diff --git a/admin.php b/admin.php
index a427259..e052dfe 100644
--- a/admin.php
+++ b/admin.php
@@ -91,6 +91,7 @@
'verify_peer' => isset($_POST['verify_peer']),
'authparam' => $_POST['authparam'],
'register_new_users' => isset($_POST['register_new_users']),
+ 'link_to_existing_users' => isset($_POST['link_to_existing_users']),
'redirect_new_to_profile' => isset($_POST['redirect_new_to_profile']),
'notify_admins_on_register' => isset($_POST['notify_admins_on_register']),
'notify_user_on_register' => isset($_POST['notify_user_on_register']),
diff --git a/conf.php b/conf.php
index 4600150..6660272 100644
--- a/conf.php
+++ b/conf.php
@@ -30,6 +30,7 @@
// 'verify_peer' => false,
// 'authparam' => '',
// 'register_new_users' => false,
+ // 'link_to_existing_users' => false,
// 'redirect_new_to_profile' => false,
// 'notify_admins_on_register' => false,
// 'notify_user_on_register' => false,
diff --git a/maintain.class.php b/maintain.class.php
index 7c2bd45..d9a0e67 100644
--- a/maintain.class.php
+++ b/maintain.class.php
@@ -34,6 +34,7 @@ class OpenIdConnect_maintain extends PluginMaintain
'verify_peer' => true,
'authparam' => '',
'register_new_users' => true,
+ 'link_to_existing_users' => false,
'redirect_new_to_profile' => false,
'notify_admins_on_register' => false,
'notify_user_on_register' => false,
diff --git a/oidc.php b/oidc.php
index 524ae85..b096866 100644
--- a/oidc.php
+++ b/oidc.php
@@ -125,16 +125,33 @@ function oidc_retrieve(OpenIDConnectClient $oidc, $force_registration = false) {
// If the user is not found, try to register
if (empty($row['id'])) {
- if ($config['register_new_users'] || $force_registration) {
- // Registration is allowed, overwrite $row
+ $id = false;
+ if ($config['link_to_existing_users']) {
+ // Trying to find a already existing account with same login
+ $id = get_userid($name);
+ }
+ if (!$id && ($config['register_new_users'] || $force_registration)) {
+ // Registration is allowed, trying to register
$errors = [];
- $row['id'] = register_user($name, random_pass(), $email, $config['notify_admins_on_register'], $errors, $config['notify_user_on_register']);
+ $id = register_user($name, random_pass(), $email, $config['notify_admins_on_register'], $errors, $config['notify_user_on_register']);
+ if (!empty($errors) or !$id) {
+ if (!isset($_SESSION['page_errors'])) {
+ $_SESSION['page_errors'] = [];
+ }
+ $_SESSION['page_errors'] += $errors;
+ trigger_error("A problem occurred during OIDC user '".$name."' registration. Local user already existing?");
+ return null;
+ }
+ }
+ if ($id) {
+ // User account found (existing or just created), overwrite $row
+ $row['id'] = $id;
single_insert(OIDC_TABLE, [
'sub' => $sub,
'user_id' => $row['id'],
]);
} else {
- // Registration is not allowed, fail
+ // No way to link to existing user and/or registration is not allowed, fail
return null;
}
}
diff --git a/template/config.tpl b/template/config.tpl
index 54d7cd2..1eb4b6f 100644
--- a/template/config.tpl
+++ b/template/config.tpl
@@ -100,6 +100,13 @@
+
+ WARNING: do not enable this setting if you do not control OID logins. Else, this would allows one to takeover control on local piwigo accounts (such as the default admin account).
+ It is useful in case of migration from LDAP accounts to OIDC SSO setup for example.
+
+
+
+