Create a new DB user when somebody logs in using SAML

2025-07-15 04:44:36 +02:00 · 2023-02-20 23:04:20 +01:00 · 2023-02-20 23:04:20 +01:00 · 78ec0f1ea3
commit 78ec0f1ea3
parent c0b74d83a5
6 changed files with 75 additions and 18 deletions
--- a/src/Entity/UserSystem/User.php
+++ b/src/Entity/UserSystem/User.php
@ -30,6 +30,7 @@ use App\Security\Interfaces\HasPermissionsInterface;
 use App\Validator\Constraints\Selectable;
 use App\Validator\Constraints\ValidPermission;
 use App\Validator\Constraints\ValidTheme;
+use Hslavich\OneloginSamlBundle\Security\User\SamlUserInterface;
 use Jbtronics\TFAWebauthn\Model\LegacyU2FKeyInterface;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Webauthn\PublicKeyCredentialUserEntity;
@ -60,7 +61,8 @@ use Jbtronics\TFAWebauthn\Model\TwoFactorInterface as WebauthnTwoFactorInterface
 * @ORM\EntityListeners({"App\EntityListeners\TreeCacheInvalidationListener"})
 * @UniqueEntity("name", message="validator.user.username_already_used")
 */
-class User extends AttachmentContainingDBElement implements UserInterface, HasPermissionsInterface, TwoFactorInterface, BackupCodeInterface, TrustedDeviceInterface, WebauthnTwoFactorInterface, PreferredProviderInterface, PasswordAuthenticatedUserInterface
+class User extends AttachmentContainingDBElement implements UserInterface, HasPermissionsInterface, TwoFactorInterface,
+                                                            BackupCodeInterface, TrustedDeviceInterface, WebauthnTwoFactorInterface, PreferredProviderInterface, PasswordAuthenticatedUserInterface, SamlUserInterface
 {
    //use MasterAttachmentTrait;

@ -860,4 +862,23 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
    {
        $this->webauthn_keys->add($webauthnKey);
    }
+
+    public function setSamlAttributes(array $attributes)
+    {
+        //When mail attribute exists, set it
+        if (isset($attributes['email'])) {
+            $this->setEmail($attributes['email'][0]);
+        }
+        //When first name attribute exists, set it
+        if (isset($attributes['firstName'])) {
+            $this->setFirstName($attributes['firstName'][0]);
+        }
+        //When last name attribute exists, set it
+        if (isset($attributes['lastName'])) {
+            $this->setLastName($attributes['lastName'][0]);
+        }
+        if (isset($attributes['department'])) {
+            $this->setDepartment($attributes['department'][0]);
+        }
+    }
 }
--- a/src/EventSubscriber/UserSystem/LoginSuccessSubscriber.php
+++ b/src/EventSubscriber/UserSystem/LoginSuccessSubscriber.php
@ -57,10 +57,11 @@ final class LoginSuccessSubscriber implements EventSubscriberInterface
        $ip = $event->getRequest()->getClientIp();
        $log = new UserLoginLogEntry($ip, $this->gpdr_compliance);
        $user = $event->getAuthenticationToken()->getUser();
-        if ($user instanceof User) {
+        if ($user instanceof User && $user->getID()) {
            $log->setTargetElement($user);
+            $this->eventLogger->logAndFlush($log);
        }
-        $this->eventLogger->logAndFlush($log);
+

        $this->flashBag->add('notice', $this->translator->trans('flash.login_successful'));
    }
--- a/src/Security/SamlUserFactory.php
+++ b/src/Security/SamlUserFactory.php
@ -0,0 +1,41 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace App\Security;
+
+use App\Entity\UserSystem\User;
+use Hslavich\OneloginSamlBundle\Security\User\SamlUserFactoryInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class SamlUserFactory implements SamlUserFactoryInterface
+{
+    public function createUser($username, array $attributes = []): UserInterface
+    {
+        $user = new User();
+        $user->setName($username);
+        $user->setNeedPwChange(false);
+        $user->setPassword('$$SAML$$');
+
+        $user->setSamlAttributes($attributes);
+
+
+        return $user;
+    }
+}