From f0d848d7883f1bcaf26bf0124a493563dfbe7b83 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Fri, 15 Apr 2016 10:13:00 +0200
Subject: [PATCH] Modify the core:AttributeMap authentication processing filter
 to allow fetching mapping files from modules, not only from the
 'attributemap' directory in the root of SSP's installation.

---
 modules/core/docs/authproc_attributemap.txt    | 17 +++++++++++++++--
 modules/core/lib/Auth/Process/AttributeMap.php | 14 ++++++++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/modules/core/docs/authproc_attributemap.txt b/modules/core/docs/authproc_attributemap.txt
index c9daa0b0b..09364dd51 100644
--- a/modules/core/docs/authproc_attributemap.txt
+++ b/modules/core/docs/authproc_attributemap.txt
@@ -4,7 +4,9 @@
 Filter to change attribute names.
 
 This filter can either contain the name of a map file or a set of name => value pairs describing the transformation.
-If configuration references a map file, the file must be located in the `attributemap/`-directory.
+If configuration references a map file, the file must be located in the `attributemap/` directory in the root of
+SimpleSAMLphp's installation. Attribute map files located in the `attributemap/` directory in the root of a module can
+also be used by specifying the file with the `module:file` syntax.
 
 It can also create multiple attributes from a single attribute by specifying multiple target attributes as an array.
 
@@ -31,7 +33,18 @@ Attribute map in separate file:
         ),
     ),
 
-This filter will use the map file from `simpesamlphp/attributemap/name2oid.php`.
+This filter will use the map file from `simplesamlphp/attributemap/name2oid.php`.
+
+Attribute map in a file contained in a module:
+
+    'authproc' => array(
+        50 => array(
+            'class' => 'core:AttributeMap',
+            'module:src2dst'
+        ),
+    ),
+
+This filter will use the map file from `simplesamlphp/modules/module/attributemap/src2dst.php`.
 
 Duplicate attributes based on a map file:
 
diff --git a/modules/core/lib/Auth/Process/AttributeMap.php b/modules/core/lib/Auth/Process/AttributeMap.php
index 1bcec9fdf..2f48b62fa 100644
--- a/modules/core/lib/Auth/Process/AttributeMap.php
+++ b/modules/core/lib/Auth/Process/AttributeMap.php
@@ -68,14 +68,24 @@ class sspmod_core_Auth_Process_AttributeMap extends SimpleSAML_Auth_ProcessingFi
     /**
      * Loads and merges in a file with a attribute map.
      *
-     * @param string $fileName Name of attribute map file. Expected to be in the attribute map dir.
+     * @param string $fileName Name of attribute map file. Expected to be in the attributemap directory in the root
+     * of the SimpleSAMLphp installation, or in the root of a module.
      *
      * @throws Exception If the filter could not load the requested attribute map file.
      */
     private function loadMapFile($fileName)
     {
         $config = SimpleSAML_Configuration::getInstance();
-        $filePath = $config->getPathValue('attributenamemapdir', 'attributemap/').$fileName.'.php';
+
+        $m = explode(':', $fileName);
+        if (count($m) === 2) { // we are asked for a file in a module
+            if (!SimpleSAML\Module::isModuleEnabled($m[0])) {
+                throw new Exception("Module '$m[0]' is not enabled.");
+            }
+            $filePath = SimpleSAML\Module::getModuleDir($m[0]).'/attributemap/'.$m[1].'.php';
+        } else {
+            $filePath = $config->getPathValue('attributenamemapdir', 'attributemap/').$fileName.'.php';
+        }
 
         if (!file_exists($filePath)) {
             throw new Exception('Could not find attribute map file: '.$filePath);
-- 
GitLab