Skip to content

Commit

Permalink
Merge branch 'main' into test
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThomasAFink
ThomasAFink committed Jan 21, 2025
2 parents 01f3b60 + 9f2afb1 commit a2dc1cd
Show file tree
Hide file tree
Showing 3 changed files with 181 additions and 33 deletions.
104 changes: 89 additions & 15 deletions zmsadmin/src/Zmsadmin/Oidc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,96 @@ public function readResponse(
\Psr\Http\Message\ResponseInterface $response,
array $args
) {
if ($request->getParam("state") == \BO\Zmsclient\Auth::getKey()) {
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
if (0 == $workstation->getUseraccount()->getDepartmentList()->count()) {
return \BO\Slim\Render::redirect(
'index',
[],
[
'oidclogin' => true
]
);
try {
$state = $request->getParam("state");
$authKey = \BO\Zmsclient\Auth::getKey();

// Log state validation attempt
error_log(json_encode([
'event' => 'oauth_state_validation',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsadmin',
'state_match' => ($state == $authKey)
]));

if ($state == $authKey) {
try {
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
$username = $workstation->getUseraccount()->id . '@' . \BO\Zmsclient\Auth::getOidcProvider();

// Log workstation access with username
error_log(json_encode([
'event' => 'oauth_workstation_access',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsadmin',
'username' => $username,
'workstation_id' => $workstation->id ?? 'unknown'
]));

$departmentCount = $workstation->getUseraccount()->getDepartmentList()->count();

// Log department check with username
error_log(json_encode([
'event' => 'oauth_department_check',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsadmin',
'username' => $username,
'department_count' => $departmentCount,
'has_departments' => ($departmentCount > 0)
]));

if (0 == $departmentCount) {
return \BO\Slim\Render::redirect(
'index',
[],
[
'oidclogin' => true
]
);
}
return \BO\Slim\Render::redirect(
'workstationSelect',
[],
[]
);
} catch (\Exception $e) {
// Log workstation access error
error_log(json_encode([
'event' => 'oauth_workstation_error',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsadmin',
'error' => $e->getMessage(),
'code' => $e->getCode()
]));
throw $e;
}
}
return \BO\Slim\Render::redirect(
'workstationSelect',
[],
[]
);

// Log invalid state
error_log(json_encode([
'event' => 'oauth_invalid_state',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsadmin'
]));

throw new \BO\Slim\Exception\OAuthInvalid();

} catch (\Exception $e) {
// Log any uncaught exceptions
error_log(json_encode([
'event' => 'oauth_error',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsadmin',
'error' => $e->getMessage(),
'code' => $e->getCode()
]));
throw $e;
}
}
}
4 changes: 2 additions & 2 deletions zmsslim/src/Slim/Middleware/OAuth/Keycloak/Provider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,10 +86,10 @@ private function getOptionsFromJsonFile()
$realmData = $this->getBasicOptionsFromJsonFile();
$realmData['clientSecret'] = $config_data['credentials']['secret'];
$realmData['authServerUrl'] = $config_data['auth-server-url'];
$realmData['verify'] = $config_data['ssl-verify'];
$realmData['verify'] = $config_data['ssl-verify'] ?? true;
return $realmData;
}

public function getBasicOptionsFromJsonFile()
{
$config_data = file_get_contents(\App::APP_PATH . '/'. static::PROVIDERNAME .'.json');
Expand Down
106 changes: 90 additions & 16 deletions zmsstatistic/src/Zmsstatistic/Oidc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,101 @@ class Oidc extends BaseController
* @SuppressWarnings(Param)
* @return \Psr\Http\Message\ResponseInterface
*/
public function readResponse(
public function readResponse(
\Psr\Http\Message\RequestInterface $request,
\Psr\Http\Message\ResponseInterface $response,
array $args
) {
if ($request->getParam("state") == \BO\Zmsclient\Auth::getKey()) {
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
if (0 == $workstation->getUseraccount()->getDepartmentList()->count()) {
return \BO\Slim\Render::redirect(
'index',
[],
[
'oidclogin' => true
]
);
try {
$state = $request->getParam("state");
$authKey = \BO\Zmsclient\Auth::getKey();

// Log state validation attempt
error_log(json_encode([
'event' => 'oauth_state_validation',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsstatistic',
'state_match' => ($state == $authKey)
]));

if ($state == $authKey) {
try {
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
$username = $workstation->getUseraccount()->id . '@' . \BO\Zmsclient\Auth::getOidcProvider();

// Log workstation access with username
error_log(json_encode([
'event' => 'oauth_workstation_access',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsstatistic',
'username' => $username,
'workstation_id' => $workstation->id ?? 'unknown'
]));

$departmentCount = $workstation->getUseraccount()->getDepartmentList()->count();

// Log department check with username
error_log(json_encode([
'event' => 'oauth_department_check',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsstatistic',
'username' => $username,
'department_count' => $departmentCount,
'has_departments' => ($departmentCount > 0)
]));

if (0 == $departmentCount) {
return \BO\Slim\Render::redirect(
'index',
[],
[
'oidclogin' => true
]
);
}
return \BO\Slim\Render::redirect(
'workstationSelect',
[],
[]
);
} catch (\Exception $e) {
// Log workstation access error
error_log(json_encode([
'event' => 'oauth_workstation_error',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsstatistic',
'error' => $e->getMessage(),
'code' => $e->getCode()
]));
throw $e;
}
}
return \BO\Slim\Render::redirect(
'workstationSelect',
[],
[]
);

// Log invalid state
error_log(json_encode([
'event' => 'oauth_invalid_state',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsstatistic'
]));

throw new \BO\Slim\Exception\OAuthInvalid();

} catch (\Exception $e) {
// Log any uncaught exceptions
error_log(json_encode([
'event' => 'oauth_error',
'timestamp' => date('c'),
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
'application' => 'zmsstatistic',
'error' => $e->getMessage(),
'code' => $e->getCode()
]));
throw $e;
}
}
}

0 comments on commit a2dc1cd

Please sign in to comment.