From f046ca632328c8eca5ca73fb5704930801757abf Mon Sep 17 00:00:00 2001
From: Lai Wei <lai.wei@enovation.ie>
Date: Tue, 14 Dec 2021 21:36:08 +0000
Subject: [PATCH] Bug fix in checking whether a user is from additional tenants

---
 classes/loginflow/base.php | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/classes/loginflow/base.php b/classes/loginflow/base.php
index 33dac72..96f0ba6 100644
--- a/classes/loginflow/base.php
+++ b/classes/loginflow/base.php
@@ -26,6 +26,8 @@
 
 namespace auth_oidc\loginflow;
 
+use auth_oidc\jwt;
+
 defined('MOODLE_INTERNAL') || die();
 
 require_once($CFG->dirroot . '/auth/oidc/lib.php');
@@ -113,21 +115,12 @@ public function get_userinfo($username) {
         $fieldmappingfromtoken = true;
 
         if (auth_oidc_is_local_365_installed()) {
-            // Check if multitenants are enabled. User from additional tenants can only sync fields from token.
-            $additionaltenants = get_config('local_o365', 'multitenants');
-            if (!empty($additionaltenants)) {
-                $additionaltenants = json_decode($additionaltenants, true);
-                if (!is_array($additionaltenants)) {
-                    $additionaltenants = [];
-                }
-            }
+            // Check if multi tenants is enabled. User from additional tenants can only sync fields from token.
             $userfromadditionaltenant = false;
-            foreach ($additionaltenants as $additionaltenant) {
-                $additionaltenant = '@' . $additionaltenant;
-                if (stripos($username, $additionaltenant) !== false) {
-                    $userfromadditionaltenant = true;
-                    break;
-                }
+            $hostingtenantid = get_config('local_o365', 'aadtenantid');
+            $token = jwt::instance_from_encoded($tokenrec->token);
+            if ($token->claim('tid') != $hostingtenantid) {
+                $userfromadditionaltenant = true;
             }
 
             if (!$userfromadditionaltenant) {