nextcloud · digitalshow · Mar 1, 2019 · Mar 1, 2019
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
@@ -113,6 +113,12 @@ private function autoprovisionIfPossible(array $auth) {
 				$uid = $auth[$uidMapping];
 			}
 
+			$uidRewritePattern = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_replacement');
+			if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+				$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+			}
+
 			// make sure that a valid UID is given
 			if (empty($uid)) {
 				$this->logger->error('Uid "' . $uid . '" is not a valid uid please check your attribute mapping', ['app' => $this->appName]);

diff --git a/lib/DavPlugin.php b/lib/DavPlugin.php
@@ -58,8 +58,14 @@ public function beforeMethod(RequestInterface $request, ResponseInterface $respo
 			!$this->session->exists('user_saml.samlUserData')
 		) {
 			$uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping');
+			$uidRewritePattern = $this->config->getAppValue('user_saml', 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', 'general-uid_rewrite_replacement');
 			if (isset($this->auth[$uidMapping])) {
-				$this->session->set(Auth::DAV_AUTHENTICATED, $this->auth[$uidMapping]);
+				$uid = $this->auth[$uidMapping];
+				if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+					$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+				}
+				$this->session->set(Auth::DAV_AUTHENTICATED, $uid);
 				$this->session->set('user_saml.samlUserData', $this->auth);
 			}
 		}

diff --git a/lib/Settings/Admin.php b/lib/Settings/Admin.php
@@ -94,6 +94,14 @@ public function getForm() {
 				'type' => 'line',
 				'required' => true,
 			],
+			'uid_rewrite_pattern' => [
+				'text' => $this->l10n->t('UID rewrite pattern RegEx (PHP preg_replace pattern)'),
+				'type' => 'line',
+			],
+			'uid_rewrite_replacement' => [
+				'text' => $this->l10n->t('UID rewrite replacement (PHP preg_replace pattern)'),
+				'type' => 'line',
+			],
 			'require_provisioned_account' => [
 				'text' => $this->l10n->t('Only allow authentication if an account exists on some other backend. (e.g. LDAP)'),
 				'type' => 'checkbox',

diff --git a/lib/UserBackend.php b/lib/UserBackend.php
@@ -484,7 +484,14 @@ private function formatUserData($attributes) {
 		$uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping');
 		$result['formatted']['uid'] = '';
 		if (isset($attributes[$uidMapping])) {
-			$result['formatted']['uid'] = $attributes[$uidMapping][0];
+			$uid = $attributes[$uidMapping][0];
+			$uidRewritePattern = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_replacement');
+			if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+				$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+			}
+
+			$result['formatted']['uid'] = $uid;
 		}
 
 		return $result;
@@ -506,6 +513,11 @@ public function getCurrentUserId() {
 			} else {
 				$uid = $samlData[$uidMapping];
 			}
+			$uidRewritePattern = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_pattern');
+			$uidRewriteReplacement = $this->config->getAppValue('user_saml', $prefix . 'general-uid_rewrite_replacement');
+			if (!empty($uidRewritePattern) && !empty($uidRewriteReplacement)) {
+				$uid = preg_replace($uidRewritePattern, $uidRewriteReplacement, $uid);
+			}
 			if($this->userExists($uid)) {
 				$this->session->set('last-password-confirm', strtotime('+4 year', time()));
 				return $uid;

diff --git a/tests/unit/Settings/AdminTest.php b/tests/unit/Settings/AdminTest.php
@@ -92,6 +92,14 @@ public function formDataProvider() {
 				'type' => 'line',
 				'required' => true,
 			],
+			'uid_rewrite_pattern' => [
+				'text' => 'UID rewrite pattern RegEx (PHP preg_replace pattern)',
+				'type' => 'line',
+			],
+			'uid_rewrite_replacement' => [
+				'text' => 'UID rewrite replacement (PHP preg_replace pattern)',
+				'type' => 'line',
+			],
 			'require_provisioned_account' => [
 				'text' => 'Only allow authentication if an account exists on some other backend. (e.g. LDAP)',
 				'type' => 'checkbox',