feat(auth): sync display name and job title from Microsoft Graph, fix tenant SSO form handling
Fetches displayName/jobTitle from Graph API and syncs them via SSO profile sync. Also fixes LDAP enabled state in tenant form, adds LDAP save on tenant create, and hardens LDAP port validation precedence. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -49,7 +49,7 @@ if ($rawAllowUserThemeMode === null || $rawAllowUserThemeMode === '') {
|
||||
} else {
|
||||
$tenantAllowUserThemeMode = '0';
|
||||
}
|
||||
$microsoftEnabledRaw = $values['microsoft_enabled'] ?? $values['enabled'] ?? false;
|
||||
$microsoftEnabledRaw = $values['microsoft_enabled'] ?? false;
|
||||
$microsoftEnabled = in_array(strtolower(trim((string) $microsoftEnabledRaw)), ['1', 'true', 'yes', 'on'], true);
|
||||
$microsoftEnforceRaw = $values['enforce_microsoft_login'] ?? false;
|
||||
$microsoftEnforce = in_array(strtolower(trim((string) $microsoftEnforceRaw)), ['1', 'true', 'yes', 'on'], true);
|
||||
@@ -686,11 +686,12 @@ $openOverrideCard = $detailsOpenAll;
|
||||
<?php
|
||||
// ── LDAP configuration section ────────────────────────────────
|
||||
$ldapUiState = is_array($ldapUiState ?? null) ? $ldapUiState : [];
|
||||
$ldapEnabled = !empty($values['enabled'] ?? false) ? false : (!empty($values['ldap_enabled'] ?? $ldapConfig['enabled'] ?? false));
|
||||
if (isset($values['ldap_enabled'])) {
|
||||
$ldapEnabled = in_array(strtolower(trim((string) $values['ldap_enabled'])), ['1', 'true', 'yes', 'on'], true);
|
||||
} elseif (isset($ldapConfig['enabled'])) {
|
||||
$ldapEnabled = !empty($ldapConfig['enabled']);
|
||||
} else {
|
||||
$ldapEnabled = false;
|
||||
}
|
||||
$ldapEnforce = !empty($values['enforce_ldap_login'] ?? $ldapConfig['enforce_ldap_login'] ?? false);
|
||||
$ldapHost = trim((string) ($values['ldap_host'] ?? $values['host'] ?? $ldapConfig['host'] ?? ''));
|
||||
|
||||
@@ -112,6 +112,14 @@ if ($request->isMethod('POST')) {
|
||||
'tenant_sso_create_failed'
|
||||
);
|
||||
}
|
||||
$ldapSaveResult = $tenantSsoService->saveTenantLdapAuth($createdTenantId, $post);
|
||||
if (!($ldapSaveResult['ok'] ?? false)) {
|
||||
Flash::error(
|
||||
(string) (($ldapSaveResult['errors'][0] ?? t('Tenant LDAP settings could not be saved'))),
|
||||
$closeTarget,
|
||||
'tenant_ldap_create_failed'
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
$action = (string) ($post['action'] ?? 'create');
|
||||
|
||||
@@ -73,7 +73,9 @@ app(\MintyPHP\Service\Audit\AuditMetadataEnricherInterface::class)->enrich($tena
|
||||
|
||||
$errorBag = formErrors();
|
||||
$errors = [];
|
||||
$form = array_merge($tenant, $ssoConfig, $ldapConfig);
|
||||
$form = array_merge($tenant, $ssoConfig);
|
||||
$form['microsoft_enabled'] = $ssoConfig['enabled'] ?? false;
|
||||
$form['ldap_enabled'] = $ldapConfig['enabled'] ?? false;
|
||||
|
||||
if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
Flash::error(t('Form expired, please try again'), $editTarget, 'csrf_expired');
|
||||
|
||||
Reference in New Issue
Block a user