From ee93927ef9c237eb38c204d1bbef862a7cc6fe50 Mon Sep 17 00:00:00 2001 From: Ishan Jayamanne Date: Mon, 4 Apr 2022 12:30:21 +1200 Subject: [PATCH 1/3] Create an extend method to update/use attributes of the user --- src/Control/SAMLController.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Control/SAMLController.php b/src/Control/SAMLController.php index 85ddcc9..aefd691 100644 --- a/src/Control/SAMLController.php +++ b/src/Control/SAMLController.php @@ -165,6 +165,8 @@ public function acs() $attributes['GUID'][0] = $guid; } + $this->extend('updateAttributes', $attributes); + $fieldToClaimMap = array_flip(Member::config()->claims_field_mappings); // Write a rudimentary member with basic fields on every login, so that we at least have something From 86432bf07645f271d88e3d4cc7317083cb667d5a Mon Sep 17 00:00:00 2001 From: Ishan Jayamanne Date: Mon, 4 Apr 2022 21:40:46 +1200 Subject: [PATCH 2/3] Generate valid Guid to match the validation. --- src/Control/SAMLController.php | 3 +-- src/Helpers/SAMLHelper.php | 2 +- tests/php/Helpers/SAMLHelperTest.php | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/Control/SAMLController.php b/src/Control/SAMLController.php index aefd691..f39ab0e 100644 --- a/src/Control/SAMLController.php +++ b/src/Control/SAMLController.php @@ -156,8 +156,6 @@ public function acs() return $this->getRedirect(); } - $this->extend('updateGuid', $guid); - $attributes = $auth->getAttributes(); // Allows setups that map GUID (email format) to email {@see SAMLConfiguration::$expose_guid_as_attribute}. @@ -166,6 +164,7 @@ public function acs() } $this->extend('updateAttributes', $attributes); + $this->extend('updateGuid', $guid); $fieldToClaimMap = array_flip(Member::config()->claims_field_mappings); diff --git a/src/Helpers/SAMLHelper.php b/src/Helpers/SAMLHelper.php index 6993825..0249e7b 100644 --- a/src/Helpers/SAMLHelper.php +++ b/src/Helpers/SAMLHelper.php @@ -124,7 +124,7 @@ public function binToStrGuid($object_guid) $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); } $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); - $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); + $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20, 12); return strtoupper($hex_guid_to_guid_str); } diff --git a/tests/php/Helpers/SAMLHelperTest.php b/tests/php/Helpers/SAMLHelperTest.php index fd793a3..14df03c 100644 --- a/tests/php/Helpers/SAMLHelperTest.php +++ b/tests/php/Helpers/SAMLHelperTest.php @@ -36,6 +36,6 @@ public function guidProvider() public function testBinToStrGuid() { $result = SAMLHelper::singleton()->binToStrGuid('thequ!ckbrownf0xjumpsov3rthel4zyd06'); - $this->assertSame('71656874-2175-6B63-6272-6F776E6630786A756D70736F7633727468656C347A79643036', $result); + $this->assertSame('71656874-2175-6B63-6272-6F776E663078', $result); } } From 1c53941670f2bcb894053ca168f16d90552b3679 Mon Sep 17 00:00:00 2001 From: Ishan Jayamanne Date: Mon, 27 Nov 2023 10:51:41 +1300 Subject: [PATCH 3/3] Add a new hook to update the silverstripe request. --- src/Control/SAMLController.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Control/SAMLController.php b/src/Control/SAMLController.php index f39ab0e..a42ed72 100644 --- a/src/Control/SAMLController.php +++ b/src/Control/SAMLController.php @@ -166,6 +166,10 @@ public function acs() $this->extend('updateAttributes', $attributes); $this->extend('updateGuid', $guid); + $request = $this->getRequest(); + $this->extend('updateRequest', $request); + $this->setRequest($request); + $fieldToClaimMap = array_flip(Member::config()->claims_field_mappings); // Write a rudimentary member with basic fields on every login, so that we at least have something