From d6d1f8815b848de1c3d3a07457a9fde36bb3bf60 Mon Sep 17 00:00:00 2001
From: Jules <julian.thomson@dna.co.nz>
Date: Fri, 10 Sep 2021 13:05:40 +1200
Subject: [PATCH] Provide login hook, phpcs linting

---
 src/Control/SAMLController.php | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/Control/SAMLController.php b/src/Control/SAMLController.php
index 274d76f..bc51e6c 100644
--- a/src/Control/SAMLController.php
+++ b/src/Control/SAMLController.php
@@ -3,7 +3,9 @@
 namespace SilverStripe\SAML\Control;
 
 use Exception;
+
 use function gmmktime;
+
 use OneLogin\Saml2\Auth;
 use OneLogin\Saml2\Constants;
 use OneLogin\Saml2\Utils;
@@ -23,6 +25,7 @@
 use SilverStripe\Security\IdentityStore;
 use SilverStripe\Security\Member;
 use SilverStripe\Security\Security;
+
 use function uniqid;
 
 /**
@@ -158,7 +161,8 @@ public function acs()
         // Write a rudimentary member with basic fields on every login, so that we at least have something
         // if there is no further sync (e.g. via LDAP)
         $member = Member::get()->filter('GUID', $guid)->limit(1)->first();
-        if (!($member && $member->exists())
+        if (
+            !($member && $member->exists())
             && Config::inst()->get(SAMLConfiguration::class, 'allow_insecure_email_linking')
             && isset($fieldToClaimMap['Email'])
         ) {
@@ -200,6 +204,9 @@ public function acs()
         // Both SAML and LDAP identify Members by the same GUID field.
         $member->write();
 
+        // Hook for modifying login behaviour
+        $this->extend('updateLogin');
+
         /** @var IdentityStore $identityStore */
         $identityStore = Injector::inst()->get(IdentityStore::class);
         $identityStore->logIn($member, false, $this->getRequest());
@@ -241,14 +248,18 @@ public function metadata()
     protected function getRedirect()
     {
         // Absolute redirection URLs may cause spoofing
-        if ($this->getRequest()->getSession()->get('BackURL')
-            && Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))) {
+        if (
+            $this->getRequest()->getSession()->get('BackURL')
+            && Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))
+        ) {
             return $this->redirect($this->getRequest()->getSession()->get('BackURL'));
         }
 
         // Spoofing attack, redirect to homepage instead of spoofing url
-        if ($this->getRequest()->getSession()->get('BackURL')
-            && !Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))) {
+        if (
+            $this->getRequest()->getSession()->get('BackURL')
+            && !Director::is_site_url($this->getRequest()->getSession()->get('BackURL'))
+        ) {
             return $this->redirect(Director::absoluteBaseURL());
         }