diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php index f0c13b0..3f34007 100644 --- a/lib/Controller/SAMLController.php +++ b/lib/Controller/SAMLController.php @@ -354,7 +354,7 @@ class SAMLController extends Controller { $this->userBackend->initializeHomeDir($user->getUID()); } } catch (NoUserFoundException $e) { - throw new \InvalidArgumentException('User is not valid'); + throw new \InvalidArgumentException('User "' . $this->userBackend->getCurrentUserId() . '" is not valid'); } catch (\Exception $e) { $this->logger->logException($e, ['app' => $this->appName]); $response = new Http\RedirectResponse($this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.notProvisioned')); diff --git a/lib/UserBackend.php b/lib/UserBackend.php index f578795..e03c260 100644 --- a/lib/UserBackend.php +++ b/lib/UserBackend.php @@ -490,7 +490,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { $this->userData->setAttributes($this->session->get('user_saml.samlUserData') ?? []); $uid = $this->userData->getEffectiveUid(); if($uid !== '' && $this->userExists($uid)) { - $uid = $this->testEncodedObjectGUID($uid); + $uid = $this->userData->testEncodedObjectGUID($uid); $this->session->set('last-password-confirm', strtotime('+4 year', time())); return $uid; diff --git a/lib/UserData.php b/lib/UserData.php index c032d3d..098a9be 100644 --- a/lib/UserData.php +++ b/lib/UserData.php @@ -100,7 +100,12 @@ class UserData { * base64-encoded binary string representing e.g. the objectGUID. Otherwise * */ - protected function testEncodedObjectGUID(string $uid): string { + public function testEncodedObjectGUID(string $uid): string { + if (preg_match('/[^a-zA-Z0-9=+\/]/', $uid) !== 0) { + // certainly not encoded + return $uid; + } + $candidate = base64_decode($uid, true); if($candidate === false) { return $uid; diff --git a/tests/unit/Controller/SAMLControllerTest.php b/tests/unit/Controller/SAMLControllerTest.php index 856988a..f1d878d 100644 --- a/tests/unit/Controller/SAMLControllerTest.php +++ b/tests/unit/Controller/SAMLControllerTest.php @@ -39,7 +39,6 @@ use OCP\IUser; use OCP\IUserSession; use PHPUnit\Framework\MockObject\MockObject; use OCP\Security\ICrypto; -use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; class SAMLControllerTest extends TestCase { diff --git a/tests/unit/UserBackendTest.php b/tests/unit/UserBackendTest.php index 0d6ff71..6325091 100644 --- a/tests/unit/UserBackendTest.php +++ b/tests/unit/UserBackendTest.php @@ -287,9 +287,4 @@ class UserBackendTest extends TestCase { $this->userBackend->updateAttributes('ExistingUser', ['email' => 'new@example.com', 'displayname' => 'New Displayname', 'quota' => '']); } - ['aaabbbcc@aa.bbbccdd.eee.ff', 'aaabbbcc@aa.bbbccdd.eee.ff'], - ['aaabbbcccaa.bbbccdddeee', 'aaabbbcccaa.bbbccdddeee'] - - - } diff --git a/tests/unit/UserDataTest.php b/tests/unit/UserDataTest.php index 7410805..a27f6b2 100644 --- a/tests/unit/UserDataTest.php +++ b/tests/unit/UserDataTest.php @@ -58,6 +58,8 @@ class UserDataTest extends TestCase { ['EDE70D16-B9D5-4E9A-ABD7-614D17246E3F', 'EDE70D16-B9D5-4E9A-ABD7-614D17246E3F'], ['Tm8gY29udmVyc2lvbgo=', 'Tm8gY29udmVyc2lvbgo='], ['ASfjU2OYEd69ZgAVF4pePA==', '53E32701-9863-DE11-BD66-0015178A5E3C'], + ['aaabbbcc@aa.bbbccdd.eee.ff', 'aaabbbcc@aa.bbbccdd.eee.ff'], + ['aaabbbcccaa.bbbccdddeee', 'aaabbbcccaa.bbbccdddeee'] ]; }