NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-05-02 17:14:53 +02:00
Code Issues Projects Releases Wiki Activity

make sure to always use the right idp config

Browse source 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Björn Schiessle 2018-07-11 12:22:45 +02:00
parent dafaf016a6
commit 20757e9f0e
No known key found for this signature in database
GPG key ID: 2378A753E2BF04F6
4 changed files with 50 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
appinfo/app.php
View file

@ -33,10 +33,12 @@ $l = \OC::$server->getL10N('user_saml');
$config = \OC::$server->getConfig(); $config = \OC::$server->getConfig();
$request = \OC::$server->getRequest(); $request = \OC::$server->getRequest();
$userSession = \OC::$server->getUserSession(); $userSession = \OC::$server->getUserSession();
$session = \OC::$server->getSession();
$samlSettings = new \OCA\User_SAML\SAMLSettings( $samlSettings = new \OCA\User_SAML\SAMLSettings(
$urlGenerator, $urlGenerator,
$config, $config,
$request $request,
$session
); );
$userBackend = new \OCA\User_SAML\UserBackend( $userBackend = new \OCA\User_SAML\UserBackend(
@ -45,7 +47,8 @@ $userBackend = new \OCA\User_SAML\UserBackend(
\OC::$server->getSession(), \OC::$server->getSession(),
\OC::$server->getDatabaseConnection(), \OC::$server->getDatabaseConnection(),
\OC::$server->getUserManager(), \OC::$server->getUserManager(),
\OC::$server->getGroupManager() \OC::$server->getGroupManager(),
$samlSettings
); );
$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends()); $userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
OC_User::useBackend($userBackend); OC_User::useBackend($userBackend);

3
lib/Controller/SAMLController.php
View file

@ -102,7 +102,8 @@ class SAMLController extends Controller {
* @throws NoUserFoundException * @throws NoUserFoundException
*/ */
private function autoprovisionIfPossible(array $auth) { private function autoprovisionIfPossible(array $auth) {
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping'); $prefix = $this->settings->getPrefix();
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
if(isset($auth[$uidMapping])) { if(isset($auth[$uidMapping])) {
if(is_array($auth[$uidMapping])) { if(is_array($auth[$uidMapping])) {
$uid = $auth[$uidMapping][0]; $uid = $auth[$uidMapping][0];

33
lib/SAMLSettings.php
View file

@ -24,6 +24,7 @@ namespace OCA\User_SAML;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\IConfig; use OCP\IConfig;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession;
use OCP\IURLGenerator; use OCP\IURLGenerator;
class SAMLSettings { class SAMLSettings {
@ -33,18 +34,25 @@ class SAMLSettings {
private $config; private $config;
/** @var IRequest */ /** @var IRequest */
private $request; private $request;
/** @var ISession */
private $session;
/** @var array list of global settings which are valid for every idp */
private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop'];
/** /**
* @param IURLGenerator $urlGenerator * @param IURLGenerator $urlGenerator
* @param IConfig $config * @param IConfig $config
* @param IRequest $request * @param IRequest $request
* @param ISession $session
*/ */
public function __construct(IURLGenerator $urlGenerator, public function __construct(IURLGenerator $urlGenerator,
IConfig $config, IConfig $config,
IRequest $request) { IRequest $request,
ISession $session) {
$this->urlGenerator = $urlGenerator; $this->urlGenerator = $urlGenerator;
$this->config = $config; $this->config = $config;
$this->request = $request; $this->request = $request;
$this->session = $session;
} }
/** /**
@ -148,5 +156,26 @@ class SAMLSettings {
return $settings; return $settings;
} }
}
/**
* calculate prefix for config values
*
* @param string name of the setting
* @return string
*/
public function getPrefix($setting = '') {
$prefix = '';
if (!empty($setting) && in_array($setting, $this->globalSettings)) {
return $prefix;
}
$idp = $this->session->get('user_saml.Idp');
if ((int)$idp > 1) {
$prefix = $idp . '-';
}
return $prefix;
}
}

16
lib/UserBackend.php
View file

@ -48,6 +48,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
private $groupManager; private $groupManager;
/** @var \OCP\UserInterface[] */ /** @var \OCP\UserInterface[] */
private static $backends = []; private static $backends = [];
/** @var SAMLSettings */
private $settings;
/** /**
* @param IConfig $config * @param IConfig $config
@ -56,19 +58,22 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
* @param IDBConnection $db * @param IDBConnection $db
* @param IUserManager $userManager * @param IUserManager $userManager
* @param IGroupManager $groupManager * @param IGroupManager $groupManager
* @param SAMLSettings $settings
*/ */
public function __construct(IConfig $config, public function __construct(IConfig $config,
IURLGenerator $urlGenerator, IURLGenerator $urlGenerator,
ISession $session, ISession $session,
IDBConnection $db, IDBConnection $db,
IUserManager $userManager, IUserManager $userManager,
IGroupManager $groupManager) { IGroupManager $groupManager,
SAMLSettings $settings) {
$this->config = $config; $this->config = $config;
$this->urlGenerator = $urlGenerator; $this->urlGenerator = $urlGenerator;
$this->session = $session; $this->session = $session;
$this->db = $db; $this->db = $db;
$this->userManager = $userManager; $this->userManager = $userManager;
$this->groupManager = $groupManager; $this->groupManager = $groupManager;
$this->settings = $settings;
} }
/** /**
@ -344,7 +349,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
* {@inheritdoc} * {@inheritdoc}
*/ */
public function getLogoutUrl() { public function getLogoutUrl() {
$slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', ''); $prefix = $this->settings->getPrefix();
$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
if($slo === '') { if($slo === '') {
return ''; return '';
} }
@ -373,7 +379,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
*/ */
public function getCurrentUserId() { public function getCurrentUserId() {
$samlData = $this->session->get('user_saml.samlUserData'); $samlData = $this->session->get('user_saml.samlUserData');
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping', ''); $prefix = $this->settings->getPrefix();
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', '');
if($uidMapping !== '' && isset($samlData[$uidMapping])) { if($uidMapping !== '' && isset($samlData[$uidMapping])) {
if(is_array($samlData[$uidMapping])) { if(is_array($samlData[$uidMapping])) {
@ -437,7 +444,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
private function getAttributeKeys($name) private function getAttributeKeys($name)
{ {
$keys = explode(' ', $this->config->getAppValue('user_saml', $name, '')); $prefix = $this->settings->getPrefix($name);
$keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, ''));
if (count($keys) === 1 && $keys[0] === '') { if (count($keys) === 1 && $keys[0] === '') {
throw new \InvalidArgumentException('Attribute is not configured'); throw new \InvalidArgumentException('Attribute is not configured');