Allow rewrite of UID for SSO

Signed-off-by: Ingo Koinzer <[email protected]>

Author: digitalshow

lib/Controller/SAMLController.php

@@ -113,6 +113,12 @@ private function autoprovisionIfPossible(array $auth) {
 				$uid = $auth[$uidMapping];
 			}
 
+			$uidRewritePattern = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_replacement');
+			if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+				$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+			}
+
 			// make sure that a valid UID is given
 			if (empty($uid)) {
 				$this->logger->error('Uid "' . $uid . '" is not a valid uid please check your attribute mapping', ['app' => $this->appName]);

lib/DavPlugin.php

@@ -58,8 +58,14 @@ public function beforeMethod(RequestInterface $request, ResponseInterface $respo
 			!$this->session->exists('user_saml.samlUserData')
 		) {
 			$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping');
+			$uidRewritePattern = $this->config->getAppValue('user_saml', 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', 'general-uid_rewrite_replacement');
 			if (isset($this->auth[$uidMapping])) {
-				$this->session->set(Auth::DAV_AUTHENTICATED, $this->auth[$uidMapping]);
+				$uid = $this->auth[$uidMapping];
+				if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+					$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+				}
+				$this->session->set(Auth::DAV_AUTHENTICATED, $uid);
 				$this->session->set('user_saml.samlUserData', $this->auth);
 			}
 		}

lib/Settings/Admin.php

@@ -93,6 +93,14 @@ public function getForm() {
 				'type' => 'line',
 				'required' => true,
 			],
+			'uid_rewrite_pattern' => [
+				'text' => $this->l10n->t('UID rewrite pattern RegEx (PHP preg_replace pattern)'),
+				'type' => 'line',
+			],
+			'uid_rewrite_replacement' => [
+				'text' => $this->l10n->t('UID rewrite replacement (PHP preg_replace pattern)'),
+				'type' => 'line',
+			],
 			'require_provisioned_account' => [
 				'text' => $this->l10n->t('Only allow authentication if an account exists on some other backend. (e.g. LDAP)'),
 				'type' => 'checkbox',

lib/UserBackend.php

@@ -493,7 +493,14 @@ private function formatUserData($attributes) {
 		$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
 		$result['formatted']['uid'] = '';
 		if (isset($attributes[$uidMapping])) {
-			$result['formatted']['uid'] = $attributes[$uidMapping][0];
+			$uid = $attributes[$uidMapping][0];
+			$uidRewritePattern = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_replacement');
+			if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+				$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+			}
+
+			$result['formatted']['uid'] = $uid;
 		}
 
 		return $result;
@@ -515,6 +522,11 @@ public function getCurrentUserId() {
 			} else {
 				$uid = $samlData[$uidMapping];
 			}
+			$uidRewritePattern = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_replacement');
+			if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+				$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+			}
 			if($this->userExists($uid)) {
 				$this->session->set('last-password-confirm', time());
 				return $uid;