From 427ce082faa9c74fb843a2bda719adf4ca034618 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 20 Nov 2023 17:06:12 +0100 Subject: [inc/User] Verify organization ID exists before deploying user into DB --- inc/user.inc.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/inc/user.inc.php b/inc/user.inc.php index 93c13e0..bc07f5d 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -123,6 +123,10 @@ class User return self::$user['organization']; } + /** + * Return user's organization, or null if not known in our DB. + * @return ?array{organizationid: string, name: string} + */ public static function getOrganization(): ?array { if (!self::isLoggedIn()) @@ -242,11 +246,16 @@ class User return true; } - public static function deploy($anonymous, $existingLogin = false) + public static function deploy(bool $anonymous, $existingLogin = false): bool { if (empty(self::$user['shibid'])) Util::traceError('NO SHIBID'); + if (self::getOrganizationId() === null) { + Message::addError('Your home organization ID {{0}} is not known to this server', self::getRemoteOrganizationId()); + Util::redirect('?do=Main'); + } + // Merging with test-account: if (!empty($existingLogin)) { if ($anonymous) { -- cgit v1.2.3-55-g7522