From 5a388efa14b59443196df41986f83bf7fd2f780c Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Fri, 24 Apr 2020 16:50:30 -0400 Subject: [PATCH 01/14] Fix in case token comes through with HTTP instead of HTTPS --- oauth/token.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/oauth/token.php b/oauth/token.php index f0ad755..a15973c 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -8,5 +8,10 @@ require_once __DIR__.'/server.php'; // Handle a request for an OAuth2.0 Access Token and send the response to the client +error_log("token.php \$_POST = " . json_encode($_POST)); +if (substr($_POST["redirect_uri"],0,5) == "http:") { + $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"],4); +} + $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); -?> \ No newline at end of file +?> From b44b6c4116a109a90ba23857db9fb15fc2467ed0 Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Mon, 27 Apr 2020 14:38:13 -0400 Subject: [PATCH 02/14] Use cn value for external id --- oauth/LDAP/LDAP.php | 2 ++ oauth/resource.php | 36 +++++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/oauth/LDAP/LDAP.php b/oauth/LDAP/LDAP.php index 30ecca8..5b050c2 100755 --- a/oauth/LDAP/LDAP.php +++ b/oauth/LDAP/LDAP.php @@ -225,6 +225,8 @@ class LDAP implements LDAPInterface throw new Exception('An error has occured during ldap_first_entry execution. Please check parameter of LDAP/getData.'); } + error_log("LDAP \$data = " . json_encode($data)); + $mail = ldap_get_values($this->ldap_server, $data, "mail"); if (!$mail) { diff --git a/oauth/resource.php b/oauth/resource.php index 59af40e..3ebfc1d 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -35,7 +35,41 @@ try $data = $ldap->getDataForMattermost($ldap_base_dn,$ldap_filter,$ldap_bind_dn,$ldap_bind_pass,$ldap_search_attribute,$user); // Here is the patch for Mattermost 4.4 and older. Gitlab has changed the JSON output of oauth service. Many data are not used by Mattermost, but there is a stack error if we delete them. That's the reason why date and many parameters are null or empty. - $resp = array("id" => $assoc_id,"name" => $data['cn'],"username" => $user,"state" => "active","avatar_url" => "","web_url" => "","created_at" => "0000-00-00T00:00:00.000Z","bio" => null,"location" => null,"skype" => "","linkedin" => "","twitter" => "","website_url" => "","organization" => null,"last_sign_in_at" => "0000-00-00T00:00:00.000Z","confirmed_at" => "0000-00-00T00:00:00.000Z","last_activity_on" => null,"email" => $data['mail'],"theme_id" => 1,"color_scheme_id" => 1,"projects_limit" => 100000,"current_sign_in_at" => "0000-00-00T00:00:00.000Z","identities" => array(array("provider" => "ldapmain","extern_uid" => $data['dn'])),"can_create_group" => true,"can_create_project" => true,"two_factor_enabled" => false,"external" => false,"shared_runners_minutes_limit" => null); + error_log("resource.php \$data = " . json_encode($data); + $resp = array( + "id" => $assoc_id, + "name" => $data['cn'], + "username" => $user, + "state" => "active", + "avatar_url" => "", + "web_url" => "", + "created_at" => "0000-00-00T00:00:00.000Z", + "bio" => null,"location" => null, + "skype" => "", + "linkedin" => "", + "twitter" => "", + "website_url" => "", + "organization" => null, + "last_sign_in_at" => "0000-00-00T00:00:00.000Z", + "confirmed_at" => "0000-00-00T00:00:00.000Z", + "last_activity_on" => null, + "email" => $data['mail'], + "theme_id" => 1, + "color_scheme_id" => 1, + "projects_limit" => 100000, + "current_sign_in_at" => "0000-00-00T00:00:00.000Z", + "identities" => array( + array( + "provider" => "ldapmain", + "extern_uid" => $data['cn'] + ) + ), + "can_create_group" => true, + "can_create_project" => true, + "two_factor_enabled" => false, + "external" => false, + "shared_runners_minutes_limit" => null + ); // Below is the old version, still consistent with Mattermost before version 4.4 // $resp = array("name" => $data['cn'],"username" => $user,"id" => $assoc_id,"state" => "active","email" => $data['mail']); From 0e06bf6c97e76a42fa6dec88015e41025fd656d8 Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Mon, 27 Apr 2020 17:00:45 -0400 Subject: [PATCH 03/14] Line breaks and diagnostic logs --- oauth/LDAP/LDAP.php | 6 ++++-- oauth/resource.php | 14 ++++++++++++-- oauth/token.php | 2 ++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/oauth/LDAP/LDAP.php b/oauth/LDAP/LDAP.php index 5b050c2..2175fc7 100755 --- a/oauth/LDAP/LDAP.php +++ b/oauth/LDAP/LDAP.php @@ -225,7 +225,7 @@ class LDAP implements LDAPInterface throw new Exception('An error has occured during ldap_first_entry execution. Please check parameter of LDAP/getData.'); } - error_log("LDAP \$data = " . json_encode($data)); + error_log("LDAP \$data = " . var_dump($data)); $mail = ldap_get_values($this->ldap_server, $data, "mail"); if (!$mail) @@ -239,7 +239,9 @@ class LDAP implements LDAPInterface throw new Exception('An error has occured during ldap_get_values execution (complete name). Please check parameter of LDAP/getData.'); } - return array("mail" => $mail[0], "cn" => $cn[0]); + $return_data = array("mail" => $mail[0], "cn" => $cn[0]); + error_log("LDAP \$return_data = " . json_encode($return_data)); + return $return_data; } /* diff --git a/oauth/resource.php b/oauth/resource.php index 3ebfc1d..b083bb8 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -34,8 +34,17 @@ try { $data = $ldap->getDataForMattermost($ldap_base_dn,$ldap_filter,$ldap_bind_dn,$ldap_bind_pass,$ldap_search_attribute,$user); - // Here is the patch for Mattermost 4.4 and older. Gitlab has changed the JSON output of oauth service. Many data are not used by Mattermost, but there is a stack error if we delete them. That's the reason why date and many parameters are null or empty. - error_log("resource.php \$data = " . json_encode($data); + /* Here is the patch for Mattermost 4.4 and older. Gitlab has changed + the JSON output of oauth service. Many data are not used by + Mattermost, but there is a stack error if we delete them. That's the + reason why date and many parameters are null or empty. + */ + if ($data) { + error_log("resource.php \$data = " . json_encode($data)); + } else { + error_log("$data is null"); + } + $resp = array( "id" => $assoc_id, "name" => $data['cn'], @@ -70,6 +79,7 @@ try "external" => false, "shared_runners_minutes_limit" => null ); + error_log("\$resp = " . json_encode($resp)); // Below is the old version, still consistent with Mattermost before version 4.4 // $resp = array("name" => $data['cn'],"username" => $user,"id" => $assoc_id,"state" => "active","email" => $data['mail']); diff --git a/oauth/token.php b/oauth/token.php index a15973c..fc38279 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -9,6 +9,8 @@ require_once __DIR__.'/server.php'; // Handle a request for an OAuth2.0 Access Token and send the response to the client error_log("token.php \$_POST = " . json_encode($_POST)); +// The Mattermost server seems to be returning bare http urls, even though there is no http url in the config.json + if (substr($_POST["redirect_uri"],0,5) == "http:") { $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"],4); } From 6bd47420a1cce3c2059b4a1403ae5bf4978390a9 Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Mon, 27 Apr 2020 17:01:26 -0400 Subject: [PATCH 04/14] .gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..86e46b4 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +config_init.sh +config_ldap.php +config_db.php + From f752ead015e580e54b56e8c4f1b48e284177f0e6 Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Tue, 28 Apr 2020 15:18:06 -0400 Subject: [PATCH 05/14] Remove erroneous log statement --- oauth/LDAP/LDAP.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/oauth/LDAP/LDAP.php b/oauth/LDAP/LDAP.php index 2175fc7..d9f79b8 100755 --- a/oauth/LDAP/LDAP.php +++ b/oauth/LDAP/LDAP.php @@ -225,8 +225,6 @@ class LDAP implements LDAPInterface throw new Exception('An error has occured during ldap_first_entry execution. Please check parameter of LDAP/getData.'); } - error_log("LDAP \$data = " . var_dump($data)); - $mail = ldap_get_values($this->ldap_server, $data, "mail"); if (!$mail) { From 4942a1511f27fd54850916842c1e592a066c145e Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Wed, 29 Apr 2020 17:50:57 -0400 Subject: [PATCH 06/14] Clarify errors in connexion.php --- oauth/connexion.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/oauth/connexion.php b/oauth/connexion.php index 57edba1..ece65b0 100644 --- a/oauth/connexion.php +++ b/oauth/connexion.php @@ -20,13 +20,18 @@ else // Check received data length (to prevent code injection) if (strlen($_POST['user']) > 15) { - echo 'Username has incorrect format ... Please try again

'; + echo 'Usernameis longer than 15 characters ... Please try again

'; echo 'Click here to come back to login page'; } - elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) + elseif (strlen($_POST['password']) > 50) { - echo 'Password has incorrect format ... Please try again

'; - echo 'Click here to come back to login page'; + echo 'Password is longer than 50 characters ... Please try again

'; + echo 'Click here to come back to login page'; + + } elseif (strlen($_POST['password']) <= 7) + { + echo 'Password is shorter than 7 characters ... Please try again

'; + echo 'Click here to come back to login page'; } else { From f46d2f780209da955d9079f06f60f785ae284a7f Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Wed, 29 Apr 2020 17:55:04 -0400 Subject: [PATCH 07/14] Missing space in username error --- oauth/connexion.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oauth/connexion.php b/oauth/connexion.php index ece65b0..0af596d 100644 --- a/oauth/connexion.php +++ b/oauth/connexion.php @@ -20,7 +20,7 @@ else // Check received data length (to prevent code injection) if (strlen($_POST['user']) > 15) { - echo 'Usernameis longer than 15 characters ... Please try again

'; + echo 'Username is longer than 15 characters ... Please try again

'; echo 'Click here to come back to login page'; } elseif (strlen($_POST['password']) > 50) From e34253faf847d5fbd40741b58ebee21975aed9da Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Wed, 29 Apr 2020 18:02:50 -0400 Subject: [PATCH 08/14] Handle instance where user is not found in LDAP more gracefully --- oauth/LDAP/LDAP.php | 2 +- oauth/resource.php | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/oauth/LDAP/LDAP.php b/oauth/LDAP/LDAP.php index d9f79b8..42ed2fc 100755 --- a/oauth/LDAP/LDAP.php +++ b/oauth/LDAP/LDAP.php @@ -134,7 +134,7 @@ class LDAP implements LDAPInterface $data = ldap_first_entry($this->ldap_server, $result); if (!$data) { - throw new Exception('An error has occured during ldap_first_entry execution. Please check parameter of LDAP/checkLogin.'); + throw new Exception('No result from LDAP server', 404); } $dn = ldap_get_dn($this->ldap_server, $data); if (!$dn) diff --git a/oauth/resource.php b/oauth/resource.php index b083bb8..bd131d8 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -86,7 +86,17 @@ try } catch (Exception $e) { - $resp = array("error" => "Impossible to get data", "message" => $e->getMessage()); + if ($e->getCode() == 404) { + $resp = [ + "error" => "User not found", + "message" => "$user is not in the group of authorized users." + ]; + } else { + $resp = array( + "error" => "Impossible to get data", + "message" => $e->getMessage() + ); + } } // send data or error message in JSON format From 6da202fe7ca3d1cd1e9d3ed370e56d11f663aecf Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Thu, 30 Apr 2020 13:21:56 -0400 Subject: [PATCH 09/14] Copy 404 handling to connexion.php --- oauth/connexion.php | 11 ++++++++++- oauth/resource.php | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/oauth/connexion.php b/oauth/connexion.php index 0af596d..f1127c0 100644 --- a/oauth/connexion.php +++ b/oauth/connexion.php @@ -50,8 +50,17 @@ else } catch (Exception $e) { + if ($e->getCode() == 404) { + $resp = json_encode( + [ + "error" => "User not found", + "message" => "$user is not in the group of authorized users." + ] + ); + } else { $resp = json_encode(array("error" => "Impossible to get data", "message" => $e->getMessage())); - $authenticated = false; + } + $authenticated = false; } // If user is authenticated diff --git a/oauth/resource.php b/oauth/resource.php index bd131d8..a93fb59 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -89,7 +89,7 @@ catch (Exception $e) if ($e->getCode() == 404) { $resp = [ "error" => "User not found", - "message" => "$user is not in the group of authorized users." + "message" => "$user is not in the group of authorized users." ]; } else { $resp = array( From 13dc19e040d65a0cc33bbcdf8bb3e870647f67eb Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Fri, 1 May 2020 12:21:26 -0400 Subject: [PATCH 10/14] Added config.php to specify that our Mattermost server is HTTPS --- oauth/config.php | 5 +++++ oauth/token.php | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 oauth/config.php diff --git a/oauth/config.php b/oauth/config.php new file mode 100644 index 0000000..4e46570 --- /dev/null +++ b/oauth/config.php @@ -0,0 +1,5 @@ + \ No newline at end of file diff --git a/oauth/token.php b/oauth/token.php index fc38279..f0d9223 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -6,14 +6,23 @@ // include our OAuth2 Server object require_once __DIR__.'/server.php'; +require_once __DIR__.'/config.php'; + -// Handle a request for an OAuth2.0 Access Token and send the response to the client error_log("token.php \$_POST = " . json_encode($_POST)); -// The Mattermost server seems to be returning bare http urls, even though there is no http url in the config.json +/* -if (substr($_POST["redirect_uri"],0,5) == "http:") { - $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"],4); + The Mattermost server seems to be returning bare http urls, even + though there is no http url in the config.json. If we are using + https we need to modify them. + +*/ +$redirect_url_scheme = substr($_POST["redirect_uri"], 0, 5); + +if ($url_scheme == "https" && $redirect_url_scheme == "http:") { + $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"], 4); } +// Handle a request for an OAuth2.0 Access Token and send the response to the client $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); ?> From 93c4a0ab84dba2d2fdad357257d02d8e9ce81eaa Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Fri, 1 May 2020 13:24:17 -0400 Subject: [PATCH 11/14] Remove changes that are not related to the HTTPS redirect_uri --- oauth/LDAP/LDAP.php | 4 +--- oauth/config.php | 2 +- oauth/connexion.php | 13 ++++-------- oauth/resource.php | 48 ++------------------------------------------- oauth/token.php | 8 ++++++-- 5 files changed, 14 insertions(+), 61 deletions(-) diff --git a/oauth/LDAP/LDAP.php b/oauth/LDAP/LDAP.php index d9f79b8..30ecca8 100755 --- a/oauth/LDAP/LDAP.php +++ b/oauth/LDAP/LDAP.php @@ -237,9 +237,7 @@ class LDAP implements LDAPInterface throw new Exception('An error has occured during ldap_get_values execution (complete name). Please check parameter of LDAP/getData.'); } - $return_data = array("mail" => $mail[0], "cn" => $cn[0]); - error_log("LDAP \$return_data = " . json_encode($return_data)); - return $return_data; + return array("mail" => $mail[0], "cn" => $cn[0]); } /* diff --git a/oauth/config.php b/oauth/config.php index 4e46570..db0f72e 100644 --- a/oauth/config.php +++ b/oauth/config.php @@ -2,4 +2,4 @@ $url_scheme = "https"; -?> \ No newline at end of file +?> diff --git a/oauth/connexion.php b/oauth/connexion.php index 0af596d..57edba1 100644 --- a/oauth/connexion.php +++ b/oauth/connexion.php @@ -20,18 +20,13 @@ else // Check received data length (to prevent code injection) if (strlen($_POST['user']) > 15) { - echo 'Username is longer than 15 characters ... Please try again

'; + echo 'Username has incorrect format ... Please try again

'; echo 'Click here to come back to login page'; } - elseif (strlen($_POST['password']) > 50) + elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) { - echo 'Password is longer than 50 characters ... Please try again

'; - echo 'Click here to come back to login page'; - - } elseif (strlen($_POST['password']) <= 7) - { - echo 'Password is shorter than 7 characters ... Please try again

'; - echo 'Click here to come back to login page'; + echo 'Password has incorrect format ... Please try again

'; + echo 'Click here to come back to login page'; } else { diff --git a/oauth/resource.php b/oauth/resource.php index b083bb8..59af40e 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -34,52 +34,8 @@ try { $data = $ldap->getDataForMattermost($ldap_base_dn,$ldap_filter,$ldap_bind_dn,$ldap_bind_pass,$ldap_search_attribute,$user); - /* Here is the patch for Mattermost 4.4 and older. Gitlab has changed - the JSON output of oauth service. Many data are not used by - Mattermost, but there is a stack error if we delete them. That's the - reason why date and many parameters are null or empty. - */ - if ($data) { - error_log("resource.php \$data = " . json_encode($data)); - } else { - error_log("$data is null"); - } - - $resp = array( - "id" => $assoc_id, - "name" => $data['cn'], - "username" => $user, - "state" => "active", - "avatar_url" => "", - "web_url" => "", - "created_at" => "0000-00-00T00:00:00.000Z", - "bio" => null,"location" => null, - "skype" => "", - "linkedin" => "", - "twitter" => "", - "website_url" => "", - "organization" => null, - "last_sign_in_at" => "0000-00-00T00:00:00.000Z", - "confirmed_at" => "0000-00-00T00:00:00.000Z", - "last_activity_on" => null, - "email" => $data['mail'], - "theme_id" => 1, - "color_scheme_id" => 1, - "projects_limit" => 100000, - "current_sign_in_at" => "0000-00-00T00:00:00.000Z", - "identities" => array( - array( - "provider" => "ldapmain", - "extern_uid" => $data['cn'] - ) - ), - "can_create_group" => true, - "can_create_project" => true, - "two_factor_enabled" => false, - "external" => false, - "shared_runners_minutes_limit" => null - ); - error_log("\$resp = " . json_encode($resp)); + // Here is the patch for Mattermost 4.4 and older. Gitlab has changed the JSON output of oauth service. Many data are not used by Mattermost, but there is a stack error if we delete them. That's the reason why date and many parameters are null or empty. + $resp = array("id" => $assoc_id,"name" => $data['cn'],"username" => $user,"state" => "active","avatar_url" => "","web_url" => "","created_at" => "0000-00-00T00:00:00.000Z","bio" => null,"location" => null,"skype" => "","linkedin" => "","twitter" => "","website_url" => "","organization" => null,"last_sign_in_at" => "0000-00-00T00:00:00.000Z","confirmed_at" => "0000-00-00T00:00:00.000Z","last_activity_on" => null,"email" => $data['mail'],"theme_id" => 1,"color_scheme_id" => 1,"projects_limit" => 100000,"current_sign_in_at" => "0000-00-00T00:00:00.000Z","identities" => array(array("provider" => "ldapmain","extern_uid" => $data['dn'])),"can_create_group" => true,"can_create_project" => true,"two_factor_enabled" => false,"external" => false,"shared_runners_minutes_limit" => null); // Below is the old version, still consistent with Mattermost before version 4.4 // $resp = array("name" => $data['cn'],"username" => $user,"id" => $assoc_id,"state" => "active","email" => $data['mail']); diff --git a/oauth/token.php b/oauth/token.php index f0d9223..527ec3d 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -9,7 +9,6 @@ require_once __DIR__.'/server.php'; require_once __DIR__.'/config.php'; -error_log("token.php \$_POST = " . json_encode($_POST)); /* The Mattermost server seems to be returning bare http urls, even @@ -23,6 +22,11 @@ if ($url_scheme == "https" && $redirect_url_scheme == "http:") { $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"], 4); } -// Handle a request for an OAuth2.0 Access Token and send the response to the client +/* + + Handle a request for an OAuth2.0 Access Token and send the response + to the client + +*/ $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); ?> From fd78a7b29ea8182729cf49299b00da3a2b0f160e Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Fri, 1 May 2020 13:28:42 -0400 Subject: [PATCH 12/14] Clarify language in comment relating to URL modification --- oauth/token.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth/token.php b/oauth/token.php index 527ec3d..6d69e55 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -11,9 +11,9 @@ require_once __DIR__.'/config.php'; /* - The Mattermost server seems to be returning bare http urls, even - though there is no http url in the config.json. If we are using - https we need to modify them. + The Mattermost server seems to be returning bare http urls, even if + there is no http url in the config.json. If we are using https we + need to modify them. */ $redirect_url_scheme = substr($_POST["redirect_uri"], 0, 5); From ebe47e7daf86c78c438c1eebd64a29540e699247 Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Fri, 1 May 2020 16:06:18 -0400 Subject: [PATCH 13/14] Remove changes from other branches --- oauth/config.php | 5 ----- oauth/resource.php | 2 +- oauth/token.php | 22 +--------------------- 3 files changed, 2 insertions(+), 27 deletions(-) delete mode 100644 oauth/config.php diff --git a/oauth/config.php b/oauth/config.php deleted file mode 100644 index db0f72e..0000000 --- a/oauth/config.php +++ /dev/null @@ -1,5 +0,0 @@ - diff --git a/oauth/resource.php b/oauth/resource.php index 636792f..f22762e 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -33,7 +33,7 @@ $ldap = new LDAP($ldap_host, $ldap_port, $ldap_version); try { $data = $ldap->getDataForMattermost($ldap_base_dn, $ldap_filter, $ldap_bind_dn, $ldap_bind_pass, $ldap_search_attribute, $user); - // Here is the patch for Mattermost 4.4 and newer. Gitlab has changed the JSON output of oauth service. Many data are not used by Mattermost, but there is a stack error if we delete them. That's the reason why date and many parameters are null or empty. + // Here is the patch for Mattermost 4.4 and older. Gitlab has changed the JSON output of oauth service. Many data are not used by Mattermost, but there is a stack error if we delete them. That's the reason why date and many parameters are null or empty. $resp = array("id" => $assoc_id,"name" => $data['cn'],"username" => $user,"state" => "active","avatar_url" => "","web_url" => "","created_at" => "0000-00-00T00:00:00.000Z","bio" => null,"location" => null,"skype" => "","linkedin" => "","twitter" => "","website_url" => "","organization" => null,"last_sign_in_at" => "0000-00-00T00:00:00.000Z","confirmed_at" => "0000-00-00T00:00:00.000Z","last_activity_on" => null,"email" => $data['mail'],"theme_id" => 1,"color_scheme_id" => 1,"projects_limit" => 100000,"current_sign_in_at" => "0000-00-00T00:00:00.000Z","identities" => array(array("provider" => "ldapmain","extern_uid" => $data['dn'])),"can_create_group" => true,"can_create_project" => true,"two_factor_enabled" => false,"external" => false,"shared_runners_minutes_limit" => null); // Below is the old version, still consistent with Mattermost before version 4.4 diff --git a/oauth/token.php b/oauth/token.php index 6d69e55..fd21603 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -6,27 +6,7 @@ // include our OAuth2 Server object require_once __DIR__.'/server.php'; -require_once __DIR__.'/config.php'; - -/* - - The Mattermost server seems to be returning bare http urls, even if - there is no http url in the config.json. If we are using https we - need to modify them. - -*/ -$redirect_url_scheme = substr($_POST["redirect_uri"], 0, 5); - -if ($url_scheme == "https" && $redirect_url_scheme == "http:") { - $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"], 4); -} - -/* - - Handle a request for an OAuth2.0 Access Token and send the response - to the client - -*/ +// Handle a request for an OAuth2.0 Access Token and send the response to the client $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); ?> From 0ab3fe257602e7f2b2838725e5acc1eccd1b48d7 Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Thu, 7 May 2020 17:55:02 -0400 Subject: [PATCH 14/14] Fix merge error in authorize.php --- oauth/authorize.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/oauth/authorize.php b/oauth/authorize.php index 717ee14..6de485c 100644 --- a/oauth/authorize.php +++ b/oauth/authorize.php @@ -90,11 +90,6 @@ else { // Check if user has authorized to share his data with the client $is_authorized = ($_POST['authorized'] === 'Authorize'); } -else { - // Print the authorization code if the user has authorized your client - $is_authorized = ($_POST['authorized'] === 'Authorize'); - $server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION['uid']); -} // Print the authorization code if the user has authorized your client $server->handleAuthorizeRequest($request, $response, $is_authorized,$_SESSION['uid']);