diff --git a/inc/config.class.php b/inc/config.class.php index c6173a8..6162f8d 100644 --- a/inc/config.class.php +++ b/inc/config.class.php @@ -51,11 +51,17 @@ static function install() { INSERT INTO `$table` (name, value) VALUES ('url', ''), ('key', ''), - ('group', '') + ('duplicate', 'id') SQL; $DB->queryOrDie($addquery, $DB->error()); - } + } else if (PLUGIN_OKTA_VERSION == "1.2.2") { + $query = <<queryOrDie($query, $DB->error()); + } return true; } @@ -208,14 +214,25 @@ private static function createOrUpdateUser($userId) { 'phone_number' => 'mobilePhone', 'preferred_username' => 'login', ]; + $OidcTranslation = [ + 'id' => 'id', + 'name' => 'name', + 'given_name' => 'firstName', + 'family_name' => 'lastName', + 'phone_number' => 'phone', + 'email' => 'email' + ]; + + $config = self::getConfigValues(); + if ($config['duplicate'] != 'email') { + $duplicateIndex = $OidcTranslation[$config['duplicate']]; + } $newUser = new User(); $OidcMappings = iterator_to_array($DB->query("SELECT * FROM glpi_oidc_mapping"))[0]; - if (!isset($OidcMappings['name'])) return false; - $distantUser = self::fetchUserById($userId); - $localUsers = iterator_to_array($DB->query("SELECT * FROM glpi_users")); - $localNames = array_combine(array_column($localUsers, 'id'), array_column($localUsers, 'name')); + if (!isset($OidcMappings[$OidcMappings[$config['duplicate']]])) return false; + $distantUser = self::fetchUserById($userId); if (!$distantUser) return false; $userObject = []; foreach ($apiMappings as $key => $value) { @@ -225,25 +242,26 @@ private static function createOrUpdateUser($userId) { }; $profile = $distantUser['profile']; $profile += ['id' => $distantUser['id']]; - if (!isset($OidcMappings['name']) || !isset($apiMappings[$OidcMappings['name']])) { - Session::addMessageAfterRedirect(__('No okta mapping found for : ', 'okta') . $OidcMappings['name'], false, ERROR); - return false; - } - $userName = $profile[$apiMappings[$OidcMappings['name']]]; - $ID = array_search($userName, $localNames); - + + $query = "SELECT * FROM glpi_users + LEFT JOIN glpi_useremails ON glpi_users.id = glpi_useremails.users_id + WHERE " . $OidcTranslation[$config['duplicate']] . " = '" . $profile[$apiMappings[$config['duplicate']]] . "'"; + $localUser = iterator_to_array($DB->query($query)); + $localUser = empty($localUser) ? false : $localUser[0]; + + $ID = empty($localUser) ? false : $localUser['id']; if (!$ID) { $rule = new RuleRightCollection(); $input = [ 'authtype' => Auth::EXTERNAL, - 'name' => $userName, + 'name' => $profile[$apiMappings[$OidcMappings['name']]], '_extauth' => 1, 'add' => 1 ]; $input = $rule->processAllRules([], Toolbox::stripslashes_deep($input), [ 'type' => Auth::EXTERNAL, - 'email' => $userObject["email"] ?? '', - 'login' => $userName, + 'email' => $profile["email"] ?? '', + 'login' => $profile[$apiMappings[$OidcMappings['name']]], ]); $input['_ruleright_process'] = true; @@ -276,6 +294,7 @@ static function importUser($userId, $groupId = null) { * @return void */ public function showConfigForm() { + global $DB; if (!Session::haveRight("plugin_okta_config",UPDATE)) { return false; } @@ -304,6 +323,20 @@ public function showConfigForm() { API key + + Duplicate key + + diff --git a/setup.php b/setup.php index 0133088..7d7b8e1 100644 --- a/setup.php +++ b/setup.php @@ -30,7 +30,7 @@ * --------------------------------------------------------------------- */ -define('PLUGIN_OKTA_VERSION', '1.1.2'); +define('PLUGIN_OKTA_VERSION', '1.2.2'); if (!defined("PLUGIN_OKTA_DIR")) { define("PLUGIN_OKTA_DIR", Plugin::getPhpDir("okta"));