Rework groups

trasher · trasher · commit 8c261e2c16e4 · 2025-01-24T11:54:27.000+01:00
No longer rely on `info_adh` field content
No longer reword groups names
diff --git a/README.md b/README.md
@@ -16,6 +16,10 @@ Before updating to version 3.0.0, please take care of the following:
 - the existing `options` entry in configuration file has been renamed to `authorize`. Please update your configuration file accordingly.
 - the `scopes` entry in configuration file has been added; some data you were previously using may be missing.
 - previous versions were using non Galette data (like `username`). If you were using this data and still want to rely on them; add a `legacy_data: true` in you applications entries.
+- Real Galette groups have been added to `member:groups:` scope
+- Member status is no longer the first groups entry
+- Groups hack from `info_adh` field has been removed
+- Groups names reformatting has been removed
 
 # Configuration
 
@@ -101,16 +105,6 @@ To declare multiple scopes, separate them with a space like `member member:phone
 * `member:due_date`:
   * due date
 
-# Usage
-
-## Nextcloud - how add groups for a specific member
-Edit a member : In `info_adh` field you can add a line with `#GROUPS:group1;group2#`
-
-Example :
-```
-#GROUPS:accouting;home#
-```
-
 # More information about OAuth2 Server
 * https://oauth2.thephpleague.com/
 * https://github.com/thephpleague/oauth2-server/
diff --git a/lib/GaletteOAuth2/Authorization/UserHelper.php b/lib/GaletteOAuth2/Authorization/UserHelper.php
@@ -102,13 +102,13 @@ public static function logout(Container $container): void
     /**
      * Get user data
      *
-     * @param Container    $container Container instance
-     * @param int          $id        User ID
-     * @param string       $acl       Requested authorization
-     * @param array|string $scopes    Scopes
-     * @param bool         $legacy    Legacy mode for data
+     * @param Container       $container Container instance
+     * @param int             $id        User ID
+     * @param string          $acl       Requested authorization
+     * @param string[]|string $scopes    Scopes
+     * @param bool            $legacy    Legacy mode for data
      *
-     * @return array
+     * @return array<string, mixed>
      * @throws UserAuthorizationException
      * @throws \DI\DependencyException
      * @throws \DI\NotFoundException
@@ -267,9 +267,7 @@ public static function getUserData(Container $container, int $id, string $acl, a
 
         //member:groups
         if (in_array('member:groups', $scopes)) {
-            //nextcloud : set fields Groups claim (optional) = groups
-            //FIXME: I don't know how nextcloud manages groups, but there are not groups...
-            $oauth_data['groups'] = self::getUserGroups($member);
+            $oauth_data['groups'] = self::getUserGroups($member, $legacy);
         }
 
         //member:due_date
@@ -284,10 +282,11 @@ public static function getUserData(Container $container, int $id, string $acl, a
      * Comma separated groups names
      *
      * @param Adherent $member Member
+     * @param bool     $legacy Legacy mode for data
      *
      * @return array
      */
-    protected static function getUserGroups(Adherent $member): array
+    protected static function getUserGroups(Adherent $member, bool $legacy = false): array
     {
         $groups = array_map(
             function ($group) {
@@ -314,24 +313,21 @@ function ($group) {
             $groups[] = 'uptodate';
         }
 
-        //FIXME: add groups from groups table? Or another way? info_adh does not seems a good way for everyone
-        //FIXME: For example, data is replaced on duplication, thus oauth groups configuration would be lost
-        //FIXME: maybe should we just rely on real Galette groups.
-        //Add externals groups (free text in info_adh)
-        //Example #GROUPS:compta;accueil#
-        if (preg_match('/#GROUPS:([^#]*([^#]*))#/mui', $member->others_infos_admin, $matches, PREG_OFFSET_CAPTURE)) {
-            $g = $matches[1][0];
-            Debug::log("Groups added {$g}");
-            $groups = array_merge($groups, explode(';', $g));
-        }
+        if ($legacy === true) {
+            //Add externals groups (free text in info_adh)
+            //Example #GROUPS:compta;accueil#
+            if (preg_match('/#GROUPS:([^#]*([^#]*))#/mui', $member->others_infos_admin, $matches, PREG_OFFSET_CAPTURE)) {
+                $g = $matches[1][0];
+                $groups = array_merge($groups, explode(';', $g));
+            }
 
-        //TODO: maybe a bit excessive for a global usage?
-        //Reformat group with strtolower, remove whites & slashs
-        foreach ($groups as &$group) {
-            $group = trim($group);
-            $group = str_replace([' ', '/', '(', ')'], ['_', '', '', ''], $group);
-            $group = str_replace('__', '_', $group);
-            $group = self::stripAccents($group);
+            //Reformat group with strtolower, remove whites & slashs
+            foreach ($groups as &$group) {
+                $group = trim($group);
+                $group = str_replace([' ', '/', '(', ')'], ['_', '', '', ''], $group);
+                $group = str_replace('__', '_', $group);
+                $group = self::stripAccents($group);
+            }
         }
 
         return $groups;
diff --git a/tests/GaletteOAuth2/Authorization/tests/units/UserHelper.php b/tests/GaletteOAuth2/Authorization/tests/units/UserHelper.php
@@ -191,7 +191,7 @@ public function testGetUserData(): void
         $this->assertSame(
             $expected_base + [
                 'groups' => [
-                    'non-member',
+                    'Non-member',
                     'admin'
                 ]
             ],
@@ -208,7 +208,7 @@ public function testGetUserData(): void
         $this->assertSame(
             $expected_base + [
                 'groups' => [
-                    'non-member',
+                    'Non-member',
                     'admin'
                 ]
             ],
