canyongbs · Orrison · Jan 2, 2025 · Dec 30, 2024 · Dec 30, 2024 · Dec 30, 2024
@@ -0,0 +1,59 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2024, Canyon GBS LLC. All rights reserved.
+
+    Aiding App™ is licensed under the Elastic License 2.0. For more details,
+    see <https://github.com/canyongbs/aidingapp/blob/main/LICENSE.>
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Aiding App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    <https://www.canyongbs.com> or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+use Spatie\LaravelSettings\Exceptions\SettingAlreadyExists;
+use Spatie\LaravelSettings\Migrations\SettingsBlueprint;
+use Spatie\LaravelSettings\Migrations\SettingsMigration;
+
+return new class () extends SettingsMigration {
+    public function up(): void
+    {
+        $this->migrator->inGroup('azure_sso', function (SettingsBlueprint $blueprint): void {
+            try {
+                $blueprint->add('matching_property', 'user_principal_name');
+            } catch (SettingAlreadyExists $e) {
+                // Ignore
+            }
+        });
+    }
+
+    public function down(): void
+    {
+        $this->migrator->inGroup('azure_sso', function (SettingsBlueprint $blueprint): void {
+            $blueprint->delete('matching_property');
+        });
+    }
+};
@@ -0,0 +1,50 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2024, Canyon GBS LLC. All rights reserved.
+
+    Aiding App™ is licensed under the Elastic License 2.0. For more details,
+    see <https://github.com/canyongbs/aidingapp/blob/main/LICENSE.>
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Aiding App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    <https://www.canyongbs.com> or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+use App\Features\AzureMatchingPropertyFeature;
+use Illuminate\Database\Migrations\Migration;
+
+return new class () extends Migration {
+    public function up(): void
+    {
+        AzureMatchingPropertyFeature::activate();
+    }
+
+    public function down(): void
+    {
+        AzureMatchingPropertyFeature::deactivate();
+    }
+};
@@ -0,0 +1,51 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2024, Canyon GBS LLC. All rights reserved.
+
+    Aiding App™ is licensed under the Elastic License 2.0. For more details,
+    see <https://github.com/canyongbs/aidingapp/blob/main/LICENSE.>
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Aiding App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    <https://www.canyongbs.com> or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+namespace AidingApp\Authorization\Enums;
+
+use Filament\Support\Contracts\HasLabel;
+
+enum AzureMatchingProperty: string implements HasLabel
+{
+    case UserPrincipalName = 'user_principal_name';
+
+    case Mail = 'mail';
+
+    public function getLabel(): ?string
+    {
+        return $this->name;
+    }
+}
@@ -36,8 +36,10 @@
 
 namespace AidingApp\Authorization\Enums;
 
+use AidingApp\Authorization\Exceptions\InvalidAzureMatchingProperty;
 use AidingApp\Authorization\Settings\AzureSsoSettings;
 use AidingApp\Authorization\Settings\GoogleSsoSettings;
+use App\Features\AzureMatchingPropertyFeature;
 use Exception;
 use Laravel\Socialite\Contracts\Provider;
 use Laravel\Socialite\Facades\Socialite;
@@ -84,4 +86,25 @@ public function config(): Config
             default => throw new Exception('Invalid socialite provider'),
         };
     }
+
+    public function getEmailFromUser(mixed $user): string
+    {
+        return match ($this->value) {
+            'azure', 'azure_calendar' => (function () use ($user) {
+                if (! AzureMatchingPropertyFeature::active()) {
+                    return $user->getEmail();
+                }
+
+                /** @var User $user */
+
+                return match (app(AzureSsoSettings::class)->matching_property) {
+                    AzureMatchingProperty::UserPrincipalName => $user->getPrincipalName(),
+                    AzureMatchingProperty::Mail => $user->getMail(),
+                    default => throw new InvalidAzureMatchingProperty(app(AzureSsoSettings::class)->matching_property),
+                };
+            })(),
+            'google' => $user->getEmail(),
+            default => throw new Exception('Invalid socialite provider'),
+        };
+    }
 }
@@ -0,0 +1,47 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2024, Canyon GBS LLC. All rights reserved.
+
+    Aiding App™ is licensed under the Elastic License 2.0. For more details,
+    see <https://github.com/canyongbs/aidingapp/blob/main/LICENSE.>
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Aiding App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    <https://www.canyongbs.com> or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+namespace AidingApp\Authorization\Exceptions;
+
+use Exception;
+
+class InvalidAzureMatchingProperty extends Exception
+{
+    public function __construct(mixed $valueUsed)
+    {
+        parent::__construct('Invalid Azure matching property. Value used: ' . strval($valueUsed));
+    }
+}
@@ -36,11 +36,14 @@
 
 namespace AidingApp\Authorization\Filament\Pages;
 
+use AidingApp\Authorization\Enums\AzureMatchingProperty;
 use AidingApp\Authorization\Settings\AzureSsoSettings;
+use App\Features\AzureMatchingPropertyFeature;
 use App\Filament\Clusters\ProductIntegrations;
 use App\Models\Authenticatable;
 use App\Models\User;
 use Filament\Forms\Components\Section;
+use Filament\Forms\Components\Select;
 use Filament\Forms\Components\TextInput;
 use Filament\Forms\Components\Toggle;
 use Filament\Forms\Form;
@@ -96,6 +99,12 @@ public function form(Form $form): Form
                             ->required(fn (Get $get) => $get('is_enabled'))
                             ->password()
                             ->revealable(),
+                        Select::make('matching_property')
+                            ->label('Matching Property')
+                            ->options(AzureMatchingProperty::class)
+                            ->enum(AzureMatchingProperty::class)
+                            ->required(fn (Get $get) => $get('is_enabled'))
+                            ->visible(AzureMatchingPropertyFeature::active()),
                     ])->visible(fn (Get $get) => $get('is_enabled')),
             ]);
     }

@@ -42,6 +42,7 @@
 use App\Models\User;
 use Filament\Facades\Filament;
 use Filament\Notifications\Notification;
+use Illuminate\Database\Query\Expression;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Http;
@@ -79,7 +80,7 @@ public function callback(SocialiteProvider $provider)
 
         /** @var User $user */
         $user = User::query()
-            ->where('email', $socialiteUser->getEmail())
+            ->where(new Expression('lower(email)'), strtolower($provider->getEmailFromUser($socialiteUser)))
             ->first();
 
         if (! $user?->is_external) {

@@ -36,6 +36,7 @@
 
 namespace AidingApp\Authorization\Settings;
 
+use AidingApp\Authorization\Enums\AzureMatchingProperty;
 use Spatie\LaravelSettings\Settings;
 
 class AzureSsoSettings extends Settings
@@ -48,6 +49,8 @@ class AzureSsoSettings extends Settings
 
     public ?string $tenant_id = null;
 
+    public AzureMatchingProperty $matching_property = AzureMatchingProperty::UserPrincipalName;
+
     public static function group(): string
     {
         return 'azure_sso';

@@ -0,0 +1,47 @@
+<?php
+
+/*
+<COPYRIGHT>
+
+    Copyright © 2016-2024, Canyon GBS LLC. All rights reserved.
+
+    Aiding App™ is licensed under the Elastic License 2.0. For more details,
+    see <https://github.com/canyongbs/aidingapp/blob/main/LICENSE.>
+
+    Notice:
+
+    - You may not provide the software to third parties as a hosted or managed
+      service, where the service provides users with access to any substantial set of
+      the features or functionality of the software.
+    - You may not move, change, disable, or circumvent the license key functionality
+      in the software, and you may not remove or obscure any functionality in the
+      software that is protected by the license key.
+    - You may not alter, remove, or obscure any licensing, copyright, or other notices
+      of the licensor in the software. Any use of the licensor’s trademarks is subject
+      to applicable law.
+    - Canyon GBS LLC respects the intellectual property rights of others and expects the
+      same in return. Canyon GBS™ and Aiding App™ are registered trademarks of
+      Canyon GBS LLC, and we are committed to enforcing and protecting our trademarks
+      vigorously.
+    - The software solution, including services, infrastructure, and code, is offered as a
+      Software as a Service (SaaS) by Canyon GBS LLC.
+    - Use of this software implies agreement to the license terms and conditions as stated
+      in the Elastic License 2.0.
+
+    For more information or inquiries please visit our website at
+    <https://www.canyongbs.com> or contact us via email at legal@canyongbs.com.
+
+</COPYRIGHT>
+*/
+
+namespace App\Features;
+
+use App\Support\AbstractFeatureFlag;
+
+class AzureMatchingPropertyFeature extends AbstractFeatureFlag
+{
+    public function resolve(mixed $scope): mixed
+    {
+        return false;
+    }
+}