fix: Minor fixes in AuthProc filters

BaranekD · BaranekD · commit 48c6949edc15 · 2022-04-13T11:21:24.000+02:00
diff --git a/lib/Auth/Process/ForceAup.php b/lib/Auth/Process/ForceAup.php
@@ -265,6 +265,10 @@ private function fillAupsToBeApproved($requestedAups, $aups, $userApprovedAups)
     {
         $aupsToBeApproved = [];
         foreach ($requestedAups as $requestedAup) {
+            if (!array_key_exists($requestedAup, $aups)) {
+                Logger::debug('perun:ForceAup - Requested AUP \'' . $requestedAup . '\' is not in the list of VO AUPS, probably VO does not have AUP');
+                continue;
+            }
             $aupsInJson = $aups[$requestedAup];
             if (empty($aupsInJson)) {
                 continue;
diff --git a/lib/Auth/Process/PerunIdentity.php b/lib/Auth/Process/PerunIdentity.php
@@ -241,7 +241,7 @@ public function process(&$request)
 
             $this->checkMemberStateDefaultVo($request, $user, $uids);
 
-            $groups = $this->adapter->getUsersGroupsOnFacility($this->spEntityId, $user->getId());
+            $groups = $this->adapter->getUsersGroupsOnSp($this->spEntityId, $user->getId());
 
             if ($this->checkGroupMembership && empty($groups)) {
                 if ($this->allowRegistrationToGroups) {
diff --git a/lib/Auth/Process/PerunUser.php b/lib/Auth/Process/PerunUser.php
@@ -137,7 +137,6 @@ private function register(array &$request, array $uids): void
             self::PARAM_STATE_ID => $stateId,
         ]);
         Logger::debug(self::DEBUG_PREFIX . 'Produced callback URL \'' . $callback . '\'');
-        $url = '';
         $params = [];
 
         if (!empty($this->registerUrl) && !empty($this->callbackParameterName)) {
diff --git a/lib/Auth/Process/SpAuthorization.php b/lib/Auth/Process/SpAuthorization.php
@@ -147,7 +147,6 @@ public function process(&$request)
             Logger::debug(
                 self::DEBUG_PREFIX . 'No facility found for SP \'' . $spEntityId . '\', skip processing filter'
             );
-
             return;
         }
         $facilityAttributes = $this->getSPAttributes($facility);
@@ -156,22 +155,20 @@ public function process(&$request)
                 self::DEBUG_PREFIX . 'Could not fetch SP attributes, user will be redirected to unauthorized for security reasons'
             );
             $this->unauthorized($request);
-
             return;
         }
 
         $checkGroupMembership = $facilityAttributes[self::CHECK_GROUP_MEMBERSHIP];
         if (!$checkGroupMembership) {
             Logger::info(self::DEBUG_PREFIX . 'Group membership check not requested by the service.');
-
             return;
         }
 
-        $userGroups = $this->adapter->getUsersGroupsOnFacility($spEntityId, $user->getId());
+        $userGroups = $this->adapter->getUsersGroupsOnFacility($facility, $user->getId());
         if (!empty($userGroups)) {
             Logger::info(self::DEBUG_PREFIX . 'User satisfies the group membership check.');
         } else {
-            $this->handleUnsatisfiedMembership($request, $user, $spEntityId, $facilityAttributes);
+            $this->handleUnsatisfiedMembership($request, $user, $spEntityId, $facility, $facilityAttributes);
         }
     }
 
@@ -188,6 +185,7 @@ public function handleUnsatisfiedMembership(
         array $request,
         User $user,
         string $spEntityId,
+        Facility $facility,
         array $facilityAttributes
     ) {
         $allowRegistration = $facilityAttributes[self::ALLOW_REGISTRATION] ?? false;
@@ -208,11 +206,10 @@ public function handleUnsatisfiedMembership(
                 exit;
             }
             try {
-                $registrationData = $this->getRegistrationData($user, $spEntityId, $facilityAttributes);
+                $registrationData = $this->getRegistrationData($user, $facility, $spEntityId, $facilityAttributes);
                 if (!empty($registrationData)) {
                     $skipNotification = in_array($spEntityId, $this->skipNotificationSps, true);
                     $this->register($request, $registrationData, $skipNotification);
-
                     return;
                 }
                 Logger::debug(
@@ -223,7 +220,7 @@ public function handleUnsatisfiedMembership(
                 Logger::warning(
                     self::DEBUG_PREFIX . 'Caught exception, user will be redirected to unauthorized for security reasons'
                 );
-                Logger::debug($ex);
+                Logger::debug($ex->getMessage());
             }
         } else {
             Logger::debug(
@@ -354,7 +351,7 @@ protected function registerChooseVoAndGroup(array &$request, array $registration
         ]);
     }
 
-    private function getRegistrationData($user, $spEntityId, array $facilityAttributes): array
+    private function getRegistrationData($user, Facility $facility, string $spEntityId, array $facilityAttributes): array
     {
         if (null === $this->rpcAdapter) {
             throw new Exception(self::DEBUG_PREFIX . 'No RPC adapter available, cannot fetch registration data');
@@ -367,7 +364,7 @@ private function getRegistrationData($user, $spEntityId, array $facilityAttribut
         }
         $voShorNamesForRegistration = $this->getRegistrationVoShortNames($user, $voShortNames);
 
-        return $this->getRegistrationGroups($spEntityId, $voShorNamesForRegistration);
+        return $this->getRegistrationGroups($facility, $voShorNamesForRegistration);
     }
 
     private function getRegistrationVoShortNames(User $user, array $voShortNames): array
