From a162b120ae55adc756e68a1f6ca469c8eade924d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Fri, 3 Apr 2015 17:05:58 +0200
Subject: [PATCH] login_saml: test if we have a nameid in saml attributes

---
 balise/login_saml.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/balise/login_saml.php b/balise/login_saml.php
index 5a2c6db..db14b52 100644
--- a/balise/login_saml.php
+++ b/balise/login_saml.php
@@ -72,10 +72,15 @@ function login_saml_successfull()
     $nameid = $attributes['NameID'][0];
     $display_name = $first_name . ' ' . $last_name;
 
+    if (!$nameid) {
+        spip_log("[auth_saml] no NameID found in SAML attributes, cancel login", _LOG_ERREUR);
+        redirige_par_entete('/');
+    }
+
     spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$email);
 
     // Si l'utilisateur figure deja dans la base, y recuperer les infos
-    $result = spip_query("SELECT * FROM spip_auteurs WHERE nameid=". _q($nameid) ." AND statut<>'6form'" );
+    $result = spip_query("SELECT * FROM spip_auteurs WHERE nameid=". _q($nameid) ." AND statut<>'6form'");
     $row_auteur = spip_fetch_array($result);
 
     if (!$row_auteur) {