Always treat string sync attributes as LDAP fields

stevebauman · stevebauman · commit 358446db9117 · 2018-11-15T17:02:37.000-05:00
Closes #620
diff --git a/src/Commands/Import.php b/src/Commands/Import.php
@@ -119,7 +119,7 @@ protected function sync(Model $model)
         foreach ($toSync as $modelField => $ldapField) {
             // If the field is a loaded class and contains a `handle()` method,
             // we need to construct the attribute handler.
-            if (class_exists($ldapField) && method_exists($ldapField, 'handle')) {
+            if (is_string($ldapField) && class_exists($ldapField) && method_exists($ldapField, 'handle')) {
                 // We will construct the attribute handler using Laravel's
                 // IoC to allow developers to utilize application
                 // dependencies in the constructor.
@@ -128,9 +128,10 @@ protected function sync(Model $model)
 
                 $handler->handle($this->user, $model);
             } else {
-                // We'll try to retrieve the value from the LDAP model. If nothing is returned
-                // we'll assume it's a raw value (such as a boolean, array, integer etc.).
-                $model->{$modelField} = $this->user->getFirstAttribute($ldapField) ?? $ldapField;
+                // We'll try to retrieve the value from the LDAP model. If the LDAP field is a string,
+                // we'll assume the developer wants the attribute, or a null value. Otherwise,
+                // the raw value of the LDAP field will be used.
+                $model->{$modelField} = is_string($ldapField) ? $this->user->getFirstAttribute($ldapField) : $ldapField;
             }
         }
     }
diff --git a/tests/DatabaseProviderTest.php b/tests/DatabaseProviderTest.php
@@ -116,6 +116,58 @@ public function invalid_attribute_handlers_does_not_throw_exception()
         $this->assertInstanceOf(EloquentUser::class, $importer->handle());
     }
 
+    /** @test */
+    public function sync_attribute_as_string_will_return_null()
+    {
+        config([
+            'ldap_auth.sync_attributes' => [
+                'email' => 'userprincipalname',
+                'name' => 'cn',
+            ]
+        ]);
+
+        // LDAP user does not have common name.
+        $user = $this->makeLdapUser([
+            'userprincipalname'  => 'jdoe@email.com',
+        ]);
+
+        $importer = new Import($user, new EloquentUser());
+
+        $model = $importer->handle();
+
+        $this->assertInstanceOf(EloquentUser::class, $model);
+        $this->assertNull($model->name);
+    }
+
+    /** @test */
+    public function sync_attribute_as_int_boolean_or_array_will_be_used()
+    {
+        config([
+            'ldap_auth.sync_attributes' => [
+                'email' => 'userprincipalname',
+                'string' => 'not-an-LDAP-attribute',
+                'int' => 1,
+                'bool' => true,
+                'array' => ['one', 'two']
+            ]
+        ]);
+
+        // LDAP user does not have common name.
+        $user = $this->makeLdapUser([
+            'userprincipalname'  => 'jdoe@email.com',
+        ]);
+
+        $importer = new Import($user, new EloquentUser());
+
+        $model = $importer->handle();
+
+        $this->assertInstanceOf(EloquentUser::class, $model);
+        $this->assertNull($model->string);
+        $this->assertEquals($model->int, 1);
+        $this->assertEquals($model->bool, true);
+        $this->assertEquals($model->array, ['one', 'two']);
+    }
+
     /** @test */
     public function auth_attempts_fallback_using_config_option()
     {
