From 242b0e0a204db1dcf9ea453ec1a86618fc740ebf Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 22 Jan 2021 10:34:42 +0100
Subject: [deploy] Improve account merging

* Make matching of name and email case insensitive
* Add config option to allow/disallow merging with existing shib-account
---
 modules/register.inc.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'modules/register.inc.php')

diff --git a/modules/register.inc.php b/modules/register.inc.php
index aa2b94c..f55e900 100644
--- a/modules/register.inc.php
+++ b/modules/register.inc.php
@@ -30,7 +30,7 @@ class Page_Register extends Page
 		}
 		if ($testLogin !== false) {
 			// Check if one of firstname, lastname or email matches
-			$user = Database::queryFirst('SELECT firstname, lastname, email, organizationid FROM user WHERE userid = :login LIMIT 1',
+			$user = Database::queryFirst('SELECT firstname, lastname, email, password, organizationid FROM user WHERE userid = :login LIMIT 1',
 					array('login' => $testLogin));
 			if ($user === false || User::getOrganizationId() !== $user['organizationid']) {
 				// Invalid Login
@@ -38,9 +38,13 @@ class Page_Register extends Page
 					. ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', $testLogin, CONFIG_SUITE);
 				Util::redirect('?do=Main');
 			}
-			if (User::getLastName() !== $user['lastname']
-				|| User::getFirstName() !== $user['firstname']
-				|| User::getMail() !== $user['email']) {
+			if (empty($user['password']) && !CONFIG_ALLOW_SHIB_MERGE) {
+				Message::addError('Verknüpfung mit altem Shibboleth-basiertem Account nicht erlaubt');
+				Util::redirect('?do=Main');
+			}
+			if (strcasecmp(User::getLastName(), $user['lastname']) !== 0
+				|| strcasecmp(User::getFirstName(), $user['firstname']) !== 0
+				|| strcasecmp(User::getMail(), $user['email']) !== 0) {
 				// No match by personal information
 				Message::addError('Ihre Metadaten stimmen nicht mit dem Test-Account {{0}} überein. '
 					. ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', $testLogin, CONFIG_SUITE);
-- 
cgit v1.2.3-55-g7522