feat(auth): sync display name and job title from Microsoft Graph, fix tenant SSO form handling

Fetches displayName/jobTitle from Graph API and syncs them via SSO profile sync. Also fixes LDAP enabled state in tenant form, adds LDAP save on tenant create, and hardens LDAP port validation precedence.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-13 14:13:21 +02:00
parent 312d43d9d9
commit 4e359fe659
9 changed files with 39 additions and 10 deletions

View File

@@ -49,7 +49,7 @@ if ($rawAllowUserThemeMode === null || $rawAllowUserThemeMode === '') {
} else {
$tenantAllowUserThemeMode = '0';
}
$microsoftEnabledRaw = $values['microsoft_enabled'] ?? $values['enabled'] ?? false;
$microsoftEnabledRaw = $values['microsoft_enabled'] ?? false;
$microsoftEnabled = in_array(strtolower(trim((string) $microsoftEnabledRaw)), ['1', 'true', 'yes', 'on'], true);
$microsoftEnforceRaw = $values['enforce_microsoft_login'] ?? false;
$microsoftEnforce = in_array(strtolower(trim((string) $microsoftEnforceRaw)), ['1', 'true', 'yes', 'on'], true);
@@ -686,11 +686,12 @@ $openOverrideCard = $detailsOpenAll;
<?php
// ── LDAP configuration section ────────────────────────────────
$ldapUiState = is_array($ldapUiState ?? null) ? $ldapUiState : [];
$ldapEnabled = !empty($values['enabled'] ?? false) ? false : (!empty($values['ldap_enabled'] ?? $ldapConfig['enabled'] ?? false));
if (isset($values['ldap_enabled'])) {
$ldapEnabled = in_array(strtolower(trim((string) $values['ldap_enabled'])), ['1', 'true', 'yes', 'on'], true);
} elseif (isset($ldapConfig['enabled'])) {
$ldapEnabled = !empty($ldapConfig['enabled']);
} else {
$ldapEnabled = false;
}
$ldapEnforce = !empty($values['enforce_ldap_login'] ?? $ldapConfig['enforce_ldap_login'] ?? false);
$ldapHost = trim((string) ($values['ldap_host'] ?? $values['host'] ?? $ldapConfig['host'] ?? ''));

View File

@@ -112,6 +112,14 @@ if ($request->isMethod('POST')) {
'tenant_sso_create_failed'
);
}
$ldapSaveResult = $tenantSsoService->saveTenantLdapAuth($createdTenantId, $post);
if (!($ldapSaveResult['ok'] ?? false)) {
Flash::error(
(string) (($ldapSaveResult['errors'][0] ?? t('Tenant LDAP settings could not be saved'))),
$closeTarget,
'tenant_ldap_create_failed'
);
}
}
}
$action = (string) ($post['action'] ?? 'create');

View File

@@ -73,7 +73,9 @@ app(\MintyPHP\Service\Audit\AuditMetadataEnricherInterface::class)->enrich($tena
$errorBag = formErrors();
$errors = [];
$form = array_merge($tenant, $ssoConfig, $ldapConfig);
$form = array_merge($tenant, $ssoConfig);
$form['microsoft_enabled'] = $ssoConfig['enabled'] ?? false;
$form['ldap_enabled'] = $ldapConfig['enabled'] ?? false;
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');