Auth group sync: Fixed unintential mapping behaviour change

Due to change in how casing was handled when used in the "External Auth
ID" role field.
Likely related to #3535.
Added test to cover.

diff --git a/app/Auth/Access/GroupSyncService.php b/app/Auth/Access/GroupSyncService.php
index 74f0539d82ffcce72d8261be3e02ca6dcd2dddef..37d4e02d0b12fb980b3376ce2b958c903027cc5b 100644 (file)
--- a/app/Auth/Access/GroupSyncService.php
+++ b/app/Auth/Access/GroupSyncService.php
@@ -39,7 +39,7 @@ class GroupSyncService
 
     protected function parseRoleExternalAuthId(string $externalId): array
     {
-        $inputIds = preg_split('/(?<!\\\),/', $externalId);
+        $inputIds = preg_split('/(?<!\\\),/', strtolower($externalId));
         $cleanIds = [];
 
         foreach ($inputIds as $inputId) {

diff --git a/tests/Auth/GroupSyncServiceTest.php b/tests/Auth/GroupSyncServiceTest.php
index 74d2c7e2ab119709b2eafdd7c522c9fc457c23c8..2fad53b261943fc2fb6b8544ae6ab53170700a52 100644 (file)
--- a/tests/Auth/GroupSyncServiceTest.php
+++ b/tests/Auth/GroupSyncServiceTest.php
@@ -54,4 +54,16 @@ class GroupSyncServiceTest extends TestCase
         $user = User::query()->find($user->id);
         $this->assertTrue($user->hasRole($role->id));
     }
+
+    public function test_external_auth_id_matches_ignoring_case()
+    {
+        $user = $this->getViewer();
+        $role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'WaRRioRs']);
+        $this->assertFalse($user->hasRole($role->id));
+
+        (new GroupSyncService())->syncUserWithFoundGroups($user, ['wArriors', 'penguiNs'], false);
+
+        $user = User::query()->find($user->id);
+        $this->assertTrue($user->hasRole($role->id));
+    }
 }