Fix on logout missing user hint

Change-Id: I07c8a65898315e849d861d963d60d77431aa9ef3 Signed-off-by: smarcet <smarcet@gmail.com>
2021-07-12 16:14:48 -03:00 · 2021-07-12 16:14:48 -03:00 · bd18981aac
commit bd18981aac
parent ee47df943e
2 changed files with 34 additions and 16 deletions
--- a/app/libs/Auth/AuthService.php
+++ b/app/libs/Auth/AuthService.php
@ -225,14 +225,21 @@ final class AuthService implements IAuthService
     */
    public function unwrapUserId(string $user_id):string
    {
+        // first try to get user by raw id
        $user = $this->getUserById(intval($user_id));

        if(!is_null($user))
            return $user_id;
-
-        $unwrapped_name = $this->decrypt($user_id);
-        $parts          = explode(':', $unwrapped_name);
-        return intval($parts[1]);
+        // check if we have a wrapped user id
+        try {
+            $unwrapped_name = $this->decrypt($user_id);
+            $parts = explode(':', $unwrapped_name);
+            return intval($parts[1]);
+        }
+        catch (Exception $ex){
+            Log::warning($ex);
+        }
+        return $user_id;
    }

    /**
@ -323,14 +330,17 @@ final class AuthService implements IAuthService
     */
    public function getLoggedRPs():array
    {
-        $rps  = Cookie::get(IAuthService::LOGGED_RELAYING_PARTIES_COOKIE_NAME);
-        $zlib = CompressionAlgorithms_Registry::getInstance()->get(CompressionAlgorithmsNames::ZLib);
-
-        if(!empty($rps))
-        {
-            $rps = $this->decrypt($rps);
-            $rps = $zlib->uncompress($rps);
-            return explode('|', $rps);
+        try {
+            $rps = Cookie::get(IAuthService::LOGGED_RELAYING_PARTIES_COOKIE_NAME);
+            $zlib = CompressionAlgorithms_Registry::getInstance()->get(CompressionAlgorithmsNames::ZLib);
+            if (!empty($rps)) {
+                $rps = $this->decrypt($rps);
+                $rps = $zlib->uncompress($rps);
+                return explode('|', $rps);
+            }
+        }
+        catch (Exception $ex){
+            Log::warning($ex);
        }
        return [];
    }
--- a/app/libs/OAuth2/OAuth2Protocol.php
+++ b/app/libs/OAuth2/OAuth2Protocol.php
@ -1474,18 +1474,26 @@ final class OAuth2Protocol implements IOAuth2Protocol
            if(!is_null($user_id)){
                // try to get the user from id token ( if its set )
                $user_id = $this->auth_service->unwrapUserId(intval($user_id->getString()));
-                $user    = $this->auth_service->getUserById($user_id);
+                $user = $this->auth_service->getUserById($user_id);

                if(is_null($user)){
-                    $this->log_service->debug_msg("OAuth2Protocol::endSession user not found!");
-                    throw new InvalidOAuth2Request('user not found!');
+                   Log::warning(sprintf("OAuth2Protocol::endSession user hint not found (%s)", $user_id));
                }
            }

+            // get current user
            $logged_user = $this->auth_service->getCurrentUser();

            if(!is_null($logged_user) && !is_null($user) && $logged_user->getId() !== $user->getId()) {
-                Log::warning(sprintf("OAuth2Protocol::endSession user does not match with current session! logged user id %s - user id %s", $logged_user->getId(), $user->getId()));
+                Log::warning
+                (
+                    sprintf
+                    (
+                        "OAuth2Protocol::endSession user does not match with current session! logged user id %s - user id %s",
+                        $logged_user->getId(),
+                        $user->getId()
+                    )
+                );
            }

            if(!is_null($logged_user))