heptacom / heptacomshopwareplatformadminopenauth Goto Github PK

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

The shopware user provisioner creates a user as admin by default. Therefore, the user is first created as admin - as nothing else is specified.

It would probably be better to initially create the user as non admin there and only use updateUser to set admin to true, if specified accordingly.

Relevant log output

No response

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.20.1

Installation method

Composer

Identity provider

SAML2

What happened?

Are there any plans for 5.x to allow the use of SAML attributes to disallow access and to assign certain user roles according to attributes e.g. a membership attribute?

Relevant log output

No response

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

None

What happened?

I admit I did not yet veriy this but if a user logs in through SSO it would be good if that user could not login at all using a password as otherwise they might be able to change their password (e.g. password forgot functionality) and login without the company's SSO after they left the company.

But as mentioned I did not yet check, if this is already the case. I just did not see anything in the code base regarding this (at a first glance).

Relevant log output

No response

Plugin Version

5.0.0

PHP Version

8.2

Shopware Version

6.5.7.4

Installation method

Community-Store

Identity provider

None

What happened?

Installation fails with the error in the log.
Tried deletion and reinstall. Maybe it's related to MariaDB.

Relevant log output

[2024-01-18T14:24:12.506964+00:00] app.ERROR: Migration: "Heptacom\AdminOpenAuth\Migration\Migration1693915434MigrateSamlConfigRequestedAuthnContext" failed: "An exception occurred while executing a query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json)) WHERE     `provider` IN ('saml2', 'jumpcloud')     AND (         JSON_...' at line 2" [] []
[2024-01-18T14:24:19.604179+00:00] request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\SyntaxErrorException: "An exception occurred while executing a query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json)) WHERE     `provider` IN ('saml2', 'jumpcloud')     AND (         JSON_...' at line 2" at /vendor/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php line 86 {"exception":"[object] (Doctrine\\DBAL\\Exception\\SyntaxErrorException(code: 1064): An exception occurred while executing a query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json))\nWHERE\n    `provider` IN ('saml2', 'jumpcloud')\n    AND (\n        JSON_...' at line 2 at /dev.ses-sandmann.de/vendor/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php:86)\n[previous exception] [object] (Doctrine\\DBAL\\Driver\\PDO\\Exception(code: 1064): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json))\nWHERE\n    `provider` IN ('saml2', 'jumpcloud')\n    AND (\n        JSON_...' at line 2 at /vendor/doctrine/dbal/src/Driver/PDO/Exception.php:28)\n[previous exception] [object] (PDOException(code: 42000): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'json))\nWHERE\n    `provider` IN ('saml2', 'jumpcloud')\n    AND (\n        JSON_...' at line 2 at /vendor/doctrine/dbal/src/Driver/PDO/Connection.php:33)"} []

Plugin Version

6.0.1

PHP Version

8.3

Shopware Version

6.5.8.7

Installation method

Github Tag -> Source Download

Identity provider

OpenID Connect

What happened?

When entering an url, the url gets formatted and all trailing slashes get removed. My Identity Provider requires a trailing slash at the end of the url, otherwise an error occurs.

Example:

auth.example.com/application/o/userinfo/

becomes

auth.example.com/application/o/userinfo
(which results in an error)

Relevant log output

No response

Plugin Version

4.2.1

PHP Version

7.4.33

Shopware Version

6.4.17.2

Installation method

Community-Store

Identity provider

Microsoft Azure OIDC

What happened?

Configured Plugin to assign other role than 'Administrator'.
The error below is displayed at first login, and the account gets created with 'Administrator' role.

{"errors":[{"code":"0","status":"500","title":"Internal Server Error","detail":"An exception occurred while executing \u0027UPDATE user SET first_name = ?, last_name = ?, email = ?, admin = ?, updated_at = ? WHERE id = ?\u0027 with params [\u0022Chxxx\u0022, \u0022Kxxx\u0022, \[email protected]\u0022, false, \u00222022-12-08 13:51:40.711\u0022, \u0022\xfe\x9a\x4e\xee\x25\x99\x45\x60\x83\x5a\x92\x80\x92\x49\xdd\xb5\u0022]:\n\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: \u0027\u0027 for column \u0027admin\u0027 at row 1"}]}

Relevant log output

[2022-12-08T13:51:40.713133+00:00] request.CRITICAL: Uncaught PHP Exception Doctrine\DBAL\Exception\DriverException: "An exception occurred while executing 'UPDATE user SET first_name = ?, last_name = ?, email = ?, admin = ?, updated_at                                                                                                                                                                                               = ? WHERE id = ?' with params ["Chxxx", "Kxxx", "[email protected]", false, "2022-12-08 13:51:40.711", "\xfe\x9a\x4e\xee\x25\x99\x45\x60\x83\x5a\x92\x80\x92\x49\xdd\xb5"]:  SQLSTATE[HY000]: General error: 1366                                                                                                                                                                                               Incorrect integer value: '' for column 'admin' at row 1" at /opt/shopware/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php line 128 {"exception":"[object] (Doctrine\\DBAL\\Exception\\DriverException(code: 0): An exc                                                                                                                                                                                              eption occurred while executing 'UPDATE user SET first_name = ?, last_name = ?, email = ?, admin = ?, updated_at = ? WHERE id = ?' with params [\"Chxxx\", \"Kxxx\", \"[email protected]\", false, \"2022-12-08 1                                                                                                                                                                                              3:51:40.711\", \"\\xfe\\x9a\\x4e\\xee\\x25\\x99\\x45\\x60\\x83\\x5a\\x92\\x80\\x92\\x49\\xdd\\xb5\"]:\n\nSQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1 at /opt/shopware/vendor/doctrine/dbal/l                                                                                                                                                                                              ib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php:128)\n[previous exception] [object] (Doctrine\\DBAL\\Driver\\PDO\\Exception(code: HY000): SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1 at /op                                                                                                                                                                                              t/shopware/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDO/Exception.php:18)\n[previous exception] [object] (PDOException(code: HY000): SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'admin' at row 1 at /op                                                                                                                                                                                              t/shopware/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:117)"} []

We have just installed the plugin.
Right after configuration/activation, we only get

During the 30sec, the php-fpm goes to100% CPU and the error message in the php-fpm log is:
Maximum execution time of 30 seconds exceeded in /opt/shopware/vendor/brick/math/src/Internal/Calculator/NativeCalculator.php
Every time the error lists a different line number.

Any idea on this?

Environment:
CentOS 8
PHP 7.4.32
Shopware 6.4.16.1

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

Oauth2 provider in google cloud is very limited regarding restricting which users have access (see also #10)

From what I can gather, it would, however, be possible to check if a user is assigned to a certain group and use that as additional indicator. however, it is not completely defualt behavior regarding login, so it should probably only be done if everything else works. See also: https://stackoverflow.com/questions/11610344/getting-all-groups-an-user-is-a-member-of-through-oauth-google

Relevant log output

No response

Plugin Version

6.0.1

PHP Version

8.2

Shopware Version

6.5.8.8

Installation method

Composer

Identity provider

Keycloak

What happened?

With Shopware 6.5.8.8, they introduced a breaking change by adding native types to

• Shopware\Core\Framework\DataAbstractionLayer\Write\EntityWriterInterface::insert
• Shopware\Core\Framework\DataAbstractionLayer\Write\EntityWriterInterface::update

To be fair, it's technically not a breaking change, since the interface is marked as @internal and therefore not part of the public API.

The Shopware commit changing this, is shopware/shopware@c1b1d7d.

Just adding a native array return types to those methods in \Heptacom\AdminOpenAuth\Component\Provider\DefaultInjectingEntityWriterDecorator should be enough to resolve this.

Relevant log output

No response

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

This is just a minor change, but the USerProvisioner class referenced here https://github.com/HEPTACOM/HeptacomShopwarePlatformAdminOpenAuth/blob/4.2.1/src/Service/UserResolver.php has been deprecated. From what I can see only its namespace has changed (it has been moved to maintenance).

Relevant log output

No response

I just want to give a short update about the 6.5 compatibility update in here.

We are currently working on some last issues. We expect to release at least a Beta or RC this week.

When logged in via open auth you have no password present. There are dialogs in the administration which require you to enter your current password. As an OAuth user you cannot pass these dialogs. This seems to be an issues since shopware 6.3.0.0

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

It would probably be a good idea to put the whole user creation / update part in a database transaction with commit/rollback, so only upon success the user created / modified if everything works correctly.

Relevant log output

No response

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

Google Oauth currently has very little options to limit which users get access. So it would be nice if e.g. the plugin would have an option to disable user creation.

optionally it is always possible to create users without permissions and change those later on but not even creating them would be even better.

Relevant log output

No response

Plugin Version

4.2.1

PHP Version

8.1

Shopware Version

6.4.18.1

Installation method

Composer

Identity provider

Google Cloud

What happened?

From what I can gather in the code for some interactions you already bypass the password confirm dialog in the admin.

However, this is not yet the case for all, e.g. deleting an admin user requires a password which a user logging in through SSO does not have.

Relevant log output

No response

Plugin Version

6.0.0

PHP Version

8.3

Shopware Version

6.5.8.0

Installation method

Composer

Identity provider

None

What happened?

  Problem 1
    - Root composer.json requires heptacom/shopware-platform-admin-open-auth ^6.0 -> satisfiable by heptacom/shopware-platform-admin-open-auth[6.0.0].
    - heptacom/shopware-platform-admin-open-auth 6.0.0 requires symfony/routing ~6.2.0 || ~6.3.0 -> found symfony/routing[v6.2.0, ..., v6.3.11] but it conflicts with your root composer.json require (^6.4).

Basically says it all

Relevant log output

No response

Plugin Version

6.0.3

PHP Version

8.2.19

Shopware Version

6.5.7.3

Installation method

Community-Store

Identity provider

None

What happened?

Installation fails with the error in the log.
Tried deletion and reinstall.

Relevant log output

“The class “Heptacom\AdminOpenAuth\KskHeptacomAdminOpenAuth” is not found. Probably an class loader error. Check your plugin composer.json”