Commit 3de09230 authored by jcnventura's avatar jcnventura Committed by Joao Ventura
Browse files

Issue #3046567 by jcnventura: Prevent duplicate entries in authmap

parent 8987180e
......@@ -113,3 +113,20 @@ function openid_connect_update_8104() {
$config->set('connect_existing_users', FALSE);
$config->save(TRUE);
}
/**
* Delete duplicate entries in the openid_connect_authmap table.
*/
function openid_connect_update_8105() {
$database = \Drupal::database();
// Get the IDs for the duplicate entries.
$query = $database->select('openid_connect_authmap', 'a1')->fields('a1', ['aid']);
$query->innerJoin('openid_connect_authmap', 'a2');
$query->where("a1.aid > a2.aid AND a1.uid = a2.uid AND a1.client_name = a2.client_name AND a1.sub = a2.sub");
$aids = $query->distinct()->execute()->fetchAllAssoc('aid');
if (!empty($aids)) {
// If duplicates exist, delete them.
$database->delete('openid_connect_authmap')->condition('aid', array_keys($aids), 'IN')->execute();
}
}
......@@ -50,14 +50,17 @@ class OpenIDConnectAuthmap {
* The remote subject identifier.
*/
public function createAssociation($account, $client_name, $sub) {
$fields = [
'uid' => $account->id(),
'client_name' => $client_name,
'sub' => $sub,
];
$this->connection->insert('openid_connect_authmap')
->fields($fields)
->execute();
$existing_accounts = $this->getConnectedAccounts($account, $client_name);
// Only create record if association to account doesn't exist yet.
if (!isset($existing_accounts[$client_name]) || $existing_accounts[$client_name] !== $sub) {
$this->connection->insert('openid_connect_authmap')
->fields([
'uid' => $account->id(),
'client_name' => $client_name,
'sub' => $sub,
])
->execute();
}
}
/**
......@@ -109,15 +112,21 @@ class OpenIDConnectAuthmap {
*
* @param object $account
* A Drupal user entity.
* @param string $client_name
* An optional client name.
*
* @return array
* An array of 'sub' properties keyed by the client name.
*/
public function getConnectedAccounts($account) {
$result = $this->connection->select('openid_connect_authmap', 'a')
public function getConnectedAccounts($account, $client_name = '') {
$query = $this->connection->select('openid_connect_authmap', 'a')
->fields('a', ['client_name', 'sub'])
->condition('uid', $account->id())
->execute();
->condition('uid', $account->id());
if (!empty($client_name)) {
$query->condition('client_name', $client_name, '=');
}
$result = $query->execute();
$authmaps = [];
foreach ($result as $record) {
$client = $record->client_name;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment