From 4a87dbd0fd1de41356850dbf183d4eaf4fa1b81e Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Fri, 14 Dec 2018 17:07:19 +0100
Subject: [PATCH] check displayName attribute availability

---
 lib/AccountManager/App.pm             | 5 +++++
 lib/AccountManager/L10N/fr.pm         | 4 ++++
 templates/web/edugain/errors.tt2.html | 3 +++
 3 files changed, 12 insertions(+)

diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index 2287d82..f0b7677 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -822,6 +822,11 @@ sub check_authentication {
         log  => "unauthenticated user for action $args{action}",
         user => "unauthenticated"
     ) if !$ENV{HTTP_SHIB_IDENTITY_PROVIDER};
+
+    $self->abort(
+        log  => "no displayName attribute for identity provider $ENV{HTTP_SHIB_IDENTITY_PROVIDER}",
+        user => "no_displayname_attribute"
+    ) if !$ENV{'HTTP_DISPLAYNAME'};
 }
 
 1;
diff --git a/lib/AccountManager/L10N/fr.pm b/lib/AccountManager/L10N/fr.pm
index 000a4d8..e3067e7 100644
--- a/lib/AccountManager/L10N/fr.pm
+++ b/lib/AccountManager/L10N/fr.pm
@@ -316,3 +316,7 @@ msgstr "valeur générée dynamiquement par le SP"
 #: templates/web/edugain/errors.tt2.html:27 templates/web/renater/errors.tt2.html:27
 msgid "you need to authenticate to access this page"
 msgstr "vous devez vous authentifier pour accéder à cette page"
+
+#: templates/web/edugain/errors.tt2.html:30
+msgid "your identity provider doesn't provide displayName attribute, required for this application"
+msgstr "votre fournisseur d'identité ne fournit pas l'attribut displayName, nécessaire pour cette application"
diff --git a/templates/web/edugain/errors.tt2.html b/templates/web/edugain/errors.tt2.html
index fd888e3..5b9030d 100644
--- a/templates/web/edugain/errors.tt2.html
+++ b/templates/web/edugain/errors.tt2.html
@@ -26,6 +26,9 @@
         [% ELSIF err == 'unauthenticated' %]
         [% lh.maketext("you need to authenticate to access this page") %]
 
+        [% ELSIF err == 'no_displayname_attribute' %]
+        [% lh.maketext("your identity provider doesn't provide displayName attribute, required for this application") %]
+
         [% ELSIF (matches = err.match('missing_(\w+)')) %]
         [% lh.maketext("missing parameter '[_1]'", matches.0) %]
 
-- 
GitLab