public function testCheckMailOrigin() { $idp = 'https://idp.example.com/idp/test'; $result = LoginLib::checkMailOrigin($idp, '*****@*****.**'); $this->assertTrue($result); $result = LoginLib::checkMailOrigin($idp, '*****@*****.**'); $this->assertFalse($result); }
$dn = \OCA\user_shibboleth\Auth::getDisplayName(); //exit if attributes weren't retrieved if ($persistentId === false || $mail === false) { $msg = 'unavailable attributes: '; if ($persistentId === false) { $msg .= 'persistentID '; } if ($mail === false) { $msg .= 'mail'; } \OCP\Util::writeLog('user_shibboleth', $msg, \OCP\Util::ERROR); \OCA\user_shibboleth\LoginLib::printPage('Attributes unavailable', 'Some attributes could not be retrieved from the identity provider.<p/><a href="' . \OC::$WEBROOT . '">Return to the login page</a>'); exit; } //check for potential email address spoofing if (\OCP\Config::getAppValue('user_shibboleth', 'enforce_domain_similarity', '0') === '1' && !\OCA\user_shibboleth\LoginLib::checkMailOrigin($idp, $mail)) { //log and print error page \OCP\Util::writeLog('user_shibboleth', 'domain mismatch: ' . $idp . ' ' . $mail, \OCP\Util::ERROR); \OCA\user_shibboleth\LoginLib::printPage('Domain Mismatch', 'The domain of your identity provider does not match the domain part of your email address. This event has been logged.'); exit; } //distinguish between internal (those in the LDAP) and external Shibboleth users $adapter = new \OCA\user_shibboleth\LdapBackendAdapter(); $loginName = $adapter->getUuid($mail); if ($loginName) { //user is internal, backends are enabled, and user mapping is active $adapter->initializeUser($loginName); } else { //user is external //crop $mail to fit into display_name column of oc_shibboleth_user if (strlen($mail) > 64) {