Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: MISPv2.5 is not possible to add new users without SMIME.enabled #10108

Open
1 task done
BitaKea opened this issue Dec 16, 2024 · 2 comments
Open
1 task done

Bug: MISPv2.5 is not possible to add new users without SMIME.enabled #10108

BitaKea opened this issue Dec 16, 2024 · 2 comments
Labels
needs triage This issue has been automatically labelled and needs further triage

Comments

@BitaKea
Copy link

BitaKea commented Dec 16, 2024

Actual behavior

It is not possible to add a new user due to certificate error:
X.509 Certificate cannot be retrieved in [/var/www/MISP/app/Model/User.php, line 431]
But if the SMIME.enabled option is set to 'true' then no error occurs and the user is created.

Expected behavior

That it is possible to create a new user without enabling the SMIME option.

Steps to reproduce

At "Server Settings & Maintenance" /servers/serverSettings/Encryption > SMIME.enabled: false
Then "Add user" /admin/users/add > set the email, the organization, the role and the PGP key; then press "Create user"
It will reply with "The user could not be saved. Please, try again." error.

Version

2.5.3

Operating System

Ubuntu

Operating System version

24.04

PHP version

8.3.6

Browser

Firefox

Browser version

133.0.3

Relevant log output

:~# tail -f /var/www/MISP/app/tmp/logs/error.log

2024-12-16 20:13:37 Warning: Warning (2): openssl_x509_read(): X.509 Certificate cannot be retrieved in [/var/www/MISP/app/Model/User.php, line 431]
Trace:
ErrorHandler::handleError() - APP/Lib/cakephp/lib/Cake/Error/ErrorHandler.php, line 232
openssl_x509_read - [internal], line ??
User::validateCertificate() - APP/Model/User.php, line 431
CakeValidationRule::process() - APP/Lib/cakephp/lib/Cake/Model/Validator/CakeValidationRule.php, line 275
CakeValidationSet::validate() - APP/Lib/cakephp/lib/Cake/Model/Validator/CakeValidationSet.php, line 135
ModelValidator::errors() - APP/Lib/cakephp/lib/Cake/Model/ModelValidator.php, line 269
ModelValidator::validates() - APP/Lib/cakephp/lib/Cake/Model/ModelValidator.php, line 100
Model::validates() - APP/Lib/cakephp/lib/Cake/Model/Model.php, line 3503
Model::_doSave() - APP/Lib/cakephp/lib/Cake/Model/Model.php, line 1839
Model::save() - APP/Lib/cakephp/lib/Cake/Model/Model.php, line 1761
UsersController::admin_add() - APP/Controller/UsersController.php, line 779
ReflectionMethod::invokeArgs() - [internal], line ??
Controller::invokeAction() - APP/Lib/cakephp/lib/Cake/Controller/Controller.php, line 500
Dispatcher::_invoke() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 193
Dispatcher::dispatch() - APP/Lib/cakephp/lib/Cake/Routing/Dispatcher.php, line 167
[main] - APP/webroot/index.php, line 107

Extra attachments

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@BitaKea BitaKea added the needs triage This issue has been automatically labelled and needs further triage label Dec 16, 2024
@iglocska
Copy link
Member

I can't seem to be able to reproduce this. I have the setting set to false and it works correctly for me, from the validation function that you are getting the exception on, it is pre-pended by this check:

        if (empty($check['certif_public'])) {
            return true;
        }

So if the field is empty (which should be the case if the setting is disabled, you won't even have that field in the form) the check should pass.

@BitaKea
Copy link
Author

BitaKea commented Dec 17, 2024

For more context: I did a fresh MISP installation in a new VM following the scripts INSTALL.ubuntu2404.sh
I did not change config files, and these are the lines that are causing the issue, at /var/www/MISP/app/Model/User.php

public function validateCertificate($check)
    {
        // LATER first remove the old certif_public from the keychain

        // empty value
        if (empty($check['certif_public'])) {
            return true;
        }

        // certif_public is entered

        // Check if $check is a x509 certificate
        if (openssl_x509_read($check['certif_public'])) {
            return $this->testSmimeCertificate($check['certif_public']);
        } else {
            return false;
        }
    }

If I comment all of them and I set SMIME.enable to false I can add the user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage This issue has been automatically labelled and needs further triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iglocska @BitaKea