public static function post_login($parameters) { // Do nothing if we're sharding and not on the master if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) { return true; } $uid = ''; $userid = $parameters['uid']; $samlBackend = new OC_USER_SAML(); $ocUserDatabase = new OC_User_Database(); // Redirect regardless of whether the user has authenticated with SAML or not. // Since this is a post_login hook, he will have authenticated in some way and have a valid session. if ($ocUserDatabase->userExists($userid)) { // Set user attributes for sharding $display_name = \OCP\User::getDisplayName($userid); $email = \OCP\Config::getUserValue($userid, 'settings', 'email'); $groups = \OC_Group::getUserGroups($userid); $quota = \OC_Preferences::getValue($userid, 'files', 'quota'); OC_Util::teardownFS($userid); OC_Util::setupFS($userid); OC_Log::write('saml', 'Setting user attributes: ' . $userid . ":" . $display_name . ":" . $email . ":" . join($groups) . ":" . $quota, OC_Log::INFO); self::setAttributes($userid, $display_name, $email, $groups, $quota); self::user_redirect($userid); } if (!$samlBackend->auth->isAuthenticated()) { return false; } $attributes = $samlBackend->auth->getAttributes(); //$email = "<pre>" . print_r($attributes, 1) . "</pre>"; //$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; //error_log($email, 1, '*****@*****.**', $headers); $usernameFound = false; foreach ($samlBackend->usernameMapping as $usernameMapping) { if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) { $usernameFound = true; $uid = $attributes[$usernameMapping][0]; OC_Log::write('saml', 'Authenticated user ' . $uid, OC_Log::INFO); break; } } if (!$usernameFound || $uid !== $userid) { return false; } $attrs = self::get_user_attributes($uid, $samlBackend); if (!$ocUserDatabase->userExists($uid)) { // If autocreate is not enabled - back off if (!$samlBackend->autocreate) { return false; } // Apparently it is necessary to clear the uid first, to be able to create the user in the DB $userManager = \OC_User::getManager(); $userManager->delete($uid); // Reject invalid user names if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) { OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG); return false; } $cookiedomain = OCP\App::isEnabled('files_sharding') ? OCA\FilesSharding\Lib::getCookieDomain() : null; // Reject users we don't allow to autocreate an account if (isset($uid) && trim($uid) != '' && !OC_User::userExists($uid) && !self::check_user_attributes($attributes)) { $failCookieName = 'saml_auth_fail'; $userCookieName = 'saml_auth_fail_user'; $expire = 0; //time()+60*60*24*30; $expired = time() - 3600; $path = '/'; setcookie($failCookieName, "notallowed:" . $uid, $expire, $path, $cookiedomain, false, false); setcookie($userCookieName, $uid, $expire, $path, $cookiedomain, false, false); $spSource = 'default-sp'; $auth = new SimpleSAML_Auth_Simple($spSource); OC_Log::write('saml', 'Rejected user "' . $uid, OC_Log::ERROR); if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) { $auth->logout(!OCA\FilesSharding\Lib::getMasterURL()); } else { $auth->logout(); } return false; } // Create new user $random_password = OC_Util::generateRandomBytes(20); OC_Log::write('saml', 'Creating new user: '******'/' . $uid . '/files'; \OC\Files\Filesystem::init($uid, $userDir); if ($samlBackend->updateUserData) { self::update_user_data($uid, $samlBackend, $attrs, true); if (OCP\App::isEnabled('files_sharding') && OCA\FilesSharding\Lib::isMaster()) { $master_site = OCA\FilesSharding\Lib::dbGetSite(null); $server_id = OCA\FilesSharding\Lib::dbChooseServerForUser($uid, $master_site, 0, null); OC_Log::write('saml', 'Setting server for new user: '******'display_name'], $attrs['email'], $attrs['groups'], $attrs['quota']); } } else { if ($samlBackend->updateUserData) { self::update_user_data($uid, $samlBackend, $attrs, false); } } self::user_redirect($userid); return true; }