search

nystudio107 / craft-vanillaforums

Single Sign On plugin for Vanilla Forums/jsConnect and CraftCMS
https://nystudio107.com/
MIT License
3 stars 1 forks source link

Plugin not setting roles via SSO #31

Open phrichards opened 2 months ago

phrichards commented 2 months ago

Describe the bug

Hi,

We're attempting to set roles in Vanilla Forum based on a user's groups in Craft CMS. We've created a module based on the documentation at https://nystudio107.com/docs/vanillaforums/#using-vanilla-forums and are successfully setting $event->ssoData['roles'] to our user groups, but the roles are not set in Vanilla.

This is the relevant bit of the module:

Event::on(
    Sso::class,
    Sso::EVENT_SSO_DATA,
    function (SsoDataEvent $event) {

        // get the current user
        $user = Craft::$app->getUser()->getIdentity();
        $groups = [];
        foreach ($user->getGroups() as $group) {
            $groups[] = $group->name;
        }
        $event->ssoData['roles'] = implode(',', $groups);
    }
);

In craft-vanillaforums Sso.php, we found this code that seems to be what passes the relevant data to JsConnect: 

public function output(string $jwt): void
{
    $settings = $this->getPluginSettings();
    $ssoData = $this->getSsoData($jwt);
    $jsConnect = new JsConnect();
    $jsConnect->setSigningCredentials($settings->vanillaForumsClientID, $settings->vanillaForumsSecret);
    // If they are signed in to Craft
    if ($ssoData !== null) {
        $jsConnect
            ->setUniqueID($ssoData->uniqueid)
            ->setName($ssoData->name)
            ->setEmail($ssoData->email)
            ->setPhotoUrl($ssoData->photourl);
    } else {
        // They are not signed in to Craft
        $jsConnect->setGuest(true);
    }
    $request = Craft::$app->getRequest();
    // And away we go
    $jsConnect->handleRequest($request->get());
    Craft::$app->end();
}

It seems like the only data passed to JsConnect is the id, name, email, and photoUrl. If I add ->setRoles(explode(',', $ssoData->roles)); the roles are set in Vanilla. Is there a setting or configuration option somewhere that I'm missing that will enable setting the roles without having to modify the plugin's code?

To reproduce

Steps to reproduce the behaviour:

  1. Create module as described in documentation and modify $ssoData to include a ['roles'] property
  2. Sign in to Vanilla via SSO
  3. Check user roles in Vanilla

Expected behaviour

The user's roles in Vanilla will match the groups they are members of in Craft.

Versions

khalwat commented 2 months ago

Sounds like we should add that line of code to the plugin?

->setRoles(explode(',', $ssoData->roles));

?

phrichards commented 1 month ago

Yes, i think that would solve the issue. You may need some checking to see if the value passed in for $ssoData->roles is a string or an array, my change here was a quick fix that worked for our use case but may not work for everyone.