X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/03dbe32f9926b53c1a0c35534e57f526c5d2bc2b..refs/pull/2023/head:/app/Auth/Access/ExternalAuthService.php

diff --git a/app/Auth/Access/ExternalAuthService.php b/app/Auth/Access/ExternalAuthService.php
index b1c036018..db8bd2dfb 100644
--- a/app/Auth/Access/ExternalAuthService.php
+++ b/app/Auth/Access/ExternalAuthService.php
@@ -2,32 +2,40 @@
 
 use BookStack\Auth\Role;
 use BookStack\Auth\User;
+use Illuminate\Database\Eloquent\Builder;
 
 class ExternalAuthService
 {
     /**
      * Check a role against an array of group names to see if it matches.
      * Checked against role 'external_auth_id' if set otherwise the name of the role.
-     * @param \BookStack\Auth\Role $role
-     * @param array $groupNames
-     * @return bool
      */
-    protected function roleMatchesGroupNames(Role $role, array $groupNames)
+    protected function roleMatchesGroupNames(Role $role, array $groupNames): bool
     {
         if ($role->external_auth_id) {
-            $externalAuthIds = explode(',', strtolower($role->external_auth_id));
-            foreach ($externalAuthIds as $externalAuthId) {
-                if (in_array(trim($externalAuthId), $groupNames)) {
-                    return true;
-                }
-            }
-            return false;
+            return $this->externalIdMatchesGroupNames($role->external_auth_id, $groupNames);
         }
 
         $roleName = str_replace(' ', '-', trim(strtolower($role->display_name)));
         return in_array($roleName, $groupNames);
     }
 
+    /**
+     * Check if the given external auth ID string matches one of the given group names.
+     */
+    protected function externalIdMatchesGroupNames(string $externalId, array $groupNames): bool
+    {
+        $externalAuthIds = explode(',', strtolower($externalId));
+
+        foreach ($externalAuthIds as $externalAuthId) {
+            if (in_array(trim($externalAuthId), $groupNames)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     /**
      * Match an array of group names to BookStack system roles.
      * Formats group names to be lower-case and hyphenated.
@@ -56,20 +64,18 @@ class ExternalAuthService
 
     /**
      * Sync the groups to the user roles for the current user
-     * @param \BookStack\Auth\User $user
-     * @param array $samlAttributes
      */
-    public function syncWithGroups(User $user, array $userGroups)
+    public function syncWithGroups(User $user, array $userGroups): void
     {
         // Get the ids for the roles from the names
-        $samlGroupsAsRoles = $this->matchGroupsToSystemsRoles($userSamlGroups);
+        $groupsAsRoles = $this->matchGroupsToSystemsRoles($userGroups);
 
         // Sync groups
         if ($this->config['remove_from_groups']) {
-            $user->roles()->sync($samlGroupsAsRoles);
-            $this->userRepo->attachDefaultRole($user);
+            $user->roles()->sync($groupsAsRoles);
+            $user->attachDefaultRole();
         } else {
-            $user->roles()->syncWithoutDetaching($samlGroupsAsRoles);
+            $user->roles()->syncWithoutDetaching($groupsAsRoles);
         }
     }
 }