From 1d926ab9e04aefcd4e26fb374615d48b241f7992 Mon Sep 17 00:00:00 2001
From: Antoine Lemarchand <antoine.lemarchand@itsm-ng.com>
Date: Mon, 21 Oct 2024 15:50:06 +0200
Subject: [PATCH] feat: duplicate config key

---
 inc/config.class.php | 65 +++++++++++++++++++++++++++++++++-----------
 setup.php            |  2 +-
 2 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/inc/config.class.php b/inc/config.class.php
index c6173a8..6162f8d 100644
--- a/inc/config.class.php
+++ b/inc/config.class.php
@@ -51,11 +51,17 @@ static function install() {
               INSERT INTO `$table` (name, value)
               VALUES ('url', ''),
                      ('key', ''),
-                     ('group', '')
+                     ('duplicate', 'id')
             SQL;
 
             $DB->queryOrDie($addquery, $DB->error());
-      }
+        } else if (PLUGIN_OKTA_VERSION == "1.2.2") {
+            $query = <<<SQL
+              INSERT INTO `$table` (name, value)
+              VALUES ('duplicate', 'id')
+            SQL;
+            $DB->queryOrDie($query, $DB->error());
+        }
 
       return true;
    }
@@ -208,14 +214,25 @@ private static function createOrUpdateUser($userId) {
            'phone_number' => 'mobilePhone',
            'preferred_username' => 'login',
        ];
+       $OidcTranslation = [
+           'id' => 'id',
+           'name' => 'name',
+           'given_name' => 'firstName',
+           'family_name' => 'lastName',
+           'phone_number' => 'phone',
+           'email' => 'email'
+       ];
+
+       $config = self::getConfigValues();
+       if ($config['duplicate'] != 'email') {
+           $duplicateIndex = $OidcTranslation[$config['duplicate']];
+       }
 
        $newUser = new User();
        $OidcMappings = iterator_to_array($DB->query("SELECT * FROM glpi_oidc_mapping"))[0];
-       if (!isset($OidcMappings['name'])) return false;
-       $distantUser = self::fetchUserById($userId);
-       $localUsers = iterator_to_array($DB->query("SELECT * FROM glpi_users"));
-       $localNames = array_combine(array_column($localUsers, 'id'), array_column($localUsers, 'name'));
+       if (!isset($OidcMappings[$OidcMappings[$config['duplicate']]])) return false;
 
+       $distantUser = self::fetchUserById($userId);
        if (!$distantUser) return false;
        $userObject = [];
        foreach ($apiMappings as $key => $value) {
@@ -225,25 +242,26 @@ private static function createOrUpdateUser($userId) {
        };
        $profile = $distantUser['profile'];
        $profile += ['id' => $distantUser['id']];
-       if (!isset($OidcMappings['name']) || !isset($apiMappings[$OidcMappings['name']])) {
-           Session::addMessageAfterRedirect(__('No okta mapping found for : ', 'okta') . $OidcMappings['name'], false, ERROR);
-           return false;
-       }
-       $userName = $profile[$apiMappings[$OidcMappings['name']]];
-       $ID = array_search($userName, $localNames);
-       
+
+       $query = "SELECT * FROM glpi_users
+       LEFT JOIN glpi_useremails ON glpi_users.id = glpi_useremails.users_id
+       WHERE " . $OidcTranslation[$config['duplicate']] . " = '" . $profile[$apiMappings[$config['duplicate']]] . "'";
+       $localUser = iterator_to_array($DB->query($query));
+       $localUser = empty($localUser) ? false : $localUser[0];
+
+       $ID = empty($localUser) ? false : $localUser['id'];
        if (!$ID) {
            $rule = new RuleRightCollection();
            $input = [
                'authtype' => Auth::EXTERNAL,
-               'name' => $userName,
+               'name' => $profile[$apiMappings[$OidcMappings['name']]],
                '_extauth' => 1,
                'add' => 1
            ];
            $input = $rule->processAllRules([], Toolbox::stripslashes_deep($input), [
                'type'   => Auth::EXTERNAL,
-               'email'  => $userObject["email"] ?? '',
-               'login'  => $userName,
+               'email'  => $profile["email"] ?? '',
+               'login'  => $profile[$apiMappings[$OidcMappings['name']]],
            ]);
            $input['_ruleright_process'] = true;
 
@@ -276,6 +294,7 @@ static function importUser($userId, $groupId = null) {
      * @return void
      */
     public function showConfigForm() {
+        global $DB;
        if (!Session::haveRight("plugin_okta_config",UPDATE)) {
             return false;
        }
@@ -304,6 +323,20 @@ public function showConfigForm() {
                             <td>API key</td>
                             <td><input type="text" name="key" value="{$key}"></td>
                         </tr>
+                        <tr>
+                            <td>Duplicate key</td>
+                            <td>
+                                <select name="duplicate">
+HTML;
+                    $OidcMappings = iterator_to_array($DB->query("SELECT * FROM glpi_oidc_mapping"))[0];
+                    foreach ($OidcMappings as $key => $value) {
+                        if (in_array($key, ['picture', 'locale', 'group'])) continue;
+                        echo "<option value=\"$key\" ". (($key == $fields['duplicate']) ? "selected" : "") ." >$key</option>";
+                    }
+                echo <<<HTML
+                                </select>
+                            </td>
+                        </tr>
                         <tr>
                             <td class="center" colspan="2">
                                 <input type="submit" name="update" class="submit" value="Save">
diff --git a/setup.php b/setup.php
index 0133088..7d7b8e1 100644
--- a/setup.php
+++ b/setup.php
@@ -30,7 +30,7 @@
  * ---------------------------------------------------------------------
  */
 
-define('PLUGIN_OKTA_VERSION', '1.1.2');
+define('PLUGIN_OKTA_VERSION', '1.2.2');
 
 if (!defined("PLUGIN_OKTA_DIR")) {
    define("PLUGIN_OKTA_DIR", Plugin::getPhpDir("okta"));