Support multiple values for mapping username, groups, mail and displayName

3 files changed, 53 insertions, 30 deletions

diff --git a/user_saml/CHANGELOG.txt b/user_saml/CHANGELOG.txt
index f87e97201..b39d6ce51 100644
--- a/user_saml/CHANGELOG.txt
+++ b/user_saml/CHANGELOG.txt
@@ -1,13 +1,14 @@
 CHANGELOG
 =========
 
-Version 0.4 (Tested with OwnCloud 5.0.9)
+Version 0.4 (Tested with OwnCloud 5.0.8)
 ----------------------------------------
 
 * Add csrf protection on setting form
 * Add a config param to force the saml login
 * Use openssl_random_pseudo_bytes instead of mt_rand (if available)
 * Support displayName
+* Support multiple values for mapping username, groups, mail and displayName
 
 
 Version 0.3 (Tested with OwnCloud 4.5.2)
diff --git a/user_saml/lib/hooks.php b/user_saml/lib/hooks.php
index 3c6907093..4c1848edf 100644
--- a/user_saml/lib/hooks.php
+++ b/user_saml/lib/hooks.php
@@ -26,28 +26,49 @@
 class OC_USER_SAML_Hooks {
 
 	static public function post_login($parameters) {
-		$uid = $parameters['uid'];
+		$userid = $parameters['uid'];
 		$samlBackend = new OC_USER_SAML();
 
 		if ($samlBackend->auth->isAuthenticated()) {
 			$attributes = $samlBackend->auth->getAttributes();
 
-			if (array_key_exists($samlBackend->usernameMapping, $attributes) && $attributes[$samlBackend->usernameMapping][0] == $uid) {
+			$usernameFound = false;
+			foreach($samlBackend->usernameMapping as $usernameMapping) {
+				if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
+					$usernameFound = true;
+					$uid = $attributes[$usernameMapping][0];
+					OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
+					break;
+				}
+			}
+
+			if ($usernameFound && $uid == $userid) {
 
 				$attributes = $samlBackend->auth->getAttributes();
 
-				if (array_key_exists($samlBackend->mailMapping, $attributes)) {
-					$saml_email = $attributes[$samlBackend->mailMapping][0];
+				$saml_email = '';
+				foreach ($samlBackend->mailMapping as $mailMapping) {
+					if (array_key_exists($mailMapping, $attributes) && !empty($attributes[$mailMapping][0])) {
+						$saml_email = $attributes[$mailMapping][0];
+						break;
+					}
 				}
 
-				if (array_key_exists($samlBackend->displayNameMapping, $attributes)) {
-					$display_name = $attributes[$samlBackend->displayNameMapping][0];
+				$saml_display_name = '';
+				foreach ($samlBackend->displayNameMapping as $displayNameMapping) {
+					if (array_key_exists($displayNameMapping, $attributes) && !empty($attributes[$displayNameMapping][0])) {
+						$saml_display_name = $attributes[$displayNameMapping][0];
+						break;
+					}
 				}
 
-				if (array_key_exists($samlBackend->groupMapping, $attributes)) {
-					$saml_groups = $attributes[$samlBackend->groupMapping];
+				$saml_groups = array();
+				foreach ($samlBackend->groupMapping as $groupMapping) {
+					if (array_key_exists($groupMapping, $attributes) && !empty($attributes[$groupMapping])) {
+						$saml_groups = array_merge($saml_groups, $attributes[$groupMapping]);
+					}
 				}
-				else if (!empty($samlBackend->defaultGroup)) {
+				if (empty($saml_groups) && !empty($samlBackend->defaultGroup)) {
 					$saml_groups = array($samlBackend->defaultGroup);
 					OC_Log::write('saml','Using default group "'.$samlBackend->defaultGroup.'" for the user: '.$uid, OC_Log::DEBUG);
 				}
@@ -69,8 +90,8 @@ class OC_USER_SAML_Hooks {
 							if (isset($saml_groups)) {
 								update_groups($uid, $saml_groups, $samlBackend->protectedGroups, true);
 							}
-							if (isset($display_name)) {
-								update_display_name($uid, $display_name);
+							if (isset($saml_display_name)) {
+								update_display_name($uid, $saml_display_name);
 							}
 						}
 					}
@@ -84,8 +105,8 @@ class OC_USER_SAML_Hooks {
 						if (isset($saml_groups)) {
 							update_groups($uid, $saml_groups, $samlBackend->protectedGroups, false);
 						}
-						if (isset($display_name)) {
-							update_display_name($uid, $display_name);
+						if (isset($saml_display_name)) {
+							update_display_name($uid, $saml_display_name);
 						}
 					}
 				}
@@ -116,12 +137,12 @@ function update_mail($uid, $email) {
 }
 
 
-function update_groups($uid, $groups, $protected_groups=array(), $just_created=false) {
+function update_groups($uid, $groups, $protectedGroups=array(), $just_created=false) {
 
 	if(!$just_created) {
 		$old_groups = OC_Group::getUserGroups($uid);
 		foreach($old_groups as $group) {
-			if(!in_array($group, $protected_groups) && !in_array($group, $groups)) {
+			if(!in_array($group, $protectedGroups) && !in_array($group, $groups)) {
 				OC_Group::removeFromGroup($uid,$group);
 				OC_Log::write('saml','Removed "'.$uid.'" from the group "'.$group.'"', OC_Log::DEBUG);
 			}
@@ -145,6 +166,6 @@ function update_groups($uid, $groups, $protected_groups=array(), $just_created=f
 	}
 }
 
-function update_display_name($uid, $display_name) {
-	OC_User::setDisplayName($uid, $display_name);
+function update_display_name($uid, $displayName) {
+	OC_User::setDisplayName($uid, $displayName);
 }
diff --git a/user_saml/user_saml.php b/user_saml/user_saml.php
index f0d238280..af5b5d68d 100644
--- a/user_saml/user_saml.php
+++ b/user_saml/user_saml.php
@@ -45,11 +45,11 @@ class OC_USER_SAML extends OC_User_Backend {
 		$this->autocreate = OCP\Config::getAppValue('user_saml', 'saml_autocreate', false);
 		$this->updateUserData = OCP\Config::getAppValue('user_saml', 'saml_update_user_data', false);
 		$this->defaultGroup = OCP\Config::getAppValue('user_saml', 'saml_default_group', '');
-		$this->protectedGroups = explode (',', str_replace(' ', '', OCP\Config::getAppValue('user_saml', 'saml_protected_groups', '')));
-		$this->usernameMapping = OCP\Config::getAppValue('user_saml', 'saml_username_mapping', '');
-		$this->mailMapping = OCP\Config::getAppValue('user_saml', 'saml_email_mapping', '');
-		$this->displayNameMapping = OCP\Config::getAppValue('user_saml', 'saml_displayname_mapping', '');
-		$this->groupMapping = OCP\Config::getAppValue('user_saml', 'saml_group_mapping', '');
+		$this->protectedGroups = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_protected_groups', '')));
+		$this->usernameMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_username_mapping', '')));
+		$this->mailMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_email_mapping', '')));
+		$this->displayNameMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_displayname_mapping', '')));
+		$this->groupMapping = explode (',', preg_replace('/\s+/', '', OCP\Config::getAppValue('user_saml', 'saml_group_mapping', '')));
 
 		if (!empty($this->sspPath) && !empty($this->spSource)) {
 			include_once $this->sspPath."/lib/_autoload.php";
@@ -73,18 +73,19 @@ class OC_USER_SAML extends OC_User_Backend {
 
 		$attributes = $this->auth->getAttributes();
 
-		if (array_key_exists($this->usernameMapping, $attributes)) {
-			$uid = $attributes[$this->usernameMapping][0];
-			OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
-		}
-		else {
-			OC_Log::write('saml','Not found attribute used to get the username ("'.$this->usernameMapping.'") at the requested saml attribute assertion',OC_Log::DEBUG);
+		foreach($this->usernameMapping as $usernameMapping) {
+			if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
+				$uid = $attributes[$usernameMapping][0];
+				OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
+				return $uid;
+			}
 		}
 
+		OC_Log::write('saml','Not found attribute used to get the username at the requested saml attribute assertion',OC_Log::DEBUG);
 		$secure_cookie = OC_Config::getValue("forcessl", false);
 		$expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15);
 		setcookie("user_saml_logged_in", "1", $expires, '', '', $secure_cookie);
 
-		return $uid;
+		return false;
 	}
 }