From 9e8b0c7769a27f642e8b9c20c639e8defde98433 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Mon, 17 Aug 2020 15:37:15 +0100 Subject: [PATCH 1/2] :bug: User not added to DB - force die() on error Signed-off-by: Luke Tainton --- app/includes/app_functions.php | 17 +++++++++++++++++ app/public/actions/login.php | 16 ++++++---------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php index 47f0fc5..e6207ee 100644 --- a/app/includes/app_functions.php +++ b/app/includes/app_functions.php @@ -6,6 +6,23 @@ return $version; } + function user_exists($db, $uuid) + { + try { + $sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); + $sql->bindParam(':uuid', $uuid); + $sql->execute(); + } catch (PDOException $e) { + $alert = array("danger", "Error during check for user record: " . $e->getMessage()); + } + if (empty($sql)) + { + return false; + } else { + return true; + } + } + function get_all_users($db) { try { diff --git a/app/public/actions/login.php b/app/public/actions/login.php index 38fdcc1..5fb54fa 100644 --- a/app/public/actions/login.php +++ b/app/public/actions/login.php @@ -17,16 +17,8 @@ $alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage()); } - // Check if the user already exists - try { - $user_exist_sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); - $user_exist_sql->bindParam(':uuid', $oidc_user['sub']); - $user_exist_sql->execute(); - } catch (PDOException $e) { - $alert = array("danger", "Error during check for user record: " . $e->getMessage()); - } - - if (empty($user_exist_sql)) { + if (!user_exists($db, $uuid)) + { // User doesn't already exist try { $stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)"; @@ -38,6 +30,8 @@ $sql->bindParam(':email', $oidc_user['email']); $sql->execute(); } catch (Jumbojett\PDOException $e) { + echo("Error during creation of new user record: " . $e->getMessage()); + die(); $alert = array("danger", "Error during creation of new user record: " . $e->getMessage()); } } else { @@ -52,6 +46,8 @@ $sql->bindParam(':email', $oidc_user['email']); $sql->execute(); } catch (Jumbojett\PDOException $e) { + echo("Error during existing user record update: " . $e->getMessage()); + die(); $alert = array("danger", "Error during existing user record update: " . $e->getMessage()); } } -- 2.49.1 From 5f4be2d711d8b3538b48de0d286c5256a60e594a Mon Sep 17 00:00:00 2001 From: "restyled-io[bot]" <32688539+restyled-io[bot]@users.noreply.github.com> Date: Mon, 17 Aug 2020 15:46:49 +0100 Subject: [PATCH 2/2] Restyled by php-cs-fixer (#119) Co-authored-by: Restyled.io --- app/includes/app_functions.php | 13 +++--- app/public/actions/login.php | 72 +++++++++++++++++----------------- 2 files changed, 41 insertions(+), 44 deletions(-) diff --git a/app/includes/app_functions.php b/app/includes/app_functions.php index e6207ee..5d22f3b 100644 --- a/app/includes/app_functions.php +++ b/app/includes/app_functions.php @@ -8,15 +8,14 @@ function user_exists($db, $uuid) { - try { - $sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); - $sql->bindParam(':uuid', $uuid); - $sql->execute(); + try { + $sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); + $sql->bindParam(':uuid', $uuid); + $sql->execute(); } catch (PDOException $e) { - $alert = array("danger", "Error during check for user record: " . $e->getMessage()); + $alert = array("danger", "Error during check for user record: " . $e->getMessage()); } - if (empty($sql)) - { + if (empty($sql)) { return false; } else { return true; diff --git a/app/public/actions/login.php b/app/public/actions/login.php index 5fb54fa..aa13904 100644 --- a/app/public/actions/login.php +++ b/app/public/actions/login.php @@ -4,9 +4,9 @@ // Perform the OIDC authentication try { - $oidc->authenticate(); - $_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token; - $oidc_user = array( + $oidc->authenticate(); + $_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token; + $oidc_user = array( 'sub' => $oidc->requestUserInfo('sub'), 'username' => $oidc->requestUserInfo('preferred_username'), 'given_name' => $oidc->requestUserInfo('given_name'), @@ -14,42 +14,41 @@ 'email' => $oidc->requestUserInfo('email'), ); } catch (Jumbojett\OpenIDConnectClientException $e) { - $alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage()); + $alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage()); } - if (!user_exists($db, $uuid)) - { - // User doesn't already exist - try { - $stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)"; - $sql = $db->prepare($stmt); - $sql->bindParam(':sub', $oidc_user['sub']); - $sql->bindParam(':username', $oidc_user['username']); - $sql->bindParam(':given', $oidc_user['given_name']); - $sql->bindParam(':family', $oidc_user['family_name']); - $sql->bindParam(':email', $oidc_user['email']); - $sql->execute(); - } catch (Jumbojett\PDOException $e) { - echo("Error during creation of new user record: " . $e->getMessage()); - die(); - $alert = array("danger", "Error during creation of new user record: " . $e->getMessage()); - } + if (!user_exists($db, $uuid)) { + // User doesn't already exist + try { + $stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)"; + $sql = $db->prepare($stmt); + $sql->bindParam(':sub', $oidc_user['sub']); + $sql->bindParam(':username', $oidc_user['username']); + $sql->bindParam(':given', $oidc_user['given_name']); + $sql->bindParam(':family', $oidc_user['family_name']); + $sql->bindParam(':email', $oidc_user['email']); + $sql->execute(); + } catch (Jumbojett\PDOException $e) { + echo("Error during creation of new user record: " . $e->getMessage()); + die(); + $alert = array("danger", "Error during creation of new user record: " . $e->getMessage()); + } } else { - // User already exists - try { - $stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub"; - $sql = $db->prepare($stmt); - $sql->bindParam(':sub', $oidc_user['sub']); - $sql->bindParam(':username', $oidc_user['username']); - $sql->bindParam(':given', $oidc_user['given_name']); - $sql->bindParam(':family', $oidc_user['family_name']); - $sql->bindParam(':email', $oidc_user['email']); - $sql->execute(); - } catch (Jumbojett\PDOException $e) { - echo("Error during existing user record update: " . $e->getMessage()); - die(); - $alert = array("danger", "Error during existing user record update: " . $e->getMessage()); - } + // User already exists + try { + $stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub"; + $sql = $db->prepare($stmt); + $sql->bindParam(':sub', $oidc_user['sub']); + $sql->bindParam(':username', $oidc_user['username']); + $sql->bindParam(':given', $oidc_user['given_name']); + $sql->bindParam(':family', $oidc_user['family_name']); + $sql->bindParam(':email', $oidc_user['email']); + $sql->execute(); + } catch (Jumbojett\PDOException $e) { + echo("Error during existing user record update: " . $e->getMessage()); + die(); + $alert = array("danger", "Error during existing user record update: " . $e->getMessage()); + } } oidc_set_vars($oidc_user['sub'], $oidc_user['username'], $oidc_user['given_name'], $oidc_user['family_name'], $oidc_user['email']); @@ -58,4 +57,3 @@ $_SESSION['is_signed_in'] = "true"; header('Location: /'); -?> -- 2.49.1