Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b382410b authored by Fahim Salam Chowdhury's avatar Fahim Salam Chowdhury 👽
Browse files

Merge branch... 

Merge branch 'dev/4053_SSOService_go_through_all_returned_user_from_userInfo_list_from_oidc_provider' into 'main'

fix: go through all userInfo when retrieving userId from OIDC provider

See merge request !194
parents 5fad1272 878a18a8

appinfo/info.xml

+1 −1
Original line number Diff line number Diff line
@@ -10,7 +10,7 @@ 
    <description><![CDATA[in /e/OS cloud, nextcloud accounts are linked to mail accounts. This app ensures both are coordinated: it sets the e-mail address, quota and storage of the user upon creation.

    It also completes the account deletion by cleaning other parts of the /e/OS cloud setup to ensure no more data is retained when a user requests an account deletion.

    This app uses the UserDeletedEvent to invoke scripts in the docker-welcome container of /e/OS cloud setup]]></description>

    <version>10.0.1</version>

    <version>10.0.2</version>

    <licence>agpl</licence>

    <author mail="dev@murena.com" homepage="https://murena.com/">Murena SAS</author>

    <namespace>EcloudAccounts</namespace>

lib/Service/SSOService.php

+25 −4
Original line number Diff line number Diff line
@@ -174,12 +174,29 @@ class SSOService { 
		if (empty($users) || !is_array($users) || !isset($users[0])) {

			throw new SSOAdminAPIException('Error: no user found for search with url: ' . $url);

		}

		$this->currentUserId = $users[0]['id'];

		$this->currentUserName = $this->sanitizeUserName($users[0]['username']);



		$ssoUserId = '';

		$ssoUserName = '';

		$username = $this->sanitizeUserName($username);

		if ($username !== $this->currentUserName) {



		foreach($users as $ssoUser) {

			if (!isset($ssoUser['username']) || !isset($ssoUser['id'])) {

				continue;

			}



			$ssoUserName = $ssoUser['username'];

			if ($ssoUserName === $username) {

				$ssoUserId = $ssoUser['id'];

				break;

			}

		}



		if (empty($ssoUserId) || empty($ssoUserName)) {

			throw new SSOAdminAPIException('Error: retrieved wrong user info (' . $this->currentUserName . ') from SSO service for ' . $username);

		}



		$this->currentUserId = $ssoUserId;

		$this->currentUserName = $ssoUserName;

	}



	private function getAdminAccessToken() : void {
@@ -250,7 +267,11 @@ class SSOService { 
		return $answer;

	}



	private function sanitizeUserName(string $username): string {

	private function sanitizeUserName(?string $username): ?string {

		if (!isset($username) || is_null($username) || empty($username)) {

			return null;

		}



		$username = strtolower($username);



		if (str_contains($username, "@" . $this->mainDomain) || str_contains($username, "@" . $this->legacyDomain)) {