From 443a7665405865552eea6e7dd7626221459470bc Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Mon, 27 Nov 2023 10:53:22 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Option=20to=20ignore=20l?=
 =?UTF-8?q?ogins=20by=20SP/IDP=20EntityID=20in=20config?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ability to configure for which matched SP and/or IDP the login insert
gets ignored. Particularly usable in case of using API writer. The
writing side does not need to take care of filtering out the login
record, stats will do it instead.
---
 config-templates/module_proxystatistics.php |  6 ++++++
 lib/Config.php                              | 10 ++++++++++
 lib/DatabaseCommand.php                     | 18 ++++++++++++++++++
 3 files changed, 34 insertions(+)

diff --git a/config-templates/module_proxystatistics.php b/config-templates/module_proxystatistics.php
index f1fd423..c0dfbe2 100644
--- a/config-templates/module_proxystatistics.php
+++ b/config-templates/module_proxystatistics.php
@@ -103,4 +103,10 @@ $config = [
      * Password to protect API write endpoint (has no effect if write is disabled)
      */
     //'apiWritePasswordHash' => password_hash('ap1Wr1T3rP@S$'),
+
+    'ignoredIds' => [
+        'IDP' => ['spentityid1', 'spentityid2', 'spentityid3',],
+        'SP' => ['idpentityid1', 'idpentityid2', 'idpentityid3',],
+    ],
+
 ];
diff --git a/lib/Config.php b/lib/Config.php
index e2a9ea9..fd443dd 100644
--- a/lib/Config.php
+++ b/lib/Config.php
@@ -41,6 +41,8 @@ class Config
 
     private const API_WRITE_PASSWORD_HASH = 'apiWritePasswordHash';
 
+    private const IGNORED_IDS = 'ignoredIds';
+
     private $config;
 
     private $store;
@@ -63,6 +65,8 @@ class Config
 
     private $apiWritePasswordHash;
 
+    private $ignoredIds;
+
     private static $instance;
 
     private function __construct()
@@ -76,6 +80,7 @@ class Config
         $this->requiredAuthSource = $this->config->getString(self::REQUIRE_AUTH_SOURCE, '');
         $this->idAttribute = $this->config->getString(self::USER_ID_ATTRIBUTE, 'uid');
         $this->apiWriteEnabled = $this->config->getBoolean(self::API_WRITE_ENABLED, false);
+        $this->ignoredIds = $this->config->getArray(self::IGNORED_IDS, []);
         if ($this->apiWriteEnabled) {
             $this->apiWriteUsername = $this->config->getString(self::API_WRITE_USERNAME);
             if (empty(trim($this->apiWriteUsername))) {
@@ -162,4 +167,9 @@ class Config
     {
         return $this->apiWritePasswordHash;
     }
+
+    public function getIgnoredIds()
+    {
+        return $this->ignoredIds;
+    }
 }
diff --git a/lib/DatabaseCommand.php b/lib/DatabaseCommand.php
index 8c92a51..cfe8089 100644
--- a/lib/DatabaseCommand.php
+++ b/lib/DatabaseCommand.php
@@ -60,6 +60,11 @@ class DatabaseCommand
 
     private $mode;
 
+    private $ignoredIds = [
+        Config::MODE_IDP => [],
+        Config::MODE_SP => [],
+    ];
+
     private $escape_char = '`';
 
     public function __construct()
@@ -73,6 +78,7 @@ class DatabaseCommand
         } else {
             $this->unknownDriver();
         }
+        $this->ignoredIds = array_merge($this->ignoredIds, $this->config->getIgnoredIds());
         $this->tables = array_merge($this->tables, $this->config->getTables());
         $this->mode = $this->config->getMode();
     }
@@ -269,6 +275,18 @@ class DatabaseCommand
 
                 return;
             }
+            $entityId = $entities[$side][self::KEY_ID];
+            if (in_array($entityId, $this->ignoredIds[$side])) {
+                Logger::debug(
+                    sprintf(
+                        "%s EntityId of %s (%s) has been found in the ignored list. Not inserting login.",
+                        self::DEBUG_PREFIX,
+                        $side,
+                        $entityId
+                    )
+                );
+                return;
+            }
         }
 
         $ids = [];
-- 
GitLab