From bd18981aacce60dec0b7d144d4d23dfa58e36257 Mon Sep 17 00:00:00 2001 From: smarcet Date: Mon, 12 Jul 2021 16:14:48 -0300 Subject: [PATCH] Fix on logout missing user hint Change-Id: I07c8a65898315e849d861d963d60d77431aa9ef3 Signed-off-by: smarcet --- app/libs/Auth/AuthService.php | 34 +++++++++++++++++++----------- app/libs/OAuth2/OAuth2Protocol.php | 16 ++++++++++---- 2 files changed, 34 insertions(+), 16 deletions(-) diff --git a/app/libs/Auth/AuthService.php b/app/libs/Auth/AuthService.php index 0dcc0f11..4803942c 100644 --- a/app/libs/Auth/AuthService.php +++ b/app/libs/Auth/AuthService.php @@ -225,14 +225,21 @@ final class AuthService implements IAuthService */ public function unwrapUserId(string $user_id):string { + // first try to get user by raw id $user = $this->getUserById(intval($user_id)); if(!is_null($user)) return $user_id; - - $unwrapped_name = $this->decrypt($user_id); - $parts = explode(':', $unwrapped_name); - return intval($parts[1]); + // check if we have a wrapped user id + try { + $unwrapped_name = $this->decrypt($user_id); + $parts = explode(':', $unwrapped_name); + return intval($parts[1]); + } + catch (Exception $ex){ + Log::warning($ex); + } + return $user_id; } /** @@ -323,14 +330,17 @@ final class AuthService implements IAuthService */ public function getLoggedRPs():array { - $rps = Cookie::get(IAuthService::LOGGED_RELAYING_PARTIES_COOKIE_NAME); - $zlib = CompressionAlgorithms_Registry::getInstance()->get(CompressionAlgorithmsNames::ZLib); - - if(!empty($rps)) - { - $rps = $this->decrypt($rps); - $rps = $zlib->uncompress($rps); - return explode('|', $rps); + try { + $rps = Cookie::get(IAuthService::LOGGED_RELAYING_PARTIES_COOKIE_NAME); + $zlib = CompressionAlgorithms_Registry::getInstance()->get(CompressionAlgorithmsNames::ZLib); + if (!empty($rps)) { + $rps = $this->decrypt($rps); + $rps = $zlib->uncompress($rps); + return explode('|', $rps); + } + } + catch (Exception $ex){ + Log::warning($ex); } return []; } diff --git a/app/libs/OAuth2/OAuth2Protocol.php b/app/libs/OAuth2/OAuth2Protocol.php index 392cb781..96b61e73 100644 --- a/app/libs/OAuth2/OAuth2Protocol.php +++ b/app/libs/OAuth2/OAuth2Protocol.php @@ -1474,18 +1474,26 @@ final class OAuth2Protocol implements IOAuth2Protocol if(!is_null($user_id)){ // try to get the user from id token ( if its set ) $user_id = $this->auth_service->unwrapUserId(intval($user_id->getString())); - $user = $this->auth_service->getUserById($user_id); + $user = $this->auth_service->getUserById($user_id); if(is_null($user)){ - $this->log_service->debug_msg("OAuth2Protocol::endSession user not found!"); - throw new InvalidOAuth2Request('user not found!'); + Log::warning(sprintf("OAuth2Protocol::endSession user hint not found (%s)", $user_id)); } } + // get current user $logged_user = $this->auth_service->getCurrentUser(); if(!is_null($logged_user) && !is_null($user) && $logged_user->getId() !== $user->getId()) { - Log::warning(sprintf("OAuth2Protocol::endSession user does not match with current session! logged user id %s - user id %s", $logged_user->getId(), $user->getId())); + Log::warning + ( + sprintf + ( + "OAuth2Protocol::endSession user does not match with current session! logged user id %s - user id %s", + $logged_user->getId(), + $user->getId() + ) + ); } if(!is_null($logged_user))