Fix crash when there is no institution found based on the user identity

The error now occurs due to the automtatic redirect based on the userattributes in the SAML extention. This will throw an error when there is no institution configured for the users identity. It will yield a generic error page with the message that the emailaddr of the user does not match any of the configured institutions See: https://www.pivotaltracker.com/n/projects/1163646/stories/175121584
OpenConext · Feb 26, 2021 · 1b3da03 · 1b3da03
1 parent cd64a5d
commit 1b3da03
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/Surfnet/AzureMfa/Application/Service/AzureMfaService.php b/src/Surfnet/AzureMfa/Application/Service/AzureMfaService.php
@@ -23,6 +23,7 @@
 use Surfnet\AzureMfa\Application\Institution\Service\EmailDomainMatchingService;
 use Surfnet\AzureMfa\Domain\EmailAddress;
 use Surfnet\AzureMfa\Domain\Exception\AzureADException;
+use Surfnet\AzureMfa\Domain\Exception\InstitutionNotFoundException;
 use Surfnet\AzureMfa\Domain\Exception\MailAttributeMismatchException;
 use Surfnet\AzureMfa\Domain\Exception\MissingMailAttributeException;
 use Surfnet\AzureMfa\Domain\User;
@@ -149,6 +150,11 @@ public function createAuthnRequest(User $user, bool $forceAuthn = false): string
 
         $this->logger->info('Retrieve the institution for the authenticating/registering user');
         $institution = $this->matchingService->findInstitutionByEmail($user->getEmailAddress());
+        if (null === $institution) {
+            $message = 'The provided email address did not match any of our configured email domains.';
+            $this->logger->info($message);
+            throw new InstitutionNotFoundException($message);
+        }
         $azureMfaIdentityProvider = $institution->getIdentityProvider();
         $destination = $azureMfaIdentityProvider->getSsoLocation();