Skip to content

Commit

Permalink
Support multiple values for mapping username, groups, mail and displa…
Browse files Browse the repository at this point in the history
…yName
  • Loading branch information
Sixto Martin committed Aug 2, 2013
1 parent c9ffc35 commit 02e8983
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 30 deletions.
3 changes: 2 additions & 1 deletion user_saml/CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
CHANGELOG
=========

Version 0.4 (Tested with OwnCloud 5.0.9)
Version 0.4 (Tested with OwnCloud 5.0.8)
----------------------------------------

* Add csrf protection on setting form
* Add a config param to force the saml login
* Use openssl_random_pseudo_bytes instead of mt_rand (if available)
* Support displayName
* Support multiple values for mapping username, groups, mail and displayName


Version 0.3 (Tested with OwnCloud 4.5.2)
Expand Down
55 changes: 38 additions & 17 deletions user_saml/lib/hooks.php
Original file line number Diff line number Diff line change
Expand Up @@ -26,28 +26,49 @@
class OC_USER_SAML_Hooks {

static public function post_login($parameters) {
$uid = $parameters['uid'];
$userid = $parameters['uid'];
$samlBackend = new OC_USER_SAML();

if ($samlBackend->auth->isAuthenticated()) {
$attributes = $samlBackend->auth->getAttributes();

if (array_key_exists($samlBackend->usernameMapping, $attributes) && $attributes[$samlBackend->usernameMapping][0] == $uid) {
$usernameFound = false;
foreach($samlBackend->usernameMapping as $usernameMapping) {
if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
$usernameFound = true;
$uid = $attributes[$usernameMapping][0];
OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
break;
}
}

if ($usernameFound && $uid == $userid) {

$attributes = $samlBackend->auth->getAttributes();

if (array_key_exists($samlBackend->mailMapping, $attributes)) {
$saml_email = $attributes[$samlBackend->mailMapping][0];
$saml_email = '';
foreach ($samlBackend->mailMapping as $mailMapping) {
if (array_key_exists($mailMapping, $attributes) && !empty($attributes[$mailMapping][0])) {
$saml_email = $attributes[$mailMapping][0];
break;
}
}

if (array_key_exists($samlBackend->displayNameMapping, $attributes)) {
$display_name = $attributes[$samlBackend->displayNameMapping][0];
$saml_display_name = '';
foreach ($samlBackend->displayNameMapping as $displayNameMapping) {
if (array_key_exists($displayNameMapping, $attributes) && !empty($attributes[$displayNameMapping][0])) {
$saml_display_name = $attributes[$displayNameMapping][0];
break;
}
}

if (array_key_exists($samlBackend->groupMapping, $attributes)) {
$saml_groups = $attributes[$samlBackend->groupMapping];
$saml_groups = array();
foreach ($samlBackend->groupMapping as $groupMapping) {
if (array_key_exists($groupMapping, $attributes) && !empty($attributes[$groupMapping])) {
$saml_groups = array_merge($saml_groups, $attributes[$groupMapping]);
}
}
else if (!empty($samlBackend->defaultGroup)) {
if (empty($saml_groups) && !empty($samlBackend->defaultGroup)) {
$saml_groups = array($samlBackend->defaultGroup);
OC_Log::write('saml','Using default group "'.$samlBackend->defaultGroup.'" for the user: '.$uid, OC_Log::DEBUG);
}
Expand All @@ -69,8 +90,8 @@ static public function post_login($parameters) {
if (isset($saml_groups)) {
update_groups($uid, $saml_groups, $samlBackend->protectedGroups, true);
}
if (isset($display_name)) {
update_display_name($uid, $display_name);
if (isset($saml_display_name)) {
update_display_name($uid, $saml_display_name);
}
}
}
Expand All @@ -84,8 +105,8 @@ static public function post_login($parameters) {
if (isset($saml_groups)) {
update_groups($uid, $saml_groups, $samlBackend->protectedGroups, false);
}
if (isset($display_name)) {
update_display_name($uid, $display_name);
if (isset($saml_display_name)) {
update_display_name($uid, $saml_display_name);
}
}
}
Expand Down Expand Up @@ -116,12 +137,12 @@ function update_mail($uid, $email) {
}


function update_groups($uid, $groups, $protected_groups=array(), $just_created=false) {
function update_groups($uid, $groups, $protectedGroups=array(), $just_created=false) {

if(!$just_created) {
$old_groups = OC_Group::getUserGroups($uid);
foreach($old_groups as $group) {
if(!in_array($group, $protected_groups) && !in_array($group, $groups)) {
if(!in_array($group, $protectedGroups) && !in_array($group, $groups)) {
OC_Group::removeFromGroup($uid,$group);
OC_Log::write('saml','Removed "'.$uid.'" from the group "'.$group.'"', OC_Log::DEBUG);
}
Expand All @@ -145,6 +166,6 @@ function update_groups($uid, $groups, $protected_groups=array(), $just_created=f
}
}

function update_display_name($uid, $display_name) {
OC_User::setDisplayName($uid, $display_name);
function update_display_name($uid, $displayName) {
OC_User::setDisplayName($uid, $displayName);
}
25 changes: 13 additions & 12 deletions user_saml/user_saml.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,11 @@ public function __construct() {
$this->autocreate = OCP\Config::getAppValue('user_saml', 'saml_autocreate', false);
$this->updateUserData = OCP\Config::getAppValue('user_saml', 'saml_update_user_data', false);
$this->defaultGroup = OCP\Config::getAppValue('user_saml', 'saml_default_group', '');
$this->protectedGroups = explode (',', str_replace(' ', '', OCP\Config::getAppValue('user_saml', 'saml_protected_groups', '')));
$this->usernameMapping = OCP\Config::getAppValue('user_saml', 'saml_username_mapping', '');
$this->mailMapping = OCP\Config::getAppValue('user_saml', 'saml_email_mapping', '');
$this->displayNameMapping = OCP\Config::getAppValue('user_saml', 'saml_displayname_mapping', '');
$this->groupMapping = OCP\Config::getAppValue('user_saml', 'saml_group_mapping', '');
$this->protectedGroups = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_protected_groups', '')));
$this->usernameMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_username_mapping', '')));
$this->mailMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_email_mapping', '')));
$this->displayNameMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_displayname_mapping', '')));
$this->groupMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_group_mapping', '')));

if (!empty($this->sspPath) && !empty($this->spSource)) {
include_once $this->sspPath."/lib/_autoload.php";
Expand All @@ -73,18 +73,19 @@ public function checkPassword($uid, $password) {

$attributes = $this->auth->getAttributes();

if (array_key_exists($this->usernameMapping, $attributes)) {
$uid = $attributes[$this->usernameMapping][0];
OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
}
else {
OC_Log::write('saml','Not found attribute used to get the username ("'.$this->usernameMapping.'") at the requested saml attribute assertion',OC_Log::DEBUG);
foreach($this->usernameMapping as $usernameMapping) {
if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
$uid = $attributes[$usernameMapping][0];
OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
return $uid;
}
}

OC_Log::write('saml','Not found attribute used to get the username at the requested saml attribute assertion',OC_Log::DEBUG);
$secure_cookie = OC_Config::getValue("forcessl", false);
$expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15);
setcookie("user_saml_logged_in", "1", $expires, '', '', $secure_cookie);

return $uid;
return false;
}
}

0 comments on commit 02e8983

Please sign in to comment.