feat: add the ability to disable ils user creation when using sso

This patch adds the ability to disable the creation of users when using
SSO for login

Author: Jacobomara901

code/aspen_app/app-configs/apps.json

@@ -0,0 +1,23 @@
+{
+	"LiDA-Europe": {
+	  "name": "Aspen-LiDA",
+	  "slug": "aspen-lida",
+	  "scheme": "aspenlida",
+	  "easId": "d0550b19-7df2-4a61-9fe1-e063f51e778e",
+	  "reverseDns": "com.jacobomara9011.aspenlida",
+	  "discoveryUrl": "https://greenhouse.aspendiscovery.co.uk/",
+	  "greenhouseUrl": "https://greenhouse.aspendiscovery.co.uk/",
+	  "libraryId": "1",
+	  "themeId": "1",
+	  "background": "#ffffff",
+	  "sentryProject": "aspen-lida",
+	  "sentryAuth": "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",
+	  "sentryDsn": "https://148acf47870cac6cce07e74327a60e0c@o4506319477604352.ingest.us.sentry.io/4506319478980608",
+	  "ascAppId": "6475778273",
+	  "appleTeamId": "A2N3J9ACDY",
+	  "ascApiKeyPath": "0",
+	  "ascApiKeyIssuerId": "e5007c12-0b4e-4d61-b7c0-0fe5d0a00e02",
+	  "ascApiKeyId": "6D59Y34BU4",
+	  "googleServiceKeyPath": "./GOOGLE_SERVICES_JSON"
+	}
+  }

code/aspen_app/app-configs/projectOwner.json

@@ -0,0 +1,17 @@
+{
+  "expoProjectOwner": "jacobomara9011",
+  "versionCode": "1",
+  "buildCode": "1",
+  "sentryProjectOwner": "jacobomara9011",
+  "sentryAuthToken": "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",
+  "devAppleId": "jacob.omara@ptfs-europe.com",
+  "ascApiKeyPath": "not_needed",
+  "ascApiKeyIssuerId": "e5007c12-0b4e-4d61-b7c0-0fe5d0a00e02",
+  "ascApiKeyId": "6D59Y34BU4",
+  "googleServiceKeyPath": "./GOOGLE_SERVICES_JSON",
+  "greenhouseUrl": "https://greenhouse.aspendiscovery.co.uk/",
+  "language": "English",
+  "country": "United Kingdom",
+  "googleApiKeyAndroid": "1",
+  "googleApiKeyApple": "2"
+}

code/web/sys/Authentication/SAMLAuthentication.php

@@ -205,17 +205,23 @@ public function validateAccount() {
 		$ssoArray = $this->mapSAMLAttributesToSSOArray($attributes);
 
 		if($this->ssoAuthOnly === false) {
-			$ilsUserArray = $this->setupILSUser($ssoArray);
-			if(!$this->validateWithILS($ssoArray)) {
-				if($this->selfRegister($ilsUserArray)) {
-					return $this->validateWithILS($ssoArray);
-				} else {
+			  $ilsUserArray = $this->setupILSUser($ssoArray);
+			  if(!$this->validateWithILS($ssoArray)) {
+				if ($this->config->createUserInIls) {
+					if($this->selfRegister($ilsUserArray)) {
+						return $this->validateWithILS($ssoArray);
+					} else {
 					AspenError::raiseError(new AspenError('Unable to register a new account with ILS during SAML authentication.'));
 					return false;
+					}
+				} else {
+					AspenError::raiseError(new AspenError('User does not exist in the ILS and autocreation of ILS users is disabled.'));
+					return false;
 				}
 			} else {
 				return $this->validateWithILS($ssoArray);
 			}
+			
 		} else {
 			if(!$this->validateWithAspen($this->uid)) {
 				$newUser = $this->selfRegisterAspenOnly($ssoArray);

code/web/sys/Authentication/SSOSetting.php

@@ -14,6 +14,7 @@ class SSOSetting extends DataObject {
     public $forceReAuth;
 	public $restrictByIP;
 	public $updateAccount;
+	public $createUserInIls;
 
 	//oAuth
 	public $clientId;
@@ -232,7 +233,15 @@ public static function getObjectStructure($context = ''): array {
 				'label' => 'Update users ILS account information with data from the IdP when logging in using the data mapping provided',
 				'description' => 'Whether or not users ILS account information is updated each time they log in using the data mapping provided',
 				'default' => 0,
-			],
+			  ],
+			  'createUserInIls' => [
+				'property' => 'createUserInIls',
+				'type' => 'checkbox',
+				'label' => 'Create ILS users when a matching user is not found from the IdP data in the ILS',
+				'description' => 'Whether or not to automatically create the ILS user if no match is found between IdP data and the ILS.',
+				'default' => 1,
+				'note' => 'If the user does not exist in the ILS when we sign in to Aspen with SSO, whether we can create that user in the ILS'
+			  ],
 			'oAuthConfigSection' => [
 				'property' => 'oAuthConfigSection',
 				'type' => 'section',