From 1b3da032bea84d28057494d8ff1f47df7313f2ec Mon Sep 17 00:00:00 2001
From: Martin Roest <roest.martin@gmail.com>
Date: Fri, 26 Feb 2021 09:14:18 +0100
Subject: [PATCH] Fix crash when there is no institution found based on the
 user identity

The error now occurs due to the automtatic redirect based on the userattributes
in the SAML extention.
This will throw an error when there is no institution configured for the
users identity. It will yield a generic error page with the message that
the emailaddr of the user does not match any of the configured institutions

See: https://www.pivotaltracker.com/n/projects/1163646/stories/175121584
---
 .../AzureMfa/Application/Service/AzureMfaService.php        | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Surfnet/AzureMfa/Application/Service/AzureMfaService.php b/src/Surfnet/AzureMfa/Application/Service/AzureMfaService.php
index 23d3d48a..2565b262 100644
--- a/src/Surfnet/AzureMfa/Application/Service/AzureMfaService.php
+++ b/src/Surfnet/AzureMfa/Application/Service/AzureMfaService.php
@@ -23,6 +23,7 @@
 use Surfnet\AzureMfa\Application\Institution\Service\EmailDomainMatchingService;
 use Surfnet\AzureMfa\Domain\EmailAddress;
 use Surfnet\AzureMfa\Domain\Exception\AzureADException;
+use Surfnet\AzureMfa\Domain\Exception\InstitutionNotFoundException;
 use Surfnet\AzureMfa\Domain\Exception\MailAttributeMismatchException;
 use Surfnet\AzureMfa\Domain\Exception\MissingMailAttributeException;
 use Surfnet\AzureMfa\Domain\User;
@@ -149,6 +150,11 @@ public function createAuthnRequest(User $user, bool $forceAuthn = false): string
 
         $this->logger->info('Retrieve the institution for the authenticating/registering user');
         $institution = $this->matchingService->findInstitutionByEmail($user->getEmailAddress());
+        if (null === $institution) {
+            $message = 'The provided email address did not match any of our configured email domains.';
+            $this->logger->info($message);
+            throw new InstitutionNotFoundException($message);
+        }
         $azureMfaIdentityProvider = $institution->getIdentityProvider();
         $destination = $azureMfaIdentityProvider->getSsoLocation();