mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-12-22 19:58:28 +00:00
767699a066
An empty (but valid formed) groups list provided via the OIDC ID token would be considered as a lacking detail, and therefore trigger a lookup to the userinfo endpoint in an attempt to get that information. This fixes this to properly distinguish between not-provided and empty state, to avoid userinfo where provided as valid but empty. Includes test to cover. For #5101
76 lines
2.1 KiB
PHP
76 lines
2.1 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Access\Oidc;
|
|
|
|
use Illuminate\Support\Arr;
|
|
|
|
class OidcUserDetails
|
|
{
|
|
public function __construct(
|
|
public ?string $externalId = null,
|
|
public ?string $email = null,
|
|
public ?string $name = null,
|
|
public ?array $groups = null,
|
|
) {
|
|
}
|
|
|
|
/**
|
|
* Check if the user details are fully populated for our usage.
|
|
*/
|
|
public function isFullyPopulated(bool $groupSyncActive): bool
|
|
{
|
|
$hasEmpty = empty($this->externalId)
|
|
|| empty($this->email)
|
|
|| empty($this->name)
|
|
|| ($groupSyncActive && $this->groups === null);
|
|
|
|
return !$hasEmpty;
|
|
}
|
|
|
|
/**
|
|
* Populate user details from the given claim data.
|
|
*/
|
|
public function populate(
|
|
ProvidesClaims $claims,
|
|
string $idClaim,
|
|
string $displayNameClaims,
|
|
string $groupsClaim,
|
|
): void {
|
|
$this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;
|
|
$this->email = $claims->getClaim('email') ?? $this->email;
|
|
$this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;
|
|
$this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;
|
|
}
|
|
|
|
protected static function getUserDisplayName(string $displayNameClaims, ProvidesClaims $token): string
|
|
{
|
|
$displayNameClaimParts = explode('|', $displayNameClaims);
|
|
|
|
$displayName = [];
|
|
foreach ($displayNameClaimParts as $claim) {
|
|
$component = $token->getClaim(trim($claim)) ?? '';
|
|
if ($component !== '') {
|
|
$displayName[] = $component;
|
|
}
|
|
}
|
|
|
|
return implode(' ', $displayName);
|
|
}
|
|
|
|
protected static function getUserGroups(string $groupsClaim, ProvidesClaims $token): ?array
|
|
{
|
|
if (empty($groupsClaim)) {
|
|
return null;
|
|
}
|
|
|
|
$groupsList = Arr::get($token->getAllClaims(), $groupsClaim);
|
|
if (!is_array($groupsList)) {
|
|
return null;
|
|
}
|
|
|
|
return array_values(array_filter($groupsList, function ($val) {
|
|
return is_string($val);
|
|
}));
|
|
}
|
|
}
|