pulsejet
groups are not removed from Nextcloud in some case
In the "'oidc_login_proxy_ldap' => false," context, the user is not removed from groups when group attribute value is set but empty.
I.e. when you have users in a group and you remove them from the group and they are in no group anymore. In that case, the group(s) won't be removed in Nextcloud.
The problem comes from this line in Service/LoginService.php
line 267:
$hasProfileGroups = array_key_exists($attr['groups'], $profile);
that is used later to test if we have to remove the user from the group.
line 299:
if ($hasProfileGroups || ($manageAdmin && $currentUserGroup->getDisplayName() === 'admin')) {
I made a quick fix that seems to work. Instead of testing the content of the attr groups in the token, I test the existence of the attr groups in the attr array. If it's there, it means the admin put it in the config file, so hasProfileGroups should always be set to true, even if the value is empty.
I modified the test with this (line 299)
$hasProfileGroupsAttr = isset($attr['groups']);
if ($hasProfileGroupsAttr || ($manageAdmin && $currentUserGroup->getDisplayName() === 'admin')) {
