From 0f26d1e7c4a43be262a79a8ab59d854f3c69b94e Mon Sep 17 00:00:00 2001
From: Are Johannessen <are.j@uib.no>
Date: Wed, 26 Mar 2025 14:46:11 +0100
Subject: [PATCH] WP110 #1735: Make it possible to use FEIDE without groups

---
 uib_feide.module | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/uib_feide.module b/uib_feide.module
index 2c75fbd..e99a47b 100644
--- a/uib_feide.module
+++ b/uib_feide.module
@@ -14,16 +14,19 @@
 function uib_feide_openid_connect_userinfo_alter(#[\SensitiveParameter] array &$userinfo, #[\SensitiveParameter] array $context) : void {
   $userinfo['preferred_username'] = $userinfo['https://n.feide.no/claims/eduPersonPrincipalName'] ?? $userinfo['email'];
 
-  /** @var GuzzleHttp\Client $response */
-  $response = Drupal::service('http_client')->request(
-    'GET',
-    'https://api.dataporten.no/userinfo/v1/userinfo',
-    ['headers' => ['Authorization' => 'Bearer ' . $context['tokens']['access_token']]]);
-  $extUserInfo = json_decode($response->getBody(), TRUE);
-  $userinfo['groups'] = [];
-  if (count($extUserInfo) > 1 && isset($extUserInfo['eduPersonEntitlement'])) {
-    foreach ($extUserInfo['eduPersonEntitlement'] as $group) {
-      $userinfo['groups'][] = Roles::{Roles::from($group)->name}->getRole();
+  $userinfo['feideGroups'] = getenv('DRUPAL_UIB_FEIDE_CLIENT_GROUPS') ?: FALSE;
+  if ($userinfo['feideGroups']) {
+    /** @var GuzzleHttp\Client $response */
+    $response = Drupal::service('http_client')->request(
+      'GET',
+      'https://api.dataporten.no/userinfo/v1/userinfo',
+      ['headers' => ['Authorization' => 'Bearer ' . $context['tokens']['access_token']]]);
+    $extUserInfo = json_decode($response->getBody(), TRUE);
+    $userinfo['groups'] = [];
+    if (count($extUserInfo) > 1 && isset($extUserInfo['eduPersonEntitlement'])) {
+      foreach ($extUserInfo['eduPersonEntitlement'] as $group) {
+        $userinfo['groups'][] = Roles::{Roles::from($group)->name}->getRole();
+      }
     }
   }
 }
@@ -32,6 +35,9 @@ function uib_feide_openid_connect_userinfo_alter(#[\SensitiveParameter] array &$
  * Implements hook_openid_connect_pre_authorize().
  */
 function uib_feide_openid_connect_pre_authorize($account, array $context) : bool {
+  if (!$context['userinfo']['feideGroups']) {
+    return TRUE;
+  }
   if ($account) {
     foreach (Roles::cases() as $role) {
       if ($account->hasRole(Roles::{$role->name}->getRole())) {
-- 
GitLab