Mon Sep 17 00:00:00 2001 From: Stefan Mayr Date: Tue, 7 Sep 2021 21:41:37 +0200 Subject: [PATCH 09/13] split line to comply with style guide --- www/class/centreonAuth.SSO.class.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 3804fc1f54a..5da0bb872f8 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -103,7 +103,8 @@ public function __construct( $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { - $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' . $this->ssoOptions['oreon_web_path'] . 'index.php'; + $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' + . $this->ssoOptions['oreon_web_path'] . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; } From 612917898b0f2833f382e37716f2df61f9062b3a Mon Sep 17 00:00:00 2001 From: Laurent Pinsivy Date: Wed, 8 Sep 2021 16:39:59 +0200 Subject: [PATCH 10/13] enh(openid): Allow to do not defined redirect URL --- www/class/centreonAuth.SSO.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index 5da0bb872f8..fcd421894b6 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -104,7 +104,7 @@ public function __construct( $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' - . $this->ssoOptions['oreon_web_path'] . 'index.php'; + . rtim($this->ssoOptions['oreon_web_path'], "/") . "/" . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; } From 4b7d868151cdfca261b72f5cac8bff71b5dc64fe Mon Sep 17 00:00:00 2001 From: Laurent Pinsivy Date: Thu, 9 Sep 2021 17:17:52 +0200 Subject: [PATCH 11/13] Update www/class/centreonAuth.SSO.class.php Co-authored-by: Laurent Calvet --- www/class/centreonAuth.SSO.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index fcd421894b6..cdc5763976b 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -103,7 +103,7 @@ public function __construct( $clientId = $this->ssoOptions['openid_connect_client_id']; $clientSecret = $this->ssoOptions['openid_connect_client_secret']; if (empty($this->ssoOptions['openid_connect_redirect_url'])) { - $redirectNoEncode = '{$scheme}://{$hostname}:{$port}' + $redirectNoEncode = '{scheme}://{hostname}:{port}' . rtim($this->ssoOptions['oreon_web_path'], "/") . "/" . 'index.php'; } else { $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; From d83b846d0e851b19750c09cf192966181fa5c3d8 Mon Sep 17 00:00:00 2001 From: Laurent Pinsivy Date: Thu, 9 Sep 2021 17:17:59 +0200 Subject: [PATCH 12/13] Update www/class/centreonAuth.SSO.class.php Co-authored-by: Laurent Calvet --- www/class/centreonAuth.SSO.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/www/class/centreonAuth.SSO.class.php b/www/class/centreonAuth.SSO.class.php index cdc5763976b..da6fdb0de81 100644 --- a/www/class/centreonAuth.SSO.class.php +++ b/www/class/centreonAuth.SSO.class.php @@ -109,9 +109,9 @@ public function __construct( $redirectNoEncode = $this->ssoOptions['openid_connect_redirect_url']; } $redirectSubstitutions = [ - '{$scheme}' => $_SERVER['REQUEST_SCHEME'], - '{$hostname}' => $_SERVER['SERVER_NAME'], - '{$port}' => $_SERVER['SERVER_PORT'] + '{scheme}' => $_SERVER['REQUEST_SCHEME'], + '{hostname}' => $_SERVER['SERVER_NAME'], + '{port}' => $_SERVER['SERVER_PORT'] ]; $redirectNoEncode = strtr($redirectNoEncode, $redirectSubstitutions); $verifyPeer = $this->ssoOptions['openid_connect_verify_peer']; From 36b22f43d2acad9552dfed8f3c1f91f5e1eb0181 Mon Sep 17 00:00:00 2001 From: Laurent Pinsivy Date: Thu, 9 Sep 2021 17:18:06 +0200 Subject: [PATCH 13/13] Update www/include/Administration/parameters/general/help.php Co-authored-by: Laurent Calvet --- www/include/Administration/parameters/general/help.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/include/Administration/parameters/general/help.php b/www/include/Administration/parameters/general/help.php index 797905666e1..3be817ea536 100644 --- a/www/include/Administration/parameters/general/help.php +++ b/www/include/Administration/parameters/general/help.php @@ -178,8 +178,8 @@ ); $help['openid_connect_redirect_url'] = dgettext( 'help', - 'Your OpenId Connect redirect url (this server, {$scheme}, {$hostname} and {$port} can be used for substitions,' - . ' default is {$scheme}://{$hostname}:{$port}/your_centreon_path/index.php if left empty).' + 'Your OpenId Connect redirect url (this server, {scheme}, {hostname} and {port} can be used for substitions,' + . ' default is {scheme}://{hostname}:{port}/your_centreon_path/index.php if left empty).' ); $help['openid_connect_client_id'] = dgettext( 'help',