UnityHPC · simonLeary42 · Jun 6, 2025 · Jun 4, 2025 · Jun 4, 2025 · Jun 4, 2025
diff --git a/defaults/config.ini.default b/defaults/config.ini.default
@@ -2,7 +2,7 @@
 ; DO NOT EDIT THIS FILE. Instead make a config.ini file in the config folder.
 ;
 [upstream]
-version = "1.1.2"  ; Current upstream version of the web portal
+version = "1.2.0"  ; Current upstream version of the web portal
 repo = "https://github.com/UnityHPC/unity-web-portal"  ; Upstream URL for the web portal
 
 [site]

diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
@@ -332,35 +332,4 @@ public function getOrgGroupEntry($gid)
         $gid = ldap_escape($gid, LDAP_ESCAPE_DN);
         return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
     }
-
-    public static function parseUserChildrenArray(array $userChildrenArray): array
-    {
-        // input comes from LdapEntry::getChildrenArray on a UnityUser
-        $output = [];
-        $required_string_attributes = [
-            "gidnumber",
-            "givenname",
-            "homedirectory",
-            "loginshell",
-            "mail",
-            "o",
-            "sn",
-            "uid",
-            "uidnumber",
-            "gecos",
-        ];
-        foreach ($required_string_attributes as $key) {
-            $output[$key] = $userChildrenArray[$key][0];
-        }
-        $output["firstname"] = $output["givenname"];
-        $output["lastname"] = $output["sn"];
-        $output["org"] = $output["o"];
-        $output["objectclass"] = $userChildrenArray["objectclass"];
-        if (array_key_exists("sspublickey", $userChildrenArray)) {
-            $output["sshpublickey"] = $userChildrenArray["sshpublickey"];
-        } else {
-            $output["sshpublickey"] = [];
-        }
-        return $output;
-    }
 }
diff --git a/resources/templates/header.php b/resources/templates/header.php
@@ -4,7 +4,7 @@
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     if ((@$_SESSION["is_admin"] ?? false) == true
-        && (@$_POST["form_name"] ?? null) == "clearView"
+        && (@$_POST["form_type"] ?? null) == "clearView"
     ) {
         unset($_SESSION["viewUser"]);
         UnitySite::redirect($CONFIG["site"]["prefix"] . "/admin/user-mgmt.php");
@@ -141,7 +141,7 @@
           <div id='viewAsBar'>
             <span>You are accessing the web portal as the user <strong>$viewUser</strong></span>
             <form method='POST' action=''>
-              <input type='hidden' name='form_name' value='clearView'>
+              <input type='hidden' name='form_type' value='clearView'>
               <input type='hidden' name='uid' value='$viewUser'>
               <input type='submit' value='Return to My User'>
             </form>

diff --git a/test/functional/PiRemoveUserTest.php b/test/functional/PiRemoveUserTest.php
@@ -9,7 +9,7 @@ private function removeUser(string $uid)
     {
         http_post(
             __DIR__ . "/../../webroot/panel/pi.php",
-            ["form_name" => "remUser", "uid" => $uid]
+            ["form_type" => "remUser", "uid" => $uid]
         );
     }
 

diff --git a/test/functional/ViewAsUserTest.php b/test/functional/ViewAsUserTest.php
@@ -18,7 +18,7 @@ public function _testViewAsUser(array $beforeUser, array $afterUser)
         http_post(
             __DIR__ . "/../../webroot/admin/user-mgmt.php",
             [
-                "form_name" => "viewAsUser",
+                "form_type" => "viewAsUser",
                 "uid" => $afterUid,
             ],
         );
@@ -32,7 +32,7 @@ public function _testViewAsUser(array $beforeUser, array $afterUser)
         // $this->assertTrue($_SESSION["user_exists"]);
         http_post(
             __DIR__ . "/../../resources/templates/header.php",
-            ["form_name" => "clearView"],
+            ["form_type" => "clearView"],
         );
         $this->assertArrayNotHasKey("viewUser", $_SESSION);
         // redirect means that php process dies and user's browser will initiate a new one
@@ -68,7 +68,7 @@ public function testNonAdminViewAsAdmin()
         http_post(
             __DIR__ . "/../../webroot/admin/user-mgmt.php",
             [
-                "form_name" => "viewAsUser",
+                "form_type" => "viewAsUser",
                 "uid" => $adminUid,
             ],
         );

diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php
@@ -37,7 +37,7 @@
     echo
     "<form action='' method='POST' onsubmit='return confirm(\"Are you sure you want to remove " .
     $member->getUID() . " from this group?\");'>
-    <input type='hidden' name='form_name' value='remUserChild'>
+    <input type='hidden' name='form_type' value='remUserChild'>
     <input type='hidden' name='uid' value='" . $member->getUID() . "'>
     <input type='hidden' name='pi' value='" . $group->getPIUID() . "'>
     <input type='submit' value='Remove'>
@@ -63,7 +63,7 @@
     echo
     "<form action='' method='POST' 
     onsubmit='return confirm(\"Are you sure you want to approve " . $request->getUID() . "?\");'>
-    <input type='hidden' name='form_name' value='reqChild'>
+    <input type='hidden' name='form_type' value='reqChild'>
     <input type='hidden' name='uid' value='" . $request->getUID() . "'>
     <input type='hidden' name='pi' value='" . $group->getPIUID() . "'>
     <input type='submit' name='action' value='Approve'>

diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php
@@ -15,7 +15,7 @@
         $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
     }
 
-    switch ($_POST["form_name"]) {
+    switch ($_POST["form_type"]) {
         case "req":
             if ($_POST["action"] == "Approve") {
                 // approve group
@@ -84,7 +84,7 @@
         echo "<td>";
         echo
         "<form action='' method='POST'>
-        <input type='hidden' name='form_name' value='req'>
+        <input type='hidden' name='form_type' value='req'>
         <input type='hidden' name='uid' value='" . $request_user->getUID() . "'>
         <input type='submit' name='action' value='Approve'
         onclick='return confirm(\"Are you sure you want to approve " . $request_user->getUID() . "?\");'>

diff --git a/webroot/admin/user-mgmt.php b/webroot/admin/user-mgmt.php
@@ -9,7 +9,7 @@
 }
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    switch ($_POST["form_name"]) {
+    switch ($_POST["form_type"]) {
         case "viewAsUser":
             $_SESSION["viewUser"] = $_POST["uid"];
             UnitySite::redirect($CONFIG["site"]["prefix"] . "/panel/account.php");
@@ -65,7 +65,7 @@
         echo "<td>";
         echo "<form class='viewAsUserForm' action='' method='POST'
         onsubmit='return confirm(\"Are you sure you want to switch to the user " . $user->getUID() . "?\");'>
-        <input type='hidden' name='form_name' value='viewAsUser'>
+        <input type='hidden' name='form_type' value='viewAsUser'>
         <input type='hidden' name='uid' value='" . $user->getUID() . "'>
         <input type='submit' name='action' value='Access'>
         </form>";

diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php
@@ -9,7 +9,7 @@
     $modalErrors = array();
     $errors = array();
 
-    if (isset($_POST["form_name"])) {
+    if (isset($_POST["form_type"])) {
         if (isset($_POST["pi"])) {
             $pi_account = new UnityGroup(trim($_POST["pi"]), $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
             if (!$pi_account->exists()) {
@@ -18,7 +18,7 @@
             }
         }
 
-        switch ($_POST["form_name"]) {
+        switch ($_POST["form_type"]) {
             case "addPIform":
                 // The new PI modal was submitted
                 // existing PI request
@@ -116,7 +116,7 @@
     "<td>
     <form action='' method='POST'
     onsubmit='return confirm(\"Are you sure you want to leave the PI group " . $group->getPIUID() . "?\")'>
-    <input type='hidden' name='form_name' value='removePIForm'>
+    <input type='hidden' name='form_type' value='removePIForm'>
     <input type='hidden' name='pi' value='" . $group->getPIUID() . "'>
     <input type='submit' value='Leave Group'>
     </form>

diff --git a/webroot/panel/modal/new_pi.php b/webroot/panel/modal/new_pi.php
@@ -4,7 +4,7 @@
 ?>
 
 <form id="newPIform" method="POST" action="<?php echo $CONFIG["site"]["prefix"]; ?>/panel/groups.php">
-    <input type="hidden" name="form_name" value="addPIform">
+    <input type="hidden" name="form_type" value="addPIform">
     <div style="position: relative;">
         <input type="text" id="pi_search" name="pi" placeholder="Search PI by NetID" required>
         <div class="searchWrapper" style="display: none;"></div>

diff --git a/webroot/panel/pi.php b/webroot/panel/pi.php
@@ -16,7 +16,7 @@
         $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
     }
 
-    switch ($_POST["form_name"]) {
+    switch ($_POST["form_type"]) {
         case "userReq":
             if ($_POST["action"] == "Approve") {
                 $group->approveUser($form_user);
@@ -62,7 +62,7 @@
         echo "<td>";
         echo
         "<form action='' method='POST'>
-        <input type='hidden' name='form_name' value='userReq'>
+        <input type='hidden' name='form_type' value='userReq'>
         <input type='hidden' name='uid' value='" . $request[0]->getUID() . "'>
         <input type='submit' name='action' value='Approve'
         onclick='return confirm(\"Are you sure you want to approve " . $request[0]->getUID() . "?\")'>
@@ -92,7 +92,7 @@
     echo "<td>";
     echo
     "<form action='' method='POST'>
-    <input type='hidden' name='form_name' value='remUser'>
+    <input type='hidden' name='form_type' value='remUser'>
     <input type='hidden' name='uid' value='" . $assoc->getUID() . "'>
     <input type='submit' value='Remove'
     onclick='return confirm(\"Are you sure you want to remove " . $assoc->getUID() . " from your PI group?\")'>

diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php
@@ -1,3 +1,4 @@
+#!/bin/php
 <?php
 
 require_once __DIR__ . "/../resources/autoload.php";
@@ -13,44 +14,73 @@
 use UnityWebPortal\lib\UnityWebhook;
 use PHPOpenLDAPer\LDAPEntry;
 
-$options = getopt("fu");
+// in PHP LDAP all attributes are arrays, we need these as strings instead
+// it's possible but probably difficult to find this out using LDAP schema information
+$user_string_attributes = [
+    "gidnumber",
+    "givenname",
+    "homedirectory",
+    "loginshell",
+    "mail",
+    "o",
+    "sn",
+    "uid",
+    "uidnumber",
+    "gecos",
+];
+
+$pi_group_string_attributes = [
+    "gidnumber",
+];
+
+$options = getopt("fuh", ["help"]);
+if (array_key_exists("h", $options) or array_key_exists("help", $options)) {
+    echo "arguments:
+    f: flush cache and then update
+    u: update cache even if already initialized
+    h --help: display this message\n";
+    UnitySite::die();
+}
 if (array_key_exists("f", $options)) {
     echo "flushing cache...\n";
     $REDIS->flushAll();
 }
 
 if ((!is_null($REDIS->getCache("initialized", "")) and (!array_key_exists("u", $options)))) {
     echo "cache is already initialized, nothing doing.";
-    echo " use -f argument to flush cache, or -u argument to update without flush.";
+    echo " use -f argument to flush cache, or -u argument to update without flush.\n";
 } else {
     echo "updating cache...\n";
-    $user_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["user_ou"]);
     echo "waiting for LDAP response (users)...\n";
-    $users = $user_ou->getChildrenArray(true);
+    $users = $LDAP->search("objectClass=posixAccount", $CONFIG["ldap"]["basedn"]);
     echo "response received.\n";
     // phpcs:disable
-    $user_CNs = array_map(function ($x){return $x["cn"][0];}, $users);
+    $user_CNs = array_map(function ($x){return $x->getAttribute("cn")[0];}, $users);
     // phpcs:enable
     sort($user_CNs);
     $REDIS->setCache("sorted_users", "", $user_CNs);
     foreach ($users as $user) {
-        $attribute_array = UnityLDAP::parseUserChildrenArray($user);
-        foreach ($attribute_array as $key => $val) {
-            $REDIS->setCache($user["cn"][0], $key, $val);
+        $cn = $user->getAttribute("cn")[0];
+        foreach ($user->getAttributes() as $key => $val) {
+            if (in_array($key, $user_string_attributes)) {
+                $REDIS->setCache($cn, $key, $val[0]);
+            } else {
+                $REDIS->setCache($cn, $key, $val);
+            }
         }
     }
 
     $org_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["orggroup_ou"]);
     echo "waiting for LDAP response (org_groups)...\n";
-    $org_groups = $org_group_ou->getChildrenArray(true);
+    $org_groups = $LDAP->search("objectClass=posixGroup", $CONFIG["ldap"]["basedn"]);
     echo "response received.\n";
     // phpcs:disable
-    $org_group_CNs = array_map(function($x){return $x["cn"][0];}, $org_groups);
+    $org_group_CNs = array_map(function($x){return $x->getAttribute("cn")[0];}, $org_groups);
     // phpcs:enable
     sort($org_group_CNs);
     $REDIS->setCache("sorted_orgs", "", $org_group_CNs);
     foreach ($org_groups as $org_group) {
-        $REDIS->setCache($org_group["cn"][0], "members", $org_group["memberuid"]);
+        $REDIS->setCache($org_group->getAttribute("cn")[0], "members", $org_group->getAttribute("memberuid"));
     }
 
     $pi_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["pigroup_ou"]);