From f6d334079c9e5e00a25dcb884fecca21a5cda7f8 Mon Sep 17 00:00:00 2001
From: Fahim Salam Chowdhury <fahim@e.email>
Date: Wed, 7 May 2025 14:29:13 +0600
Subject: [PATCH 1/5] fix: go through all userInfo when retrieving userId from
 OIDC provider

Currently we are only retriving 0th user for the userList returned from
userList. It can cause issue where multiple return value found for
search keyword. Here, we are checking against all returned users.

issue: https://gitlab.e.foundation/e/infra/backlog/-/issues/4053
---
 lib/Service/SSOService.php | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php
index 05e591f5..f3ee8b19 100644
--- a/lib/Service/SSOService.php
+++ b/lib/Service/SSOService.php
@@ -174,12 +174,29 @@ class SSOService {
 		if (empty($users) || !is_array($users) || !isset($users[0])) {
 			throw new SSOAdminAPIException('Error: no user found for search with url: ' . $url);
 		}
-		$this->currentUserId = $users[0]['id'];
-		$this->currentUserName = $this->sanitizeUserName($users[0]['username']);
-		$username = $this->sanitizeUserName($username);
-		if ($username !== $this->currentUserName) {
+
+		$ssoUserId = '';
+		$ssoUserName = '';
+		foreach($users as $ssoUser) {
+			if (!isset($ssoUser)) {
+				continue;
+			}
+
+			$ssoUserName = $this->sanitizeUserName($ssoUser['username']);
+			if ($ssoUserName === $this->currentUserName) {
+				$ssoUserId = $ssoUser['id'];
+				break;
+			}
+
+			$ssoUserName = '';
+		}
+
+		if (empty($ssoUserId) || empty($ssoUserName)) {
 			throw new SSOAdminAPIException('Error: retrieved wrong user info (' . $this->currentUserName . ') from SSO service for ' . $username);
 		}
+
+		$this->currentUserId = $ssoUserId;
+		$this->currentUserName = $ssoUserName;
 	}
 
 	private function getAdminAccessToken() : void {
-- 
GitLab


From 89fa78fb770bb4a801a677ba1ff4a05d7a8ae357 Mon Sep 17 00:00:00 2001
From: Fahim Salam Chowdhury <fahim@e.email>
Date: Wed, 7 May 2025 14:31:10 +0600
Subject: [PATCH 2/5] chore: bump to 10.0.2

---
 appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appinfo/info.xml b/appinfo/info.xml
index 3997e0ee..64b13ea7 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -10,7 +10,7 @@
     <description><![CDATA[in /e/OS cloud, nextcloud accounts are linked to mail accounts. This app ensures both are coordinated: it sets the e-mail address, quota and storage of the user upon creation.
     It also completes the account deletion by cleaning other parts of the /e/OS cloud setup to ensure no more data is retained when a user requests an account deletion.
     This app uses the UserDeletedEvent to invoke scripts in the docker-welcome container of /e/OS cloud setup]]></description>
-    <version>10.0.1</version>
+    <version>10.0.2</version>
     <licence>agpl</licence>
     <author mail="dev@murena.com" homepage="https://murena.com/">Murena SAS</author>
     <namespace>EcloudAccounts</namespace>
-- 
GitLab


From f56083949273e18a1eb06979750ce0ffebac9eb9 Mon Sep 17 00:00:00 2001
From: Fahim Salam Chowdhury <fahim@e.email>
Date: Wed, 7 May 2025 14:45:23 +0600
Subject: [PATCH 3/5] chore: improve santizeUserName method

---
 lib/Service/SSOService.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php
index f3ee8b19..2e924d0a 100644
--- a/lib/Service/SSOService.php
+++ b/lib/Service/SSOService.php
@@ -267,7 +267,11 @@ class SSOService {
 		return $answer;
 	}
 
-	private function sanitizeUserName(string $username): string {
+	private function sanitizeUserName(?string $username): ?string {
+		if (!isset($username) || is_null($username) || empty($username)) {
+			return null;
+		}
+
 		$username = strtolower($username);
 
 		if (str_contains($username, "@" . $this->mainDomain) || str_contains($username, "@" . $this->legacyDomain)) {
-- 
GitLab


From 0e7865d2e6108d17a79dc67df7b45f9e26caa155 Mon Sep 17 00:00:00 2001
From: Fahim Salam Chowdhury <fahim@e.email>
Date: Wed, 7 May 2025 16:01:04 +0600
Subject: [PATCH 4/5] fix: currentUserName is not initialized

---
 lib/Service/SSOService.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php
index 2e924d0a..f9db8385 100644
--- a/lib/Service/SSOService.php
+++ b/lib/Service/SSOService.php
@@ -177,13 +177,15 @@ class SSOService {
 
 		$ssoUserId = '';
 		$ssoUserName = '';
+		$username = $this->sanitizeUserName($username);
+
 		foreach($users as $ssoUser) {
 			if (!isset($ssoUser)) {
 				continue;
 			}
 
 			$ssoUserName = $this->sanitizeUserName($ssoUser['username']);
-			if ($ssoUserName === $this->currentUserName) {
+			if ($ssoUserName === $username) {
 				$ssoUserId = $ssoUser['id'];
 				break;
 			}
-- 
GitLab


From f2bd5edb5ce253f2947d426a186845463cc68eaf Mon Sep 17 00:00:00 2001
From: Fahim Salam Chowdhury <fahim@e.email>
Date: Wed, 7 May 2025 20:49:42 +0600
Subject: [PATCH 5/5] chore: update according to review

---
 lib/Service/SSOService.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php
index f9db8385..61882dc2 100644
--- a/lib/Service/SSOService.php
+++ b/lib/Service/SSOService.php
@@ -180,17 +180,15 @@ class SSOService {
 		$username = $this->sanitizeUserName($username);
 
 		foreach($users as $ssoUser) {
-			if (!isset($ssoUser)) {
+			if (!isset($ssoUser['username']) || !isset($ssoUser['id'])) {
 				continue;
 			}
 
-			$ssoUserName = $this->sanitizeUserName($ssoUser['username']);
+			$ssoUserName = $ssoUser['username'];
 			if ($ssoUserName === $username) {
 				$ssoUserId = $ssoUser['id'];
 				break;
 			}
-
-			$ssoUserName = '';
 		}
 
 		if (empty($ssoUserId) || empty($ssoUserName)) {
-- 
GitLab