Many fixes

- extract group_sync method - run sync on new accounts - only add user to groups that are both on the saml payload AND on the group list

Many fixes
- extract group_sync method - run sync on new accounts - only add user to groups that are both on the saml payload AND on the group list
dcdbc84d · Rafael dos Santos Silva · 2602401b · dcdbc84d
Commit dcdbc84d authored 7 years ago by Rafael dos Santos Silva
--- a/plugin.rb
+++ b/plugin.rb
@@ -67,34 +67,39 @@ class SamlAuthenticator < ::Auth::OAuth2Authenticator
      result.omit_username = true
    end

-    # if groups sync is enabled
-    if GlobalSetting.try(:saml_sync_groups) && GlobalSetting.try(:saml_sync_groups_list) && auth.extra.present? && auth.extra[:raw_info].present? && !result.user.blank?
+    sync_groups(result.user, auth) unless result.user.blank?

-      total_group_list = GlobalSetting.try(:saml_sync_groups_list).split('|')
+    result.extra_data = { saml_user_id: uid }
+    result
+  end

-      user_group_list = auth.extra[:raw_info].attributes['memberOf']
+  def after_create_account(user, auth)
+    ::PluginStore.set("saml", "saml_user_#{auth[:extra_data][:saml_user_id]}", {user_id: user.id })

+    sync_groups(user, auth)
+  end

-      groups_to_add = Group.where(name: user_group_list)
+  def self.sync_groups(auth)

-      groups_to_add.each do |group|
-        group.add result.user
-      end
+    return unless GlobalSetting.try(:saml_sync_groups) && GlobalSetting.try(:saml_sync_groups_list) && auth.extra.present? && auth.extra[:raw_info].present?

-      groups_to_remove = Group.where(name: total_group_list - user_group_list)
+    total_group_list = GlobalSetting.try(:saml_sync_groups_list).split('|')

-      groups_to_remove.each do |group|
-        group.remove result.user
-      end
+    user_group_list = auth.extra[:raw_info].attributes['memberOf']
+
+    groups_to_add = Group.where(name: total_group_list & user_group_list)
+
+    groups_to_add.each do |group|
+      group.add result.user
    end

-    result.extra_data = { saml_user_id: uid }
-    result
-  end
+    groups_to_remove = Group.where(name: total_group_list - user_group_list)

-  def after_create_account(user, auth)
-    ::PluginStore.set("saml", "saml_user_#{auth[:extra_data][:saml_user_id]}", {user_id: user.id })
+    groups_to_remove.each do |group|
+      group.remove result.user
+    end
  end
+
 end

 if request_method == 'post'