search

HEPTACOM / HeptacomShopwarePlatformAdminOpenAuth

Shopware plugin to allow open auth logins in the administration
https://www.heptacom.de/
Apache License 2.0
30 stars 10 forks source link

[Bug]: EntraID Group mapping not working, when having more than 100 group memberships. #27

Open ckupferschmid opened 2 weeks ago

ckupferschmid commented 2 weeks ago

Plugin Version

6.0.1

PHP Version

8.2.19

Shopware Version

6.5.8.7

Installation method

Composer

Identity provider

Microsoft Azure OIDC

What happened?

Trying to configure a role assignment rule using the object ID of an EntraID group. My user has more that 150 groups assigned (direct and indirect memberships)

In MicrosoftAzureOidcGroupsRule.php the code does not seem to honor @odata.nextLink tag to pull any more pages of the call made to https://graph.microsoft.com/v1.0/me/transitiveMemberOf. so only the first page will be checked and if the group id is not listed, the rule will not apply.

The call to MSGraph should be like (only return the group IDs makes it faster and much less traffic)

https://graph.microsoft.com/v1.0/me/transitiveMemberOf?$select=id

then, if the answer has @odata.nextLink tag, the code should iterate through all the pages returned before evaluating the membership.

Relevant log output

No response

JoshuaBehrens commented 2 weeks ago

Thank you @ckupferschmid for the investigation we can have a look at it

silviokennecke commented 4 days ago

Hi @ckupferschmid I just released an RC for 7.0.1. Could you test and confirm that it works with that fix? In my tests, it seemed to be fine.