From 7373bcdb80aea2393ca511e42f8eebc7598a40e0 Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Wed, 4 Jun 2025 08:31:31 -0400 Subject: [PATCH 1/6] form_name -> form_type --- resources/templates/header.php | 4 ++-- test/functional/PiRemoveUserTest.php | 2 +- test/functional/ViewAsUserTest.php | 6 +++--- webroot/admin/ajax/get_group_members.php | 4 ++-- webroot/admin/pi-mgmt.php | 4 ++-- webroot/admin/user-mgmt.php | 4 ++-- webroot/panel/groups.php | 6 +++--- webroot/panel/modal/new_pi.php | 2 +- webroot/panel/pi.php | 6 +++--- 9 files changed, 19 insertions(+), 19 deletions(-) diff --git a/resources/templates/header.php b/resources/templates/header.php index 269a6541..b4066e6e 100644 --- a/resources/templates/header.php +++ b/resources/templates/header.php @@ -4,7 +4,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { if ((@$_SESSION["is_admin"] ?? false) == true - && (@$_POST["form_name"] ?? null) == "clearView" + && (@$_POST["form_type"] ?? null) == "clearView" ) { unset($_SESSION["viewUser"]); UnitySite::redirect($CONFIG["site"]["prefix"] . "/admin/user-mgmt.php"); @@ -141,7 +141,7 @@
You are accessing the web portal as the user $viewUser
- +
diff --git a/test/functional/PiRemoveUserTest.php b/test/functional/PiRemoveUserTest.php index c02a8908..2acd46fd 100644 --- a/test/functional/PiRemoveUserTest.php +++ b/test/functional/PiRemoveUserTest.php @@ -9,7 +9,7 @@ private function removeUser(string $uid) { http_post( __DIR__ . "/../../webroot/panel/pi.php", - ["form_name" => "remUser", "uid" => $uid] + ["form_type" => "remUser", "uid" => $uid] ); } diff --git a/test/functional/ViewAsUserTest.php b/test/functional/ViewAsUserTest.php index 4601c430..8d5be3c4 100644 --- a/test/functional/ViewAsUserTest.php +++ b/test/functional/ViewAsUserTest.php @@ -18,7 +18,7 @@ public function _testViewAsUser(array $beforeUser, array $afterUser) http_post( __DIR__ . "/../../webroot/admin/user-mgmt.php", [ - "form_name" => "viewAsUser", + "form_type" => "viewAsUser", "uid" => $afterUid, ], ); @@ -32,7 +32,7 @@ public function _testViewAsUser(array $beforeUser, array $afterUser) // $this->assertTrue($_SESSION["user_exists"]); http_post( __DIR__ . "/../../resources/templates/header.php", - ["form_name" => "clearView"], + ["form_type" => "clearView"], ); $this->assertArrayNotHasKey("viewUser", $_SESSION); // redirect means that php process dies and user's browser will initiate a new one @@ -68,7 +68,7 @@ public function testNonAdminViewAsAdmin() http_post( __DIR__ . "/../../webroot/admin/user-mgmt.php", [ - "form_name" => "viewAsUser", + "form_type" => "viewAsUser", "uid" => $adminUid, ], ); diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php index 6946ff11..ba126ce2 100644 --- a/webroot/admin/ajax/get_group_members.php +++ b/webroot/admin/ajax/get_group_members.php @@ -37,7 +37,7 @@ echo "
- + @@ -63,7 +63,7 @@ echo " - + diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php index f5a2eb77..24e09d61 100644 --- a/webroot/admin/pi-mgmt.php +++ b/webroot/admin/pi-mgmt.php @@ -15,7 +15,7 @@ $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); } - switch ($_POST["form_name"]) { + switch ($_POST["form_type"]) { case "req": if ($_POST["action"] == "Approve") { // approve group @@ -84,7 +84,7 @@ echo ""; echo " - + diff --git a/webroot/admin/user-mgmt.php b/webroot/admin/user-mgmt.php index 1568aa64..e27725c2 100644 --- a/webroot/admin/user-mgmt.php +++ b/webroot/admin/user-mgmt.php @@ -9,7 +9,7 @@ } if ($_SERVER["REQUEST_METHOD"] == "POST") { - switch ($_POST["form_name"]) { + switch ($_POST["form_type"]) { case "viewAsUser": $_SESSION["viewUser"] = $_POST["uid"]; UnitySite::redirect($CONFIG["site"]["prefix"] . "/panel/account.php"); @@ -65,7 +65,7 @@ echo ""; echo " - +
"; diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php index c22d218d..916acb9e 100644 --- a/webroot/panel/groups.php +++ b/webroot/panel/groups.php @@ -9,7 +9,7 @@ $modalErrors = array(); $errors = array(); - if (isset($_POST["form_name"])) { + if (isset($_POST["form_type"])) { if (isset($_POST["pi"])) { $pi_account = new UnityGroup(trim($_POST["pi"]), $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); if (!$pi_account->exists()) { @@ -18,7 +18,7 @@ } } - switch ($_POST["form_name"]) { + switch ($_POST["form_type"]) { case "addPIform": // The new PI modal was submitted // existing PI request @@ -116,7 +116,7 @@ "
- +
diff --git a/webroot/panel/modal/new_pi.php b/webroot/panel/modal/new_pi.php index a007e43b..ebdd7dc1 100644 --- a/webroot/panel/modal/new_pi.php +++ b/webroot/panel/modal/new_pi.php @@ -4,7 +4,7 @@ ?>
/panel/groups.php"> - +
diff --git a/webroot/panel/pi.php b/webroot/panel/pi.php index 386a8ceb..8cafa812 100644 --- a/webroot/panel/pi.php +++ b/webroot/panel/pi.php @@ -16,7 +16,7 @@ $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK); } - switch ($_POST["form_name"]) { + switch ($_POST["form_type"]) { case "userReq": if ($_POST["action"] == "Approve") { $group->approveUser($form_user); @@ -62,7 +62,7 @@ echo ""; echo " - + @@ -92,7 +92,7 @@ echo ""; echo " - + From 3dffd6cc971f098d1628108620f38524303d100b Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Wed, 4 Jun 2025 08:44:32 -0400 Subject: [PATCH 2/6] bump version --- defaults/config.ini.default | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/config.ini.default b/defaults/config.ini.default index 5ab81435..8ba96480 100644 --- a/defaults/config.ini.default +++ b/defaults/config.ini.default @@ -2,7 +2,7 @@ ; DO NOT EDIT THIS FILE. Instead make a config.ini file in the config folder. ; [upstream] -version = "1.1.2" ; Current upstream version of the web portal +version = "1.2.0" ; Current upstream version of the web portal repo = "https://github.com/UnityHPC/unity-web-portal" ; Upstream URL for the web portal [site] From 89cbfdf25929dd153dbe2f8e4f8c7c9d241f48ae Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Wed, 4 Jun 2025 10:17:56 -0400 Subject: [PATCH 3/6] fix update-ldap-cache.php --- resources/lib/UnityLDAP.php | 31 -------------------------- workers/update-ldap-cache.php | 42 ++++++++++++++++++++++++++--------- 2 files changed, 32 insertions(+), 41 deletions(-) diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php index 88a957f2..61371638 100644 --- a/resources/lib/UnityLDAP.php +++ b/resources/lib/UnityLDAP.php @@ -332,35 +332,4 @@ public function getOrgGroupEntry($gid) $gid = ldap_escape($gid, LDAP_ESCAPE_DN); return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU); } - - public static function parseUserChildrenArray(array $userChildrenArray): array - { - // input comes from LdapEntry::getChildrenArray on a UnityUser - $output = []; - $required_string_attributes = [ - "gidnumber", - "givenname", - "homedirectory", - "loginshell", - "mail", - "o", - "sn", - "uid", - "uidnumber", - "gecos", - ]; - foreach ($required_string_attributes as $key) { - $output[$key] = $userChildrenArray[$key][0]; - } - $output["firstname"] = $output["givenname"]; - $output["lastname"] = $output["sn"]; - $output["org"] = $output["o"]; - $output["objectclass"] = $userChildrenArray["objectclass"]; - if (array_key_exists("sspublickey", $userChildrenArray)) { - $output["sshpublickey"] = $userChildrenArray["sshpublickey"]; - } else { - $output["sshpublickey"] = []; - } - return $output; - } } diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index 6fb07c78..b23fd834 100644 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -13,6 +13,25 @@ use UnityWebPortal\lib\UnityWebhook; use PHPOpenLDAPer\LDAPEntry; +// in PHP LDAP all attributes are arrays, we need these as strings instead +// it's possible but probably difficult to find this out using LDAP schema information +$user_string_attributes = [ + "gidnumber", + "givenname", + "homedirectory", + "loginshell", + "mail", + "o", + "sn", + "uid", + "uidnumber", + "gecos", +]; + +$pi_group_string_attributes = [ + "gidnumber", +]; + $options = getopt("fu"); if (array_key_exists("f", $options)) { echo "flushing cache...\n"; @@ -21,36 +40,39 @@ if ((!is_null($REDIS->getCache("initialized", "")) and (!array_key_exists("u", $options)))) { echo "cache is already initialized, nothing doing."; - echo " use -f argument to flush cache, or -u argument to update without flush."; + echo " use -f argument to flush cache, or -u argument to update without flush.\n"; } else { echo "updating cache...\n"; - $user_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["user_ou"]); echo "waiting for LDAP response (users)...\n"; - $users = $user_ou->getChildrenArray(true); + $users = $LDAP->search("objectClass=posixAccount", $CONFIG["ldap"]["basedn"]); echo "response received.\n"; // phpcs:disable - $user_CNs = array_map(function ($x){return $x["cn"][0];}, $users); + $user_CNs = array_map(function ($x){return $x->getAttribute("cn")[0];}, $users); // phpcs:enable sort($user_CNs); $REDIS->setCache("sorted_users", "", $user_CNs); foreach ($users as $user) { - $attribute_array = UnityLDAP::parseUserChildrenArray($user); - foreach ($attribute_array as $key => $val) { - $REDIS->setCache($user["cn"][0], $key, $val); + $cn = $user->getAttribute("cn")[0]; + foreach ($user->getAttributes() as $key => $val) { + if (in_array($key, $user_string_attributes)) { + $REDIS->setCache($cn, $key, $val[0]); + } else { + $REDIS->setCache($cn, $key, $val); + } } } $org_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["orggroup_ou"]); echo "waiting for LDAP response (org_groups)...\n"; - $org_groups = $org_group_ou->getChildrenArray(true); + $org_groups = $LDAP->search("objectClass=posixGroup", $CONFIG["ldap"]["basedn"]); echo "response received.\n"; // phpcs:disable - $org_group_CNs = array_map(function($x){return $x["cn"][0];}, $org_groups); + $org_group_CNs = array_map(function($x){return $x->getAttribute("cn")[0];}, $org_groups); // phpcs:enable sort($org_group_CNs); $REDIS->setCache("sorted_orgs", "", $org_group_CNs); foreach ($org_groups as $org_group) { - $REDIS->setCache($org_group["cn"][0], "members", $org_group["memberuid"]); + $REDIS->setCache($org_group->getAttribute("cn")[0], "members", $org_group->getAttribute("memberuid")); } $pi_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["pigroup_ou"]); From e7ad663fa6b459d89e4f17c972a35dc4b16598aa Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Wed, 4 Jun 2025 10:23:16 -0400 Subject: [PATCH 4/6] help long option --- workers/update-ldap-cache.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index b23fd834..737647e5 100644 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -32,7 +32,14 @@ "gidnumber", ]; -$options = getopt("fu"); +$options = getopt("fuh", ["help"]); +if (array_key_exists("h", $options) or array_key_exists("help", $options)) { + echo "arguments: + f: flush cache and then update + u: update cache even if already initialized + h --help: display this message"; + die(); +} if (array_key_exists("f", $options)) { echo "flushing cache...\n"; $REDIS->flushAll(); From 6cf3fe8db4328e13c836f2d3039532268627de7f Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Wed, 4 Jun 2025 10:24:17 -0400 Subject: [PATCH 5/6] executable --- workers/update-ldap-cache.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) mode change 100644 => 100755 workers/update-ldap-cache.php diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php old mode 100644 new mode 100755 index 737647e5..c242f269 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -1,3 +1,4 @@ +#!/bin/php Date: Wed, 4 Jun 2025 10:25:24 -0400 Subject: [PATCH 6/6] no die --- workers/update-ldap-cache.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index c242f269..a62b19f5 100755 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -39,7 +39,7 @@ f: flush cache and then update u: update cache even if already initialized h --help: display this message\n"; - die(); + UnitySite::die(); } if (array_key_exists("f", $options)) { echo "flushing cache...\n";