From 0bcd1795cb0e7858965997a8c1e82cd0f3b56321 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Mon, 27 Jun 2022 14:17:42 +0100
Subject: [PATCH] Auth group sync: Fixed unintential mapping behaviour change

Due to change in how casing was handled when used in the "External Auth
ID" role field.
Likely related to #3535.
Added test to cover.
---
 app/Auth/Access/GroupSyncService.php |  2 +-
 tests/Auth/GroupSyncServiceTest.php  | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/Auth/Access/GroupSyncService.php b/app/Auth/Access/GroupSyncService.php
index 74f0539d8..37d4e02d0 100644
--- a/app/Auth/Access/GroupSyncService.php
+++ b/app/Auth/Access/GroupSyncService.php
@@ -39,7 +39,7 @@ class GroupSyncService
 
     protected function parseRoleExternalAuthId(string $externalId): array
     {
-        $inputIds = preg_split('/(?<!\\\),/', $externalId);
+        $inputIds = preg_split('/(?<!\\\),/', strtolower($externalId));
         $cleanIds = [];
 
         foreach ($inputIds as $inputId) {
diff --git a/tests/Auth/GroupSyncServiceTest.php b/tests/Auth/GroupSyncServiceTest.php
index 74d2c7e2a..2fad53b26 100644
--- a/tests/Auth/GroupSyncServiceTest.php
+++ b/tests/Auth/GroupSyncServiceTest.php
@@ -54,4 +54,16 @@ class GroupSyncServiceTest extends TestCase
         $user = User::query()->find($user->id);
         $this->assertTrue($user->hasRole($role->id));
     }
+
+    public function test_external_auth_id_matches_ignoring_case()
+    {
+        $user = $this->getViewer();
+        $role = Role::factory()->create(['display_name' => 'ABC123', 'external_auth_id' => 'WaRRioRs']);
+        $this->assertFalse($user->hasRole($role->id));
+
+        (new GroupSyncService())->syncUserWithFoundGroups($user, ['wArriors', 'penguiNs'], false);
+
+        $user = User::query()->find($user->id);
+        $this->assertTrue($user->hasRole($role->id));
+    }
 }