diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-09-01 13:59:14 +0200 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-09-01 13:59:14 +0200 |
| commit | c5e52e2065d4670d33e246611dcbbdfd19dbc1d2 (patch) | |
| tree | 4b3e9de8a9423e3ff149eb1d87c3b3832afd4e25 | |
| parent | f9b8144f9818c1692b50dd7b81d5aa6b61f480cc (diff) | |
don't sync all domains (if not configured) with shibboleth login, fixes #2055
Closes #2055
Merge request studip/studip!3515
| -rw-r--r-- | config/config_defaults.inc.php | 1 | ||||
| -rw-r--r-- | lib/classes/auth_plugins/StudipAuthAbstract.php | 29 |
2 files changed, 21 insertions, 9 deletions
diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php index f07c5c1..632427f 100644 --- a/config/config_defaults.inc.php +++ b/config/config_defaults.inc.php @@ -301,6 +301,7 @@ $STUDIP_AUTH_CONFIG_SHIB = [ 'validate_url' => 'https://sp.studip.de/auth/studip-sp.php', 'logout_url' => 'https://sp.studip.de/Shibboleth.sso/Logout', 'local_domain' => 'studip.de', + 'sync_all_domains' => false, // Set to false to only add new domains, true will remove domains! 'user_data_mapping' => [ 'auth_user_md5.username' => ['callback' => 'dummy', 'map_args' => ''], 'auth_user_md5.password' => ['callback' => 'dummy', 'map_args' => ''], diff --git a/lib/classes/auth_plugins/StudipAuthAbstract.php b/lib/classes/auth_plugins/StudipAuthAbstract.php index a722641..c4f9c73 100644 --- a/lib/classes/auth_plugins/StudipAuthAbstract.php +++ b/lib/classes/auth_plugins/StudipAuthAbstract.php @@ -56,11 +56,14 @@ class StudipAuthAbstract /** * array of user domains to assign to each user, can be set in local.inc - * - * @access public - * @var array $user_domains */ - public $user_domains; + public ?array $user_domains = null; + + /** + * Flag that decides whether all domains should be synced or if only new + * ones should be added. + */ + public bool $sync_all_domains = true; /** * associative array with mapping for database fields @@ -421,10 +424,18 @@ class StudipAuthAbstract $uid = $user->id; if (isset($user_domains)) { $old_domains = UserDomain::getUserDomainsForUser($uid); - - foreach ($old_domains as $domain) { - if (!in_array($domain->id, $user_domains)) { - $domain->removeUser($uid); + $old_domain_ids = array_map( + function (UserDomain $domain) { + return $domain->id; + }, + $old_domains + ); + + if ($this->sync_all_domains) { + foreach ($old_domains as $domain) { + if (!in_array($domain->id, $user_domains)) { + $domain->removeUser($uid); + } } } @@ -436,7 +447,7 @@ class StudipAuthAbstract $domain->store(); } - if (!in_array($domain, $old_domains)) { + if (!in_array($domain->id, $old_domain_ids)) { $domain->addUser($uid); } } |