diff --git a/app-modules/authorization/database/migrations/2024_12_30_200843_2024_12_30_142708_add_matching_property_to_azure_sso_settings.php b/app-modules/authorization/database/migrations/2024_12_30_200843_2024_12_30_142708_add_matching_property_to_azure_sso_settings.php new file mode 100644 index 000000000..db8ce0a5e --- /dev/null +++ b/app-modules/authorization/database/migrations/2024_12_30_200843_2024_12_30_142708_add_matching_property_to_azure_sso_settings.php @@ -0,0 +1,59 @@ + + + Copyright © 2016-2025, Canyon GBS LLC. All rights reserved. + + Aiding App™ is licensed under the Elastic License 2.0. For more details, + see + + Notice: + + - You may not provide the software to third parties as a hosted or managed + service, where the service provides users with access to any substantial set of + the features or functionality of the software. + - You may not move, change, disable, or circumvent the license key functionality + in the software, and you may not remove or obscure any functionality in the + software that is protected by the license key. + - You may not alter, remove, or obscure any licensing, copyright, or other notices + of the licensor in the software. Any use of the licensor’s trademarks is subject + to applicable law. + - Canyon GBS LLC respects the intellectual property rights of others and expects the + same in return. Canyon GBS™ and Aiding App™ are registered trademarks of + Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks + vigorously. + - The software solution, including services, infrastructure, and code, is offered as a + Software as a Service (SaaS) by Canyon GBS LLC. + - Use of this software implies agreement to the license terms and conditions as stated + in the Elastic License 2.0. + + For more information or inquiries please visit our website at + or contact us via email at legal@canyongbs.com. + + +*/ + +use Spatie\LaravelSettings\Exceptions\SettingAlreadyExists; +use Spatie\LaravelSettings\Migrations\SettingsBlueprint; +use Spatie\LaravelSettings\Migrations\SettingsMigration; + +return new class () extends SettingsMigration { + public function up(): void + { + $this->migrator->inGroup('azure_sso', function (SettingsBlueprint $blueprint): void { + try { + $blueprint->add('matching_property', 'user_principal_name'); + } catch (SettingAlreadyExists $e) { + // Ignore + } + }); + } + + public function down(): void + { + $this->migrator->inGroup('azure_sso', function (SettingsBlueprint $blueprint): void { + $blueprint->delete('matching_property'); + }); + } +}; diff --git a/app-modules/authorization/database/migrations/2024_12_30_200951_data_activate_azure_matching_property_feature.php b/app-modules/authorization/database/migrations/2024_12_30_200951_data_activate_azure_matching_property_feature.php new file mode 100644 index 000000000..817e5d507 --- /dev/null +++ b/app-modules/authorization/database/migrations/2024_12_30_200951_data_activate_azure_matching_property_feature.php @@ -0,0 +1,50 @@ + + + Copyright © 2016-2025, Canyon GBS LLC. All rights reserved. + + Aiding App™ is licensed under the Elastic License 2.0. For more details, + see + + Notice: + + - You may not provide the software to third parties as a hosted or managed + service, where the service provides users with access to any substantial set of + the features or functionality of the software. + - You may not move, change, disable, or circumvent the license key functionality + in the software, and you may not remove or obscure any functionality in the + software that is protected by the license key. + - You may not alter, remove, or obscure any licensing, copyright, or other notices + of the licensor in the software. Any use of the licensor’s trademarks is subject + to applicable law. + - Canyon GBS LLC respects the intellectual property rights of others and expects the + same in return. Canyon GBS™ and Aiding App™ are registered trademarks of + Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks + vigorously. + - The software solution, including services, infrastructure, and code, is offered as a + Software as a Service (SaaS) by Canyon GBS LLC. + - Use of this software implies agreement to the license terms and conditions as stated + in the Elastic License 2.0. + + For more information or inquiries please visit our website at + or contact us via email at legal@canyongbs.com. + + +*/ + +use App\Features\AzureMatchingPropertyFeature; +use Illuminate\Database\Migrations\Migration; + +return new class () extends Migration { + public function up(): void + { + AzureMatchingPropertyFeature::activate(); + } + + public function down(): void + { + AzureMatchingPropertyFeature::deactivate(); + } +}; diff --git a/app-modules/authorization/src/Enums/AzureMatchingProperty.php b/app-modules/authorization/src/Enums/AzureMatchingProperty.php new file mode 100644 index 000000000..7c2298b13 --- /dev/null +++ b/app-modules/authorization/src/Enums/AzureMatchingProperty.php @@ -0,0 +1,51 @@ + + + Copyright © 2016-2025, Canyon GBS LLC. All rights reserved. + + Aiding App™ is licensed under the Elastic License 2.0. For more details, + see + + Notice: + + - You may not provide the software to third parties as a hosted or managed + service, where the service provides users with access to any substantial set of + the features or functionality of the software. + - You may not move, change, disable, or circumvent the license key functionality + in the software, and you may not remove or obscure any functionality in the + software that is protected by the license key. + - You may not alter, remove, or obscure any licensing, copyright, or other notices + of the licensor in the software. Any use of the licensor’s trademarks is subject + to applicable law. + - Canyon GBS LLC respects the intellectual property rights of others and expects the + same in return. Canyon GBS™ and Aiding App™ are registered trademarks of + Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks + vigorously. + - The software solution, including services, infrastructure, and code, is offered as a + Software as a Service (SaaS) by Canyon GBS LLC. + - Use of this software implies agreement to the license terms and conditions as stated + in the Elastic License 2.0. + + For more information or inquiries please visit our website at + or contact us via email at legal@canyongbs.com. + + +*/ + +namespace AidingApp\Authorization\Enums; + +use Filament\Support\Contracts\HasLabel; + +enum AzureMatchingProperty: string implements HasLabel +{ + case UserPrincipalName = 'user_principal_name'; + + case Mail = 'mail'; + + public function getLabel(): ?string + { + return $this->name; + } +} diff --git a/app-modules/authorization/src/Enums/SocialiteProvider.php b/app-modules/authorization/src/Enums/SocialiteProvider.php index 00c61a65b..ea953cf11 100644 --- a/app-modules/authorization/src/Enums/SocialiteProvider.php +++ b/app-modules/authorization/src/Enums/SocialiteProvider.php @@ -36,8 +36,10 @@ namespace AidingApp\Authorization\Enums; +use AidingApp\Authorization\Exceptions\InvalidAzureMatchingProperty; use AidingApp\Authorization\Settings\AzureSsoSettings; use AidingApp\Authorization\Settings\GoogleSsoSettings; +use App\Features\AzureMatchingPropertyFeature; use Exception; use Laravel\Socialite\Contracts\Provider; use Laravel\Socialite\Facades\Socialite; @@ -84,4 +86,25 @@ public function config(): Config default => throw new Exception('Invalid socialite provider'), }; } + + public function getEmailFromUser(mixed $user): string + { + return match ($this->value) { + 'azure', 'azure_calendar' => (function () use ($user) { + if (! AzureMatchingPropertyFeature::active()) { + return $user->getEmail(); + } + + /** @var User $user */ + + return match (app(AzureSsoSettings::class)->matching_property) { + AzureMatchingProperty::UserPrincipalName => $user->getPrincipalName(), + AzureMatchingProperty::Mail => $user->getMail(), + default => throw new InvalidAzureMatchingProperty(app(AzureSsoSettings::class)->matching_property), + }; + })(), + 'google' => $user->getEmail(), + default => throw new Exception('Invalid socialite provider'), + }; + } } diff --git a/app-modules/authorization/src/Exceptions/InvalidAzureMatchingProperty.php b/app-modules/authorization/src/Exceptions/InvalidAzureMatchingProperty.php new file mode 100644 index 000000000..6665e259d --- /dev/null +++ b/app-modules/authorization/src/Exceptions/InvalidAzureMatchingProperty.php @@ -0,0 +1,47 @@ + + + Copyright © 2016-2025, Canyon GBS LLC. All rights reserved. + + Aiding App™ is licensed under the Elastic License 2.0. For more details, + see + + Notice: + + - You may not provide the software to third parties as a hosted or managed + service, where the service provides users with access to any substantial set of + the features or functionality of the software. + - You may not move, change, disable, or circumvent the license key functionality + in the software, and you may not remove or obscure any functionality in the + software that is protected by the license key. + - You may not alter, remove, or obscure any licensing, copyright, or other notices + of the licensor in the software. Any use of the licensor’s trademarks is subject + to applicable law. + - Canyon GBS LLC respects the intellectual property rights of others and expects the + same in return. Canyon GBS™ and Aiding App™ are registered trademarks of + Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks + vigorously. + - The software solution, including services, infrastructure, and code, is offered as a + Software as a Service (SaaS) by Canyon GBS LLC. + - Use of this software implies agreement to the license terms and conditions as stated + in the Elastic License 2.0. + + For more information or inquiries please visit our website at + or contact us via email at legal@canyongbs.com. + + +*/ + +namespace AidingApp\Authorization\Exceptions; + +use Exception; + +class InvalidAzureMatchingProperty extends Exception +{ + public function __construct(mixed $valueUsed) + { + parent::__construct('Invalid Azure matching property. Value used: ' . strval($valueUsed)); + } +} diff --git a/app-modules/authorization/src/Filament/Pages/ManageAzureSsoSettings.php b/app-modules/authorization/src/Filament/Pages/ManageAzureSsoSettings.php index 84c310fee..d93df9b29 100644 --- a/app-modules/authorization/src/Filament/Pages/ManageAzureSsoSettings.php +++ b/app-modules/authorization/src/Filament/Pages/ManageAzureSsoSettings.php @@ -36,11 +36,14 @@ namespace AidingApp\Authorization\Filament\Pages; +use AidingApp\Authorization\Enums\AzureMatchingProperty; use AidingApp\Authorization\Settings\AzureSsoSettings; +use App\Features\AzureMatchingPropertyFeature; use App\Filament\Clusters\ProductIntegrations; use App\Models\Authenticatable; use App\Models\User; use Filament\Forms\Components\Section; +use Filament\Forms\Components\Select; use Filament\Forms\Components\TextInput; use Filament\Forms\Components\Toggle; use Filament\Forms\Form; @@ -96,6 +99,12 @@ public function form(Form $form): Form ->required(fn (Get $get) => $get('is_enabled')) ->password() ->revealable(), + Select::make('matching_property') + ->label('Matching Property') + ->options(AzureMatchingProperty::class) + ->enum(AzureMatchingProperty::class) + ->required(fn (Get $get) => $get('is_enabled')) + ->visible(AzureMatchingPropertyFeature::active()), ])->visible(fn (Get $get) => $get('is_enabled')), ]); } diff --git a/app-modules/authorization/src/Http/Controllers/SocialiteController.php b/app-modules/authorization/src/Http/Controllers/SocialiteController.php index d7e590020..7fbb72026 100644 --- a/app-modules/authorization/src/Http/Controllers/SocialiteController.php +++ b/app-modules/authorization/src/Http/Controllers/SocialiteController.php @@ -42,6 +42,7 @@ use App\Models\User; use Filament\Facades\Filament; use Filament\Notifications\Notification; +use Illuminate\Database\Query\Expression; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Http; @@ -79,7 +80,7 @@ public function callback(SocialiteProvider $provider) /** @var User $user */ $user = User::query() - ->where('email', $socialiteUser->getEmail()) + ->where(new Expression('lower(email)'), strtolower($provider->getEmailFromUser($socialiteUser))) ->first(); if (! $user?->is_external) { diff --git a/app-modules/authorization/src/Settings/AzureSsoSettings.php b/app-modules/authorization/src/Settings/AzureSsoSettings.php index f9b2ccb98..df8b7ecac 100644 --- a/app-modules/authorization/src/Settings/AzureSsoSettings.php +++ b/app-modules/authorization/src/Settings/AzureSsoSettings.php @@ -36,6 +36,7 @@ namespace AidingApp\Authorization\Settings; +use AidingApp\Authorization\Enums\AzureMatchingProperty; use Spatie\LaravelSettings\Settings; class AzureSsoSettings extends Settings @@ -48,6 +49,8 @@ class AzureSsoSettings extends Settings public ?string $tenant_id = null; + public AzureMatchingProperty $matching_property = AzureMatchingProperty::UserPrincipalName; + public static function group(): string { return 'azure_sso'; diff --git a/app/Features/AzureMatchingPropertyFeature.php b/app/Features/AzureMatchingPropertyFeature.php new file mode 100644 index 000000000..0ff950964 --- /dev/null +++ b/app/Features/AzureMatchingPropertyFeature.php @@ -0,0 +1,47 @@ + + + Copyright © 2016-2025, Canyon GBS LLC. All rights reserved. + + Aiding App™ is licensed under the Elastic License 2.0. For more details, + see + + Notice: + + - You may not provide the software to third parties as a hosted or managed + service, where the service provides users with access to any substantial set of + the features or functionality of the software. + - You may not move, change, disable, or circumvent the license key functionality + in the software, and you may not remove or obscure any functionality in the + software that is protected by the license key. + - You may not alter, remove, or obscure any licensing, copyright, or other notices + of the licensor in the software. Any use of the licensor’s trademarks is subject + to applicable law. + - Canyon GBS LLC respects the intellectual property rights of others and expects the + same in return. Canyon GBS™ and Aiding App™ are registered trademarks of + Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks + vigorously. + - The software solution, including services, infrastructure, and code, is offered as a + Software as a Service (SaaS) by Canyon GBS LLC. + - Use of this software implies agreement to the license terms and conditions as stated + in the Elastic License 2.0. + + For more information or inquiries please visit our website at + or contact us via email at legal@canyongbs.com. + + +*/ + +namespace App\Features; + +use App\Support\AbstractFeatureFlag; + +class AzureMatchingPropertyFeature extends AbstractFeatureFlag +{ + public function resolve(mixed $scope): mixed + { + return false; + } +}