Skip to content

fix(auth): handle missing LDAP env vars in external auth #3032 #3079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix(auth): handle missing LDAP env vars in external auth #3032 #3079

wants to merge 2 commits into from

Conversation

@Aditya30ag
Copy link

@Aditya30ag Aditya30ag commented Jun 23, 2025
edited
Loading

  • Add isset() checks before accessing AUTHENTICATE_UID, AUTHENTICATE_MAIL, and AUTHENTICATE_DESC environment variables
  • Prevent PHP 'Undefined array key' warnings that cause scheduler agents to be killed
  • Maintain backward compatibility with existing LDAP configurations
  • Set empty string defaults for missing email and description variables

Fixes #3032

Description

Solution Applied
I modified the auth_external_check() function to:
Check for environment variable existence before accessing them using isset()
Handle missing variables gracefully by setting them to null or empty strings
Apply the same pattern to all three environment variables: user, email, and description

Changes

// Before (problematic):
$EXT_AUTH_USER = $GLOBALS['_SERVER']["{$EXT_AUTH_USER_KW}"];

// After (fixed):
$EXT_AUTH_USER = null;
if (isset($GLOBALS['_SERVER']["{$EXT_AUTH_USER_KW}"])) {
$EXT_AUTH_USER = $GLOBALS['_SERVER']["{$EXT_AUTH_USER_KW}"];
}

How to test

Describe the steps required to test the changes proposed in the pull request.
✅ No PHP warnings when environment variables are missing
✅ Function returns false correctly when variables are missing
✅ Function works correctly when environment variables are present
✅ No syntax errors in the modified code

Please consider using the closing keyword if the pull request is proposed to
fix an issue already created in the repository
(https://help.github.com/articles/closing-issues-using-keywords/)

@Aditya30ag
Copy link
Author

Aditya30ag commented Jun 23, 2025

so what is the process further

@Aditya30ag
Copy link
Author

Aditya30ag commented Jun 23, 2025

✅ No PHP warnings when environment variables are missing
✅ Function returns false correctly when variables are missing
✅ Function works correctly when environment variables are present
✅ No syntax errors in the modified code

@Aditya30ag
Copy link
Author

Aditya30ag commented Jun 23, 2025
edited
Loading

🧪 External Authentication Fix Test Script

This PHP script demonstrates a test for the fixed external authentication logic in a system (such as FOSSology).
It verifies behavior when environment variables are missing and when they are present.

🔧 Configuration

$GLOBALS['SysConf'] = array(
    'EXT_AUTH' => array(
        'CONF_EXT_AUTH_ENABLE' => true,
        'CONF_EXT_AUTH_ENV_USER' => 'AUTHENTICATE_UID',
        'CONF_EXT_AUTH_ENV_MAIL' => 'AUTHENTICATE_MAIL', 
        'CONF_EXT_AUTH_ENV_DESC' => 'AUTHENTICATE_DESC',
        'CONF_EXT_AUTH_LOWERCASE_USER' => true
    )
);

@Aditya30ag Aditya30ag changed the title fix(auth): handle missing LDAP env vars in external auth fix(auth): handle missing LDAP env vars in external auth #3032 Jun 25, 2025
@Aditya30ag Aditya30ag force-pushed the fix/3032-ldap-auth-scheduler-agents branch from efae5da to b83734d Compare July 6, 2025 00:40
@Aditya30ag Aditya30ag force-pushed the fix/3032-ldap-auth-scheduler-agents branch from b83734d to d3f5d38 Compare July 23, 2025 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs code review needs test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

scheduler: agents get killed if ldap authentication is active

2 participants

@Aditya30ag @shaheemazmalmmd