feat: Customizable IdPEnityID location (from attribute)

7d5d85ee · Dominik František Bučík · 9665f187 · 7d5d85ee · 7d5d85ee · 7d5d85ee
Verified Commit 7d5d85ee authored 3 years ago by Dominik František Bučík
--- a/config-templates/module_proxystatistics.php
+++ b/config-templates/module_proxystatistics.php
@@ -62,6 +62,12 @@ $config = [
     */
    //'userIdAttribute' => 'uid',

+    /*
+     * Which attribute should be used for IdP Entity ID
+     * if left empty, it will be extracted from the request object.
+     */
+    //'sourceIdpEntityIdAttribute' => 'sourceIdpEntityID',
+
    /*
     * Database table names. Default is to keep the name (as in `tables.sql`)
     */

--- a/lib/Config.php
+++ b/lib/Config.php
@@ -26,6 +26,8 @@ class Config

    private const USER_ID_ATTRIBUTE = 'userIdAttribute';

+    private const SOURCE_IDP_ENTITY_ID_ATTRIBUTE = 'sourceIdpEntityIdAttribute';
+
    private const REQUIRE_AUTH_SOURCE = 'requireAuth.source';

    private const KEEP_PER_USER = 'keepPerUser';
@@ -36,6 +38,8 @@ class Config

    private $mode;

+    private $sourceIdpEntityIdAttribute;
+
    private static $instance;

    private function __construct()
@@ -44,6 +48,7 @@ class Config
        $this->store = $this->config->getConfigItem(self::STORE, null);
        $this->tables = $this->config->getArray('tables', []);
        $this->mode = $this->config->getValueValidate(self::MODE, ['PROXY', 'IDP', 'SP', 'MULTI_IDP'], 'PROXY');
+        $this->sourceIdpEntityIdAttribute = $this->config->getString(self::SOURCE_IDP_ENTITY_ID_ATTRIBUTE, '');
    }

    private function __clone()
@@ -79,6 +84,11 @@ class Config
        return $this->config->getString(self::USER_ID_ATTRIBUTE, 'uid');
    }

+    public function getSourceIdpEntityIdAttribute()
+    {
+        return $this->sourceIdpEntityIdAttribute;
+    }
+
    public function getSideInfo($side)
    {
        assert(in_array($side, [self::SIDES], true));

--- a/lib/DatabaseCommand.php
+++ b/lib/DatabaseCommand.php
@@ -71,8 +71,7 @@ class DatabaseCommand
            }
        }

-        $idAttribute = $this->config->getIdAttribute();
-        $userId = isset($request['Attributes'][$idAttribute]) ? $request['Attributes'][$idAttribute][0] : '';
+        $userId = $this->getUserId($request);

        $ids = [];
        foreach (self::TABLE_SIDES as $side => $table) {
@@ -273,23 +272,19 @@ class DatabaseCommand
        return $this->conn->write($query, $params);
    }

-    private function getEntities($request)
+    private function getEntities($request): array
    {
        $entities = [
            Config::MODE_IDP => [],
            Config::MODE_SP => [],
        ];
        if (Config::MODE_IDP !== $this->mode && Config::MODE_MULTI_IDP !== $this->mode) {
-            $entities[Config::MODE_IDP]['id'] = $request['saml:sp:IdP'];
-            $entities[Config::MODE_IDP]['name'] = $request['Attributes']['sourceIdPName'][0];
+            $entities[Config::MODE_IDP]['id'] = $this->getIdpIdentifier($request);
+            $entities[Config::MODE_IDP]['name'] = $this->getIdpName($request);
        }
        if (Config::MODE_SP !== $this->mode) {
-            $entities[Config::MODE_SP]['id'] = $request['Destination']['entityid'];
-            if (isset($request['Destination']['UIInfo']['DisplayName']['en'])) {
-                $entities[Config::MODE_SP]['name'] = $request['Destination']['UIInfo']['DisplayName']['en'];
-            } else {
-                $entities[Config::MODE_SP]['name'] = $request['Destination']['name']['en'] ?? '';
-            }
+            $entities[Config::MODE_SP]['id'] = $this->getSpIdentifier($request);
+            $entities[Config::MODE_SP]['name'] = $this->getSpName($request);
        }

        if (Config::MODE_PROXY !== $this->mode && Config::MODE_MULTI_IDP !== $this->mode) {
@@ -372,4 +367,41 @@ class DatabaseCommand

        return $this->escape_cols($columns);
    }
+
+    private function getIdpIdentifier($request)
+    {
+        $sourceIdpEntityIdAttribute = $this->config->getSourceIdpEntityIdAttribute();
+        if (!empty($sourceIdpEntityIdAttribute) && !empty($request['Attributes'][$sourceIdpEntityIdAttribute][0])) {
+            return $request['Attributes'][$sourceIdpEntityIdAttribute][0];
+        }
+
+        return $request['saml:sp:IdP'];
+    }
+
+    private function getUserId($request)
+    {
+        $idAttribute = $this->config->getIdAttribute();
+
+        return isset($request['Attributes'][$idAttribute]) ? $request['Attributes'][$idAttribute][0] : '';
+    }
+
+    private function getIdpName($request)
+    {
+        return $request['Attributes']['sourceIdPName'][0];
+    }
+
+    private function getSpIdentifier($request)
+    {
+        return $request['Destination']['entityid'];
+    }
+
+    private function getSpName($request)
+    {
+        $displayName = $request['Destination']['UIInfo']['DisplayName']['en'] ?? '';
+        if (empty($displayName)) {
+            $displayName = $request['Destination']['name']['en'] ?? '';
+        }
+
+        return$displayName;
+    }
 }