Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Displayname not updated anymore #839

Open
quenenni opened this issue Apr 17, 2024 · 1 comment
Open

Displayname not updated anymore #839

quenenni opened this issue Apr 17, 2024 · 1 comment

Comments

@quenenni
Copy link

quenenni commented Apr 17, 2024
edited

Hello,

Since I upgraded the user_oidc app from v1.3.2 to v5.0.2, the displayname is not updated anymore in Nextcloud profil if it is modified in our Ldap.
The modification of the mail address or adding/removing a group in the LDAP are still working fine.

Our Nextcloud is still in v25.0.6 (we are planning to update it, but first we updated the applications and this problems needs to be resolved before going on)

In the nextcloud log, I can see it has the correct new display name:

{"reqId":"1Hm7AArzOPJtAhg78FDx","level":0,"time":"April 17, 2024 18:12:34","remoteAddr":"1.2.3.4","user":"--","app":"user_oidc","method":"GET","url":"/apps/user_oidc/code?state=XXXXX&session_state=YYYYYY&code=ZZZZZZ","message":"Parsed the JWT payload: {\"at_hash\":\"CYT3eT7iWHG79mu0hvVYF5cYsDfxQOjUa4X5UeReV4w\",\"name\":\"<CORRECT NEW DISPLAYNAME>\",\"nonce\":\"EKWKQCZAR9C5GPX6TNY9O7NP00RO4Z1V\",\"adminN\":0,\"acr\":\"loa-2\",\"sub\":\"<MY ID>\",\"exp\":1713371794,\"adminN_bool\":true,\"aud\":[\"rp-nextcloud\"],\"azp\":\"rp-nextcloud\",\"email\":\"[email protected]\",\"iss\":\"https:\\/\\/auth.mydomain.coop\",\"nextCloudQuota\":\"10737418240\",\"iat\":1713370354,\"auth_time\":1713370349,\"groupsNc\":[\"groupTest2\",\"groupTest\",\"admin\"]}","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0","version":"25.0.6.1","data":{"app":"user_oidc"}}

{"reqId":"1Hm7AArzOPJtAhg78FDx","level":0,"time":"April 17, 2024 18:12:34","remoteAddr":"1.2.3.4","user":"<MY ID>","app":"user_oidc","method":"GET","url":"/apps/user_oidc/code?state=XXXX&session_state=YYYYY&code=ZZZZZ","message":"$user->canChangeAvatar() is true","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0","version":"25.0.6.1","data":{"app":"user_oidc"}}

{"reqId":"1Hm7AArzOPJtAhg78FDx","level":0,"time":"April 17, 2024 18:12:34","remoteAddr":"1.2.3.4","user":"<MY ID>","app":"user_oidc","method":"GET","url":"/apps/user_oidc/code?state=XXXXX&session_state=YYYYY&code=ZZZZZ","message":"Redirecting user","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0","version":"25.0.6.1","data":{"app":"user_oidc"}}

The ,\"name\":\"<CORRECT NEW DISPLAYNAME>\" shows the right new value and name is the correct mapped attribute name.

I checked in the DB and I found the old display name in 3 tables:

  • oc_users
  • oc_user_oidc
  • oc_accounts

I modified manually the value in the tables oc_user and oc_user_oidc without any change in the cloud interface.
I modified the value in oc_accounts and it changed in the cloud interface.

But any of these values are updated when I modified a display name in the Ldap and logout / login in the cloud.

The user_oidc config in the Db :

user_oidc | allow_multiple_user_backends    | 0
| user_oidc | enabled                         | yes
| user_oidc | installed_version               | 5.0.2
| user_oidc | provider-3-bearerProvisioning   | 1
| user_oidc | provider-3-checkBearer          | 1
| user_oidc | provider-3-extraClaims          | n_nc 
| user_oidc | provider-3-groupProvisioning    | 1 
| user_oidc | provider-3-jwksCache            | {"keys":[{"e":"AQAB","kid":"UqD2O/EF7ZFhT4FcbLIJ8Q","kty":"RSA","use":"sig","n":"<long key>"}]} |
| user_oidc | provider-3-jwksCacheTimestamp   | 1713368828
| user_oidc | provider-3-mappingAddress       | 
| user_oidc | provider-3-mappingAvatar        | 
| user_oidc | provider-3-mappingBiography     | 
| user_oidc | provider-3-mappingCountry       | 
| user_oidc | provider-3-mappingDisplayName   | name
| user_oidc | provider-3-mappingEmail         | email
| user_oidc | provider-3-mappingFediverse     | 
| user_oidc | provider-3-mappingGender        | 
| user_oidc | provider-3-mappingGroups        | groupsNc 
| user_oidc | provider-3-mappingHeadline      | 
| user_oidc | provider-3-mappingLocality      |  
| user_oidc | provider-3-mappingOrganisation  |   
| user_oidc | provider-3-mappingPhonenumber   |  
| user_oidc | provider-3-mappingPostalcode    |   
| user_oidc | provider-3-mappingQuota         | nextCloudQuota 
| user_oidc | provider-3-mappingRegion        | 
| user_oidc | provider-3-mappingRole          | 
| user_oidc | provider-3-mappingStreetaddress |
| user_oidc | provider-3-mappingTwitter       |
| user_oidc | provider-3-mappingUid           | sub 
| user_oidc | provider-3-mappingWebsite       |
| user_oidc | provider-3-providerBasedId      | 0
| user_oidc | provider-3-sendIdTokenHint      | 1
| user_oidc | provider-3-uniqueUid            | 0 
| user_oidc | types                           | authentication

And I added today these 2 settings in nextcloud config.php file, but I don't think they are needed.
And nothing changed.

  'user_oidc' => [
    'auto_provision' => true,
    'userinfo_bearer_validation' => true,
  ]

Any idea where that could come from?

Thank you
@quenenni
Copy link
Author

Bumpy bump.

Can someone point me to the right file/function where the test between the current name and the one received in the token are analyzed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@quenenni