Skip to content

Commit

Permalink
Auth/LDAP/SAML: Handle orphaned UD field ids when applying attribute …
Browse files Browse the repository at this point in the history 
…mappings

(cherry picked from commit 00040a2)
  • Loading branch information
@mjansenDatabay
mjansenDatabay committed Sep 30, 2024
1 parent 42d8511 commit 1f675e8
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 39 deletions.
92 changes: 53 additions & 39 deletions components/ILIAS/LDAP/classes/class.ilLDAPAttributeToUser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,9 +143,11 @@ protected function parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_extern
) as $role_data) {
$this->writer->xmlElement(
'Role',
array('Id' => $role_data['id'],
[
'Id' => $role_data['id'],
'Type' => $role_data['type'],
'Action' => $role_data['action']),
'Action' => $role_data['action']
],
''
);
}
Expand All @@ -165,9 +167,11 @@ protected function parseRoleAssignmentsForCreation(string $a_external_account, a
) as $role_data) {
$this->writer->xmlElement(
'Role',
array('Id' => $role_data['id'],
[
'Id' => $role_data['id'],
'Type' => $role_data['type'],
'Action' => $role_data['action']),
'Action' => $role_data['action']
],
''
);
}
Expand Down Expand Up @@ -196,10 +200,10 @@ private function usersToXML(): void

++$cnt_update;
// User exists
$this->writer->xmlStartTag('User', array('Id' => $usr_id,'Action' => 'Update'));
$this->writer->xmlElement('Login', array(), $user['ilInternalAccount']);
$this->writer->xmlElement('ExternalAccount', array(), $external_account);
$this->writer->xmlElement('AuthMode', array('type' => $this->getNewUserAuthMode()));
$this->writer->xmlStartTag('User', ['Id' => $usr_id, 'Action' => 'Update']);
$this->writer->xmlElement('Login', [], $user['ilInternalAccount']);
$this->writer->xmlElement('ExternalAccount', [], $external_account);
$this->writer->xmlElement('AuthMode', ['type' => $this->getNewUserAuthMode()]);

if ($this->isModeActive(self::MODE_INITIALIZE_ROLES)) {
$this->parseRoleAssignmentsForCreation($external_account, $user);
Expand All @@ -210,28 +214,28 @@ private function usersToXML(): void
} else {
++$cnt_create;
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), ilAuthUtils::_generateLogin($external_account));
$this->writer->xmlStartTag('User', ['Action' => 'Insert']);
$this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($external_account));

$this->parseRoleAssignmentsForCreation($external_account, $user);
$rules = $this->mapping->getRules(true);
}

$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('Active', [], "true");
$this->writer->xmlElement('TimeLimitOwner', [], 7);
$this->writer->xmlElement('TimeLimitUnlimited', [], 1);
$this->writer->xmlElement('TimeLimitFrom', [], time());
$this->writer->xmlElement('TimeLimitUntil', [], time());

// only for new users.
// If auth_mode is 'default' (ldap) this status should remain.
if (!$user['ilInternalAccount']) {
$this->writer->xmlElement(
'AuthMode',
array('type' => $this->getNewUserAuthMode()),
['type' => $this->getNewUserAuthMode()],
$this->getNewUserAuthMode()
);
$this->writer->xmlElement('ExternalAccount', array(), $external_account);
$this->writer->xmlElement('ExternalAccount', [], $external_account);
}
foreach ($rules as $field => $data) {
// Do Mapping: it is possible to assign multiple ldap attribute to one user data field
Expand All @@ -244,87 +248,87 @@ private function usersToXML(): void
switch (strtolower($value)) {
case 'm':
case 'male':
$this->writer->xmlElement('Gender', array(), 'm');
$this->writer->xmlElement('Gender', [], 'm');
break;

case 'f':
case 'female':
$this->writer->xmlElement('Gender', array(), 'f');
$this->writer->xmlElement('Gender', [], 'f');
break;

default:
// use the default for anything that is not clearly m or f
$this->writer->xmlElement('Gender', array(), 'n');
$this->writer->xmlElement('Gender', [], 'n');
break;
}
break;

case 'firstname':
$this->writer->xmlElement('Firstname', array(), $value);
$this->writer->xmlElement('Firstname', [], $value);
break;

case 'lastname':
$this->writer->xmlElement('Lastname', array(), $value);
$this->writer->xmlElement('Lastname', [], $value);
break;

case 'hobby':
$this->writer->xmlElement('Hobby', array(), $value);
$this->writer->xmlElement('Hobby', [], $value);
break;

case 'title':
$this->writer->xmlElement('Title', array(), $value);
$this->writer->xmlElement('Title', [], $value);
break;

case 'institution':
$this->writer->xmlElement('Institution', array(), $value);
$this->writer->xmlElement('Institution', [], $value);
break;

case 'department':
$this->writer->xmlElement('Department', array(), $value);
$this->writer->xmlElement('Department', [], $value);
break;

case 'street':
$this->writer->xmlElement('Street', array(), $value);
$this->writer->xmlElement('Street', [], $value);
break;

case 'city':
$this->writer->xmlElement('City', array(), $value);
$this->writer->xmlElement('City', [], $value);
break;

case 'zipcode':
$this->writer->xmlElement('PostalCode', array(), $value);
$this->writer->xmlElement('PostalCode', [], $value);
break;

case 'country':
$this->writer->xmlElement('Country', array(), $value);
$this->writer->xmlElement('Country', [], $value);
break;

case 'phone_office':
$this->writer->xmlElement('PhoneOffice', array(), $value);
$this->writer->xmlElement('PhoneOffice', [], $value);
break;

case 'phone_home':
$this->writer->xmlElement('PhoneHome', array(), $value);
$this->writer->xmlElement('PhoneHome', [], $value);
break;

case 'phone_mobile':
$this->writer->xmlElement('PhoneMobile', array(), $value);
$this->writer->xmlElement('PhoneMobile', [], $value);
break;

case 'fax':
$this->writer->xmlElement('Fax', array(), $value);
$this->writer->xmlElement('Fax', [], $value);
break;

case 'email':
$this->writer->xmlElement('Email', array(), $value);
$this->writer->xmlElement('Email', [], $value);
break;

case 'second_email':
$this->writer->xmlElement('SecondEmail', array(), $value);
$this->writer->xmlElement('SecondEmail', [], $value);
break;

case 'matriculation':
$this->writer->xmlElement('Matriculation', array(), $value);
$this->writer->xmlElement('Matriculation', [], $value);
break;

default:
Expand All @@ -338,10 +342,20 @@ private function usersToXML(): void
}
$this->initUserDefinedFields();
$definition = $this->udf->getDefinition((int) $id_data[1]);
if (empty($definition)) {
$this->logger->warning(sprintf(
"Invalid/Orphaned UD field mapping detected: %s",
$field
));
break;
}

$this->writer->xmlElement(
'UserDefinedField',
array('Id' => $definition['il_id'],
'Name' => $definition['field_name']),
[
'Id' => $definition['il_id'],
'Name' => $definition['field_name']
],
$value
);
break;
Expand Down
8 changes: 8 additions & 0 deletions components/ILIAS/Saml/classes/class.ilAuthProviderSaml.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,6 +492,14 @@ private function buildUserAttributeXml(
}

$definition = ilUserDefinedFields::_getInstance()->getDefinition((int) $udf_data[1]);
if (empty($definition)) {
ilLoggerFactory::getLogger('auth')->warning(sprintf(
"Invalid/Orphaned UD field mapping detected: %s",
$rule->getAttribute()
));
break;
}

$xml_writer->xmlElement(
'UserDefinedField',
['Id' => $definition['il_id'], 'Name' => $definition['field_name']],
Expand Down

0 comments on commit 1f675e8

Please sign in to comment.