OIDC: Added testing coverage for picture fetching

[bookstack] / app / Access / Oidc / OidcService.php

diff --git a/app/Access/Oidc/OidcService.php b/app/Access/Oidc/OidcService.php
index 660885e8b2a4f30b0c2db8401efbd8a8655d6624..38eecdff35c8b4f4df3a17d97e5b310173bea2ab 100644 (file)
--- a/app/Access/Oidc/OidcService.php
+++ b/app/Access/Oidc/OidcService.php
@@ -222,6 +222,12 @@ class OidcService
             throw new OidcException($exception->getMessage());
         }
 
+        // TODO - Update this (and tests and config option comments) to actually align with LDAP system
+        //  which syncs whenever on login or registration, where there's no existing avatar.
+        if ($this->config()['fetch_avatar'] && $user->wasRecentlyCreated && $userDetails->picture) {
+            $this->userAvatars->assignToUserFromUrl($user, $userDetails->picture);
+        }
+
         if ($this->shouldSyncGroups()) {
             $detachExisting = $this->config()['remove_from_groups'];
             $this->groupService->syncUserWithFoundGroups($user, $userDetails->groups ?? [], $detachExisting);
@@ -229,10 +235,6 @@ class OidcService
 
         $this->loginService->login($user, 'oidc');
 
-        if ($this->config()['fetch_avatars'] && $userDetails->picture) {
-            $this->userAvatars->assignToUserFromUrl($user, $userDetails->picture, $accessToken->getToken());
-        }
-
         return $user;
     }