public function testCheckMailOrigin()
{
$idp = 'https://idp.example.com/idp/test';
$result = LoginLib::checkMailOrigin($idp, '*****@*****.**');
$this->assertTrue($result);
$result = LoginLib::checkMailOrigin($idp, '*****@*****.**');
$this->assertFalse($result);
}
$dn = \OCA\user_shibboleth\Auth::getDisplayName();
//exit if attributes weren't retrieved
if ($persistentId === false || $mail === false) {
$msg = 'unavailable attributes: ';
if ($persistentId === false) {
$msg .= 'persistentID ';
}
if ($mail === false) {
$msg .= 'mail';
}
\OCP\Util::writeLog('user_shibboleth', $msg, \OCP\Util::ERROR);
\OCA\user_shibboleth\LoginLib::printPage('Attributes unavailable', 'Some attributes could not be retrieved from the identity provider.<p/><a href="' . \OC::$WEBROOT . '">Return to the login page</a>');
exit;
}
//check for potential email address spoofing
if (\OCP\Config::getAppValue('user_shibboleth', 'enforce_domain_similarity', '0') === '1' && !\OCA\user_shibboleth\LoginLib::checkMailOrigin($idp, $mail)) {
//log and print error page
\OCP\Util::writeLog('user_shibboleth', 'domain mismatch: ' . $idp . ' ' . $mail, \OCP\Util::ERROR);
\OCA\user_shibboleth\LoginLib::printPage('Domain Mismatch', 'The domain of your identity provider does not match the domain part of your email address. This event has been logged.');
exit;
}
//distinguish between internal (those in the LDAP) and external Shibboleth users
$adapter = new \OCA\user_shibboleth\LdapBackendAdapter();
$loginName = $adapter->getUuid($mail);
if ($loginName) {
//user is internal, backends are enabled, and user mapping is active
$adapter->initializeUser($loginName);
} else {
//user is external
//crop $mail to fit into display_name column of oc_shibboleth_user
if (strlen($mail) > 64) {
