NB-Public
/
user_saml
mirror of https://github.com/netzbegruenung/user_saml.git
14
0
Fork 0
Code Issues Projects Releases Wiki Activity

make sure to always use the right idp config 

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Björn Schiessle 2018-07-11 12:22:45 +02:00
parent dafaf016a6
commit 20757e9f0e
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
4 changed files with 50 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
appinfo/app.php
View File

@ -33,10 +33,12 @@ $l = \OC::$server->getL10N('user_saml');
$config = \OC::$server->getConfig();
$request = \OC::$server->getRequest();
$userSession = \OC::$server->getUserSession();
$session = \OC::$server->getSession();
$samlSettings = new \OCA\User_SAML\SAMLSettings(
$urlGenerator,
$config,
$request
$request,
$session
);
$userBackend = new \OCA\User_SAML\UserBackend(
@ -45,7 +47,8 @@ $userBackend = new \OCA\User_SAML\UserBackend(
\OC::$server->getSession(),
\OC::$server->getDatabaseConnection(),
\OC::$server->getUserManager(),
\OC::$server->getGroupManager()
\OC::$server->getGroupManager(),
$samlSettings
);
$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
OC_User::useBackend($userBackend);

3
lib/Controller/SAMLController.php
View File

@ -102,7 +102,8 @@ class SAMLController extends Controller {
* @throws NoUserFoundException
*/
private function autoprovisionIfPossible(array $auth) {
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping');
$prefix = $this->settings->getPrefix();
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
if(isset($auth[$uidMapping])) {
if(is_array($auth[$uidMapping])) {
$uid = $auth[$uidMapping][0];

33
lib/SAMLSettings.php
View File

@ -24,6 +24,7 @@ namespace OCA\User_SAML;
use OCP\AppFramework\Http;
use OCP\IConfig;
use OCP\IRequest;
use OCP\ISession;
use OCP\IURLGenerator;
class SAMLSettings {
@ -33,18 +34,25 @@ class SAMLSettings {
private $config;
/** @var IRequest */
private $request;
/** @var ISession */
private $session;
/** @var array list of global settings which are valid for every idp */
private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop'];
/**
* @param IURLGenerator $urlGenerator
* @param IConfig $config
* @param IRequest $request
* @param ISession $session
*/
public function __construct(IURLGenerator $urlGenerator,
IConfig $config,
IRequest $request) {
IRequest $request,
ISession $session) {
$this->urlGenerator = $urlGenerator;
$this->config = $config;
$this->request = $request;
$this->session = $session;
}
/**
@ -148,5 +156,26 @@ class SAMLSettings {
return $settings;
}
}
/**
* calculate prefix for config values
*
* @param string name of the setting
* @return string
*/
public function getPrefix($setting = '') {
$prefix = '';
if (!empty($setting) && in_array($setting, $this->globalSettings)) {
return $prefix;
}
$idp = $this->session->get('user_saml.Idp');
if ((int)$idp > 1) {
$prefix = $idp . '-';
}
return $prefix;
}
}

16
lib/UserBackend.php
View File

@ -48,6 +48,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
private $groupManager;
/** @var \OCP\UserInterface[] */
private static $backends = [];
/** @var SAMLSettings */
private $settings;
/**
* @param IConfig $config
@ -56,19 +58,22 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
* @param IDBConnection $db
* @param IUserManager $userManager
* @param IGroupManager $groupManager
* @param SAMLSettings $settings
*/
public function __construct(IConfig $config,
IURLGenerator $urlGenerator,
ISession $session,
IDBConnection $db,
IUserManager $userManager,
IGroupManager $groupManager) {
IGroupManager $groupManager,
SAMLSettings $settings) {
$this->config = $config;
$this->urlGenerator = $urlGenerator;
$this->session = $session;
$this->db = $db;
$this->userManager = $userManager;
$this->groupManager = $groupManager;
$this->settings = $settings;
}
/**
@ -344,7 +349,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
* {@inheritdoc}
*/
public function getLogoutUrl() {
$slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', '');
$prefix = $this->settings->getPrefix();
$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
if($slo === '') {
return '';
}
@ -373,7 +379,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
*/
public function getCurrentUserId() {
$samlData = $this->session->get('user_saml.samlUserData');
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping', '');
$prefix = $this->settings->getPrefix();
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', '');
if($uidMapping !== '' && isset($samlData[$uidMapping])) {
if(is_array($samlData[$uidMapping])) {
@ -437,7 +444,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
private function getAttributeKeys($name)
{
$keys = explode(' ', $this->config->getAppValue('user_saml', $name, ''));
$prefix = $this->settings->getPrefix($name);
$keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, ''));
if (count($keys) === 1 && $keys[0] === '') {
throw new \InvalidArgumentException('Attribute is not configured');