From 167fdb66c42394986e89df44d84c7efca0e52b12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Wed, 11 Mar 2015 16:16:37 +0000
Subject: [PATCH] Possibility to configure attribute used to fill OIDC User ID
 (#184)

---
 .../lib/Lemonldap/NG/Common/Conf/SubAttributes.pm          | 7 +++++++
 .../lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm       | 4 +++-
 .../lib/Lemonldap/NG/Portal/_OpenIDConnect.pm              | 6 ++++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm
index 9e63b31a5..ad744717b 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/SubAttributes.pm
@@ -121,6 +121,13 @@ has 'oidcRPMetaDataOptionsClientSecret' => (
     documentation => "OIDC RP client Secret",
 );
 
+has 'oidcRPMetaDataOptionsUserIDAttr' => (
+    is            => 'rw',
+    isa           => 'Str|Undef',
+    default       => undef,
+    documentation => "OIDC RP User ID Attribute",
+);
+
 has 'oidcRPMetaDataOptionsIDTokenSignAlg' => (
     is            => 'rw',
     isa           => 'Str',
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
index fa5b7e8ac..6353dffae 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
@@ -138,7 +138,9 @@ sub issuerForUnAuthUser {
             $self->quit;
         }
 
-        my $user_id = $apacheSession->data->{_user};  # TODO configure attribute
+        my $user_id_attribute = $self->{oidcRPMetaDataOptions}->{$rp}
+          ->{oidcRPMetaDataOptionsUserIDAttr} || $self->{whatToTrace};
+        my $user_id = $apacheSession->data->{$user_id_attribute};
 
         $self->lmLog( "Found corresponding user: $user_id", 'debug' );
 
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
index 4ebf1fdea..28cc00b8c 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm
@@ -859,8 +859,10 @@ sub buildUserInfoResponse {
         $self->returnJSONError("invalid_request");
         $self->quit;
     }
-
-    my $user_id = $apacheSession->data->{_user};    # TODO configure attribute
+    my $user_id_attribute =
+      $self->{oidcRPMetaDataOptions}->{$rp}->{oidcRPMetaDataOptionsUserIDAttr}
+      || $self->{whatToTrace};
+    my $user_id = $apacheSession->data->{$user_id_attribute};
 
     $self->lmLog( "Found corresponding user: $user_id", 'debug' );