From 5ff90e0d78c041797b4b9729d261960f57728ae2 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Mon, 17 Aug 2020 16:17:06 +0100 Subject: [PATCH] :bug: User not added to DB - force die() on error (#118) * :bug: User not added to DB - force die() on error Signed-off-by: Luke Tainton * Restyled by php-cs-fixer (#119) Co-authored-by: Restyled.io Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com> Co-authored-by: Restyled.io --- app/includes/app_functions.php | 16 +++++++ app/public/actions/login.php | 76 ++++++++++++++++------------------ 2 files changed, 51 insertions(+), 41 deletions(-) diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php index 47f0fc5..5d22f3b 100644 --- a/app/includes/app_functions.php +++ b/app/includes/app_functions.php @@ -6,6 +6,22 @@ return $version; } + function user_exists($db, $uuid) + { + try { + $sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); + $sql->bindParam(':uuid', $uuid); + $sql->execute(); + } catch (PDOException $e) { + $alert = array("danger", "Error during check for user record: " . $e->getMessage()); + } + if (empty($sql)) { + return false; + } else { + return true; + } + } + function get_all_users($db) { try { diff --git a/app/public/actions/login.php b/app/public/actions/login.php index 38fdcc1..aa13904 100644 --- a/app/public/actions/login.php +++ b/app/public/actions/login.php @@ -4,9 +4,9 @@ // Perform the OIDC authentication try { - $oidc->authenticate(); - $_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token; - $oidc_user = array( + $oidc->authenticate(); + $_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token; + $oidc_user = array( 'sub' => $oidc->requestUserInfo('sub'), 'username' => $oidc->requestUserInfo('preferred_username'), 'given_name' => $oidc->requestUserInfo('given_name'), @@ -14,46 +14,41 @@ 'email' => $oidc->requestUserInfo('email'), ); } catch (Jumbojett\OpenIDConnectClientException $e) { - $alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage()); + $alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage()); } - // Check if the user already exists - try { - $user_exist_sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); - $user_exist_sql->bindParam(':uuid', $oidc_user['sub']); - $user_exist_sql->execute(); - } catch (PDOException $e) { - $alert = array("danger", "Error during check for user record: " . $e->getMessage()); - } - - if (empty($user_exist_sql)) { - // User doesn't already exist - try { - $stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)"; - $sql = $db->prepare($stmt); - $sql->bindParam(':sub', $oidc_user['sub']); - $sql->bindParam(':username', $oidc_user['username']); - $sql->bindParam(':given', $oidc_user['given_name']); - $sql->bindParam(':family', $oidc_user['family_name']); - $sql->bindParam(':email', $oidc_user['email']); - $sql->execute(); - } catch (Jumbojett\PDOException $e) { - $alert = array("danger", "Error during creation of new user record: " . $e->getMessage()); - } + if (!user_exists($db, $uuid)) { + // User doesn't already exist + try { + $stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)"; + $sql = $db->prepare($stmt); + $sql->bindParam(':sub', $oidc_user['sub']); + $sql->bindParam(':username', $oidc_user['username']); + $sql->bindParam(':given', $oidc_user['given_name']); + $sql->bindParam(':family', $oidc_user['family_name']); + $sql->bindParam(':email', $oidc_user['email']); + $sql->execute(); + } catch (Jumbojett\PDOException $e) { + echo("Error during creation of new user record: " . $e->getMessage()); + die(); + $alert = array("danger", "Error during creation of new user record: " . $e->getMessage()); + } } else { - // User already exists - try { - $stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub"; - $sql = $db->prepare($stmt); - $sql->bindParam(':sub', $oidc_user['sub']); - $sql->bindParam(':username', $oidc_user['username']); - $sql->bindParam(':given', $oidc_user['given_name']); - $sql->bindParam(':family', $oidc_user['family_name']); - $sql->bindParam(':email', $oidc_user['email']); - $sql->execute(); - } catch (Jumbojett\PDOException $e) { - $alert = array("danger", "Error during existing user record update: " . $e->getMessage()); - } + // User already exists + try { + $stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub"; + $sql = $db->prepare($stmt); + $sql->bindParam(':sub', $oidc_user['sub']); + $sql->bindParam(':username', $oidc_user['username']); + $sql->bindParam(':given', $oidc_user['given_name']); + $sql->bindParam(':family', $oidc_user['family_name']); + $sql->bindParam(':email', $oidc_user['email']); + $sql->execute(); + } catch (Jumbojett\PDOException $e) { + echo("Error during existing user record update: " . $e->getMessage()); + die(); + $alert = array("danger", "Error during existing user record update: " . $e->getMessage()); + } } oidc_set_vars($oidc_user['sub'], $oidc_user['username'], $oidc_user['given_name'], $oidc_user['family_name'], $oidc_user['email']); @@ -62,4 +57,3 @@ $_SESSION['is_signed_in'] = "true"; header('Location: /'); -?>