FOLIO: Use shib_cql if Shib is used for login

config/vufind/Folio.ini

@@ -97,6 +97,9 @@ password_field = false
 ; %%username_field%% = The username_field config setting (above)
 ; %%password_field%% = The password_field config setting (above)
 ;cql = '%%username_field%% == "%%username%%" and %%password_field%% == "%%password%%"'
+; If this CQL statement is uncommented, it will be used when a user is logged in
+; via Shibboleth.
+;shib_cql = 'externalSystemId == "%%username%%"'
 
 ; Should we try to log the user into the Okapi API (true) or just look them
 ; up in the database using [API] credentials above (false). If set to true,

module/VuFind/src/VuFind/ILS/Driver/Folio.php

@@ -115,6 +115,13 @@ class Folio extends AbstractAPI implements
      */
     protected $dateConverter;
 
+    /**
+     * Auth Manager
+     *
+     * @var \VuFind\Auth\Manager
+     */
+    protected $authManager = null;
+
     /**
      * Default availability messages, in case they are not defined in Folio.ini
      *
@@ -145,13 +152,16 @@ class Folio extends AbstractAPI implements
      * @param \VuFind\Date\Converter $dateConverter  Date converter object
      * @param callable               $sessionFactory Factory function returning
      * SessionContainer object
+     * @param \VuFind\Auth\Manager   $authManager    Auth Manager object
      */
     public function __construct(
         \VuFind\Date\Converter $dateConverter,
-        $sessionFactory
+        $sessionFactory,
+        \VuFind\Auth\Manager $authManager
     ) {
         $this->dateConverter = $dateConverter;
         $this->sessionFactory = $sessionFactory;
+        $this->authManager = $authManager;
     }
 
     /**
@@ -1270,6 +1280,41 @@ protected function patronLoginWithOkapi($username, $password)
         return $query;
     }
 
+    /**
+     * Get the CQL query template for retrieving the patron's information.
+     *
+     * It checks if Shibboleth authentication is being used and returns the
+     * corresponding CQL query template. Otherwise, it uses the configured CQL query
+     * to retrieve the patron's information.
+     *
+     * @param string $usernameField The field to use for the username in the CQL query
+     * @param string $passwordField The field to use for password in the CQL query
+     *
+     * @return string The patron lookup CQL query with placeholders.
+     */
+    protected function getLoginCql($usernameField, $passwordField)
+    {
+        if (
+            isset($this->config['User']['shib_cql'])
+            && $this->authManager->getSelectedAuthMethod() === 'Shibboleth'
+        ) {
+            $cql = $this->config['User']['shib_cql'];
+        } else {
+            $cql = $this->config['User']['cql']
+                ?? '%%username_field%% == "%%username%%"'
+                . ($passwordField ? ' and %%password_field%% == "%%password%%"' : '');
+        }
+        $placeholders = [
+            '%%username_field%%',
+            '%%password_field%%',
+        ];
+        $values = [
+            $usernameField,
+            $passwordField,
+        ];
+        return str_replace($placeholders, $values, $cql);
+    }
+
     /**
      * Support method for patronLogin(): authenticate the patron with a CQL looup.
      * Returns the CQL query for retrieving more information about the user.
@@ -1284,18 +1329,12 @@ protected function getUserWithCql($username, $password)
         // Construct user query using barcode, username, etc.
         $usernameField = $this->config['User']['username_field'] ?? 'username';
         $passwordField = $this->config['User']['password_field'] ?? false;
-        $cql = $this->config['User']['cql']
-            ?? '%%username_field%% == "%%username%%"'
-            . ($passwordField ? ' and %%password_field%% == "%%password%%"' : '');
+        $cql = $this->getLoginCql($usernameField, $passwordField);
         $placeholders = [
-            '%%username_field%%',
-            '%%password_field%%',
             '%%username%%',
             '%%password%%',
         ];
         $values = [
-            $usernameField,
-            $passwordField,
             $this->escapeCql($username),
             $this->escapeCql($password),
         ];

module/VuFind/src/VuFind/ILS/Driver/FolioFactory.php

@@ -71,6 +71,7 @@ public function __invoke(
             $manager = $container->get(\Laminas\Session\SessionManager::class);
             return new \Laminas\Session\Container("Folio_$namespace", $manager);
         };
-        return parent::__invoke($container, $requestedName, [$sessionFactory]);
+        $authManager = $container->get(\VuFind\Auth\Manager::class);
+        return parent::__invoke($container, $requestedName, [$sessionFactory, $authManager]);
     }
 }

module/VuFind/tests/unit-tests/src/VuFindTest/ILS/Driver/FolioTest.php

@@ -170,9 +170,13 @@ protected function createConnector(string $test, ?array $config = null): void
             $manager = new \Laminas\Session\SessionManager();
             return new \Laminas\Session\Container("Folio_$namespace", $manager);
         };
+        // Create a mock Auth Manager
+        $authManager = $this->getMockBuilder(\VuFind\Auth\Manager::class)
+            ->disableOriginalConstructor()
+            ->getMock();
         // Create a stub for the SomeClass class
         $this->driver = $this->getMockBuilder(Folio::class)
-            ->setConstructorArgs([new \VuFind\Date\Converter(), $factory])
+            ->setConstructorArgs([new \VuFind\Date\Converter(), $factory, $authManager])
             ->onlyMethods(['makeRequest'])
             ->getMock();
         // Configure the stub