Add group override option, excluding all manually assigned user groups

Classes/Hooks/FeloginHook.php

@@ -180,7 +180,7 @@ protected function getConfig(array $config)
      * @param int $lifetime
      * @return mixed
      */
-    protected function getWellKnownConfig(string $wellKnownUrl, int $lifetime)
+    protected function getWellKnownConfig($wellKnownUrl, $lifetime = 86400)
     {
         $cache_path = PATH_site . 'typo3temp/';
         $filename = $cache_path . md5(ExtensionManagementUtility::extPath('oidc'));

Classes/Service/AuthenticationService.php

@@ -18,6 +18,7 @@
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Utility\HttpUtility;
 use Causal\Oidc\Service\OAuthService;
+use TYPO3\CMS\Extbase\Utility\DebuggerUtility;
 
 /**
  * OpenID Connect authentication service.
@@ -271,7 +272,7 @@ protected function convertResourceOwner(array $info)
         $newUsergroups = [];
         $defaultUserGroups = GeneralUtility::intExplode(',', $this->config['usersDefaultGroup'], true);
 
-        if ($row) {
+        if ($row && !$this->config['overrideNonOIDCRoles']) {
             $currentUserGroups = GeneralUtility::intExplode(',', $row['usergroup'], true);
             if (!empty($currentUserGroups)) {
                 $oidcUserGroups = $database->exec_SELECTgetRows(
@@ -343,6 +344,7 @@ protected function convertResourceOwner(array $info)
                 'usergroup' => implode(',', $newUsergroups),
                 'crdate' => $GLOBALS['EXEC_TIME'],
                 'tx_oidc' => $info['sub'],
+                'tx_extbase_type' => $this->config['usersExtbaseType']
             ]);
             $database->exec_INSERTquery(
                 $userTable,
@@ -650,7 +652,7 @@ protected function getConfig(array $config)
      * @param int $lifetime
      * @return mixed
      */
-    protected function getWellKnownConfig(string $wellKnownUrl, int $lifetime)
+    protected function getWellKnownConfig($wellKnownUrl, $lifetime)
     {
         $cache_path = PATH_site . 'typo3temp/';
         $filename = $cache_path . md5(ExtensionManagementUtility::extPath('oidc'));

Resources/Private/Language/locallang_db.xlf

@@ -12,6 +12,12 @@
 			<trans-unit id="settings.undeleteFrontendUsers">
 				<source>Undelete Frontend Users: If ticked, will automatically restore Frontend users marked as "deleted" upon successful authentication</source>
 			</trans-unit>
+			<trans-unit id="settings.overrideNonOIDCRoles">
+				<source>Override all non OIDC Roles: If ticked, all manually added user groups will be overridden by the oidc roles mapping</source>
+			</trans-unit>
+			<trans-unit id="settings.defaultUserExtbaseType">
+				<source>Default User Extbase Type</source>
+			</trans-unit>
 			<trans-unit id="settings.oidcConfigUrl">
 				<source>Config URL (usually /.well-known/configuration) - leave empty for manual configuration:</source>
 			</trans-unit>

ext_conf_template.txt

@@ -7,25 +7,31 @@ reEnableFrontendUsers = 0
 # cat=basic/enable/3; type=boolean; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.undeleteFrontendUsers
 undeleteFrontendUsers = 0
 
+# cat=basic/enable/4; type=boolean; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.overrideNonOIDCRoles
+overrideNonOIDCRoles = 0
+
 # cat=basic//1; type=int; label=Storage Pid: The Storage Pid of the Page, where the fe_users should be stored
 usersStoragePid =
 
 # cat=basic//2; type=string; label=Default user group(s) (comma-separated list of UIDs)
 usersDefaultGroup =
 
-# cat=basic//3; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcConfigUrl
+# cat=basic//3; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.defaultUserExtbaseType
+usersExtbaseType = 0
+
+# cat=basic//4; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcConfigUrl
 oidcConfigUrl =
 
-# cat=basic//4; type=int; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcWellKnownCacheLifetime
+# cat=basic//5; type=int; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcWellKnownCacheLifetime
 oidcWellKnownCacheLifetime = 86400
 
-# cat=basic//5; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcClientKey
+# cat=basic//6; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcClientKey
 oidcClientKey =
 
-# cat=basic//6; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcClientSecret
-oidcClientSecret = 
+# cat=basic//7; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcClientSecret
+oidcClientSecret =
 
-# cat=basic//7; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcClientScopes
+# cat=basic//8; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcClientScopes
 oidcClientScopes = openid
 
 # cat=advanced/links/1; type=string; label=LLL:EXT:oidc/Resources/Private/Language/locallang_db.xlf:settings.oidcEndpointAuthorize