From d237157c0b743434ce213d895a130e02a0b06b3e Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Mon, 26 Feb 2024 13:12:44 +0100 Subject: [PATCH] init identity_provider only after all conditions are met --- data/conf/phpfpm/crons/keycloak-sync.php | 5 +++-- data/conf/phpfpm/crons/ldap-sync.php | 5 +++-- data/web/inc/functions.auth.inc.php | 4 ++-- data/web/inc/functions.inc.php | 8 ++++++++ 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/data/conf/phpfpm/crons/keycloak-sync.php b/data/conf/phpfpm/crons/keycloak-sync.php index 0525f9572..3a7b1da7b 100644 --- a/data/conf/phpfpm/crons/keycloak-sync.php +++ b/data/conf/phpfpm/crons/keycloak-sync.php @@ -70,8 +70,6 @@ $_SESSION['acl']['protocol_access'] = "1"; $_SESSION['acl']['mailbox_relayhost'] = "1"; $_SESSION['acl']['unlimited_quota'] = "1"; -// Init Keycloak Provider -$iam_provider = identity_provider('init'); $iam_settings = identity_provider('get'); if ($iam_settings['authsource'] != "keycloak" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) { session_destroy(); @@ -109,6 +107,9 @@ $lock_file_handle = fopen($lock_file, 'w'); fwrite($lock_file_handle, getmypid()); fclose($lock_file_handle); +// Init Keycloak Provider +$iam_provider = identity_provider('init'); + // Loop until all users have been retrieved while (true) { // Get admin access token diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php index 20cf7f290..1a53884c3 100644 --- a/data/conf/phpfpm/crons/ldap-sync.php +++ b/data/conf/phpfpm/crons/ldap-sync.php @@ -70,8 +70,6 @@ $_SESSION['acl']['protocol_access'] = "1"; $_SESSION['acl']['mailbox_relayhost'] = "1"; $_SESSION['acl']['unlimited_quota'] = "1"; -// Init Provider -$iam_provider = identity_provider('init'); $iam_settings = identity_provider('get'); if ($iam_settings['authsource'] != "ldap" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) { session_destroy(); @@ -109,6 +107,9 @@ $lock_file_handle = fopen($lock_file, 'w'); fwrite($lock_file_handle, getmypid()); fclose($lock_file_handle); +// Init Provider +$iam_provider = identity_provider('init'); + // Get ldap users $ldap_query = $iam_provider->query(); if (!empty($iam_settings['filter'])) { diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php index b7b8dbc6a..78aca3c67 100644 --- a/data/web/inc/functions.auth.inc.php +++ b/data/web/inc/functions.auth.inc.php @@ -476,8 +476,8 @@ function keycloak_mbox_login_rest($user, $pass, $iam_settings, $extra = null){ } function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){ global $pdo; - global $iam_provider; - + + $iam_provider = identity_provider(); $is_internal = $extra['is_internal']; $create = $extra['create']; diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 88aa811e6..bba46935b 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -2099,12 +2099,20 @@ function uuid4() { } function identity_provider($_action, $_data = null, $_extra = null) { global $pdo; + global $iam_provider; $data_log = $_data; if (isset($data_log['client_secret'])) $data_log['client_secret'] = '*'; if (isset($data_log['access_token'])) $data_log['access_token'] = '*'; switch ($_action) { + case NULL: + if ($iam_provider) { + return $iam_provider; + } else { + $iam_provider = identity_provider("init"); + } + break; case 'get': $settings = array(); $stmt = $pdo->prepare("SELECT * FROM `identity_provider`;");