heptacom / heptacomshopwareplatformadminopenauth Goto Github PK
View Code? Open in Web Editor NEWShopware plugin to allow open auth logins in the administration
Home Page: https://www.heptacom.de/
License: Apache License 2.0
Shopware plugin to allow open auth logins in the administration
Home Page: https://www.heptacom.de/
License: Apache License 2.0
4.2.1
8.1
6.4.18.1
Composer
Google Cloud
The shopware user provisioner creates a user as admin by default. Therefore, the user is first created as admin - as nothing else is specified.
It would probably be better to initially create the user as non admin there and only use updateUser to set admin to true, if specified accordingly.
No response
4.2.1
8.1
6.4.20.1
Composer
SAML2
Are there any plans for 5.x to allow the use of SAML attributes to disallow access and to assign certain user roles according to attributes e.g. a membership attribute?
No response
4.2.1
8.1
6.4.18.1
Composer
None
I admit I did not yet veriy this but if a user logs in through SSO it would be good if that user could not login at all using a password as otherwise they might be able to change their password (e.g. password forgot functionality) and login without the company's SSO after they left the company.
But as mentioned I did not yet check, if this is already the case. I just did not see anything in the code base regarding this (at a first glance).
No response
5.0.0
8.2
6.5.7.4
Community-Store
None
Installation fails with the error in the log.
Tried deletion and reinstall. Maybe it's related to MariaDB.
[2024-01-18T14:24:12.506964+00:00] app.ERROR: Migration: "Heptacom\AdminOpenAuth\Migration\Migration1693915434MigrateSamlConfigRequestedAuthnContext" failed: "An exception occurred while executing a query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json)) WHERE `provider` IN ('saml2', 'jumpcloud') AND ( JSON_...' at line 2" [] []
[2024-01-18T14:24:19.604179+00:00] request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\SyntaxErrorException: "An exception occurred while executing a query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json)) WHERE `provider` IN ('saml2', 'jumpcloud') AND ( JSON_...' at line 2" at /vendor/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php line 86 {"exception":"[object] (Doctrine\\DBAL\\Exception\\SyntaxErrorException(code: 1064): An exception occurred while executing a query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json))\nWHERE\n `provider` IN ('saml2', 'jumpcloud')\n AND (\n JSON_...' at line 2 at /dev.ses-sandmann.de/vendor/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php:86)\n[previous exception] [object] (Doctrine\\DBAL\\Driver\\PDO\\Exception(code: 1064): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json))\nWHERE\n `provider` IN ('saml2', 'jumpcloud')\n AND (\n JSON_...' at line 2 at /vendor/doctrine/dbal/src/Driver/PDO/Exception.php:28)\n[previous exception] [object] (PDOException(code: 42000): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json))\nWHERE\n `provider` IN ('saml2', 'jumpcloud')\n AND (\n JSON_...' at line 2 at /vendor/doctrine/dbal/src/Driver/PDO/Connection.php:33)"} []
6.0.1
8.3
6.5.8.7
Github Tag -> Source Download
OpenID Connect
When entering an url, the url gets formatted and all trailing slashes get removed. My Identity Provider requires a trailing slash at the end of the url, otherwise an error occurs.
Example:
auth.example.com/application/o/userinfo/
becomes
auth.example.com/application/o/userinfo
(which results in an error)
No response
4.2.1
7.4.33
6.4.17.2
Community-Store
Microsoft Azure OIDC
Configured Plugin to assign other role than 'Administrator'.
The error below is displayed at first login, and the account gets created with 'Administrator' role.
{"errors":[{"code":"0","status":"500","title":"Internal Server Error","detail":"An exception occurred while executing \u0027UPDATE user SET first_name = ?, last_name = ?, email = ?, admin = ?, updated_at = ? WHERE id = ?\u0027 with params [\u0022Chxxx\u0022, \u0022Kxxx\u0022, \[email protected]\u0022, false, \u00222022-12-08 13:51:40.711\u0022, \u0022\xfe\x9a\x4e\xee\x25\x99\x45\x60\x83\x5a\x92\x80\x92\x49\xdd\xb5\u0022]:\n\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: \u0027\u0027 for column \u0027admin\u0027 at row 1"}]}
[2022-12-08T13:51:40.713133+00:00] request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\DriverException: "An exception occurred while executing 'UPDATE user SET first_name = ?, last_name = ?, email = ?, admin = ?, updated_at = ? WHERE id = ?' with params ["Chxxx", "Kxxx", "[email protected]", false, "2022-12-08 13:51:40.711", "\xfe\x9a\x4e\xee\x25\x99\x45\x60\x83\x5a\x92\x80\x92\x49\xdd\xb5"]: SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1" at /opt/shopware/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php line 128 {"exception":"[object] (Doctrine\\DBAL\\Exception\\DriverException(code: 0): An exc eption occurred while executing 'UPDATE user SET first_name = ?, last_name = ?, email = ?, admin = ?, updated_at = ? WHERE id = ?' with params [\"Chxxx\", \"Kxxx\", \"[email protected]\", false, \"2022-12-08 1 3:51:40.711\", \"\\xfe\\x9a\\x4e\\xee\\x25\\x99\\x45\\x60\\x83\\x5a\\x92\\x80\\x92\\x49\\xdd\\xb5\"]:\n\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1 at /opt/shopware/vendor/doctrine/dbal/l ib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php:128)\n[previous exception] [object] (Doctrine\\DBAL\\Driver\\PDO\\Exception(code: HY000): SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1 at /op t/shopware/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDO/Exception.php:18)\n[previous exception] [object] (PDOException(code: HY000): SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1 at /op t/shopware/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:117)"} []
We have just installed the plugin.
Right after configuration/activation, we only get
errors | |
---|---|
0 | |
code | "0" |
status | "500" |
title | "Internal Server Error" |
detail | "Error: Maximum execution time of 30 seconds exceeded" |
During the 30sec, the php-fpm goes to100% CPU and the error message in the php-fpm log is:
Maximum execution time of 30 seconds exceeded in /opt/shopware/vendor/brick/math/src/Internal/Calculator/NativeCalculator.php
Every time the error lists a different line number.
Any idea on this?
Environment:
CentOS 8
PHP 7.4.32
Shopware 6.4.16.1
4.2.1
8.1
6.4.18.1
Composer
Google Cloud
Oauth2 provider in google cloud is very limited regarding restricting which users have access (see also #10)
From what I can gather, it would, however, be possible to check if a user is assigned to a certain group and use that as additional indicator. however, it is not completely defualt behavior regarding login, so it should probably only be done if everything else works. See also: https://stackoverflow.com/questions/11610344/getting-all-groups-an-user-is-a-member-of-through-oauth-google
No response
6.0.1
8.2
6.5.8.8
Composer
Keycloak
With Shopware 6.5.8.8, they introduced a breaking change by adding native types to
Shopware\Core\Framework\DataAbstractionLayer\Write\EntityWriterInterface::insert
Shopware\Core\Framework\DataAbstractionLayer\Write\EntityWriterInterface::update
To be fair, it's technically not a breaking change, since the interface is marked as @internal
and therefore not part of the public API.
The Shopware commit changing this, is shopware/shopware@c1b1d7d.
Just adding a native array return types to those methods in \Heptacom\AdminOpenAuth\Component\Provider\DefaultInjectingEntityWriterDecorator
should be enough to resolve this.
No response
4.2.1
8.1
6.4.18.1
Composer
Google Cloud
This is just a minor change, but the USerProvisioner class referenced here https://github.com/HEPTACOM/HeptacomShopwarePlatformAdminOpenAuth/blob/4.2.1/src/Service/UserResolver.php has been deprecated. From what I can see only its namespace has changed (it has been moved to maintenance).
No response
I just want to give a short update about the 6.5 compatibility update in here.
We are currently working on some last issues. We expect to release at least a Beta or RC this week.
When logged in via open auth you have no password present. There are dialogs in the administration which require you to enter your current password. As an OAuth user you cannot pass these dialogs. This seems to be an issues since shopware 6.3.0.0
4.2.1
8.1
6.4.18.1
Composer
Google Cloud
It would probably be a good idea to put the whole user creation / update part in a database transaction with commit/rollback, so only upon success the user created / modified if everything works correctly.
No response
4.2.1
8.1
6.4.18.1
Composer
Google Cloud
Google Oauth currently has very little options to limit which users get access. So it would be nice if e.g. the plugin would have an option to disable user creation.
optionally it is always possible to create users without permissions and change those later on but not even creating them would be even better.
No response
4.2.1
8.1
6.4.18.1
Composer
Google Cloud
From what I can gather in the code for some interactions you already bypass the password confirm dialog in the admin.
However, this is not yet the case for all, e.g. deleting an admin user requires a password which a user logging in through SSO does not have.
No response
6.0.0
8.3
6.5.8.0
Composer
None
Problem 1
- Root composer.json requires heptacom/shopware-platform-admin-open-auth ^6.0 -> satisfiable by heptacom/shopware-platform-admin-open-auth[6.0.0].
- heptacom/shopware-platform-admin-open-auth 6.0.0 requires symfony/routing ~6.2.0 || ~6.3.0 -> found symfony/routing[v6.2.0, ..., v6.3.11] but it conflicts with your root composer.json require (^6.4).
Basically says it all
No response
6.0.3
8.2.19
6.5.7.3
Community-Store
None
Installation fails with the error in the log.
Tried deletion and reinstall.
“The class “Heptacom\AdminOpenAuth\KskHeptacomAdminOpenAuth” is not found. Probably an class loader error. Check your plugin composer.json”
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.