From: Dan Brown <redacted>
Date: Mon, 27 Jun 2022 13:17:42 +0000 (+0100)
Subject: Auth group sync: Fixed unintential mapping behaviour change
X-Git-Tag: v22.06.2~1^2~1^2
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/0bcd1795cb0e7858965997a8c1e82cd0f3b56321

Auth group sync: Fixed unintential mapping behaviour change

Due to change in how casing was handled when used in the "External Auth
ID" role field.
Likely related to #3535.
Added test to cover.
---

diff --git a/app/Auth/Access/GroupSyncService.php b/app/Auth/Access/GroupSyncService.php
index 74f0539d8..37d4e02d0 100644
--- a/app/Auth/Access/GroupSyncService.php
+++ b/app/Auth/Access/GroupSyncService.php
@@ -39,7 +39,7 @@ class GroupSyncService
 
     protected function parseRoleExternalAuthId(string $externalId): array
     {
-        $inputIds = preg_split('/(?<!\\\),/', $externalId);
+        $inputIds = preg_split('/(?<!\\\),/', strtolower($externalId));
         $cleanIds = [];
 
         foreach ($inputIds as $inputId) {
diff --git a/tests/Auth/GroupSyncServiceTest.php b/tests/Auth/GroupSyncServiceTest.php
index 74d2c7e2a..2fad53b26 100644
--- a/tests/Auth/GroupSyncServiceTest.php
+++ b/tests/Auth/GroupSyncServiceTest.php
@@ -54,4 +54,16 @@ class GroupSyncServiceTest extends TestCase
         $user = User::query()->find($user->id);
         $this->assertTrue($user->hasRole($role->id));
     }
+
+    public function test_external_auth_id_matches_ignoring_case()
+    {
+        $user = $this->getViewer();
+        $role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'WaRRioRs']);
+        $this->assertFalse($user->hasRole($role->id));
+
+        (new GroupSyncService())->syncUserWithFoundGroups($user, ['wArriors', 'penguiNs'], false);
+
+        $user = User::query()->find($user->id);
+        $this->assertTrue($user->hasRole($role->id));
+    }
 }