bookstack/app/Access/Oidc/OidcUserDetails.php

<?php

namespace BookStack\Access\Oidc;

use Illuminate\Support\Arr;

class OidcUserDetails
{
    public function __construct(
        public ?string $externalId = null,
        public ?string $email = null,
        public ?string $name = null,
        public ?array $groups = null,
    ) {
    }

    /**
     * Check if the user details are fully populated for our usage.
     */
    public function isFullyPopulated(bool $groupSyncActive): bool
    {
        $hasEmpty = empty($this->externalId)
            || empty($this->email)
            || empty($this->name)
            || ($groupSyncActive && $this->groups === null);

        return !$hasEmpty;
    }

    /**
     * Populate user details from the given claim data.
     */
    public function populate(
        ProvidesClaims $claims,
        string $idClaim,
        string $displayNameClaims,
        string $groupsClaim,
    ): void {
        $this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;
        $this->email = $claims->getClaim('email') ?? $this->email;
        $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;
        $this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;
    }

    protected static function getUserDisplayName(string $displayNameClaims, ProvidesClaims $token): string
    {
        $displayNameClaimParts = explode('|', $displayNameClaims);

        $displayName = [];
        foreach ($displayNameClaimParts as $claim) {
            $component = $token->getClaim(trim($claim)) ?? '';
            if ($component !== '') {
                $displayName[] = $component;
            }
        }

        return implode(' ', $displayName);
    }

    protected static function getUserGroups(string $groupsClaim, ProvidesClaims $token): ?array
    {
        if (empty($groupsClaim)) {
            return null;
        }

        $groupsList = Arr::get($token->getAllClaims(), $groupsClaim);
        if (!is_array($groupsList)) {
            return null;
        }

        return array_values(array_filter($groupsList, function ($val) {
            return is_string($val);
        }));
    }
}
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`<?php`

			`namespace BookStack\Access\Oidc;`

			`use Illuminate\Support\Arr;`

			`class OidcUserDetails`
			`{`
			`public function __construct(`
			`public ?string $externalId = null,`
			`public ?string $email = null,`
			`public ?string $name = null,`
			`public ?array $groups = null,`
			`) {`
			`}`

			`/**`
			`* Check if the user details are fully populated for our usage.`
			`*/`
			`public function isFullyPopulated(bool $groupSyncActive): bool`
			`{`
			`$hasEmpty = empty($this->externalId)`
			`\|\| empty($this->email)`
			`\|\| empty($this->name)`
OIDC: Fixed incorrect detection of group detail population An empty (but valid formed) groups list provided via the OIDC ID token would be considered as a lacking detail, and therefore trigger a lookup to the userinfo endpoint in an attempt to get that information. This fixes this to properly distinguish between not-provided and empty state, to avoid userinfo where provided as valid but empty. Includes test to cover. For #5101 2024-07-14 21:21:16 +08:00			`\|\| ($groupSyncActive && $this->groups === null);`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00
			`return !$hasEmpty;`
			`}`

			`/**`
OIDC Userinfo: Started writing tests to cover userinfo calling 2024-04-18 06:24:57 +08:00			`* Populate user details from the given claim data.`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`*/`
OIDC Userinfo: Added userinfo data validation, seperated from id token Wrapped userinfo response in its own class for additional handling and validation. Updated userdetails to take abstract claim data, to be populated by either userinfo data or id token data. 2024-04-18 01:23:58 +08:00			`public function populate(`
			`ProvidesClaims $claims,`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`string $idClaim,`
			`string $displayNameClaims,`
			`string $groupsClaim,`
OIDC Userinfo: Added userinfo data validation, seperated from id token Wrapped userinfo response in its own class for additional handling and validation. Updated userdetails to take abstract claim data, to be populated by either userinfo data or id token data. 2024-04-18 01:23:58 +08:00			`): void {`
			`$this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;`
			`$this->email = $claims->getClaim('email') ?? $this->email;`
OIDC Userinfo: Started writing tests to cover userinfo calling 2024-04-18 06:24:57 +08:00			`$this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;`
OIDC Userinfo: Added userinfo data validation, seperated from id token Wrapped userinfo response in its own class for additional handling and validation. Updated userdetails to take abstract claim data, to be populated by either userinfo data or id token data. 2024-04-18 01:23:58 +08:00			`$this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`}`

OIDC Userinfo: Started writing tests to cover userinfo calling 2024-04-18 06:24:57 +08:00			`protected static function getUserDisplayName(string $displayNameClaims, ProvidesClaims $token): string`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`{`
			`$displayNameClaimParts = explode('\|', $displayNameClaims);`

			`$displayName = [];`
			`foreach ($displayNameClaimParts as $claim) {`
			`$component = $token->getClaim(trim($claim)) ?? '';`
			`if ($component !== '') {`
			`$displayName[] = $component;`
			`}`
			`}`

			`return implode(' ', $displayName);`
			`}`

OIDC: Fixed incorrect detection of group detail population An empty (but valid formed) groups list provided via the OIDC ID token would be considered as a lacking detail, and therefore trigger a lookup to the userinfo endpoint in an attempt to get that information. This fixes this to properly distinguish between not-provided and empty state, to avoid userinfo where provided as valid but empty. Includes test to cover. For #5101 2024-07-14 21:21:16 +08:00			`protected static function getUserGroups(string $groupsClaim, ProvidesClaims $token): ?array`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`{`
			`if (empty($groupsClaim)) {`
OIDC: Fixed incorrect detection of group detail population An empty (but valid formed) groups list provided via the OIDC ID token would be considered as a lacking detail, and therefore trigger a lookup to the userinfo endpoint in an attempt to get that information. This fixes this to properly distinguish between not-provided and empty state, to avoid userinfo where provided as valid but empty. Includes test to cover. For #5101 2024-07-14 21:21:16 +08:00			`return null;`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`}`

			`$groupsList = Arr::get($token->getAllClaims(), $groupsClaim);`
			`if (!is_array($groupsList)) {`
OIDC: Fixed incorrect detection of group detail population An empty (but valid formed) groups list provided via the OIDC ID token would be considered as a lacking detail, and therefore trigger a lookup to the userinfo endpoint in an attempt to get that information. This fixes this to properly distinguish between not-provided and empty state, to avoid userinfo where provided as valid but empty. Includes test to cover. For #5101 2024-07-14 21:21:16 +08:00			`return null;`
OIDC: Extracted user detail handling to own OidcUserDetails class Allows a proper defined object instead of an array an extracts related logic out of OidcService. Updated userinfo to only be called if we're missing details. 2024-04-17 01:10:32 +08:00			`}`

			`return array_values(array_filter($groupsList, function ($val) {`
			`return is_string($val);`
			`}));`
			`}`
			`}`