From d308379fb30894f8652525f877facdec2d8d58c0 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 7 Dec 2018 10:07:50 +0100
Subject: Improve shibboleth eppn/affiliation handling

---
 inc/user.inc.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'inc/user.inc.php')

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 70a6cdb..fe43abe 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -148,6 +148,7 @@ class User
 
 	public static function load()
 	{
+		//file_put_contents('/tmp/test-' . time(), print_r($_SERVER, true));
 		if (self::isLoggedIn())
 			return true;
 		$hasSession = Session::load();
@@ -208,8 +209,12 @@ class User
 		else
 			self::$user['role'] = 'STUDENT';
 		// Try to figure out organization
-		if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out))
+		if (isset($_SERVER['eppn']) && preg_match('/@([0-9a-zA-Z\-\._]+)$/', $_SERVER['eppn'], $out)) {
 			self::$user['organization'] = $out[1];
+		}
+		if (!isset(self::$user['organization']) && isset($_SERVER['affiliation']) && preg_match('/@([0-9a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) {
+			self::$user['organization'] = $out[1];
+		}
 		// Get matching db entry if any
 		$user = Database::queryFirst('SELECT userid, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId));
 		if ($user === false) {
-- 
cgit v1.2.3-55-g7522