From c571d4be9e6b27850c86effe39b9aa826342b07f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Vysko=C4=8Dil?= <vyskocilpavel@muni.cz>
Date: Mon, 11 Mar 2019 14:39:39 +0100
Subject: [PATCH] Merge pull request #17 from
 Gaeldrin/fix-getAllowedAffiliations

fix for empty LDAP response in IsCesnetEligible::getAllowedAffiliations
---
 CHANGELOG.md                          |  2 ++
 lib/Auth/Process/IsCesnetEligible.php | 10 ++++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7645d13..ddfca43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
+[Fixed]
+- Added verification for empty response from LDAP in IsCesnetEligible::getAllowedAffiliations which is valid state
 
 ## [v1.4.1]
 [Fixed]
diff --git a/lib/Auth/Process/IsCesnetEligible.php b/lib/Auth/Process/IsCesnetEligible.php
index 1175154..b0f6173 100644
--- a/lib/Auth/Process/IsCesnetEligible.php
+++ b/lib/Auth/Process/IsCesnetEligible.php
@@ -139,12 +139,18 @@ class sspmod_cesnet_Auth_Process_IsCesnetEligible extends SimpleSAML_Auth_Proces
 		try {
 			$affiliations = $this->cesnetLdapConnector->searchForEntity(self::ORGANIZATION_LDAP_BASE,'(entityIDofIdP=' . $idpEntityId . ')', array(
 				'cesnetcustomeraffiliation'))['cesnetcustomeraffiliation'];
-			foreach ($affiliations as $affiliation) {
-				array_push($allowedAffiliations, $affiliation);
+
+			if (empty($affiliations)) {
+				SimpleSAML\Logger::debug("cesnet:IsCesnetEligible - Received empty response from LDAP, entityId " . $idpEntityId . " was probably not found.");
+			} else {
+				foreach ($affiliations as $affiliation) {
+					array_push($allowedAffiliations, $affiliation);
+				}
 			}
 		} catch (Exception $ex) {
 			SimpleSAML\Logger::warning("cesnet:IsCesnetEligible - Unable to connect to LDAP!");
 		}
+
 		return $allowedAffiliations;
 	}
 }
-- 
GitLab