USER_SAML: plugin made compatible with ownCloud 6 (rebased)

author: Miroslav Bauer <bauer@cesnet.cz> 2014-02-23 18:31:18 +0400
committer: Miroslav Bauer <bauer@cesnet.cz> 2014-08-14 18:38:13 +0400
commit: 18af96ac60745036012e6817947fe73cd85286cd (patch)
tree: 2f0189428b002483f419debf595afb484a8041ef /user_saml
parent: 1c9e2e54f41b468599975756140eef9011bb4880 (diff)
3 files changed, 81 insertions, 90 deletions
diff --git a/user_saml/appinfo/app.php b/user_saml/appinfo/app.php
index 9b79806fb..9ddb1b3b9 100644
--- a/user_saml/appinfo/app.php
+++ b/user_saml/appinfo/app.php
@@ -40,6 +40,7 @@ if (OCP\App::isEnabled('user_saml')) {
 	OC_User::useBackend( 'SAML' );
 
 	OC::$CLASSPATH['OC_USER_SAML_Hooks'] = 'user_saml/lib/hooks.php';
+	OCP\Util::connectHook('OC_User', 'post_createUser', 'OC_USER_SAML_Hooks', 'post_createUser');
 	OCP\Util::connectHook('OC_User', 'post_login', 'OC_USER_SAML_Hooks', 'post_login');
 	OCP\Util::connectHook('OC_User', 'logout', 'OC_USER_SAML_Hooks', 'logout');
 
diff --git a/user_saml/lib/hooks.php b/user_saml/lib/hooks.php
index 3839e9ca2..70aa14473 100644
--- a/user_saml/lib/hooks.php
+++ b/user_saml/lib/hooks.php
@@ -43,95 +43,10 @@ class OC_USER_SAML_Hooks {
 			}
 
 			if ($usernameFound && $uid == $userid) {
-
-				$attributes = $samlBackend->auth->getAttributes();
-
-				$saml_email = '';
-				foreach ($samlBackend->mailMapping as $mailMapping) {
-					if (array_key_exists($mailMapping, $attributes) && !empty($attributes[$mailMapping][0])) {
-						$saml_email = $attributes[$mailMapping][0];
-						break;
-					}
-				}
-
-				$saml_display_name = '';
-				foreach ($samlBackend->displayNameMapping as $displayNameMapping) {
-					if (array_key_exists($displayNameMapping, $attributes) && !empty($attributes[$displayNameMapping][0])) {
-						$saml_display_name = $attributes[$displayNameMapping][0];
-						break;
-					}
-				}
-
-				$saml_quota = '';
-				if (!empty($samlBackend->quotaMapping)) {
-					foreach ($samlBackend->quotaMapping as $quotaMapping) {
-						if (array_key_exists($quotaMapping, $attributes) && !empty($attributes[$quotaMapping][0])) {
-							$saml_quota = $attributes[$quotaMapping][0];
-							break;
-						}
-					}
-					OC_Log::write('saml','Current quota: "'.$saml_quota.'" for user: '.$uid, OC_Log::DEBUG);
-				}
-
-				if (empty($saml_quota) && !empty($samlBackend->defaultQuota)) {
-					$saml_quota = $samlBackend->defaultQuota;
-					OC_Log::write('saml','Using default quota ('.$saml_quota.') for user: '.$uid, OC_Log::DEBUG);
-				}
-
-				$saml_groups = array();
-				foreach ($samlBackend->groupMapping as $groupMapping) {
-					if (array_key_exists($groupMapping, $attributes) && !empty($attributes[$groupMapping])) {
-						$saml_groups = array_merge($saml_groups, $attributes[$groupMapping]);
-					}
-				}
-				if (empty($saml_groups) && !empty($samlBackend->defaultGroup)) {
-					$saml_groups = array($samlBackend->defaultGroup);
-					OC_Log::write('saml','Using default group "'.$samlBackend->defaultGroup.'" for the user: '.$uid, OC_Log::DEBUG);
-				}
-
-				if (!OC_User::userExists($uid)) {
-					if (preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $uid)) {
-						OC_Log::write('saml','Invalid username "'.$uid.'", allowed chars "a-zA-Z0-9" and "_.@-" ',OC_Log::DEBUG);
-						return false;
-					}
-					else {
-						$random_password = OC_Util::generate_random_bytes(20);
-						OC_Log::write('saml','Creating new user: '.$uid, OC_Log::DEBUG);
-						OC_User::createUser($uid, $random_password);
-						if(OC_User::userExists($uid)) {
-							OC_Util::setupFS($uid);
-							if (isset($saml_email)) {
-								update_mail($uid, $saml_email);
-							}
-							if (isset($saml_groups)) {
-								update_groups($uid, $saml_groups, $samlBackend->protectedGroups, true);
-							}
-							if (isset($saml_display_name)) {
-								update_display_name($uid, $saml_display_name);
-							}
-							if (isset($saml_quota)) {
-								update_quota($uid, $saml_quota);
-							}
-						}
-					}
-				}
-				else {
-					if ($samlBackend->updateUserData) {
-						OC_Util::setupFS($uid);
-						OC_Log::write('saml','Updating data of the user: '.$uid,OC_Log::DEBUG);
-						if(isset($saml_email)) {
-							update_mail($uid, $saml_email);
-						}
-						if (isset($saml_groups)) {
-							update_groups($uid, $saml_groups, $samlBackend->protectedGroups, false);
-						}
-						if (isset($saml_display_name)) {
-							update_display_name($uid, $saml_display_name);
-						}
-						if (isset($saml_quota)) {
-							update_quota($uid, $saml_quota);
-						}
-					}
+				if ($samlBackend->updateUserData) {
+					$attrs = get_user_attributes($uid, $samlBackend);
+					update_user_data($uid, $attrs['email'], $attrs['groups'],
+						$attrs['protected_groups'], $attrs['display_name']);
 				}
 				return true;
 			}
@@ -139,19 +54,78 @@ class OC_USER_SAML_Hooks {
 		return false;
 	}
 
+	static public function post_createUser($parameters) {
+		$uid = $parameters['uid'];
+		$samlBackend = new OC_USER_SAML();
+		if (!$samlBackend->updateUserData) {
+			// Ensure that user data will be filled atleast once
+			$attrs = get_user_attributes($uid, $samlBackend);
+			update_user_data($uid, $attrs['email'], $attrs['groups'],
+				$attrs['protected_groups'], $attrs['display_name'], true);
+		}
+	}
 
 	static public function logout($parameters) {
 		$samlBackend = new OC_USER_SAML();
 		if ($samlBackend->auth->isAuthenticated()) {
 			OC_Log::write('saml', 'Executing SAML logout', OC_Log::DEBUG);
+			unset($_COOKIE["SimpleSAMLAuthToken"]);
+			setcookie('SimpleSAMLAuthToken', '', time()-3600, \OC::$WEBROOT);
+			setcookie('SimpleSAMLAuthToken', '', time()-3600, \OC::$WEBROOT . '/');
 			$samlBackend->auth->logout();
 		}
 		return true;
 	}
+}
+
+function get_user_attributes($uid, $samlBackend) {
+	$attributes = $samlBackend->auth->getAttributes();
+	$result['email'] = '';
+	foreach ($samlBackend->mailMapping as $mailMapping) {
+		if (array_key_exists($mailMapping, $attributes) && !empty($attributes[$mailMapping][0])) {
+			$result['email'] = $attributes[$mailMapping][0];
+			break;
+		}
+	}
 
+	$result['display_name'] = '';
+	foreach ($samlBackend->displayNameMapping as $displayNameMapping) {
+		if (array_key_exists($displayNameMapping, $attributes) && !empty($attributes[$displayNameMapping][0])) {
+			$result['display_name'] = $attributes[$displayNameMapping][0];
+			break;
+		}
+	}
+
+	$result['groups'] = array();
+	foreach ($samlBackend->groupMapping as $groupMapping) {
+		if (array_key_exists($groupMapping, $attributes) && !empty($attributes[$groupMapping])) {
+			$result['groups'] = array_merge($result['groups'], $attributes[$groupMapping]);
+		}
+	}
+	if (empty($result['groups']) && !empty($samlBackend->defaultGroup)) {
+		$result['groups'] = array($samlBackend->defaultGroup);
+		OCP\Util::writeLog('saml','Using default group "'.$samlBackend->defaultGroup.'" for the user: '.$uid, OCP\Util::DEBUG);
+	}
+	$result['protected_groups'] = $samlBackend->protectedGroups;
+	return $result;	
 }
 
 
+function update_user_data($uid, $email=null, $groups=null, $protectedGroups='', $displayName=null, $just_created=false) {
+	OC_Util::setupFS($uid);
+	OCP\Util::writeLog('saml','Updating data of the user: '.$uid, OCP\Util::DEBUG);
+	if(isset($email)) {
+		update_mail($uid, $email);
+	}
+	if (isset($groups)) {
+		update_groups($uid, $groups, $protectedGroups, $just_created);
+	}
+	if (isset($displayName)) {
+		update_display_name($uid, $displayName);
+	}
+}	
+
+
 function update_mail($uid, $email) {
 	if ($email != OC_Preferences::getValue($uid, 'settings', 'email', '')) {
 		OC_Preferences::setValue($uid, 'settings', 'email', $email);
@@ -189,6 +163,7 @@ function update_groups($uid, $groups, $protectedGroups=array(), $just_created=fa
 	}
 }
 
+
 function update_display_name($uid, $displayName) {
 	OC_User::setDisplayName($uid, $displayName);
 }
diff --git a/user_saml/user_saml.php b/user_saml/user_saml.php
index eb6335688..5d69b0191 100644
--- a/user_saml/user_saml.php
+++ b/user_saml/user_saml.php
@@ -80,7 +80,10 @@ class OC_USER_SAML extends OC_User_Backend {
 		foreach($this->usernameMapping as $usernameMapping) {
 			if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
 				$uid = $attributes[$usernameMapping][0];
-				OC_Log::write('saml','Authenticated user '.$uid,OC_Log::DEBUG);
+				OCP\Util::writeLog('saml','Authenticated user '.$uid, OCP\Util::DEBUG);
+				if(!OCP\User::userExists($uid) && $this->autocreate) {
+					return $this->createUser($uid);
+				}
 				return $uid;
 			}
 		}
@@ -92,4 +95,16 @@ class OC_USER_SAML extends OC_User_Backend {
 
 		return false;
 	}
+
+	private function createUser($uid) {
+                if (preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $uid)) {
+                        OCP\Util::writeLog('saml','Invalid username "'.$uid.'", allowed chars "a-zA-Z0-9" and "_.@-" ',OCP\Util::DEBUG);
+                        return false;
+                } else {
+                        $random_password = \OC_Util::generateRandomBytes(64);
+                        OCP\Util::writeLog('saml','Creating new user: '.$uid, OCP\Util::DEBUG);
+                        OC_User::createUser($uid, $random_password);
+                        return $uid;
+                }
+        }
 }
author	Miroslav Bauer <bauer@cesnet.cz>	2014-02-23 18:31:18 +0400
committer	Miroslav Bauer <bauer@cesnet.cz>	2014-08-14 18:38:13 +0400
commit	18af96ac60745036012e6817947fe73cd85286cd (patch)
tree	2f0189428b002483f419debf595afb484a8041ef /user_saml
parent	1c9e2e54f41b468599975756140eef9011bb4880 (diff)