diff --git a/hook.php b/hook.php index 76f5b62..b58ed68 100644 --- a/hook.php +++ b/hook.php @@ -231,6 +231,8 @@ function plugin_singlesignon_install() { `url_access_token` varchar(255) COLLATE utf8_unicode_ci NULL, `url_resource_owner_details` varchar(255) COLLATE utf8_unicode_ci NULL, `is_active` tinyint(1) NOT NULL DEFAULT '0', + `use_email_for_login` tinyint(1) NOT NULL DEFAULT '0', + `split_name` tinyint(1) NOT NULL DEFAULT '0', `is_deleted` tinyint(1) NOT NULL default '0', `comment` text COLLATE utf8_unicode_ci, `date_mod` datetime DEFAULT NULL, @@ -263,6 +265,16 @@ function plugin_singlesignon_install() { if ($DB->numrows($result) != 1) { $DB->query("ALTER TABLE glpi_plugin_singlesignon_providers ADD authorized_domains varchar(255) COLLATE utf8_unicode_ci NULL") or die($DB->error()); } + $query = "SHOW COLUMNS FROM glpi_plugin_singlesignon_providers LIKE 'use_email_for_login'"; + $result = $DB->query($query) or die($DB->error()); + if ($DB->numrows($result) != 1) { + $DB->query("ALTER TABLE glpi_plugin_singlesignon_providers ADD use_email_for_login tinyint(1) NOT NULL DEFAULT '0'") or die($DB->error()); + } + $query = "SHOW COLUMNS FROM glpi_plugin_singlesignon_providers LIKE 'split_name'"; + $result = $DB->query($query) or die($DB->error()); + if ($DB->numrows($result) != 1) { + $DB->query("ALTER TABLE glpi_plugin_singlesignon_providers ADD split_name tinyint(1) NOT NULL DEFAULT '0'") or die($DB->error()); + } } // add display preferences diff --git a/inc/provider.class.php b/inc/provider.class.php index fcb5540..d23e41b 100644 --- a/inc/provider.class.php +++ b/inc/provider.class.php @@ -184,6 +184,14 @@ function showForm($ID, $options = []) { echo ""; echo "\n"; + echo ""; + echo "" . __sso("Use Email as Login") . ""; + Dropdown::showYesNo("use_email_for_login", $this->fields["use_email_for_login"]); + echo ""; + echo "" . __sso('Split Name') . ""; + Dropdown::showYesNo("split_name", $this->fields["split_name"]); + echo ""; + echo ""; echo "" . __('Personalization') . ""; echo "\n"; @@ -521,6 +529,24 @@ function rawSearchOptions() { 'datatype' => 'bool', ]; + $tab[] = [ + 'id' => 11, + 'table' => $this->getTable(), + 'field' => 'use_email_for_login', + 'name' => __('Use email field for login'), + 'searchtype' => 'equals', + 'datatype' => 'bool', + ]; + + $tab[] = [ + 'id' => 12, + 'table' => $this->getTable(), + 'field' => 'split_name', + 'name' => __('Split name field for First & Last Name'), + 'searchtype' => 'equals', + 'datatype' => 'bool', + ]; + $tab[] = [ 'id' => 30, 'table' => $this->getTable(), @@ -1132,34 +1158,7 @@ public function findUser() { $authorizedDomains = explode(',', $authorizedDomainsString); } - $login = false; - $login_fields = ['userPrincipalName', 'login', 'username', 'id', 'name', 'displayName']; - - foreach ($login_fields as $field) { - if (isset($resource_array[$field]) && is_string($resource_array[$field])) { - $login = $resource_array[$field]; - $isAuthorized = empty($authorizedDomains); - foreach ($authorizedDomains as $authorizedDomain) { - if (preg_match("/{$authorizedDomain}$/i", $login)) { - $isAuthorized = true; - } - } - - if (!$isAuthorized) { - return false; - } - if ($split) { - $loginSplit = explode("@", $login); - $login = $loginSplit[0]; - } - break; - } - } - - if ($login && $user->getFromDBbyName($login)) { - return $user; - } - + // check email first $email = false; $email_fields = ['email', 'e-mail', 'email-address', 'mail']; @@ -1183,6 +1182,39 @@ public function findUser() { } } + $login = false; + $use_email = $this->fields['use_email_for_login']; + if ($email && $use_email) { + $login = $email; + } else { + $login_fields = ['userPrincipalName', 'login', 'username', 'id', 'name', 'displayName']; + + foreach ($login_fields as $field) { + if (isset($resource_array[$field]) && is_string($resource_array[$field])) { + $login = $resource_array[$field]; + $isAuthorized = empty($authorizedDomains); + foreach ($authorizedDomains as $authorizedDomain) { + if (preg_match("/{$authorizedDomain}$/i", $login)) { + $isAuthorized = true; + } + } + + if (!$isAuthorized) { + return false; + } + if ($split) { + $loginSplit = explode("@", $login); + $login = $loginSplit[0]; + } + break; + } + } + } + + if ($login && $user->getFromDBbyName($login)) { + return $user; + } + $default_condition = ''; if (version_compare(GLPI_VERSION, '9.3', '>=')) { @@ -1202,38 +1234,28 @@ public function findUser() { // If the user does not exist in the database and the provider is generic (Ex: azure ad without common tenant) if (static::getClientType() == "generic" && !$bOk) { try { - // Generates an api token and a personal token + // Generates an api token and a personal token... probably not necessary $tokenAPI = base_convert(hash('sha256', time() . mt_rand()), 16, 36); $tokenPersonnel = base_convert(hash('sha256', time() . mt_rand()), 16, 36); - $userPost['name'] = ""; - $userPost['realname'] = ""; - $userPost['firstname'] = ""; - foreach ($login_fields as $field) { - if (isset($resource_array[$field]) && is_string($resource_array[$field])) { - $userPost['name'] = $resource_array[$field]; - $userPost['realname'] = preg_split('/ /', $resource_array['displayName'])[1]; - $userPost['firstname'] = preg_split('/ /', $resource_array['displayName'])[0]; - break; - } - } - - $userPost['_useremails'][-1] = ""; - foreach ($email_fields as $field) { - if (isset($resource_array[$field]) && is_string($resource_array[$field])) { - $userPost['_useremails'][-1] = $resource_array[$field]; - break; - } + $splitname = $this->fields['split_name']; + $firstLastArray = ($splitname) ? preg_split('/ /', $resource_array['name'], 2) : preg_split('/ /', $resource_array['displayName'], 2); + + $userPost = [ + 'name' => $login, + 'add' => 1, + 'realname' => $firstLastArray[1], + 'firstname' => $firstLastArray[0], + 'api_token' => $tokenAPI, + 'personal_token' => $tokenPersonnel, + 'is_active' => 1 + ]; + + if ($email) { + $userPost['_useremails'][-1] = $email; } - // $userPost['name'] = $resource_array['displayName']; - // $userPost['realname'] = preg_split('/ /', $resource_array['displayName'])[1]; - // $userPost['_useremails'][-1] = $resource_array['mail']; - // $userPost['firstname'] = preg_split('/ /', $resource_array['displayName'])[0]; - $userPost['api_token'] = $tokenAPI; - $userPost['personal_token'] = $tokenPersonnel; - $userPost['is_active'] = 1; - $userPost['add'] = "1"; + //$user->check(-1, CREATE, $userPost); $newID = $user->add($userPost); // var_dump($newID); diff --git a/setup.php b/setup.php index 7def1a7..16489fe 100644 --- a/setup.php +++ b/setup.php @@ -25,7 +25,7 @@ * --------------------------------------------------------------------- */ -define('PLUGIN_SINGLESIGNON_VERSION', '1.3.3'); +define('PLUGIN_SINGLESIGNON_VERSION', '1.3.4'); $folder = basename(dirname(__FILE__));