public static function post_login($parameters)
{
// Do nothing if we're sharding and not on the master
if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) {
return true;
}
$uid = '';
$userid = $parameters['uid'];
$samlBackend = new OC_USER_SAML();
$ocUserDatabase = new OC_User_Database();
// Redirect regardless of whether the user has authenticated with SAML or not.
// Since this is a post_login hook, he will have authenticated in some way and have a valid session.
if ($ocUserDatabase->userExists($userid)) {
// Set user attributes for sharding
$display_name = \OCP\User::getDisplayName($userid);
$email = \OCP\Config::getUserValue($userid, 'settings', 'email');
$groups = \OC_Group::getUserGroups($userid);
$quota = \OC_Preferences::getValue($userid, 'files', 'quota');
OC_Util::teardownFS($userid);
OC_Util::setupFS($userid);
OC_Log::write('saml', 'Setting user attributes: ' . $userid . ":" . $display_name . ":" . $email . ":" . join($groups) . ":" . $quota, OC_Log::INFO);
self::setAttributes($userid, $display_name, $email, $groups, $quota);
self::user_redirect($userid);
}
if (!$samlBackend->auth->isAuthenticated()) {
return false;
}
$attributes = $samlBackend->auth->getAttributes();
//$email = "<pre>" . print_r($attributes, 1) . "</pre>";
//$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
//error_log($email, 1, '*****@*****.**', $headers);
$usernameFound = false;
foreach ($samlBackend->usernameMapping as $usernameMapping) {
if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
$usernameFound = true;
$uid = $attributes[$usernameMapping][0];
OC_Log::write('saml', 'Authenticated user ' . $uid, OC_Log::INFO);
break;
}
}
if (!$usernameFound || $uid !== $userid) {
return false;
}
$attrs = self::get_user_attributes($uid, $samlBackend);
if (!$ocUserDatabase->userExists($uid)) {
// If autocreate is not enabled - back off
if (!$samlBackend->autocreate) {
return false;
}
// Apparently it is necessary to clear the uid first, to be able to create the user in the DB
$userManager = \OC_User::getManager();
$userManager->delete($uid);
// Reject invalid user names
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG);
return false;
}
$cookiedomain = OCP\App::isEnabled('files_sharding') ? OCA\FilesSharding\Lib::getCookieDomain() : null;
// Reject users we don't allow to autocreate an account
if (isset($uid) && trim($uid) != '' && !OC_User::userExists($uid) && !self::check_user_attributes($attributes)) {
$failCookieName = 'saml_auth_fail';
$userCookieName = 'saml_auth_fail_user';
$expire = 0;
//time()+60*60*24*30;
$expired = time() - 3600;
$path = '/';
setcookie($failCookieName, "notallowed:" . $uid, $expire, $path, $cookiedomain, false, false);
setcookie($userCookieName, $uid, $expire, $path, $cookiedomain, false, false);
$spSource = 'default-sp';
$auth = new SimpleSAML_Auth_Simple($spSource);
OC_Log::write('saml', 'Rejected user "' . $uid, OC_Log::ERROR);
if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) {
$auth->logout(!OCA\FilesSharding\Lib::getMasterURL());
} else {
$auth->logout();
}
return false;
}
// Create new user
$random_password = OC_Util::generateRandomBytes(20);
OC_Log::write('saml', 'Creating new user: '******'/' . $uid . '/files';
\OC\Files\Filesystem::init($uid, $userDir);
if ($samlBackend->updateUserData) {
self::update_user_data($uid, $samlBackend, $attrs, true);
if (OCP\App::isEnabled('files_sharding') && OCA\FilesSharding\Lib::isMaster()) {
$master_site = OCA\FilesSharding\Lib::dbGetSite(null);
$server_id = OCA\FilesSharding\Lib::dbChooseServerForUser($uid, $master_site, 0, null);
OC_Log::write('saml', 'Setting server for new user: '******'display_name'], $attrs['email'], $attrs['groups'], $attrs['quota']);
}
} else {
if ($samlBackend->updateUserData) {
self::update_user_data($uid, $samlBackend, $attrs, false);
}
}
self::user_redirect($userid);
return true;
}
