X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a71c8c60b7b6dc0bc20938029b14a86ab9cc95cd..refs/pull/5725/head:/app/Access/Oidc/OidcUserDetails.php

diff --git a/app/Access/Oidc/OidcUserDetails.php b/app/Access/Oidc/OidcUserDetails.php
index 1fb40ddc2..7a422a58d 100644
--- a/app/Access/Oidc/OidcUserDetails.php
+++ b/app/Access/Oidc/OidcUserDetails.php
@@ -11,6 +11,7 @@ class OidcUserDetails
         public ?string $email = null,
         public ?string $name = null,
         public ?array $groups = null,
+        public ?string $picture = null,
     ) {
     }
 
@@ -22,62 +23,65 @@ class OidcUserDetails
         $hasEmpty = empty($this->externalId)
             || empty($this->email)
             || empty($this->name)
-            || ($groupSyncActive && empty($this->groups));
+            || ($groupSyncActive && $this->groups === null);
 
         return !$hasEmpty;
     }
 
     /**
-     * Populate user details from OidcIdToken data.
+     * Populate user details from the given claim data.
      */
-    public static function fromToken(
-        OidcIdToken $token,
+    public function populate(
+        ProvidesClaims $claims,
         string $idClaim,
         string $displayNameClaims,
         string $groupsClaim,
-    ): static {
-        $id = $token->getClaim($idClaim);
-
-        return new self(
-            externalId: $id,
-            email: $token->getClaim('email'),
-            name: static::getUserDisplayName($displayNameClaims, $token, $id),
-            groups: static::getUserGroups($groupsClaim, $token),
-        );
+    ): void {
+        $this->externalId = $claims->getClaim($idClaim) ?? $this->externalId;
+        $this->email = $claims->getClaim('email') ?? $this->email;
+        $this->name = static::getUserDisplayName($displayNameClaims, $claims) ?? $this->name;
+        $this->groups = static::getUserGroups($groupsClaim, $claims) ?? $this->groups;
+        $this->picture = static::getPicture($claims) ?: $this->picture;
     }
 
-    protected static function getUserDisplayName(string $displayNameClaims, OidcIdToken $token, string $defaultValue): string
+    protected static function getUserDisplayName(string $displayNameClaims, ProvidesClaims $claims): string
     {
         $displayNameClaimParts = explode('|', $displayNameClaims);
 
         $displayName = [];
         foreach ($displayNameClaimParts as $claim) {
-            $component = $token->getClaim(trim($claim)) ?? '';
+            $component = $claims->getClaim(trim($claim)) ?? '';
             if ($component !== '') {
                 $displayName[] = $component;
             }
         }
 
-        if (count($displayName) === 0) {
-            $displayName[] = $defaultValue;
-        }
-
         return implode(' ', $displayName);
     }
 
-    protected static function getUserGroups(string $groupsClaim, OidcIdToken $token): array
+    protected static function getUserGroups(string $groupsClaim, ProvidesClaims $claims): ?array
     {
         if (empty($groupsClaim)) {
-            return [];
+            return null;
         }
 
-        $groupsList = Arr::get($token->getAllClaims(), $groupsClaim);
+        $groupsList = Arr::get($claims->getAllClaims(), $groupsClaim);
         if (!is_array($groupsList)) {
-            return [];
+            return null;
         }
 
         return array_values(array_filter($groupsList, function ($val) {
             return is_string($val);
         }));
     }
+
+    protected static function getPicture(ProvidesClaims $claims): ?string
+    {
+        $picture = $claims->getClaim('picture');
+        if (is_string($picture) && str_starts_with($picture, 'http')) {
+            return $picture;
+        }
+
+        return null;
+    }
 }