From 873c9686a8b87a522442b0f208c83bd987552f84 Mon Sep 17 00:00:00 2001
From: Matt Schwager <schwag09@gmail.com>
Date: Thu, 29 Nov 2018 08:36:27 -0700
Subject: [PATCH] Fixes #970, improve AttributeMap overwrite behavior

---
 .../core/lib/Auth/Process/AttributeMap.php    |  3 ++
 .../lib/Auth/Process/AttributeMapTest.php     | 42 +++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/modules/core/lib/Auth/Process/AttributeMap.php b/modules/core/lib/Auth/Process/AttributeMap.php
index cedde6877..7992f8b69 100644
--- a/modules/core/lib/Auth/Process/AttributeMap.php
+++ b/modules/core/lib/Auth/Process/AttributeMap.php
@@ -135,6 +135,9 @@ class AttributeMap extends \SimpleSAML\Auth\ProcessingFilter
                     }
                 }
             } else {
+                if (array_key_exists($name, $mapped_attributes)) {
+                    continue;
+                }
                 $mapped_attributes[$name] = $values;
             }
         }
diff --git a/tests/modules/core/lib/Auth/Process/AttributeMapTest.php b/tests/modules/core/lib/Auth/Process/AttributeMapTest.php
index 7a14dc76c..64ca49232 100644
--- a/tests/modules/core/lib/Auth/Process/AttributeMapTest.php
+++ b/tests/modules/core/lib/Auth/Process/AttributeMapTest.php
@@ -199,4 +199,46 @@ class AttributeMapTest extends TestCase
         $this->setExpectedException('\Exception');
         self::processFilter($config, $request);
     }
+
+    public function testOverwrite()
+    {
+        $config = [
+            'attribute1' => 'attribute2',
+        ];
+        $request = [
+            'Attributes' => [
+                'attribute1' => ['value1'],
+                'attribute2' => ['value2'],
+            ],
+        ];
+
+        $processed = self::processFilter($config, $request);
+        $result = $processed['Attributes'];
+        $expected = [
+            'attribute2' => ['value1'],
+        ];
+
+        $this->assertEquals($expected, $result);
+    }
+
+    public function testOverwriteReversed()
+    {
+        $config = [
+            'attribute1' => 'attribute2',
+        ];
+        $request = [
+            'Attributes' => [
+                'attribute2' => ['value2'],
+                'attribute1' => ['value1'],
+            ],
+        ];
+
+        $processed = self::processFilter($config, $request);
+        $result = $processed['Attributes'];
+        $expected = [
+            'attribute2' => ['value1'],
+        ];
+
+        $this->assertEquals($expected, $result);
+    }
 }
-- 
GitLab