feat: 🎸 Customizable IdPEnityID location (from attribute)

Dominik František Bučík · Dominik František Bučík · commit 7d5d85ee2150 · 2022-07-20T11:22:54.000+02:00
diff --git a/config-templates/module_proxystatistics.php b/config-templates/module_proxystatistics.php
@@ -62,6 +62,12 @@
      */
     //'userIdAttribute' => 'uid',
 
+    /*
+     * Which attribute should be used for IdP Entity ID
+     * if left empty, it will be extracted from the request object.
+     */
+    //'sourceIdpEntityIdAttribute' => 'sourceIdpEntityID',
+
     /*
      * Database table names. Default is to keep the name (as in `tables.sql`)
      */
diff --git a/lib/Config.php b/lib/Config.php
@@ -26,6 +26,8 @@ class Config
 
     private const USER_ID_ATTRIBUTE = 'userIdAttribute';
 
+    private const SOURCE_IDP_ENTITY_ID_ATTRIBUTE = 'sourceIdpEntityIdAttribute';
+
     private const REQUIRE_AUTH_SOURCE = 'requireAuth.source';
 
     private const KEEP_PER_USER = 'keepPerUser';
@@ -36,6 +38,8 @@ class Config
 
     private $mode;
 
+    private $sourceIdpEntityIdAttribute;
+
     private static $instance;
 
     private function __construct()
@@ -44,6 +48,7 @@ private function __construct()
         $this->store = $this->config->getConfigItem(self::STORE, null);
         $this->tables = $this->config->getArray('tables', []);
         $this->mode = $this->config->getValueValidate(self::MODE, ['PROXY', 'IDP', 'SP', 'MULTI_IDP'], 'PROXY');
+        $this->sourceIdpEntityIdAttribute = $this->config->getString(self::SOURCE_IDP_ENTITY_ID_ATTRIBUTE, '');
     }
 
     private function __clone()
@@ -79,6 +84,11 @@ public function getIdAttribute()
         return $this->config->getString(self::USER_ID_ATTRIBUTE, 'uid');
     }
 
+    public function getSourceIdpEntityIdAttribute()
+    {
+        return $this->sourceIdpEntityIdAttribute;
+    }
+
     public function getSideInfo($side)
     {
         assert(in_array($side, [self::SIDES], true));
diff --git a/lib/DatabaseCommand.php b/lib/DatabaseCommand.php
@@ -71,8 +71,7 @@ public function insertLogin(&$request, &$date)
             }
         }
 
-        $idAttribute = $this->config->getIdAttribute();
-        $userId = isset($request['Attributes'][$idAttribute]) ? $request['Attributes'][$idAttribute][0] : '';
+        $userId = $this->getUserId($request);
 
         $ids = [];
         foreach (self::TABLE_SIDES as $side => $table) {
@@ -273,23 +272,19 @@ private function writeLogin($date, $ids, $user)
         return $this->conn->write($query, $params);
     }
 
-    private function getEntities($request)
+    private function getEntities($request): array
     {
         $entities = [
             Config::MODE_IDP => [],
             Config::MODE_SP => [],
         ];
         if (Config::MODE_IDP !== $this->mode && Config::MODE_MULTI_IDP !== $this->mode) {
-            $entities[Config::MODE_IDP]['id'] = $request['saml:sp:IdP'];
-            $entities[Config::MODE_IDP]['name'] = $request['Attributes']['sourceIdPName'][0];
+            $entities[Config::MODE_IDP]['id'] = $this->getIdpIdentifier($request);
+            $entities[Config::MODE_IDP]['name'] = $this->getIdpName($request);
         }
         if (Config::MODE_SP !== $this->mode) {
-            $entities[Config::MODE_SP]['id'] = $request['Destination']['entityid'];
-            if (isset($request['Destination']['UIInfo']['DisplayName']['en'])) {
-                $entities[Config::MODE_SP]['name'] = $request['Destination']['UIInfo']['DisplayName']['en'];
-            } else {
-                $entities[Config::MODE_SP]['name'] = $request['Destination']['name']['en'] ?? '';
-            }
+            $entities[Config::MODE_SP]['id'] = $this->getSpIdentifier($request);
+            $entities[Config::MODE_SP]['name'] = $this->getSpName($request);
         }
 
         if (Config::MODE_PROXY !== $this->mode && Config::MODE_MULTI_IDP !== $this->mode) {
@@ -372,4 +367,41 @@ private function getAggregateGroupBy($ids)
 
         return $this->escape_cols($columns);
     }
+
+    private function getIdpIdentifier($request)
+    {
+        $sourceIdpEntityIdAttribute = $this->config->getSourceIdpEntityIdAttribute();
+        if (!empty($sourceIdpEntityIdAttribute) && !empty($request['Attributes'][$sourceIdpEntityIdAttribute][0])) {
+            return $request['Attributes'][$sourceIdpEntityIdAttribute][0];
+        }
+
+        return $request['saml:sp:IdP'];
+    }
+
+    private function getUserId($request)
+    {
+        $idAttribute = $this->config->getIdAttribute();
+
+        return isset($request['Attributes'][$idAttribute]) ? $request['Attributes'][$idAttribute][0] : '';
+    }
+
+    private function getIdpName($request)
+    {
+        return $request['Attributes']['sourceIdPName'][0];
+    }
+
+    private function getSpIdentifier($request)
+    {
+        return $request['Destination']['entityid'];
+    }
+
+    private function getSpName($request)
+    {
+        $displayName = $request['Destination']['UIInfo']['DisplayName']['en'] ?? '';
+        if (empty($displayName)) {
+            $displayName = $request['Destination']['name']['en'] ?? '';
+        }
+
+        return$displayName;
+    }
 }
