Merge pull request #1123 from nextcloud/fix/noid/gss-session-data

julien-nc · web-flow · commit 1d899b2c1e13 · 2025-06-05T10:14:33.000+02:00
Set the gss session data in the controller rather than in the service
diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
@@ -533,7 +533,9 @@ public function code(string $state = '', string $code = '', string $scope = '',
 				return $this->build403TemplateResponse($message, Http::STATUS_BAD_REQUEST, ['reason' => 'non-soft auto provision, user conflict'], false);
 			}
 			// use potential user from other backend, create it in our backend if it does not exist
-			$user = $this->provisioningService->provisionUser($userId, $providerId, $idTokenPayload, $userFromOtherBackend);
+			$provisioningResult = $this->provisioningService->provisionUser($userId, $providerId, $idTokenPayload, $userFromOtherBackend);
+			$user = $provisioningResult['user'];
+			$this->session->set('user_oidc.oidcUserData', $provisioningResult['userData']);
 		} else {
 			// when auto provision is disabled, we assume the user has been created by another user backend (or manually)
 			$user = $userFromOtherBackend;
diff --git a/lib/Service/ProvisioningService.php b/lib/Service/ProvisioningService.php
@@ -13,6 +13,7 @@
 use OCA\UserOIDC\Db\UserMapper;
 use OCA\UserOIDC\Event\AttributeMappedEvent;
 use OCP\Accounts\IAccountManager;
+use OCP\Accounts\PropertyDoesNotExistException;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Db\MultipleObjectsReturnedException;
 use OCP\DB\Exception;
@@ -26,6 +27,7 @@
 use OCP\IUser;
 use OCP\IUserManager;
 use OCP\L10N\IFactory;
+use OCP\PreConditionNotMetException;
 use OCP\User\Events\UserChangedEvent;
 use Psr\Log\LoggerInterface;
 use Throwable;
@@ -104,15 +106,18 @@ public function getClaimValue(object|array $tokenPayload, string $claimPath, int
 
 		return null;
 	}
+
 	/**
 	 * @param string $tokenUserId
 	 * @param int $providerId
 	 * @param object $idTokenPayload
 	 * @param IUser|null $existingLocalUser
-	 * @return IUser|null
+	 * @return array{user: ?IUser, userData: array}
 	 * @throws Exception
+	 * @throws PropertyDoesNotExistException
+	 * @throws PreConditionNotMetException
 	 */
-	public function provisionUser(string $tokenUserId, int $providerId, object $idTokenPayload, ?IUser $existingLocalUser = null): ?IUser {
+	public function provisionUser(string $tokenUserId, int $providerId, object $idTokenPayload, ?IUser $existingLocalUser = null): array {
 		// user data potentially later used by globalsiteselector if user_oidc is used with global scale
 		$oidcGssUserData = get_object_vars($idTokenPayload);
 
@@ -191,15 +196,21 @@ public function provisionUser(string $tokenUserId, int $providerId, object $idTo
 			$isUserCreationDisabled = isset($oidcSystemConfig['disable_account_creation'])
 				&& in_array($oidcSystemConfig['disable_account_creation'], [true, 'true', 1, '1'], true);
 			if ($isUserCreationDisabled) {
-				return null;
+				return [
+					'user' => null,
+					'userData' => $oidcGssUserData,
+				];
 			}
 
 			$backendUser = $this->userMapper->getOrCreate($providerId, $event->getValue() ?? '');
 			$this->logger->debug('User obtained from the OIDC user backend: ' . $backendUser->getUserId());
 
 			$user = $this->userManager->get($backendUser->getUserId());
 			if ($user === null) {
-				return null;
+				return [
+					'user' => null,
+					'userData' => $oidcGssUserData,
+				];
 			}
 		}
 
@@ -413,8 +424,6 @@ public function provisionUser(string $tokenUserId, int $providerId, object $idTo
 			$account->setProperty('gender', $event->getValue(), $fallbackScope, '1', '');
 		}
 
-		$this->session->set('user_oidc.oidcUserData', $oidcGssUserData);
-
 		while (true) {
 			try {
 				$this->accountManager->updateAccount($account);
@@ -432,7 +441,10 @@ public function provisionUser(string $tokenUserId, int $providerId, object $idTo
 				throw $e;
 			}
 		}
-		return $user;
+		return [
+			'user' => $user,
+			'userData' => $oidcGssUserData,
+		];
 	}
 
 	/**
diff --git a/lib/User/Provisioning/SelfEncodedTokenProvisioning.php b/lib/User/Provisioning/SelfEncodedTokenProvisioning.php
@@ -34,6 +34,7 @@ public function provisionUser(Provider $provider, string $tokenUserId, string $b
 			return null;
 		}
 
-		return $this->provisioningService->provisionUser($tokenUserId, $provider->getId(), $payload, $userFromOtherBackend);
+		$provisioningResult = $this->provisioningService->provisionUser($tokenUserId, $provider->getId(), $payload, $userFromOtherBackend);
+		return $provisioningResult['user'];
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ public function provisionUser(Provider $provider, string $tokenUserId, string $b`
`34`	`34`	`return null;`
`35`	`35`	`}`
`36`	`36`
`37`		`- return $this->provisioningService->provisionUser($tokenUserId, $provider->getId(), $payload, $userFromOtherBackend);`
	`37`	`+ $provisioningResult = $this->provisioningService->provisionUser($tokenUserId, $provider->getId(), $payload, $userFromOtherBackend);`
	`38`	`+ return $provisioningResult['user'];`
`38`	`39`	`}`
`39`	`40`	`}`