From 93c4a0ab84dba2d2fdad357257d02d8e9ce81eaa Mon Sep 17 00:00:00 2001 From: "Angus B. Grieve-Smith" Date: Fri, 1 May 2020 13:24:17 -0400 Subject: [PATCH] Remove changes that are not related to the HTTPS redirect_uri --- oauth/LDAP/LDAP.php | 4 +--- oauth/config.php | 2 +- oauth/connexion.php | 13 ++++-------- oauth/resource.php | 48 ++------------------------------------------- oauth/token.php | 8 ++++++-- 5 files changed, 14 insertions(+), 61 deletions(-) diff --git a/oauth/LDAP/LDAP.php b/oauth/LDAP/LDAP.php index d9f79b8..30ecca8 100755 --- a/oauth/LDAP/LDAP.php +++ b/oauth/LDAP/LDAP.php @@ -237,9 +237,7 @@ class LDAP implements LDAPInterface throw new Exception('An error has occured during ldap_get_values execution (complete name). Please check parameter of LDAP/getData.'); } - $return_data = array("mail" => $mail[0], "cn" => $cn[0]); - error_log("LDAP \$return_data = " . json_encode($return_data)); - return $return_data; + return array("mail" => $mail[0], "cn" => $cn[0]); } /* diff --git a/oauth/config.php b/oauth/config.php index 4e46570..db0f72e 100644 --- a/oauth/config.php +++ b/oauth/config.php @@ -2,4 +2,4 @@ $url_scheme = "https"; -?> \ No newline at end of file +?> diff --git a/oauth/connexion.php b/oauth/connexion.php index 0af596d..57edba1 100644 --- a/oauth/connexion.php +++ b/oauth/connexion.php @@ -20,18 +20,13 @@ else // Check received data length (to prevent code injection) if (strlen($_POST['user']) > 15) { - echo 'Username is longer than 15 characters ... Please try again

'; + echo 'Username has incorrect format ... Please try again

'; echo 'Click here to come back to login page'; } - elseif (strlen($_POST['password']) > 50) + elseif (strlen($_POST['password']) > 50 || strlen($_POST['password']) <= 7) { - echo 'Password is longer than 50 characters ... Please try again

'; - echo 'Click here to come back to login page'; - - } elseif (strlen($_POST['password']) <= 7) - { - echo 'Password is shorter than 7 characters ... Please try again

'; - echo 'Click here to come back to login page'; + echo 'Password has incorrect format ... Please try again

'; + echo 'Click here to come back to login page'; } else { diff --git a/oauth/resource.php b/oauth/resource.php index b083bb8..59af40e 100755 --- a/oauth/resource.php +++ b/oauth/resource.php @@ -34,52 +34,8 @@ try { $data = $ldap->getDataForMattermost($ldap_base_dn,$ldap_filter,$ldap_bind_dn,$ldap_bind_pass,$ldap_search_attribute,$user); - /* Here is the patch for Mattermost 4.4 and older. Gitlab has changed - the JSON output of oauth service. Many data are not used by - Mattermost, but there is a stack error if we delete them. That's the - reason why date and many parameters are null or empty. - */ - if ($data) { - error_log("resource.php \$data = " . json_encode($data)); - } else { - error_log("$data is null"); - } - - $resp = array( - "id" => $assoc_id, - "name" => $data['cn'], - "username" => $user, - "state" => "active", - "avatar_url" => "", - "web_url" => "", - "created_at" => "0000-00-00T00:00:00.000Z", - "bio" => null,"location" => null, - "skype" => "", - "linkedin" => "", - "twitter" => "", - "website_url" => "", - "organization" => null, - "last_sign_in_at" => "0000-00-00T00:00:00.000Z", - "confirmed_at" => "0000-00-00T00:00:00.000Z", - "last_activity_on" => null, - "email" => $data['mail'], - "theme_id" => 1, - "color_scheme_id" => 1, - "projects_limit" => 100000, - "current_sign_in_at" => "0000-00-00T00:00:00.000Z", - "identities" => array( - array( - "provider" => "ldapmain", - "extern_uid" => $data['cn'] - ) - ), - "can_create_group" => true, - "can_create_project" => true, - "two_factor_enabled" => false, - "external" => false, - "shared_runners_minutes_limit" => null - ); - error_log("\$resp = " . json_encode($resp)); + // Here is the patch for Mattermost 4.4 and older. Gitlab has changed the JSON output of oauth service. Many data are not used by Mattermost, but there is a stack error if we delete them. That's the reason why date and many parameters are null or empty. + $resp = array("id" => $assoc_id,"name" => $data['cn'],"username" => $user,"state" => "active","avatar_url" => "","web_url" => "","created_at" => "0000-00-00T00:00:00.000Z","bio" => null,"location" => null,"skype" => "","linkedin" => "","twitter" => "","website_url" => "","organization" => null,"last_sign_in_at" => "0000-00-00T00:00:00.000Z","confirmed_at" => "0000-00-00T00:00:00.000Z","last_activity_on" => null,"email" => $data['mail'],"theme_id" => 1,"color_scheme_id" => 1,"projects_limit" => 100000,"current_sign_in_at" => "0000-00-00T00:00:00.000Z","identities" => array(array("provider" => "ldapmain","extern_uid" => $data['dn'])),"can_create_group" => true,"can_create_project" => true,"two_factor_enabled" => false,"external" => false,"shared_runners_minutes_limit" => null); // Below is the old version, still consistent with Mattermost before version 4.4 // $resp = array("name" => $data['cn'],"username" => $user,"id" => $assoc_id,"state" => "active","email" => $data['mail']); diff --git a/oauth/token.php b/oauth/token.php index f0d9223..527ec3d 100644 --- a/oauth/token.php +++ b/oauth/token.php @@ -9,7 +9,6 @@ require_once __DIR__.'/server.php'; require_once __DIR__.'/config.php'; -error_log("token.php \$_POST = " . json_encode($_POST)); /* The Mattermost server seems to be returning bare http urls, even @@ -23,6 +22,11 @@ if ($url_scheme == "https" && $redirect_url_scheme == "http:") { $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"], 4); } -// Handle a request for an OAuth2.0 Access Token and send the response to the client +/* + + Handle a request for an OAuth2.0 Access Token and send the response + to the client + +*/ $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); ?>