mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-03 01:24:52 +02:00
make sure to always use the right idp config
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
dafaf016a6
commit
20757e9f0e
|
@ -33,10 +33,12 @@ $l = \OC::$server->getL10N('user_saml');
|
|||
$config = \OC::$server->getConfig();
|
||||
$request = \OC::$server->getRequest();
|
||||
$userSession = \OC::$server->getUserSession();
|
||||
$session = \OC::$server->getSession();
|
||||
$samlSettings = new \OCA\User_SAML\SAMLSettings(
|
||||
$urlGenerator,
|
||||
$config,
|
||||
$request
|
||||
$request,
|
||||
$session
|
||||
);
|
||||
|
||||
$userBackend = new \OCA\User_SAML\UserBackend(
|
||||
|
@ -45,7 +47,8 @@ $userBackend = new \OCA\User_SAML\UserBackend(
|
|||
\OC::$server->getSession(),
|
||||
\OC::$server->getDatabaseConnection(),
|
||||
\OC::$server->getUserManager(),
|
||||
\OC::$server->getGroupManager()
|
||||
\OC::$server->getGroupManager(),
|
||||
$samlSettings
|
||||
);
|
||||
$userBackend->registerBackends(\OC::$server->getUserManager()->getBackends());
|
||||
OC_User::useBackend($userBackend);
|
||||
|
|
|
@ -102,7 +102,8 @@ class SAMLController extends Controller {
|
|||
* @throws NoUserFoundException
|
||||
*/
|
||||
private function autoprovisionIfPossible(array $auth) {
|
||||
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping');
|
||||
$prefix = $this->settings->getPrefix();
|
||||
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
|
||||
if(isset($auth[$uidMapping])) {
|
||||
if(is_array($auth[$uidMapping])) {
|
||||
$uid = $auth[$uidMapping][0];
|
||||
|
|
|
@ -24,6 +24,7 @@ namespace OCA\User_SAML;
|
|||
use OCP\AppFramework\Http;
|
||||
use OCP\IConfig;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
use OCP\IURLGenerator;
|
||||
|
||||
class SAMLSettings {
|
||||
|
@ -33,18 +34,25 @@ class SAMLSettings {
|
|||
private $config;
|
||||
/** @var IRequest */
|
||||
private $request;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var array list of global settings which are valid for every idp */
|
||||
private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop'];
|
||||
|
||||
/**
|
||||
* @param IURLGenerator $urlGenerator
|
||||
* @param IConfig $config
|
||||
* @param IRequest $request
|
||||
* @param ISession $session
|
||||
*/
|
||||
public function __construct(IURLGenerator $urlGenerator,
|
||||
IConfig $config,
|
||||
IRequest $request) {
|
||||
IRequest $request,
|
||||
ISession $session) {
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->config = $config;
|
||||
$this->request = $request;
|
||||
$this->session = $session;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -148,5 +156,26 @@ class SAMLSettings {
|
|||
|
||||
return $settings;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* calculate prefix for config values
|
||||
*
|
||||
* @param string name of the setting
|
||||
* @return string
|
||||
*/
|
||||
public function getPrefix($setting = '') {
|
||||
|
||||
$prefix = '';
|
||||
if (!empty($setting) && in_array($setting, $this->globalSettings)) {
|
||||
return $prefix;
|
||||
}
|
||||
|
||||
$idp = $this->session->get('user_saml.Idp');
|
||||
if ((int)$idp > 1) {
|
||||
$prefix = $idp . '-';
|
||||
}
|
||||
|
||||
return $prefix;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -48,6 +48,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
private $groupManager;
|
||||
/** @var \OCP\UserInterface[] */
|
||||
private static $backends = [];
|
||||
/** @var SAMLSettings */
|
||||
private $settings;
|
||||
|
||||
/**
|
||||
* @param IConfig $config
|
||||
|
@ -56,19 +58,22 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
* @param IDBConnection $db
|
||||
* @param IUserManager $userManager
|
||||
* @param IGroupManager $groupManager
|
||||
* @param SAMLSettings $settings
|
||||
*/
|
||||
public function __construct(IConfig $config,
|
||||
IURLGenerator $urlGenerator,
|
||||
ISession $session,
|
||||
IDBConnection $db,
|
||||
IUserManager $userManager,
|
||||
IGroupManager $groupManager) {
|
||||
IGroupManager $groupManager,
|
||||
SAMLSettings $settings) {
|
||||
$this->config = $config;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->session = $session;
|
||||
$this->db = $db;
|
||||
$this->userManager = $userManager;
|
||||
$this->groupManager = $groupManager;
|
||||
$this->settings = $settings;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -344,7 +349,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
* {@inheritdoc}
|
||||
*/
|
||||
public function getLogoutUrl() {
|
||||
$slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', '');
|
||||
$prefix = $this->settings->getPrefix();
|
||||
$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
|
||||
if($slo === '') {
|
||||
return '';
|
||||
}
|
||||
|
@ -373,7 +379,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
*/
|
||||
public function getCurrentUserId() {
|
||||
$samlData = $this->session->get('user_saml.samlUserData');
|
||||
$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping', '');
|
||||
$prefix = $this->settings->getPrefix();
|
||||
$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', '');
|
||||
|
||||
if($uidMapping !== '' && isset($samlData[$uidMapping])) {
|
||||
if(is_array($samlData[$uidMapping])) {
|
||||
|
@ -437,7 +444,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
|
|||
|
||||
private function getAttributeKeys($name)
|
||||
{
|
||||
$keys = explode(' ', $this->config->getAppValue('user_saml', $name, ''));
|
||||
$prefix = $this->settings->getPrefix($name);
|
||||
$keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, ''));
|
||||
|
||||
if (count($keys) === 1 && $keys[0] === '') {
|
||||
throw new \InvalidArgumentException('Attribute is not configured');
|
||||
|
|
Loading…
Reference in a new issue