Add: GUID Transformation Callable

silverstripe · Jun 12, 2019 · 293a588 · 293a588
1 parent 5d1ea13
commit 293a588
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 0 deletions.
diff --git a/_config/saml.yml b/_config/saml.yml
@@ -21,6 +21,7 @@ SilverStripe\SAML\Services\SAMLConfiguration:
   debug: false
   expect_binary_nameid: true
   allow_insecure_email_linking: false
+  guid_transformation_callable: null
   Security:
     # Algorithm that the toolkit will use on signing process. Options:
     #  - 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'

diff --git a/docs/en/developer.md b/docs/en/developer.md
@@ -21,6 +21,7 @@ We assume ADFS 2.0 or greater is used as an IdP.
   - [Service Provider (SP)](#service-provider-sp)
   - [Identity Provider (IdP)](#identity-provider-idp)
   - [Additional configuration for Azure AD](#additional-configuration-for-azure-ad)
+  - [GUID Transformation Callable](#guid-transformation-callable)
 - [Establish trust](#establish-trust)
 - [Configure SilverStripe Authenticators](#configure-silverstripe-authenticators)
   - [Show the SAML Login button on login form](#show-the-saml-login-button-on-login-form)
@@ -149,6 +150,18 @@ SilverStripe\SAML\Extensions\SAMLMemberExtension:
     - 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'Email'
 ```
 
+### GUID Transformation Callable
+
+If you prefer received GUID in lower-case or upper-case format you can use option `guid_transformation_callable`
+to change GUID format. This option is `null` by default - no change will be applied.
+
+For example to change received GUID to upper-case just define callable (as string) in yaml configuration:
+```yaml
+SilverStripe\SAML\Services\SAMLConfiguration:
+  guid_transformation_callable: 'strtoupper'
+```
+`$guid` will be passed as first argument to any given callable
+
 ## Establish trust
 
 At this stage the SilverStripe site trusts the IdP, but the IdP does not have any way to establish the identity of the SilverStripe site.

diff --git a/src/Control/SAMLController.php b/src/Control/SAMLController.php
@@ -147,6 +147,11 @@ public function acs()
             $guid = $auth->getNameId();
         }
 
+        $guidTransformation = Config::inst()->get(SAMLConfiguration::class, 'guid_transformation_callable');
+        if ($guidTransformation !== null) {
+            $guid = $guidTransformation($guid);
+        }
+
         $attributes = $auth->getAttributes();
 
         $fieldToClaimMap = array_flip(Member::config()->claims_field_mappings);

diff --git a/src/Services/SAMLConfiguration.php b/src/Services/SAMLConfiguration.php
@@ -71,6 +71,14 @@ class SAMLConfiguration
      */
     private static $allow_insecure_email_linking = false;
 
+    /**
+     * @config
+     * @var null|string|callable transform received GUID by given callable, if null
+     *
+     * defaults to null - no change is applied on received guid
+     */
+    private static $guid_transformation_callable;
+
     /**
      * @return array
      */
@@ -184,6 +192,17 @@ public function asArray()
             'wantXMLValidation' => true,
         ];
 
+        $guidTransformationCallback = $this->config()->get('guid_transformation_callable');
+        if ($guidTransformationCallback !== null && !is_callable($guidTransformationCallback)) {
+            throw new \InvalidArgumentException(
+                sprintf(
+                    '%s::guid_transformation_callback must be null or callable, `%s` given',
+                    static::class,
+                    var_export($guidTransformationCallback, true)
+                )
+            );
+        }
+
         return $conf;
     }
 }