Implement LDAP attribute fallback

README.md

@@ -94,6 +94,8 @@ REDCap 12.0.7 Standard / REDCap 12.0.8 LTS or newer.
 
   - **LDAP Attribute mappings:** When LDAP is enabled, custom attribute mappings for email, first, last, and full name can be set. These will be used when attempting to get email and full name of an authenticated user.
 
+  - **Fall back to retrieving user information from REDCap's user table when no values are obtained from LDAP attributes:** When enabled and full name or  Fall back to retrieving user information from REDCap's user table when no values are obtained from LDAP attributes
+
   - **Custom:** When selected, custom credentials can be entered into a text box. Type one username-password pair per line, separated by a colon (e.g. `UserXY:secret123`). Usernames are not case-sensitive (passwords are).
 
 - **Use Allowlist:** When checked, a list of usernames (one username per line) can be entered. Only users in this list will be able to authenticate successfully.
@@ -118,6 +120,7 @@ The **@SURVEY-AUTH** action tag can be used inside **@IF** action tags. Note tha
 
 Release | Description
 ------- | ---------------------
+v1.5.0  | LDAP attributes: Support fallback to REDCap's user table for email and full name.
 v1.4.5  | Fix a potential LDAP error when using PHP8.1+
 v1.4.4  | Critical bug fix: Surveys would be marked as completed before actually getting displayed. This was an unintended side effect of the v1.4.3 "fix". The log leak, for now, cannot be prevent, but the module now immediately sanitizes the `redcap_log_view` table by deleting any such log entries (the delete query is limited to the specific project and instrument).
 v1.4.3  | Critical security bug fix: REDCap logged the POST request, including the clear-text password, in `redcap_log_view`. Run `DELETE FROM redcap_log_view WHERE miscellaneous LIKE "// POST%[redcap_survey_auth-password]%"` against your database to sanitize the table!

SurveyAuthExternalModule.php

@@ -631,6 +631,15 @@ private function doLDAPauth($username, $password, $config, &$result) {
                 }
             }
             @ldap_unbind($ldap);
+            // Optional fallback mapping of username and email from REDCap's user table
+            if ($this->settings->fallbackToTableUserInfo && (empty($result["fullname"]) || empty($result["email"]))) {
+                $sql = "SELECT `user_email`, `user_firstname`, `user_lastname` FROM redcap_user_information WHERE `username` = ? LIMIT 1";
+                $q = $this->query($sql, [$result["username"]]);
+                if ($row = $q->fetch_assoc()) {
+                    if (empty($result["fullname"])) $result["fullname"] = trim("{$row["user_firstname"]} {$row["user_lastname"]}");
+                    if (empty($result["email"])) $result["email"] = $row["user_email"];
+                }
+            }
         }
         catch (\Exception $e) {
             $result["log_error"][] = "LDAP error: " . $e->getMessage();

classes/SurveyAuthSettings.php

@@ -26,6 +26,7 @@ class SurveyAuthSettings {
     public $useCustom;
     public $customCredentials;
     public $otherLDAPConfigs;
+    public $fallbackToTableUserInfo;
     public $ldapMappings = array(
         "email" => array(),
         "fullname" => array(),
@@ -73,6 +74,7 @@ function __construct($module)
             $this->useOtherLDAP = $this->getValue("surveyauth_useotherldap", false);
             $this->useCustom = $this->getValue("surveyauth_usecustom", false);
             $this->otherLDAPConfigs = json_decode($this->getValue("surveyauth_otherldap", "[]"), true);
+            $this->fallbackToTableUserInfo = $this->getValue("surveyauth_ldap_uifallback", false);
             if (!is_array($this->otherLDAPConfigs)) $this->otherLDAPConfigs = array();
             $defaults = array(
                 "email" => "email,mail",

config.json

@@ -186,6 +186,18 @@
                 ]
             }
         },
+        {
+            "key":"surveyauth_ldap_uifallback",
+            "name":"Fall back to retrieving user information from REDCap's user table when no values are obtained from LDAP attributes",
+            "type": "checkbox",
+            "branchingLogic": {
+                "type": "or",
+                "conditions": [
+                    { "field": "surveyauth_useldap", "value": true },
+                    { "field": "surveyauth_useotherldap", "value": true }
+                ]
+            }            
+        },
         {
             "key": "surveyauth_usecustom",
             "name": "Custom",