Duplicate try-catch to avoid finally statement in case of uncorrrecth auth

application/loginexternal.class.inc.php

@@ -75,10 +75,13 @@ class LoginExternal extends AbstractLoginFSMExtension
 	}
 
 	/**
-	 * @return bool|mixed
+	 * @return bool
 	 */
 	private function GetAuthUser()
 	{
-		return MetaModel::GetConfig()->GetExternalAuthenticationVariable();
+		$sExtAuthVar = MetaModel::GetConfig()->GetExternalAuthenticationVariable(); // In which variable is the info passed ?
+		eval('$sAuthUser = isset('.$sExtAuthVar.') ? '.$sExtAuthVar.' : false;'); // Retrieve the value
+		/** @var string $sAuthUser */
+		return $sAuthUser; // Retrieve the value
 	}
 }

core/config.class.inc.php

@@ -75,7 +75,6 @@ define('DEFAULT_EXT_AUTH_VARIABLE', '$_SERVER[\'REMOTE_USER\']');
 define('DEFAULT_ENCRYPTION_KEY', '@iT0pEncr1pti0n!'); // We'll use a random generated key later (if possible)
 define('DEFAULT_ENCRYPTION_LIB', 'Mcrypt'); // We'll define the best encryption available later
 define('DEFAULT_HASH_ALGO', PASSWORD_DEFAULT);
-
 /**
  * Config
  * configuration data (this class cannot not be localized, because it is responsible for loading the dictionaries)
@@ -870,14 +869,6 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'ext_auth_variable' => [
-			'type' => 'string',
-			'description' => 'External authentication expression (allowed: $_SERVER[\'key\'], $_COOKIE[\'key\'], $_REQUEST[\'key\'], getallheaders()[\'Header-Name\'])',
-			'default' => '',
-			'value' => '',
-			'source_of_value' => '',
-			'show_in_conf_sample' => false,
-		],
 		'login_debug' => [
 			'type' => 'bool',
 			'description' => 'Activate the login FSM debug',
@@ -1739,14 +1730,6 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'security.disable_joined_classes_filter' => [
-			'type'                => 'bool',
-			'description'         => 'If true, scope filters aren\'t applied to joined classes or union classes not directly listed in the SELECT clause.',
-			'default'             => true,
-			'value'               => true,
-			'source_of_value'     => '',
-			'show_in_conf_sample' => false,
-		],
 		'security.hide_administrators' => [
 			'type'                => 'bool',
 			'description'         => 'If true, non-administrator users will not be able to see the administrator accounts, the Administrator profile and the links between the administrator accounts and their profiles.',
@@ -2359,73 +2342,9 @@ class Config
 		return explode('|', $this->m_sAllowedLoginTypes);
 	}
 
-	/**
-	 * @return bool|mixed
-	 * @since 3.2.3 return the parsed value instead of an unsecured variable name
-	 */
 	public function GetExternalAuthenticationVariable()
 	{
-		$sExpression = $this->Get('ext_auth_variable');
-		$aParsed = $this->ParseExternalAuthVariableExpression($sExpression);
-		if ($aParsed === null) {
-			return false;
-		}
-
-		$sKey = $aParsed['key'];
-		switch ($aParsed['type']) {
-			case 'server':
-				return $_SERVER[$sKey] ?? false;
-			case 'cookie':
-				return $_COOKIE[$sKey] ?? false;
-			case 'request':
-				return $_REQUEST[$sKey] ?? false;
-			case 'header':
-				if (!function_exists('getallheaders')) {
-					return false;
-				}
-				$aHeaders = getallheaders();
-				if (!is_array($aHeaders)) {
-					return false;
-				}
-				return $aHeaders[$sKey] ?? false;
-		}
-		return false;
-	}
-
-	/**
-	 * @param $sExpression
-	 * @return array|null
-	 */
-	private function ParseExternalAuthVariableExpression($sExpression)
-	{
-		// If it's a configuration parameter it's probably already trimmed, but just in case
-		$sExpression = trim((string) $sExpression);
-		if ($sExpression === '') {
-			return null;
-		}
-
-		// Match $_SERVER/$_COOKIE/$_REQUEST['key'] with optional whitespace and single/double quotes.
-		if (preg_match('/^\$_(SERVER|COOKIE|REQUEST)\s*\[\s*(["\'])\s*([^"\']+)\2\s*\]\s*$/', $sExpression, $aMatches) === 1) {
-			$sContext = strtoupper($aMatches[1]);
-			$sKey = $aMatches[3];
-			return [
-				'type' => strtolower($sContext),
-				'key' => $sKey,
-				'normalized' => '$_'.$sContext.'[\''.$sKey.'\']',
-			];
-		}
-
-		// Match getallheaders()['Header-Name'] in a case-insensitive way.
-		if (preg_match('/^getallheaders\(\)\s*\[\s*(["\'])\s*([^"\']+)\1\s*\]\s*$/i', $sExpression, $aMatches) === 1) {
-			$sKey = $aMatches[2];
-			return [
-				'type' => 'header',
-				'key' => $sKey,
-				'normalized' => 'getallheaders()[\''.$sKey.'\']',
-			];
-		}
-
-		return null;
+		return $this->m_sExtAuthVariable;
 	}
 
 	public function GetCSVImportCharsets()

core/dbobjectsearch.class.php

@@ -1925,37 +1925,4 @@ class DBObjectSearch extends DBSearch
 	{
 		return $this->GetCriteria()->ListParameters();
 	}
-
-	/**
-	 * @inheritDoc
-	 * @return DBObjectSearch
-	 */
-	protected function ApplyDataFilters(): DBObjectSearch
-	{
-		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
-			return $this;
-		}
-
-		$oSearch = $this;
-		$aClassesToFilter = $this->GetSelectedClasses();
-
-		// Opt-in for joined classes filtering, otherwise only filter the selected class(es)
-		if (MetaModel::GetConfig()->Get('security.disable_joined_classes_filter') === false) {
-			$aClassesToFilter = $this->GetJoinedClasses();
-		}
-
-		// Apply filter (this is similar to the one in DBSearch but the factorization could make it less readable)
-		foreach ($aClassesToFilter as $sClassAlias => $sClass) {
-			$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
-			if ($oVisibleObjects === false) {
-				$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
-			}
-			if (is_object($oVisibleObjects)) {
-				$oVisibleObjects->AllowAllData();
-				$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
-				$oSearch->SetDataFiltered();
-			}
-		}
-		return $oSearch;
-	}
 }

core/dbsearch.class.php

@@ -1122,7 +1122,21 @@ abstract class DBSearch
 	 */
 	protected function GetSQLQuery($aOrderBy, $aArgs, $aAttToLoad, $aExtendedDataSpec, $iLimitCount, $iLimitStart, $bGetCount, $aGroupByExpr = null, $aSelectExpr = null)
 	{
-		$oSearch = $this->ApplyDataFilters();
+		$oSearch = $this;
+		if (!$this->IsAllDataAllowed() && !$this->IsDataFiltered()) {
+			foreach ($this->GetSelectedClasses() as $sClassAlias => $sClass) {
+				$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
+				if ($oVisibleObjects === false) {
+					// Make sure this is a valid search object, saying NO for all
+					$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
+				}
+				if (is_object($oVisibleObjects)) {
+					$oVisibleObjects->AllowAllData();
+					$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
+					$oSearch->SetDataFiltered();
+				}
+			}
+		}
 
 		if (is_array($aGroupByExpr)) {
 			foreach ($aGroupByExpr as $sAlias => $oGroupByExp) {
@@ -1594,33 +1608,4 @@ abstract class DBSearch
 	 * @return array{\VariableExpression}
 	 */
 	abstract public function GetExpectedArguments(): array;
-
-	/**
-	 * Apply data filters to the search, if needed
-	 *
-	 * @return DBSearch
-	 * @throws CoreException
-	 */
-	protected function ApplyDataFilters(): DBSearch
-	{
-		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
-			return $this;
-		}
-
-		$oSearch = $this;
-		$aClassesToFilter = $this->GetSelectedClasses();
-
-		foreach ($aClassesToFilter as $sClassAlias => $sClass) {
-			$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
-			if ($oVisibleObjects === false) {
-				$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
-			}
-			if (is_object($oVisibleObjects)) {
-				$oVisibleObjects->AllowAllData();
-				$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
-				$oSearch->SetDataFiltered();
-			}
-		}
-		return $oSearch;
-	}
 }

core/dbunionsearch.class.php

@@ -673,30 +673,4 @@ class DBUnionSearch extends DBSearch
 
 		return $aVariableCriteria;
 	}
-
-	/**
-	 * @inheritDoc
-	 * @return DBUnionSearch
-	 */
-	protected function ApplyDataFilters(): DBUnionSearch
-	{
-		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
-			return $this;
-		}
-
-		// Opt-in for joined classes filtering, otherwise fallback on DBSearch filtering
-		if (MetaModel::GetConfig()->Get('security.disable_joined_classes_filter') === true) {
-			return parent::ApplyDataFilters();
-		}
-
-		// Apply filters per sub-search
-		$aFilteredSearches = [];
-		foreach ($this->GetSearches() as $oSubSearch) {
-			// Recursively call ApplyDataFilters on sub-searches
-			$aFilteredSearches[] = $oSubSearch->ApplyDataFilters();
-		}
-
-		$oSearch = new DBUnionSearch($aFilteredSearches);
-		return $oSearch;
-	}
 }

datamodels/2.x/itop-hub-connector/ajax.php

@@ -279,11 +279,24 @@ try {
 			$oRuntimeEnv = new RunTimeEnvironment('production', true);
 
 			try {
-				SetupLog::Info('Move to production starts...');
 				$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
 				if (!file_exists(APPROOT.'data/hub/compile_authent') || $sAuthent !== file_get_contents(APPROOT.'data/hub/compile_authent')) {
 					throw new SecurityException(Dict::S('iTopHub:FailAuthent'));
 				}
+			} catch (Exception $e) {
+				if (file_exists(APPROOT.'data/hub/compile_authent')) {
+					unlink(APPROOT.'data/hub/compile_authent');
+				}
+				// Note: at this point, the dictionnary is not necessarily loaded
+				SetupLog::Error(get_class($e).': '.Dict::S('iTopHub:ConfigurationSafelyReverted')."\n".$e->getMessage());
+				SetupLog::Error('Debug trace: '.$e->getTraceAsString());
+				ReportError($e->getMessage(), $e->getCode());
+				break;
+			}
+
+			try {
+				SetupLog::Info('Move to production starts...');
+
 				unlink(APPROOT.'data/hub/compile_authent');
 				// Load the "production" config file to clone & update it
 				$oConfig = new Config(APPCONF.'production/'.ITOP_CONFIG_FILE);

tests/php-unit-tests/unitary-tests/application/LoginExternalTest.php

@@ -1,95 +0,0 @@
-<?php
-
-/**
- * Copyright (C) 2010-2024 Combodo SAS
- *
- * This file is part of iTop.
- *
- * iTop is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * iTop is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with iTop. If not, see <http://www.gnu.org/licenses/>
- */
-
-namespace Combodo\iTop\Test\UnitTest\Application;
-
-use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
-use utils;
-
-class LoginExternalTest extends ItopDataTestCase
-{
-	private $oConfig;
-	private $sOriginalExtAuthVariable;
-
-	protected function setUp(): void
-	{
-		parent::setUp();
-		require_once APPROOT.'application/loginexternal.class.inc.php';
-		$this->oConfig = utils::GetConfig();
-		$this->sOriginalExtAuthVariable = $this->oConfig->Get('ext_auth_variable');
-	}
-
-	protected function tearDown(): void
-	{
-		$this->oConfig->Set('ext_auth_variable', $this->sOriginalExtAuthVariable, 'unit_test');
-		parent::tearDown();
-	}
-
-	private function CallGetAuthUser()
-	{
-		$oLoginExternal = new \LoginExternal();
-		$oMethod = new \ReflectionMethod(\LoginExternal::class, 'GetAuthUser');
-		$oMethod->setAccessible(true);
-		return $oMethod->invoke($oLoginExternal);
-	}
-
-	public function testGetAuthUserFromServerVariable()
-	{
-		$_SERVER['REMOTE_USER'] = 'alice';
-		$this->oConfig->Set('ext_auth_variable', '$_SERVER[\'REMOTE_USER\']', 'unit_test');
-
-		$this->assertSame('alice', $this->CallGetAuthUser());
-	}
-
-	public function testGetAuthUserFromCookie()
-	{
-		$_COOKIE['auth_user'] = 'bob';
-		$this->oConfig->Set('ext_auth_variable', '$_COOKIE[\'auth_user\']', 'unit_test');
-
-		$this->assertSame('bob', $this->CallGetAuthUser());
-	}
-
-	public function testGetAuthUserFromRequest()
-	{
-		$_REQUEST['auth_user'] = 'carol';
-		$this->oConfig->Set('ext_auth_variable', '$_REQUEST[\'auth_user\']', 'unit_test');
-
-		$this->assertSame('carol', $this->CallGetAuthUser());
-	}
-
-	public function testInvalidExpressionReturnsFalse()
-	{
-		$this->oConfig->Set('ext_auth_variable', '$_SERVER[\'HTTP_X_CMD\']) ? print(\'x\') : false; //', 'unit_test');
-
-		$this->assertFalse($this->CallGetAuthUser());
-	}
-
-	public function testGetAuthUserFromHeaderWithoutAllowlist()
-	{
-		if (!function_exists('getallheaders')) {
-			$this->markTestSkipped('getallheaders() not available');
-		}
-		$_SERVER['HTTP_X_REMOTE_USER'] = 'CN=header-test';
-		$this->oConfig->Set('ext_auth_variable', 'getallheaders()[\'X-Remote-User\']', 'unit_test');
-
-		$this->assertSame('CN=header-test', $this->CallGetAuthUser());
-	}
-}

tests/php-unit-tests/unitary-tests/core/DBSearchFilterJoinTest.php

@@ -1,193 +0,0 @@
-<?php
-
-namespace Combodo\iTop\Test\UnitTest\Core;
-
-use CMDBSource;
-use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
-use DBObjectSearch;
-use DBObjectSet;
-use DBSearch;
-use lnkFunctionalCIToTicket;
-use MetaModel;
-use ormLinkSet;
-use UserRequest;
-use UserRights;
-
-class DBSearchFilterJoinTest extends ItopDataTestCase
-{
-	private const RESTRICTED_PROFILE = 'Configuration Manager';
-	private $aData = [];
-	protected function setUp(): void
-	{
-		parent::setUp();
-		$this->RequireOnceItopFile('application/startup.inc.php');
-		$this->aData = $this->CreateDBSearchFilterTestData();
-		DBSearch::EnableQueryCache(false, false);
-		$this->LoginRestrictedUser($this->aData['allowed_org_id'], self::RESTRICTED_PROFILE);
-
-	}
-
-	protected function tearDown(): void
-	{
-		parent::tearDown();
-	}
-
-	/**
-	 * @dataProvider JoinedAndNestedOqlProvider
-	 */
-	public function testDBSearchFilterAppliedToJoinsWhenEnabled(string $sOql, int $iExpectedCount): void
-	{
-		$this->EnableJoinFilterConfig(true);
-
-		$oSearch = DBObjectSearch::FromOQL($sOql, ['denied_org' => $this->aData['denied_org_name'], 'allowed_org' => $this->aData['allowed_org_name']]);
-		$oSet = new \DBObjectSet($oSearch);
-		CMDBSource::TestQuery($oSearch->MakeSelectQuery());
-		$this->assertEquals($iExpectedCount, $oSet->Count());
-	}
-
-	/**
-	 * @dataProvider JoinedAndNestedOqlProvider
-	 */
-	public function testDBSearchFilterAppliedToJoinsWhenDisabled(string $sOql, int $iExpectedCount, int $iExpectedDisabledCount): void
-	{
-		$this->EnableJoinFilterConfig(false);
-
-		$oSearch = DBObjectSearch::FromOQL($sOql, ['denied_org' => $this->aData['denied_org_name'], 'allowed_org' => $this->aData['allowed_org_name']]);
-		$oSet = new \DBObjectSet($oSearch);
-		CMDBSource::TestQuery($oSearch->MakeSelectQuery());
-		$this->assertEquals($iExpectedDisabledCount, $oSet->Count());
-	}
-
-	/**
-	 * @dataProvider JoinedAndNestedOqlProvider
-	 */
-	public function testAllowAllDataBypassesDBSearchFilterWhenEnabled(string $sOql, int $iExpectedCount, int $iExpectedDisabledCount): void
-	{
-		$this->EnableJoinFilterConfig(true);
-
-		$oSearch = DBObjectSearch::FromOQL($sOql, ['denied_org' => $this->aData['denied_org_name'], 'allowed_org' => $this->aData['allowed_org_name']]);
-		$oSearch->AllowAllData();
-		$oSet = new \DBObjectSet($oSearch);
-		CMDBSource::TestQuery($oSearch->MakeSelectQuery());
-		$this->assertEquals($iExpectedDisabledCount, $oSet->Count());
-	}
-
-	/**
-	 * @dataProvider JoinedAndNestedOqlProvider
-	 */
-	public function testAllowAllDataBypassesDBSearchFilterWhenDisabled(string $sOql, int $iExpectedCount, int $iExpectedDisabledCount): void
-	{
-		$this->EnableJoinFilterConfig(false);
-
-		$oSearch = DBObjectSearch::FromOQL($sOql, ['denied_org' => $this->aData['denied_org_name'], 'allowed_org' => $this->aData['allowed_org_name']]);
-		$oSearch->AllowAllData();
-		$oSet = new \DBObjectSet($oSearch);
-		CMDBSource::TestQuery($oSearch->MakeSelectQuery());
-		$this->assertEquals($iExpectedDisabledCount, $oSet->Count());
-	}
-
-	public function JoinedAndNestedOqlProvider(): array
-	{
-		return [
-			'join-filter-on-org' => [
-				'oql' => "SELECT OSF FROM OSFamily AS OSF JOIN VirtualMachine AS VM ON VM.osfamily_id = OSF.id JOIN Organization AS O ON VM.org_id = O.id WHERE O.name = :denied_org",
-				'expected_filtered_count' => 0,
-				'expected_unfiltered_count' => 1,
-			],
-			'nested-in-select' => [
-				'oql' => "SELECT OSF FROM OSFamily AS OSF WHERE OSF.id IN (SELECT OSF1 FROM OSFamily AS OSF1 JOIN VirtualMachine AS VM ON VM.osfamily_id = OSF1.id JOIN Organization AS O ON VM.org_id = O.id WHERE O.name = :denied_org)",
-				'expected_filtered_count' => 0,
-				'expected_unfiltered_count' => 1,
-
-			],
-			'userrequest-join-person-org' => [
-				'oql' => "SELECT OSF FROM OSFamily AS OSF JOIN VirtualMachine AS VM ON VM.osfamily_id = OSF.id JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = VM.id JOIN UserRequest AS UR ON L.ticket_id = UR.id  JOIN Person AS P ON UR.caller_id = P.id JOIN Organization AS O ON P.org_id = O.id WHERE O.name = :denied_org",
-				'expected_filtered_count' => 0,
-				'expected_unfiltered_count' => 1,
-			],
-			'union-join-filter-on-org' => [
-				'oql' => "SELECT OSF FROM OSFamily AS OSF JOIN VirtualMachine AS VM ON VM.osfamily_id = OSF.id JOIN Organization AS O ON VM.org_id = O.id WHERE O.name = :denied_org UNION SELECT OSF2 FROM OSFamily AS OSF2 JOIN VirtualMachine AS VM2 ON VM2.osfamily_id = OSF2.id JOIN Organization AS O2 ON VM2.org_id = O2.id WHERE O2.name = :allowed_org",
-				'expected_filtered_count' => 1,
-				'expected_unfiltered_count' => 2,
-			],
-		];
-	}
-
-	private function EnableJoinFilterConfig(bool $bEnabled): void
-	{
-		$oConfig = MetaModel::GetConfig();
-		$oConfig->Set('security.disable_joined_classes_filter', !$bEnabled);
-	}
-
-	private function CreateDBSearchFilterTestData(): array
-	{
-		$sSuffix = 'DBSearchFilterJoinTest';
-
-		$sAllowedOrgName = 'DBSearchFilterAllowedOrg-'.$sSuffix;
-		$iAllowedOrgId = $this->GivenObjectInDB('Organization', [
-			'name' => $sAllowedOrgName,
-		]);
-
-		$this->debug("Org allowed id: $iAllowedOrgId");
-		$sDeniedOrgName = 'DBSearchFilterDeniedOrg-'.$sSuffix;
-		$iDeniedOrgId = $this->GivenObjectInDB('Organization', [
-			'name' => $sDeniedOrgName,
-		]);
-		$this->debug("Org denied id: $iDeniedOrgId");
-
-		$iDeniedOsFamilyId = $this->GivenObjectInDB('OSFamily', [
-			'name' => 'DBSearchFilterOsFamilyDenied-'.$sSuffix,
-		]);
-
-		$iAllowedOsFamilyId = $this->GivenObjectInDB('OSFamily', [
-			'name' => 'DBSearchFilterOsFamilyAllowed-'.$sSuffix,
-		]);
-
-		$iDeniedVMId = $this->GivenObjectInDB('VirtualMachine', [
-			'name' => 'DBSearchFilterVmDenied-'.$sSuffix,
-			'org_id' => $iDeniedOrgId,
-			'osfamily_id' => $iDeniedOsFamilyId,
-			'virtualhost_id' => 1,
-		]);
-
-		$iVirtualHostId = $this->GivenObjectInDB('Hypervisor', [
-			'name'   => 'DBSearchFilterVHost-'.$sSuffix,
-			'org_id' => $iAllowedOrgId,
-		]);
-
-		$this->GivenObjectInDB('VirtualMachine', [
-			'name' => 'DBSearchFilterVmAllowed-'.$sSuffix,
-			'org_id' => $iAllowedOrgId,
-			'osfamily_id' => $iAllowedOsFamilyId,
-			'virtualhost_id' => $iVirtualHostId,
-		]);
-
-		$oDeniedPerson = $this->CreatePerson('Denied-'.$sSuffix, $iDeniedOrgId);
-
-		$oUserRequest = $this->CreateUserRequest('Denied'.$sSuffix, [
-			'caller_id' => $oDeniedPerson->GetKey(),
-			'org_id' => $iDeniedOrgId,
-		]);
-
-		// Add Virtual Machine to UserRequest lnk
-		$oLinkSet = new ormLinkSet(UserRequest::class, 'functionalcis_list', DBObjectSet::FromScratch(lnkFunctionalCIToTicket::class));
-
-		$oLink = MetaModel::NewObject(lnkFunctionalCIToTicket::class, ['functionalci_id' => $iDeniedVMId]);
-		$oLinkSet->AddItem($oLink);
-
-		$oUserRequest->Set('functionalcis_list', $oLinkSet);
-		$oUserRequest->DBUpdate();
-
-		return [
-			'allowed_org_id' => $iAllowedOrgId,
-			'allowed_org_name' => $sAllowedOrgName,
-			'denied_org_name' => $sDeniedOrgName,
-		];
-	}
-
-	private function LoginRestrictedUser(int $iAllowedOrgId, string $sProfileName): void
-	{
-		$sLogin = $this->GivenUserRestrictedToAnOrganizationInDB($iAllowedOrgId, self::$aURP_Profiles[$sProfileName]);
-		UserRights::Login($sLogin);
-	}
-}