detect disabled user and show a appropriated error message

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2024-05-01 08:44:53 +02:00 · 2018-03-13 17:29:52 +01:00 · 2018-03-13 17:29:52 +01:00 · 4b8558522b
parent 32f9a87ba3
commit 4b8558522b
3 changed files with 44 additions and 1 deletions
--- a/appinfo/app.php
+++ b/appinfo/app.php
@ -29,6 +29,7 @@ if(OC::$CLI) {
 }

 $urlGenerator = \OC::$server->getURLGenerator();
+$l = \OC::$server->getL10N('user_saml');
 $config = \OC::$server->getConfig();
 $request = \OC::$server->getRequest();
 $userSession = \OC::$server->getUserSession();
@ -71,6 +72,22 @@ if($returnScript === true) {
 }

 $redirectSituation = false;
+
+$user = $userSession->getUser();
+if ($user !== null) {
+	$enabled = $user->isEnabled();
+	if ($enabled === false) {
+		$targetUrl = $urlGenerator->linkToRouteAbsolute(
+			'user_saml.SAML.genericError',
+			[
+				'message' => $l->t('This user account is disabled, please contact your administrator.')
+			]
+		);
+		header('Location: '.$targetUrl);
+		exit();
+	}
+}
+
 // All requests that are not authenticated and match against the "/login" route are
 // redirected to the SAML login endpoint
 if(!$cli &&
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@ -48,5 +48,10 @@ return [
 			'url' => '/saml/notProvisioned',
 			'verb' => 'GET',
 		],
+		[
+			'name' => 'SAML#genericError',
+			'url' => '/saml/error',
+			'verb' => 'GET',
+		],
 	],
 ];
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@ -27,6 +27,7 @@ use OCA\User_SAML\UserBackend;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\IConfig;
+use OCP\IL10N;
 use OCP\ILogger;
 use OCP\IRequest;
 use OCP\ISession;
@ -52,6 +53,8 @@ class SAMLController extends Controller {
 	private $userManager;
 	/** @var ILogger */
 	private $logger;
+	/** @var IL10N */
+	private $l;

 	/**
 	 * @param string $appName
@ -64,6 +67,7 @@ class SAMLController extends Controller {
 	 * @param IURLGenerator $urlGenerator
 	 * @param IUserManager $userManager
 	 * @param ILogger $logger
+	 * @param IL10N $l
 	 */
 	public function __construct($appName,
 								IRequest $request,
@ -74,7 +78,8 @@ class SAMLController extends Controller {
 								IConfig $config,
 								IURLGenerator $urlGenerator,
 								IUserManager $userManager,
-								ILogger $logger) {
+								ILogger $logger,
+								IL10N $l) {
 		parent::__construct($appName, $request);
 		$this->session = $session;
 		$this->userSession = $userSession;
@ -84,6 +89,7 @@ class SAMLController extends Controller {
 		$this->urlGenerator = $urlGenerator;
 		$this->userManager = $userManager;
 		$this->logger = $logger;
+		$this->l = $l;
 	}

 	/**
@ -288,4 +294,19 @@ class SAMLController extends Controller {
 	public function notProvisioned() {
 		return new Http\TemplateResponse($this->appName, 'notProvisioned', [], 'guest');
 	}
+
+
+	/**
+	 * @PublicPage
+	 * @NoCSRFRequired
+	 * @OnlyUnauthenticatedUsers
+	 * @param string $message
+	 * @return Http\TemplateResponse
+	 */
+	public function genericError($message) {
+		if (empty($message)) {
+			$message = $this->l->t('Unknown error, please check the log file for more details.');
+		}
+		return new Http\TemplateResponse($this->appName, 'error', ['message' => $message], 'guest');
+	}
 }