allow multiple user back-ends with environment variables

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2024-05-05 02:23:42 +02:00 · 2018-12-03 11:32:09 +01:00 · 2018-12-03 11:32:09 +01:00 · 4a85637f3e
parent e422da803b
commit 4a85637f3e
3 changed files with 52 additions and 9 deletions
--- a/appinfo/app.php
+++ b/appinfo/app.php
@ -73,10 +73,6 @@ switch($config->getAppValue('user_saml', 'type')) {
 		return;
 }

-if ($type === 'environment-variable') {
-	OC_User::handleApacheAuth();
-}
-
 if($returnScript === true) {
 	return;
 }
@ -131,12 +127,13 @@ if($useSamlForDesktopClients === '1') {
 	}
 }

+$params = $request->getParams();
 $multipleUserBackEnds = $samlSettings->allowMultipleUserBackEnds();
 $configuredIdps = $samlSettings->getListOfIdps();
 $showLoginOptions = $multipleUserBackEnds || count($configuredIdps) > 1;
+$showLoginOptions = $showLoginOptions && !isset($params['environmentVariableLogin']);

 if ($redirectSituation === true && $showLoginOptions) {
-	$params = $request->getParams();
 	$redirectUrl = '';
 	if(isset($params['redirect_url'])) {
 		$redirectUrl = $params['redirect_url'];
@ -145,7 +142,8 @@ if ($redirectSituation === true && $showLoginOptions) {
 	$targetUrl = $urlGenerator->linkToRouteAbsolute(
 		'user_saml.SAML.selectUserBackEnd',
 		[
-			'redirectUrl' => $redirectUrl
+			'redirectUrl' => $redirectUrl,
+			'type' => $type
 		]
 	);
 	header('Location: '.$targetUrl);
@ -153,6 +151,10 @@ if ($redirectSituation === true && $showLoginOptions) {

 }

+if ($type === 'environment-variable' && !$showLoginOptions) {
+	OC_User::handleApacheAuth();
+}
+
 if($redirectSituation === true) {
 	$params = $request->getParams();
 	$originalUrl = '';
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@ -367,9 +367,10 @@ class SAMLController extends Controller {
 	 * @NoCSRFRequired
 	 * @OnlyUnauthenticatedUsers
 	 * @param string $redirectUrl
+	 * @param string $type
 	 * @return Http\TemplateResponse
 	 */
-	public function selectUserBackEnd($redirectUrl) {
+	public function selectUserBackEnd($redirectUrl, $type) {

 		$attributes = ['loginUrls' => []];

@ -380,7 +381,11 @@ class SAMLController extends Controller {
 			];
 		}

-		$attributes['loginUrls']['ssoLogin'] = $this->getIdps($redirectUrl);
+		if ($type === 'saml') {
+			$attributes['loginUrls']['ssoLogin'] = $this->getIdps($redirectUrl);
+		} else {
+			$attributes['loginUrls']['ssoLogin'] = $this->getEnvVarLogin($redirectUrl);
+		}

 		$attributes['useCombobox'] = count($attributes['loginUrls']['ssoLogin']) > 4 ? true : false;

@ -407,6 +412,42 @@ class SAMLController extends Controller {
 		return $result;
 	}

+
+	/**
+	 * get the IdPs showed at the login page
+	 *
+	 * @param $redirectUrl
+	 * @return array
+	 */
+	private function getEnvVarLogin($redirectUrl) {
+
+		if(!empty($redirectUrl)) {
+			$originalUrl = $this->urlGenerator->getAbsoluteURL($redirectUrl);
+			$url = $this->urlGenerator->linkToRouteAbsolute(
+				'user_saml.SAML.selectUserBackEnd',
+				[
+					'environmentVariableLogin' => '1',
+					'redirect' => $originalUrl
+				]
+			);
+		} else {
+			$url = $this->urlGenerator->linkToRouteAbsolute(
+				'user_saml.SAML.selectUserBackEnd',
+				[
+					'environmentVariableLogin' => '1'
+				]
+			);
+		}
+
+		return [
+			[
+				'url' => $url,
+				'display-name' => 'Kerberos Login',
+			]
+		];
+
+	}
+
 	/**
 	 * get SSO URL
 	 *
--- a/lib/SAMLSettings.php
+++ b/lib/SAMLSettings.php
@ -82,7 +82,7 @@ class SAMLSettings {
 	public function allowMultipleUserBackEnds() {
 		$type = $this->config->getAppValue('user_saml', 'type');
 		$setting = $this->config->getAppValue('user_saml', 'general-allow_multiple_user_back_ends', '0');
-		return  ($setting === '1' && $type === 'saml');
+		return  ($setting === '1');
 	}

 	/**