mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-02 17:14:53 +02:00
make sure to always use the right idp config
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
dafaf016a6
commit
20757e9f0e
|
@ -33,10 +33,12 @@ $l = \OC::$server->getL10N('user_saml');
|
||||||
$config = \OC::$server->getConfig();
|
$config = \OC::$server->getConfig();
|
||||||
$request = \OC::$server->getRequest();
|
$request = \OC::$server->getRequest();
|
||||||
$userSession = \OC::$server->getUserSession();
|
$userSession = \OC::$server->getUserSession();
|
||||||
|
$session = \OC::$server->getSession();
|
||||||
$samlSettings = new \OCA\User_SAML\SAMLSettings(
|
$samlSettings = new \OCA\User_SAML\SAMLSettings(
|
||||||
$urlGenerator,
|
$urlGenerator,
|
||||||
$config,
|
$config,
|
||||||
$request
|
$request,
|
||||||
|
$session
|
||||||
);
|
);
|
||||||
|
|
||||||
$userBackend = new \OCA\User_SAML\UserBackend(
|
$userBackend = new \OCA\User_SAML\UserBackend(
|
||||||
|
@ -45,7 +47,8 @@ $userBackend = new \OCA\User_SAML\UserBackend(
|
||||||
\OC::$server->getSession(),
|
\OC::$server->getSession(),
|
||||||
\OC::$server->getDatabaseConnection(),
|
\OC::$server->getDatabaseConnection(),
|
||||||
\OC::$server->getUserManager(),
|
\OC::$server->getUserManager(),
|
||||||
\OC::$server->getGroupManager()
|
\OC::$server->getGroupManager(),
|
||||||
|
$samlSettings
|
||||||
);
|
);
|
||||||
$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
|
$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
|
||||||
OC_User::useBackend($userBackend);
|
OC_User::useBackend($userBackend);
|
||||||
|
|
|
@ -102,7 +102,8 @@ class SAMLController extends Controller {
|
||||||
* @throws NoUserFoundException
|
* @throws NoUserFoundException
|
||||||
*/
|
*/
|
||||||
private function autoprovisionIfPossible(array $auth) {
|
private function autoprovisionIfPossible(array $auth) {
|
||||||
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping');
|
$prefix = $this->settings->getPrefix();
|
||||||
|
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
|
||||||
if(isset($auth[$uidMapping])) {
|
if(isset($auth[$uidMapping])) {
|
||||||
if(is_array($auth[$uidMapping])) {
|
if(is_array($auth[$uidMapping])) {
|
||||||
$uid = $auth[$uidMapping][0];
|
$uid = $auth[$uidMapping][0];
|
||||||
|
|
|
@ -24,6 +24,7 @@ namespace OCA\User_SAML;
|
||||||
use OCP\AppFramework\Http;
|
use OCP\AppFramework\Http;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
|
use OCP\ISession;
|
||||||
use OCP\IURLGenerator;
|
use OCP\IURLGenerator;
|
||||||
|
|
||||||
class SAMLSettings {
|
class SAMLSettings {
|
||||||
|
@ -33,18 +34,25 @@ class SAMLSettings {
|
||||||
private $config;
|
private $config;
|
||||||
/** @var IRequest */
|
/** @var IRequest */
|
||||||
private $request;
|
private $request;
|
||||||
|
/** @var ISession */
|
||||||
|
private $session;
|
||||||
|
/** @var array list of global settings which are valid for every idp */
|
||||||
|
private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop'];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param IURLGenerator $urlGenerator
|
* @param IURLGenerator $urlGenerator
|
||||||
* @param IConfig $config
|
* @param IConfig $config
|
||||||
* @param IRequest $request
|
* @param IRequest $request
|
||||||
|
* @param ISession $session
|
||||||
*/
|
*/
|
||||||
public function __construct(IURLGenerator $urlGenerator,
|
public function __construct(IURLGenerator $urlGenerator,
|
||||||
IConfig $config,
|
IConfig $config,
|
||||||
IRequest $request) {
|
IRequest $request,
|
||||||
|
ISession $session) {
|
||||||
$this->urlGenerator = $urlGenerator;
|
$this->urlGenerator = $urlGenerator;
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
$this->request = $request;
|
$this->request = $request;
|
||||||
|
$this->session = $session;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -148,5 +156,26 @@ class SAMLSettings {
|
||||||
|
|
||||||
return $settings;
|
return $settings;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* calculate prefix for config values
|
||||||
|
*
|
||||||
|
* @param string name of the setting
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getPrefix($setting = '') {
|
||||||
|
|
||||||
|
$prefix = '';
|
||||||
|
if (!empty($setting) && in_array($setting, $this->globalSettings)) {
|
||||||
|
return $prefix;
|
||||||
|
}
|
||||||
|
|
||||||
|
$idp = $this->session->get('user_saml.Idp');
|
||||||
|
if ((int)$idp > 1) {
|
||||||
|
$prefix = $idp . '-';
|
||||||
|
}
|
||||||
|
|
||||||
|
return $prefix;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -48,6 +48,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
||||||
private $groupManager;
|
private $groupManager;
|
||||||
/** @var \OCP\UserInterface[] */
|
/** @var \OCP\UserInterface[] */
|
||||||
private static $backends = [];
|
private static $backends = [];
|
||||||
|
/** @var SAMLSettings */
|
||||||
|
private $settings;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param IConfig $config
|
* @param IConfig $config
|
||||||
|
@ -56,19 +58,22 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
||||||
* @param IDBConnection $db
|
* @param IDBConnection $db
|
||||||
* @param IUserManager $userManager
|
* @param IUserManager $userManager
|
||||||
* @param IGroupManager $groupManager
|
* @param IGroupManager $groupManager
|
||||||
|
* @param SAMLSettings $settings
|
||||||
*/
|
*/
|
||||||
public function __construct(IConfig $config,
|
public function __construct(IConfig $config,
|
||||||
IURLGenerator $urlGenerator,
|
IURLGenerator $urlGenerator,
|
||||||
ISession $session,
|
ISession $session,
|
||||||
IDBConnection $db,
|
IDBConnection $db,
|
||||||
IUserManager $userManager,
|
IUserManager $userManager,
|
||||||
IGroupManager $groupManager) {
|
IGroupManager $groupManager,
|
||||||
|
SAMLSettings $settings) {
|
||||||
$this->config = $config;
|
$this->config = $config;
|
||||||
$this->urlGenerator = $urlGenerator;
|
$this->urlGenerator = $urlGenerator;
|
||||||
$this->session = $session;
|
$this->session = $session;
|
||||||
$this->db = $db;
|
$this->db = $db;
|
||||||
$this->userManager = $userManager;
|
$this->userManager = $userManager;
|
||||||
$this->groupManager = $groupManager;
|
$this->groupManager = $groupManager;
|
||||||
|
$this->settings = $settings;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -344,7 +349,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
public function getLogoutUrl() {
|
public function getLogoutUrl() {
|
||||||
$slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', '');
|
$prefix = $this->settings->getPrefix();
|
||||||
|
$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
|
||||||
if($slo === '') {
|
if($slo === '') {
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
@ -373,7 +379,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
||||||
*/
|
*/
|
||||||
public function getCurrentUserId() {
|
public function getCurrentUserId() {
|
||||||
$samlData = $this->session->get('user_saml.samlUserData');
|
$samlData = $this->session->get('user_saml.samlUserData');
|
||||||
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping', '');
|
$prefix = $this->settings->getPrefix();
|
||||||
|
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', '');
|
||||||
|
|
||||||
if($uidMapping !== '' && isset($samlData[$uidMapping])) {
|
if($uidMapping !== '' && isset($samlData[$uidMapping])) {
|
||||||
if(is_array($samlData[$uidMapping])) {
|
if(is_array($samlData[$uidMapping])) {
|
||||||
|
@ -437,7 +444,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
||||||
|
|
||||||
private function getAttributeKeys($name)
|
private function getAttributeKeys($name)
|
||||||
{
|
{
|
||||||
$keys = explode(' ', $this->config->getAppValue('user_saml', $name, ''));
|
$prefix = $this->settings->getPrefix($name);
|
||||||
|
$keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, ''));
|
||||||
|
|
||||||
if (count($keys) === 1 && $keys[0] === '') {
|
if (count($keys) === 1 && $keys[0] === '') {
|
||||||
throw new \InvalidArgumentException('Attribute is not configured');
|
throw new \InvalidArgumentException('Attribute is not configured');
|
||||||
|
|
Loading…
Reference in a new issue