From 094ea9b5ab16eb70db94320c0703912884c6c5bc Mon Sep 17 00:00:00 2001
From: Petar Hristov <hristov@itc.rwth-aachen.de>
Date: Wed, 20 Oct 2021 10:46:36 +0200
Subject: [PATCH] Update: Added organization check (rpdm/issues#40)

---
 src/STS/Controllers/ShibbolethController.cs | 22 ++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/STS/Controllers/ShibbolethController.cs b/src/STS/Controllers/ShibbolethController.cs
index 67f6f65..cbd0ac8 100644
--- a/src/STS/Controllers/ShibbolethController.cs
+++ b/src/STS/Controllers/ShibbolethController.cs
@@ -54,8 +54,8 @@ namespace Coscine.Api.STS.Controllers
             var entityId = entity[(entity.IndexOf("NameQualifier=\"") + "NameQualifier=\"".Length)..];
             entityId = entityId.Substring(0, entityId.IndexOf("\""));
 
-            var mapping = externalIdModel.GetAllWhere((map) => 
-                map.ExternalId1 == identifier 
+            var mapping = externalIdModel.GetAllWhere((map) =>
+                map.ExternalId1 == identifier
                 && map.ExternalAuthenticatorId == shibbolethAuthItem.Id
                 && map.Organization == entityId
             );
@@ -88,20 +88,24 @@ namespace Coscine.Api.STS.Controllers
             var organization = _rdfStoreConnector.GetOrganization(entityId, identifier);
 
             // Can only update data if an org was found.
-            if(organization != null)
+            if (organization != null)
             {
                 // Drop old membership infromation.
                 _rdfStoreConnector.RemoveMembershipData(userGraphName, organization);
 
                 // Reverse lookup...
                 var eduPersonScopedAffiliation = info.Principal.FindAll(ShibbolethAttributeMapping.LabelMapping.FirstOrDefault(x => x.Value == "Entitlement").Key);
-                if (eduPersonScopedAffiliation.Any(x => x.Value.StartsWith("employee@"))
-                    // Check for test shib (employee user is actually member...).
-                    || (eduPersonScopedAffiliation.Any(x => x.Value.StartsWith("member@") && entityId == "https://login-test.rz.rwth-aachen.de/shibboleth")))
+                var orgFromId = _rdfStoreConnector.GetOrgnizationWithIdentifier(identifier);
+                if (eduPersonScopedAffiliation.Any(x => x.Value.StartsWith("employee@")))
                 {
                     // Add membership information.
                     _rdfStoreConnector.AddMemebershipData(userGraphName, organization);
                 }
+                else if (orgFromId != null)
+                {
+                    // Add membership information.
+                    _rdfStoreConnector.AddMemebershipData(userGraphName, orgFromId);
+                }
             }
 
             var coscineUser = new CoscineUser()
@@ -109,12 +113,12 @@ namespace Coscine.Api.STS.Controllers
                 UserName = user.Id.ToString(),
                 Email = user.EmailAddress ?? ""
             };
-            
+
             var result = await _signInManager.UserManager.CreateAsync(coscineUser);
             result = await _signInManager.UserManager.AddLoginAsync(coscineUser, info);
-            await _signInManager.SignInAsync(coscineUser, isPersistent: false);            
+            await _signInManager.SignInAsync(coscineUser, isPersistent: false);
 
-            return Redirect(UrlGenerator.ExtendReturnUrl(returnUrl, Request));            
+            return Redirect(UrlGenerator.ExtendReturnUrl(returnUrl, Request));
         }
 
         /// <summary>
-- 
GitLab