From 201da77dd17f017d8309437652950520e2db0dc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=AC=A2=E4=B9=90=E9=A9=AC?=
 <38058090+SkywalkerSpace@users.noreply.github.com>
Date: Thu, 17 Oct 2024 09:50:49 +0800
Subject: [PATCH] SSO_LDAP_USE_SAME_UID (#6903)

---
 seahub/adfs_auth/backends.py | 4 ++++
 seahub/oauth/views.py        | 5 +++++
 seahub/settings.py           | 2 ++
 3 files changed, 11 insertions(+)

diff --git a/seahub/adfs_auth/backends.py b/seahub/adfs_auth/backends.py
index 046c675c1e..6c4cc6ec4c 100644
--- a/seahub/adfs_auth/backends.py
+++ b/seahub/adfs_auth/backends.py
@@ -36,6 +36,8 @@ logger = logging.getLogger(__name__)
 SAML_PROVIDER_IDENTIFIER = getattr(settings, 'SAML_PROVIDER_IDENTIFIER', 'saml')
 SHIBBOLETH_AFFILIATION_ROLE_MAP = getattr(settings, 'SHIBBOLETH_AFFILIATION_ROLE_MAP', {})
 CACHE_KEY_GROUPS = "all_groups_cache"
+LDAP_PROVIDER = getattr(settings, 'LDAP_PROVIDER', 'ldap')
+SSO_LDAP_USE_SAME_UID = getattr(settings, 'SSO_LDAP_USE_SAME_UID', False)
 
 
 class Saml2Backend(ModelBackend):
@@ -58,6 +60,8 @@ class Saml2Backend(ModelBackend):
         name_id = name_id.text
 
         saml_user = SocialAuthUser.objects.get_by_provider_and_uid(SAML_PROVIDER_IDENTIFIER, name_id)
+        if not saml_user and SSO_LDAP_USE_SAME_UID:
+            saml_user = SocialAuthUser.objects.get_by_provider_and_uid(LDAP_PROVIDER, name_id)
         if saml_user:
             user = self.get_user(saml_user.username)
             if not user:
diff --git a/seahub/oauth/views.py b/seahub/oauth/views.py
index aaa2bac707..5888ad8b28 100644
--- a/seahub/oauth/views.py
+++ b/seahub/oauth/views.py
@@ -20,6 +20,9 @@ import seahub.settings as settings
 
 logger = logging.getLogger(__name__)
 
+LDAP_PROVIDER = getattr(settings, 'LDAP_PROVIDER', 'ldap')
+SSO_LDAP_USE_SAME_UID = getattr(settings, 'SSO_LDAP_USE_SAME_UID', False)
+
 try:
     current_path = os.path.dirname(os.path.abspath(__file__))
     seafile_conf_dir = os.path.join(current_path, '../../../../conf')
@@ -176,6 +179,8 @@ def oauth_callback(request):
     old_email = oauth_user_info.get('email', '')
 
     oauth_user = SocialAuthUser.objects.get_by_provider_and_uid(OAUTH_PROVIDER, uid)
+    if not oauth_user and SSO_LDAP_USE_SAME_UID:
+        oauth_user = SocialAuthUser.objects.get_by_provider_and_uid(LDAP_PROVIDER, uid)
     if oauth_user:
         email = oauth_user.username
         is_new_user = False
diff --git a/seahub/settings.py b/seahub/settings.py
index 765bb3c188..61235f06dc 100644
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -334,6 +334,8 @@ LDAP_CONTACT_EMAIL_ATTR = ''
 LDAP_USER_ROLE_ATTR = ''
 ACTIVATE_USER_WHEN_IMPORT = True
 
+SSO_LDAP_USE_SAME_UID = False
+
 # enable ldap sasl auth
 ENABLE_SASL = False
 SASL_MECHANISM = ''