Update LoggedUser.php

jfrastai · web-flow · commit 112a360d9472 · 2023-12-12T10:08:39.000-03:00
diff --git a/modules/go5auth/lib/Auth/Source/LoggedUser.php b/modules/go5auth/lib/Auth/Source/LoggedUser.php
@@ -27,6 +27,15 @@ public function authenticate(&$state)
             exit;
         }
 
+        $metadataSP = $state['SPMetadata'];
+        $metadataIDP = $state['IdPMetadata'];
+
+        if (!$metadataSP['enabled'] || !$metadataIDP['enabled'] || $metadataSP['platformId'] != $metadataIDP['platformId']) {
+            header('HTTP/1.1 401 Unauthorized');
+            echo 'go5auth | error: invalid platform idp';
+            exit;
+        }
+
         $accessToken = isset($_REQUEST['access_token'])
             ? $_REQUEST['access_token']
             : trim(substr($_SERVER['HTTP_AUTHORIZATION'], 7));
@@ -42,7 +51,7 @@ public function authenticate(&$state)
 
         $userAttributes = [];
         $userInfoAttributes = $userInfo->data->attributes;
-        $userAttributesMapping = $state['SPMetadata']['UserAttributesMapping'];
+        $userAttributesMapping = $metadataSP['UserAttributesMapping'];
 
         if (is_array($userAttributesMapping) && !empty($userAttributesMapping)) {
             foreach ($userAttributesMapping as $mappedAttributeKey => $mappedAttributeValue) {
