From bed32b460fdba7d8d8ef0586c63272c6d2575643 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 14 Mar 2018 14:58:20 +0100 Subject: try to lookup a user if the uid does not resolve and autoprov is disabled it might well may be that the user exists but is not yet known to the specific backend in Nextcloud and need to be mapped first. This assumes that searching for the uid will actually find the user. This is not necessarily given by the backend configuration. Signed-off-by: Arthur Schiwon --- lib/Controller/SAMLController.php | 7 ++++ tests/unit/Controller/SAMLControllerTest.php | 53 +++++++++++++++++++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php index b3e53d4d..aa4c163f 100644 --- a/lib/Controller/SAMLController.php +++ b/lib/Controller/SAMLController.php @@ -121,6 +121,13 @@ class SAMLController extends Controller { } if(!$userExists && !$autoProvisioningAllowed) { + // it is possible that the user was not logged in before and + // thus is not known to the original backend. A search can + // help with it and make the user known + $this->userManager->search($uid); + if($this->userManager->userExists($uid)) { + return; + } throw new NoUserFoundException(); } elseif(!$userExists && $autoProvisioningAllowed) { $this->userBackend->createUserIfNotExists($uid); diff --git a/tests/unit/Controller/SAMLControllerTest.php b/tests/unit/Controller/SAMLControllerTest.php index d0ad4e0a..def38c1f 100644 --- a/tests/unit/Controller/SAMLControllerTest.php +++ b/tests/unit/Controller/SAMLControllerTest.php @@ -367,7 +367,7 @@ class SAMLControllerTest extends TestCase { ->with('user_saml', 'general-uid_mapping') ->willReturn('uid'); $this->userManager - ->expects($this->once()) + ->expects($this->any()) ->method('userExists') ->with('MyUid') ->willReturn(false); @@ -385,6 +385,57 @@ class SAMLControllerTest extends TestCase { $this->assertEquals($expected, $this->samlController->login()); } + public function testLoginWithEnvVariableAndNotYetMappedUserWithoutProvisioning() { + $this->config + ->expects($this->at(0)) + ->method('getAppValue') + ->with('user_saml', 'type') + ->willReturn('environment-variable'); + $this->session + ->expects($this->once()) + ->method('get') + ->with('user_saml.samlUserData') + ->willReturn([ + 'foo' => 'bar', + 'uid' => 'MyUid', + 'bar' => 'foo', + ]); + $this->config + ->expects($this->at(1)) + ->method('getAppValue') + ->with('user_saml', 'general-uid_mapping') + ->willReturn('uid'); + $this->userManager + ->expects($this->exactly(2)) + ->method('userExists') + ->with('MyUid') + ->willReturnOnConsecutiveCalls(false, true); + $this->userManager + ->expects($this->once()) + ->method('get') + ->with('MyUid') + ->willReturn($this->createMock(IUser::class)); + $this->urlGenerator + ->expects($this->once()) + ->method('getAbsoluteUrl') + ->with('/') + ->willReturn('https://nextcloud.com/absolute/'); + $this->urlGenerator + ->expects($this->never()) + ->method('linkToRouteAbsolute'); + $this->userBackend + ->expects($this->once()) + ->method('autoprovisionAllowed') + ->willReturn(false); + $this->userBackend + ->expects($this->once()) + ->method('getCurrentUserId') + ->willReturn('MyUid'); + + $expected = new RedirectResponse('https://nextcloud.com/absolute/'); + $this->assertEquals($expected, $this->samlController->login()); + } + public function testNotProvisioned() { $expected = new TemplateResponse('user_saml', 'notProvisioned', [], 'guest'); $this->assertEquals($expected, $this->samlController->notProvisioned()); -- cgit v1.2.3