From c1f5b6b10dd2df222b7fed15e6dcd446725345cd Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 14 Mar 2018 14:58:20 +0100 Subject: [PATCH] try to lookup a user if the uid does not resolve and autoprov is disabled it might well may be that the user exists but is not yet known to the specific backend in Nextcloud and need to be mapped first. This assumes that searching for the uid will actually find the user. This is not necessarily given by the backend configuration. Signed-off-by: Arthur Schiwon --- lib/Controller/SAMLController.php | 7 +++ tests/unit/Controller/SAMLControllerTest.php | 53 +++++++++++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php index 21388dc..feea291 100644 --- a/lib/Controller/SAMLController.php +++ b/lib/Controller/SAMLController.php @@ -99,6 +99,13 @@ class SAMLController extends Controller { $autoProvisioningAllowed = $this->userBackend->autoprovisionAllowed(); if(!$userExists && !$autoProvisioningAllowed) { + // it is possible that the user was not logged in before and + // thus is not known to the original backend. A search can + // help with it and make the user known + $this->userManager->search($uid); + if($this->userManager->userExists($uid)) { + return; + } throw new NoUserFoundException(); } elseif(!$userExists && $autoProvisioningAllowed) { $this->userBackend->createUserIfNotExists($uid); diff --git a/tests/unit/Controller/SAMLControllerTest.php b/tests/unit/Controller/SAMLControllerTest.php index 6007f64..0364c45 100755 --- a/tests/unit/Controller/SAMLControllerTest.php +++ b/tests/unit/Controller/SAMLControllerTest.php @@ -257,7 +257,7 @@ class SAMLControllerTest extends TestCase { ->with('user_saml', 'general-uid_mapping') ->willReturn('uid'); $this->userManager - ->expects($this->once()) + ->expects($this->any()) ->method('userExists') ->with('MyUid') ->willReturn(false); @@ -275,6 +275,57 @@ class SAMLControllerTest extends TestCase { $this->assertEquals($expected, $this->samlController->login()); } + public function testLoginWithEnvVariableAndNotYetMappedUserWithoutProvisioning() { + $this->config + ->expects($this->at(0)) + ->method('getAppValue') + ->with('user_saml', 'type') + ->willReturn('environment-variable'); + $this->session + ->expects($this->once()) + ->method('get') + ->with('user_saml.samlUserData') + ->willReturn([ + 'foo' => 'bar', + 'uid' => 'MyUid', + 'bar' => 'foo', + ]); + $this->config + ->expects($this->at(1)) + ->method('getAppValue') + ->with('user_saml', 'general-uid_mapping') + ->willReturn('uid'); + $this->userManager + ->expects($this->exactly(2)) + ->method('userExists') + ->with('MyUid') + ->willReturnOnConsecutiveCalls(false, true); + $this->userManager + ->expects($this->once()) + ->method('get') + ->with('MyUid') + ->willReturn($this->createMock(IUser::class)); + $this->urlGenerator + ->expects($this->once()) + ->method('getAbsoluteUrl') + ->with('/') + ->willReturn('https://nextcloud.com/absolute/'); + $this->urlGenerator + ->expects($this->never()) + ->method('linkToRouteAbsolute'); + $this->userBackend + ->expects($this->once()) + ->method('autoprovisionAllowed') + ->willReturn(false); + $this->userBackend + ->expects($this->once()) + ->method('getCurrentUserId') + ->willReturn('MyUid'); + + $expected = new RedirectResponse('https://nextcloud.com/absolute/'); + $this->assertEquals($expected, $this->samlController->login()); + } + public function testNotProvisioned() { $expected = new TemplateResponse('user_saml', 'notProvisioned', [], 'guest'); $this->assertEquals($expected, $this->samlController->notProvisioned());