search

dominik-th / matomo-plugin-LoginOIDC

external authentication services for matomo
https://plugins.matomo.org/LoginOIDC/
GNU General Public License v3.0
40 stars 29 forks source link

"Disable external login for superusers" not working #68

Closed OlivierBOEL closed 1 year ago

OlivierBOEL commented 2 years ago

Hello,

Issue: Superuser can login despite the setting is enabled. Expected result: OAuth login disabled for superusers. Analysis: it seems "Piwik::hasTheUserSuperUserAccess($user["login"])" [1] returns false because "APIUsersManager::getInstance()->getUsersHavingSuperUserAccess" [2] throws an exception (_You must be logged in to access this functionality. /webserver/appl/MATOMO/docs_httpsmatomo/matomo/core/Access.php:756). This is just an assumption. Could be entirely wrong. Could you please verify?

Many thanks,

Olivier

[1] https://github.com/dominik-th/matomo-plugin-LoginOIDC/blob/4.x-dev/Controller.php#L287

[2] https://github.com/matomo-org/matomo/blob/4.x-dev/core/Piwik.php#L367

dominik-th commented 1 year ago

Hi Olivier,

thanks for your analysis! Should be fixed in 4.1.2

https://github.com/dominik-th/matomo-plugin-LoginOIDC/commit/4c63fd31ad4044d5836eb7e7d71770d8926e03aa