Skip to content

Commit f12eee5

Browse files
ThomasAFinkThomasAFink
committed
Merge branch 'test' into next
2 parents e9afaf2 + a2dc1cd commit f12eee5

File tree

3 files changed

+181
-33
lines changed

3 files changed

+181
-33
lines changed

zmsadmin/src/Zmsadmin/Oidc.php

+89-15
Original file line numberDiff line numberDiff line change
@@ -19,22 +19,96 @@ public function readResponse(
1919
\Psr\Http\Message\ResponseInterface $response,
2020
array $args
2121
) {
22-
if ($request->getParam("state") == \BO\Zmsclient\Auth::getKey()) {
23-
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
24-
if (0 == $workstation->getUseraccount()->getDepartmentList()->count()) {
25-
return \BO\Slim\Render::redirect(
26-
'index',
27-
[],
28-
[
29-
'oidclogin' => true
30-
]
31-
);
22+
try {
23+
$state = $request->getParam("state");
24+
$authKey = \BO\Zmsclient\Auth::getKey();
25+
26+
// Log state validation attempt
27+
error_log(json_encode([
28+
'event' => 'oauth_state_validation',
29+
'timestamp' => date('c'),
30+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
31+
'application' => 'zmsadmin',
32+
'state_match' => ($state == $authKey)
33+
]));
34+
35+
if ($state == $authKey) {
36+
try {
37+
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
38+
$username = $workstation->getUseraccount()->id . '@' . \BO\Zmsclient\Auth::getOidcProvider();
39+
40+
// Log workstation access with username
41+
error_log(json_encode([
42+
'event' => 'oauth_workstation_access',
43+
'timestamp' => date('c'),
44+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
45+
'application' => 'zmsadmin',
46+
'username' => $username,
47+
'workstation_id' => $workstation->id ?? 'unknown'
48+
]));
49+
50+
$departmentCount = $workstation->getUseraccount()->getDepartmentList()->count();
51+
52+
// Log department check with username
53+
error_log(json_encode([
54+
'event' => 'oauth_department_check',
55+
'timestamp' => date('c'),
56+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
57+
'application' => 'zmsadmin',
58+
'username' => $username,
59+
'department_count' => $departmentCount,
60+
'has_departments' => ($departmentCount > 0)
61+
]));
62+
63+
if (0 == $departmentCount) {
64+
return \BO\Slim\Render::redirect(
65+
'index',
66+
[],
67+
[
68+
'oidclogin' => true
69+
]
70+
);
71+
}
72+
return \BO\Slim\Render::redirect(
73+
'workstationSelect',
74+
[],
75+
[]
76+
);
77+
} catch (\Exception $e) {
78+
// Log workstation access error
79+
error_log(json_encode([
80+
'event' => 'oauth_workstation_error',
81+
'timestamp' => date('c'),
82+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
83+
'application' => 'zmsadmin',
84+
'error' => $e->getMessage(),
85+
'code' => $e->getCode()
86+
]));
87+
throw $e;
88+
}
3289
}
33-
return \BO\Slim\Render::redirect(
34-
'workstationSelect',
35-
[],
36-
[]
37-
);
90+
91+
// Log invalid state
92+
error_log(json_encode([
93+
'event' => 'oauth_invalid_state',
94+
'timestamp' => date('c'),
95+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
96+
'application' => 'zmsadmin'
97+
]));
98+
99+
throw new \BO\Slim\Exception\OAuthInvalid();
100+
101+
} catch (\Exception $e) {
102+
// Log any uncaught exceptions
103+
error_log(json_encode([
104+
'event' => 'oauth_error',
105+
'timestamp' => date('c'),
106+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
107+
'application' => 'zmsadmin',
108+
'error' => $e->getMessage(),
109+
'code' => $e->getCode()
110+
]));
111+
throw $e;
38112
}
39113
}
40114
}

zmsslim/src/Slim/Middleware/OAuth/Keycloak/Provider.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -86,10 +86,10 @@ private function getOptionsFromJsonFile()
8686
$realmData = $this->getBasicOptionsFromJsonFile();
8787
$realmData['clientSecret'] = $config_data['credentials']['secret'];
8888
$realmData['authServerUrl'] = $config_data['auth-server-url'];
89-
$realmData['verify'] = $config_data['ssl-verify'];
89+
$realmData['verify'] = $config_data['ssl-verify'] ?? true;
9090
return $realmData;
9191
}
92-
92+
9393
public function getBasicOptionsFromJsonFile()
9494
{
9595
$config_data = file_get_contents(\App::APP_PATH . '/'. static::PROVIDERNAME .'.json');

zmsstatistic/src/Zmsstatistic/Oidc.php

+90-16
Original file line numberDiff line numberDiff line change
@@ -14,27 +14,101 @@ class Oidc extends BaseController
1414
* @SuppressWarnings(Param)
1515
* @return \Psr\Http\Message\ResponseInterface
1616
*/
17-
public function readResponse(
17+
public function readResponse(
1818
\Psr\Http\Message\RequestInterface $request,
1919
\Psr\Http\Message\ResponseInterface $response,
2020
array $args
2121
) {
22-
if ($request->getParam("state") == \BO\Zmsclient\Auth::getKey()) {
23-
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
24-
if (0 == $workstation->getUseraccount()->getDepartmentList()->count()) {
25-
return \BO\Slim\Render::redirect(
26-
'index',
27-
[],
28-
[
29-
'oidclogin' => true
30-
]
31-
);
22+
try {
23+
$state = $request->getParam("state");
24+
$authKey = \BO\Zmsclient\Auth::getKey();
25+
26+
// Log state validation attempt
27+
error_log(json_encode([
28+
'event' => 'oauth_state_validation',
29+
'timestamp' => date('c'),
30+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
31+
'application' => 'zmsstatistic',
32+
'state_match' => ($state == $authKey)
33+
]));
34+
35+
if ($state == $authKey) {
36+
try {
37+
$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 2])->getEntity();
38+
$username = $workstation->getUseraccount()->id . '@' . \BO\Zmsclient\Auth::getOidcProvider();
39+
40+
// Log workstation access with username
41+
error_log(json_encode([
42+
'event' => 'oauth_workstation_access',
43+
'timestamp' => date('c'),
44+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
45+
'application' => 'zmsstatistic',
46+
'username' => $username,
47+
'workstation_id' => $workstation->id ?? 'unknown'
48+
]));
49+
50+
$departmentCount = $workstation->getUseraccount()->getDepartmentList()->count();
51+
52+
// Log department check with username
53+
error_log(json_encode([
54+
'event' => 'oauth_department_check',
55+
'timestamp' => date('c'),
56+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
57+
'application' => 'zmsstatistic',
58+
'username' => $username,
59+
'department_count' => $departmentCount,
60+
'has_departments' => ($departmentCount > 0)
61+
]));
62+
63+
if (0 == $departmentCount) {
64+
return \BO\Slim\Render::redirect(
65+
'index',
66+
[],
67+
[
68+
'oidclogin' => true
69+
]
70+
);
71+
}
72+
return \BO\Slim\Render::redirect(
73+
'workstationSelect',
74+
[],
75+
[]
76+
);
77+
} catch (\Exception $e) {
78+
// Log workstation access error
79+
error_log(json_encode([
80+
'event' => 'oauth_workstation_error',
81+
'timestamp' => date('c'),
82+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
83+
'application' => 'zmsstatistic',
84+
'error' => $e->getMessage(),
85+
'code' => $e->getCode()
86+
]));
87+
throw $e;
88+
}
3289
}
33-
return \BO\Slim\Render::redirect(
34-
'workstationSelect',
35-
[],
36-
[]
37-
);
90+
91+
// Log invalid state
92+
error_log(json_encode([
93+
'event' => 'oauth_invalid_state',
94+
'timestamp' => date('c'),
95+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
96+
'application' => 'zmsstatistic'
97+
]));
98+
99+
throw new \BO\Slim\Exception\OAuthInvalid();
100+
101+
} catch (\Exception $e) {
102+
// Log any uncaught exceptions
103+
error_log(json_encode([
104+
'event' => 'oauth_error',
105+
'timestamp' => date('c'),
106+
'provider' => \BO\Zmsclient\Auth::getOidcProvider(),
107+
'application' => 'zmsstatistic',
108+
'error' => $e->getMessage(),
109+
'code' => $e->getCode()
110+
]));
111+
throw $e;
38112
}
39113
}
40114
}

0 commit comments

Comments
 (0)