From 72b6898d497f8479de2a86189b29b2f2829d5277 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 2 Jun 2021 13:13:26 +0000 Subject: [PATCH 1/2] Twitter: Improved logging for the picture upload --- twitter/twitter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/twitter/twitter.php b/twitter/twitter.php index 8bfa1737..d6867e73 100644 --- a/twitter/twitter.php +++ b/twitter/twitter.php @@ -716,10 +716,10 @@ function twitter_post_hook(App $a, array &$b) $data = ['media_id' => $media->media_id_string, 'alt_text' => ['text' => substr($image['description'], 0, 420)]]; $ret = $cb->media_metadata_create($data); - Logger::info('Metadata create', ['id' => $b['id'], 'data' => $data, 'return' => json_encode($ret)]); + Logger::info('Metadata create', ['id' => $b['id'], 'data' => $data, 'return' => $ret]); } } else { - Logger::error('Failed upload', ['id' => $b['id'], 'image' => $image['url']]); + Logger::error('Failed upload', ['id' => $b['id'], 'image' => $image['url'], 'return' => $media]); throw new Exception('Failed upload of ' . $image['url']); } } -- 2.43.5 From f6735056b0621814d59265e77dad141c2bb0e4a1 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Mon, 7 Jun 2021 23:55:24 -0400 Subject: [PATCH 2/2] [ldap] Only call ldap_createaccount once - Moved group membership check before user creation - Improve group membership check error message specificity --- ldapauth/ldapauth.php | 38 ++++++++++++++------------------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/ldapauth/ldapauth.php b/ldapauth/ldapauth.php index 82d80342..1043c4d8 100644 --- a/ldapauth/ldapauth.php +++ b/ldapauth/ldapauth.php @@ -134,41 +134,31 @@ function ldapauth_authenticate($username, $password) return false; } - $emailarray = []; - $namearray = []; - if ($ldap_autocreateaccount == "true") { - if (!strlen($ldap_autocreateaccount_emailattribute)) { - $ldap_autocreateaccount_emailattribute = "mail"; - } - if (!strlen($ldap_autocreateaccount_nameattribute)) { - $ldap_autocreateaccount_nameattribute = "givenName"; - } - $emailarray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute); - $namearray = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute); - } - - if (!strlen($ldap_group)) { - ldap_createaccount($ldap_autocreateaccount, $username, $password, $emailarray[0], $namearray[0]); - return true; - } - - $r = @ldap_compare($connect, $ldap_group, 'member', $dn); - if ($r !== true) { + if (strlen($ldap_group) && @ldap_compare($connect, $ldap_group, 'member', $dn) !== true) { $errno = @ldap_errno($connect); if ($errno === 32) { Logger::notice('LDAP Access Control Group does not exist', ['errno' => $errno, 'error' => ldap_error($connect)]); } elseif ($errno === 16) { Logger::notice('LDAP membership attribute does not exist in access control group', ['errno' => $errno, 'error' => ldap_error($connect)]); } else { - Logger::notice('Unexpected LDAP error', ['errno' => $errno, 'error' => ldap_error($connect)]); + Logger::notice('LDAP user isn\'t part of the authorized group', ['dn' => $dn]); } @ldap_close($connect); return false; } - if ($ldap_autocreateaccount == "true" && !DBA::exists('user', ['nickname' => $username])) { - return ldap_createaccount($username, $password, $emailarray[0], $namearray[0]); + if ($ldap_autocreateaccount == 'true' && !DBA::exists('user', ['nickname' => $username])) { + if (!strlen($ldap_autocreateaccount_emailattribute)) { + $ldap_autocreateaccount_emailattribute = 'mail'; + } + if (!strlen($ldap_autocreateaccount_nameattribute)) { + $ldap_autocreateaccount_nameattribute = 'givenName'; + } + $email_values = @ldap_get_values($connect, $id, $ldap_autocreateaccount_emailattribute); + $name_values = @ldap_get_values($connect, $id, $ldap_autocreateaccount_nameattribute); + + return ldap_createaccount($username, $password, $email_values[0] ?? '', $name_values[0] ?? ''); } try { @@ -191,7 +181,7 @@ function ldap_createaccount($username, $password, $email, $name) $user = User::create([ 'username' => $name, 'nickname' => $username, - 'email' => $email, + 'email' => $email, 'password' => $password, 'verified' => 1 ]); -- 2.43.5