fix: It is possible to rewrite default value for entityIdAttr

Author: BaranekD

lib/Adapter.php

@@ -101,12 +101,13 @@ abstract public function getMemberGroups($user, $vo);
     abstract public function getGroupsWhereMemberIsActive($user, $vo);
 
     /**
-     * @param string $spEntityId entity id of the sp
+     * @param string $spEntityId   entity id of the sp
+     * @param string $entityIdAttr entity id attribute
      *
      * @return Group[] from vo which are assigned to all facilities with spEntityId.
      *                 registering to those groups should should allow access to the service
      */
-    abstract public function getSpGroups(string $spEntityId): array;
+    abstract public function getSpGroups(string $spEntityId, string $entityIdAttr): array;
 
     /**
      * @param Facility $facility representing the SP
@@ -165,7 +166,7 @@ abstract public function getFacilityAttribute($facility, $attrName);
 
     /**
      * @param string $spEntityId   Value of the entityID identifier
-     * @param mixed  $entityIdAttr
+     * @param string $entityIdAttr entity id attribute
      *
      * @return Facility facility
      */
@@ -181,12 +182,13 @@ abstract public function getFacilityByEntityId($spEntityId, $entityIdAttr);
     abstract public function getFacilityByClientId($clientId, $clientIdAttr);
 
     /**
-     * @param string $spEntityId entity id of the sp
+     * @param string $spEntityId   entity id of the sp
      * @param int    $userId
+     * @param string $entityIdAttr entity id attribute
      *
      * @return Group[] from vo which are assigned to all facilities with spEntityId for this userId
      */
-    abstract public function getUsersGroupsOnFacility($spEntityId, $userId);
+    abstract public function getUsersGroupsOnFacility($spEntityId, $userId, $entityIdAttr);
 
     /**
      * @param Facility $facility entity id of the sp
@@ -263,19 +265,21 @@ abstract public function getMemberStatusByUserAndVo($user, $vo);
     abstract public function isUserInVo($user, $voShortName);
 
     /**
-     * @param int   $entityId   entityId
-     * @param array $userGroups of groups where user belongs to
+     * @param int    $entityId     entityId
+     * @param array  $userGroups   of groups where user belongs to
+     * @param string $entityIdAttr entity id attribute
      *
      * @return array of resource capabilities
      */
-    abstract public function getResourceCapabilities($entityId, $userGroups);
+    abstract public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr);
 
     /**
-     * @param int $entityId entityId
+     * @param int    $entityId     entityId
+     * @param string $entityIdAttr entity id attribute
      *
      * @return array of facility capabilities
      */
-    abstract public function getFacilityCapabilities($entityId);
+    abstract public function getFacilityCapabilities($entityId, $entityIdAttr);
 
     /**
      * @param HasId[] $entities

lib/AdapterLdap.php

@@ -199,9 +199,9 @@ public function getGroupsWhereMemberIsActive($user, $vo)
         return $groups;
     }
 
-    public function getSpGroups(string $spEntityId): array
+    public function getSpGroups(string $spEntityId, string $entityIdAttr = 'perunFacilityAttr_entityID'): array
     {
-        $facility = $this->getFacilityByEntityId($spEntityId);
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
 
         return $this->getSpGroupsByFacility($facility);
     }
@@ -471,9 +471,9 @@ public function setUserExtSourceAttributes($userExtSourceId, $attributes)
         $this->fallbackAdapter->setUserExtSourceAttributes($userExtSourceId, $attributes);
     }
 
-    public function getUsersGroupsOnFacility($spEntityId, $userId)
+    public function getUsersGroupsOnFacility($spEntityId, $userId, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
-        $facility = $this->getFacilityByEntityId($spEntityId);
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
 
         return self::getUsersGroupsOnSp($facility, $userId);
     }
@@ -560,9 +560,9 @@ public function isUserInVo($user, $voShortName)
         return $this->getMemberStatusByUserAndVo($user, $vo) === Member::VALID;
     }
 
-    public function getResourceCapabilities($entityId, $userGroups)
+    public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
-        $facility = $this->getFacilityByEntityId($entityId);
+        $facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
 
         if ($facility === null) {
             return [];
@@ -603,11 +603,13 @@ public function getResourceCapabilities($entityId, $userGroups)
         return $resourceCapabilities;
     }
 
-    public function getFacilityCapabilities($entityId)
+    public function getFacilityCapabilities($entityId, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
+        $attrName = AttributeUtils::getLdapAttrName($entityIdAttr);
+
         $facilityCapabilities = $this->connector->searchForEntity(
             $this->ldapBase,
-            '(&(objectClass=perunFacility)(entityID=' . $entityId . '))',
+            '(&(objectClass=perunFacility)(' . $attrName . '=' . $entityId . '))',
             [self::CAPABILITIES]
         );
 

lib/AdapterRpc.php

@@ -201,9 +201,9 @@ public function getGroupsWhereMemberIsActive($user, $vo)
         return $convertedGroups;
     }
 
-    public function getSpGroups(string $spEntityId): array
+    public function getSpGroups(string $spEntityId, string $entityIdAttr = 'perunFacilityAttr_entityID'): array
     {
-        $facility = $this->getFacilityByEntityId($spEntityId);
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
 
         if ($facility === null) {
             return [];
@@ -385,9 +385,9 @@ public function getFacilityAttribute($facility, $attrName)
         return $perunAttr['value'];
     }
 
-    public function getUsersGroupsOnFacility($spEntityId, $userId)
+    public function getUsersGroupsOnFacility($spEntityId, $userId, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
-        $facility = $this->getFacilityByEntityId($spEntityId);
+        $facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
 
         return self::getUsersGroupsOnSp($facility, $userId);
     }
@@ -649,9 +649,9 @@ public function getMemberStatusByUserAndVo($user, $vo)
         return $member->getStatus();
     }
 
-    public function getResourceCapabilities($entityId, $userGroups)
+    public function getResourceCapabilities($entityId, $userGroups, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
-        $facility = $this->getFacilityByEntityId($entityId);
+        $facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
 
         if ($facility === null) {
             return [];
@@ -694,9 +694,9 @@ public function getResourceCapabilities($entityId, $userGroups)
         return $capabilities;
     }
 
-    public function getFacilityCapabilities($entityId)
+    public function getFacilityCapabilities($entityId, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
-        $facility = $this->getFacilityByEntityId($entityId);
+        $facility = $this->getFacilityByEntityId($entityId, $entityIdAttr);
 
         if ($facility === null) {
             return [];

lib/Auth/Process/PerunIdentity.php

@@ -79,6 +79,10 @@ class PerunIdentity extends \SimpleSAML\Auth\ProcessingFilter
 
     public const MODES = [self::MODE_FULL, self::MODE_USERONLY];
 
+    public const CONFIG_FILE_NAME = 'module_perun.php';
+
+    public const ENTITY_ID_ATTR = 'entityIdAttr';
+
     private $uidsAttr;
 
     private $registerUrlBase;
@@ -117,6 +121,8 @@ class PerunIdentity extends \SimpleSAML\Auth\ProcessingFilter
 
     private $facilityAllowRegistrationToGroupsAttr;
 
+    private $entityIdAttr;
+
     /**
      * @var Adapter
      */
@@ -201,6 +207,13 @@ public function __construct($config, $reserved)
             );
         }
 
+        try {
+            $configuration = Configuration::getConfig(self::CONFIG_FILE_NAME);
+            $this->entityIdAttr = $configuration->getString(self::ENTITY_ID_ATTR, null);
+        } catch (Exception $e) {
+            $this->entityIdAttr = null;
+        }
+
         $this->adapter = Adapter::getInstance($this->interface);
         $this->rpcAdapter = new AdapterRpc();
     }
@@ -263,7 +276,10 @@ public function process(&$request)
 
             $this->checkMemberStateDefaultVo($request, $user, $uids);
 
-            $groups = $this->adapter->getUsersGroupsOnFacility($this->spEntityId, $user->getId());
+            $groups = $this->entityIdAttr === null ? $this->adapter->getUsersGroupsOnFacility(
+                $this->spEntityId,
+                $user->getId()
+            ) : $this->adapter->getUsersGroupsOnFacility($this->spEntityId, $user->getId(), $this->entityIdAttr);
 
             if ($this->checkGroupMembership && empty($groups)) {
                 if ($this->allowRegistrationToGroups) {

lib/EntitlementUtils.php

@@ -4,6 +4,7 @@
 
 namespace SimpleSAML\Module\perun;
 
+use SimpleSAML\Configuration;
 use SimpleSAML\Error\Exception;
 use SimpleSAML\Logger;
 
@@ -20,6 +21,10 @@ class EntitlementUtils
 
     public const DISPLAY_NAME = 'displayName';
 
+    public const CONFIG_FILE_NAME = 'module_perun.php';
+
+    public const ENTITY_ID_ATTR = 'entityIdAttr';
+
     public static function getForwardedEduPersonEntitlement(&$request, $adapter, $forwardedEduPersonEntitlement)
     {
         $result = [];
@@ -61,8 +66,20 @@ public static function getCapabilities(&$request, $adapter, $prefix, $authority,
         $capabilitiesResult = [];
 
         try {
-            $resourceCapabilities = $adapter->getResourceCapabilities($spEntityId, $request['perun']['groups']);
-            $facilityCapabilities = $adapter->getFacilityCapabilities($spEntityId);
+            $configuration = Configuration::getConfig(self::CONFIG_FILE_NAME);
+            $entityIdAttr = $configuration->getString(self::ENTITY_ID_ATTR, null);
+        } catch (Exception $e) {
+            $entityIdAttr = null;
+        }
+
+        try {
+            $resourceCapabilities = $entityIdAttr === null ? $adapter->getResourceCapabilities(
+                $spEntityId,
+                $request['perun']['groups']
+            ) : $adapter->getResourceCapabilities($spEntityId, $request['perun']['groups'], $entityIdAttr);
+            $facilityCapabilities = $entityIdAttr === null ? $adapter->getFacilityCapabilities(
+                $spEntityId
+            ) : $adapter->getFacilityCapabilities($spEntityId, $entityIdAttr);
         } catch (Exception $exception) {
             Logger::error(
                 'perun:EntitlementUtils: Exception ' . $exception->getMessage() .

www/perun_identity_choose_vo_and_group.php

@@ -17,12 +17,25 @@
  *
  * See PerunIdentity for mor information.
  */
+const CONFIG_FILE_NAME = 'module_perun.php';
+const ENTITY_ID_ATTR = 'entityIdAttr';
+
+try {
+    $configuration = Configuration::getConfig(CONFIG_FILE_NAME);
+    $entityIdAttr = $configuration->getString(ENTITY_ID_ATTR, null);
+} catch (Exception $e) {
+    $entityIdAttr = null;
+}
+
 $adapter = Adapter::getInstance($_REQUEST[PerunIdentity::INTERFACE_PROPNAME]);
 $rpcAdapter = new AdapterRpc();
 $spEntityId = $_REQUEST['spEntityId'];
 $vosIdForRegistration = $_REQUEST['vosIdForRegistration'];
 $stateId = $_REQUEST['stateId'];
-$spGroups = $adapter->getSpGroups($spEntityId);
+$spGroups = $entityIdAttr === null ? $adapter->getSpGroups($spEntityId) : $adapter->getSpGroups(
+    $spEntityId,
+    $entityIdAttr
+);
 $registerUrlBase = $_REQUEST[PerunIdentity::REGISTER_URL_BASE];
 $vosForRegistration = [];
 $groupsForRegistration = [];