@@ -35,132 +35,132 @@ |
||
35 | 35 | use OCA\User_LDAP\User_Proxy; |
36 | 36 | |
37 | 37 | class CheckUser extends Command { |
38 | - /** @var User_Proxy */ |
|
39 | - protected $backend; |
|
40 | - |
|
41 | - /** @var Helper */ |
|
42 | - protected $helper; |
|
43 | - |
|
44 | - /** @var DeletedUsersIndex */ |
|
45 | - protected $dui; |
|
46 | - |
|
47 | - /** @var UserMapping */ |
|
48 | - protected $mapping; |
|
49 | - |
|
50 | - /** |
|
51 | - * @param User_Proxy $uBackend |
|
52 | - * @param Helper $helper |
|
53 | - * @param DeletedUsersIndex $dui |
|
54 | - * @param UserMapping $mapping |
|
55 | - */ |
|
56 | - public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) { |
|
57 | - $this->backend = $uBackend; |
|
58 | - $this->helper = $helper; |
|
59 | - $this->dui = $dui; |
|
60 | - $this->mapping = $mapping; |
|
61 | - parent::__construct(); |
|
62 | - } |
|
63 | - |
|
64 | - protected function configure() { |
|
65 | - $this |
|
66 | - ->setName('ldap:check-user') |
|
67 | - ->setDescription('checks whether a user exists on LDAP.') |
|
68 | - ->addArgument( |
|
69 | - 'ocName', |
|
70 | - InputArgument::REQUIRED, |
|
71 | - 'the user name as used in Nextcloud' |
|
72 | - ) |
|
73 | - ->addOption( |
|
74 | - 'force', |
|
75 | - null, |
|
76 | - InputOption::VALUE_NONE, |
|
77 | - 'ignores disabled LDAP configuration' |
|
78 | - ) |
|
79 | - ->addOption( |
|
80 | - 'update', |
|
81 | - null, |
|
82 | - InputOption::VALUE_NONE, |
|
83 | - 'syncs values from LDAP' |
|
84 | - ) |
|
85 | - ; |
|
86 | - } |
|
87 | - |
|
88 | - protected function execute(InputInterface $input, OutputInterface $output) { |
|
89 | - try { |
|
90 | - $uid = $input->getArgument('ocName'); |
|
91 | - $this->isAllowed($input->getOption('force')); |
|
92 | - $this->confirmUserIsMapped($uid); |
|
93 | - $exists = $this->backend->userExistsOnLDAP($uid); |
|
94 | - if($exists === true) { |
|
95 | - $output->writeln('The user is still available on LDAP.'); |
|
96 | - if($input->getOption('update')) { |
|
97 | - $this->updateUser($uid, $output); |
|
98 | - } |
|
99 | - return; |
|
100 | - } |
|
101 | - |
|
102 | - $this->dui->markUser($uid); |
|
103 | - $output->writeln('The user does not exists on LDAP anymore.'); |
|
104 | - $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' |
|
105 | - . $uid . '"'); |
|
106 | - } catch (\Exception $e) { |
|
107 | - $output->writeln('<error>' . $e->getMessage(). '</error>'); |
|
108 | - } |
|
109 | - } |
|
110 | - |
|
111 | - /** |
|
112 | - * checks whether a user is actually mapped |
|
113 | - * @param string $ocName the username as used in Nextcloud |
|
114 | - * @throws \Exception |
|
115 | - * @return true |
|
116 | - */ |
|
117 | - protected function confirmUserIsMapped($ocName) { |
|
118 | - $dn = $this->mapping->getDNByName($ocName); |
|
119 | - if ($dn === false) { |
|
120 | - throw new \Exception('The given user is not a recognized LDAP user.'); |
|
121 | - } |
|
122 | - |
|
123 | - return true; |
|
124 | - } |
|
125 | - |
|
126 | - /** |
|
127 | - * checks whether the setup allows reliable checking of LDAP user existence |
|
128 | - * @throws \Exception |
|
129 | - * @return true |
|
130 | - */ |
|
131 | - protected function isAllowed($force) { |
|
132 | - if($this->helper->haveDisabledConfigurations() && !$force) { |
|
133 | - throw new \Exception('Cannot check user existence, because ' |
|
134 | - . 'disabled LDAP configurations are present.'); |
|
135 | - } |
|
136 | - |
|
137 | - // we don't check ldapUserCleanupInterval from config.php because this |
|
138 | - // action is triggered manually, while the setting only controls the |
|
139 | - // background job. |
|
140 | - |
|
141 | - return true; |
|
142 | - } |
|
143 | - |
|
144 | - private function updateUser(string $uid, OutputInterface $output): void { |
|
145 | - try { |
|
146 | - $access = $this->backend->getLDAPAccess($uid); |
|
147 | - $attrs = $access->userManager->getAttributes(); |
|
148 | - $user = $access->userManager->get($uid); |
|
149 | - $avatarAttributes = $access->getConnection()->resolveRule('avatar'); |
|
150 | - $result = $access->search('objectclass=*', [$user->getDN()], $attrs, 1, 0); |
|
151 | - foreach ($result[0] as $attribute => $valueSet) { |
|
152 | - $output->writeln(' ' . $attribute . ': '); |
|
153 | - foreach ($valueSet as $value) { |
|
154 | - if (in_array($attribute, $avatarAttributes)) { |
|
155 | - $value = '{ImageData}'; |
|
156 | - } |
|
157 | - $output->writeln(' ' . $value); |
|
158 | - } |
|
159 | - } |
|
160 | - $access->batchApplyUserAttributes($result); |
|
161 | - } catch (\Exception $e) { |
|
162 | - $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>'); |
|
163 | - } |
|
164 | - } |
|
38 | + /** @var User_Proxy */ |
|
39 | + protected $backend; |
|
40 | + |
|
41 | + /** @var Helper */ |
|
42 | + protected $helper; |
|
43 | + |
|
44 | + /** @var DeletedUsersIndex */ |
|
45 | + protected $dui; |
|
46 | + |
|
47 | + /** @var UserMapping */ |
|
48 | + protected $mapping; |
|
49 | + |
|
50 | + /** |
|
51 | + * @param User_Proxy $uBackend |
|
52 | + * @param Helper $helper |
|
53 | + * @param DeletedUsersIndex $dui |
|
54 | + * @param UserMapping $mapping |
|
55 | + */ |
|
56 | + public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) { |
|
57 | + $this->backend = $uBackend; |
|
58 | + $this->helper = $helper; |
|
59 | + $this->dui = $dui; |
|
60 | + $this->mapping = $mapping; |
|
61 | + parent::__construct(); |
|
62 | + } |
|
63 | + |
|
64 | + protected function configure() { |
|
65 | + $this |
|
66 | + ->setName('ldap:check-user') |
|
67 | + ->setDescription('checks whether a user exists on LDAP.') |
|
68 | + ->addArgument( |
|
69 | + 'ocName', |
|
70 | + InputArgument::REQUIRED, |
|
71 | + 'the user name as used in Nextcloud' |
|
72 | + ) |
|
73 | + ->addOption( |
|
74 | + 'force', |
|
75 | + null, |
|
76 | + InputOption::VALUE_NONE, |
|
77 | + 'ignores disabled LDAP configuration' |
|
78 | + ) |
|
79 | + ->addOption( |
|
80 | + 'update', |
|
81 | + null, |
|
82 | + InputOption::VALUE_NONE, |
|
83 | + 'syncs values from LDAP' |
|
84 | + ) |
|
85 | + ; |
|
86 | + } |
|
87 | + |
|
88 | + protected function execute(InputInterface $input, OutputInterface $output) { |
|
89 | + try { |
|
90 | + $uid = $input->getArgument('ocName'); |
|
91 | + $this->isAllowed($input->getOption('force')); |
|
92 | + $this->confirmUserIsMapped($uid); |
|
93 | + $exists = $this->backend->userExistsOnLDAP($uid); |
|
94 | + if($exists === true) { |
|
95 | + $output->writeln('The user is still available on LDAP.'); |
|
96 | + if($input->getOption('update')) { |
|
97 | + $this->updateUser($uid, $output); |
|
98 | + } |
|
99 | + return; |
|
100 | + } |
|
101 | + |
|
102 | + $this->dui->markUser($uid); |
|
103 | + $output->writeln('The user does not exists on LDAP anymore.'); |
|
104 | + $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' |
|
105 | + . $uid . '"'); |
|
106 | + } catch (\Exception $e) { |
|
107 | + $output->writeln('<error>' . $e->getMessage(). '</error>'); |
|
108 | + } |
|
109 | + } |
|
110 | + |
|
111 | + /** |
|
112 | + * checks whether a user is actually mapped |
|
113 | + * @param string $ocName the username as used in Nextcloud |
|
114 | + * @throws \Exception |
|
115 | + * @return true |
|
116 | + */ |
|
117 | + protected function confirmUserIsMapped($ocName) { |
|
118 | + $dn = $this->mapping->getDNByName($ocName); |
|
119 | + if ($dn === false) { |
|
120 | + throw new \Exception('The given user is not a recognized LDAP user.'); |
|
121 | + } |
|
122 | + |
|
123 | + return true; |
|
124 | + } |
|
125 | + |
|
126 | + /** |
|
127 | + * checks whether the setup allows reliable checking of LDAP user existence |
|
128 | + * @throws \Exception |
|
129 | + * @return true |
|
130 | + */ |
|
131 | + protected function isAllowed($force) { |
|
132 | + if($this->helper->haveDisabledConfigurations() && !$force) { |
|
133 | + throw new \Exception('Cannot check user existence, because ' |
|
134 | + . 'disabled LDAP configurations are present.'); |
|
135 | + } |
|
136 | + |
|
137 | + // we don't check ldapUserCleanupInterval from config.php because this |
|
138 | + // action is triggered manually, while the setting only controls the |
|
139 | + // background job. |
|
140 | + |
|
141 | + return true; |
|
142 | + } |
|
143 | + |
|
144 | + private function updateUser(string $uid, OutputInterface $output): void { |
|
145 | + try { |
|
146 | + $access = $this->backend->getLDAPAccess($uid); |
|
147 | + $attrs = $access->userManager->getAttributes(); |
|
148 | + $user = $access->userManager->get($uid); |
|
149 | + $avatarAttributes = $access->getConnection()->resolveRule('avatar'); |
|
150 | + $result = $access->search('objectclass=*', [$user->getDN()], $attrs, 1, 0); |
|
151 | + foreach ($result[0] as $attribute => $valueSet) { |
|
152 | + $output->writeln(' ' . $attribute . ': '); |
|
153 | + foreach ($valueSet as $value) { |
|
154 | + if (in_array($attribute, $avatarAttributes)) { |
|
155 | + $value = '{ImageData}'; |
|
156 | + } |
|
157 | + $output->writeln(' ' . $value); |
|
158 | + } |
|
159 | + } |
|
160 | + $access->batchApplyUserAttributes($result); |
|
161 | + } catch (\Exception $e) { |
|
162 | + $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>'); |
|
163 | + } |
|
164 | + } |
|
165 | 165 | |
166 | 166 | } |
@@ -91,9 +91,9 @@ discard block |
||
91 | 91 | $this->isAllowed($input->getOption('force')); |
92 | 92 | $this->confirmUserIsMapped($uid); |
93 | 93 | $exists = $this->backend->userExistsOnLDAP($uid); |
94 | - if($exists === true) { |
|
94 | + if ($exists === true) { |
|
95 | 95 | $output->writeln('The user is still available on LDAP.'); |
96 | - if($input->getOption('update')) { |
|
96 | + if ($input->getOption('update')) { |
|
97 | 97 | $this->updateUser($uid, $output); |
98 | 98 | } |
99 | 99 | return; |
@@ -102,9 +102,9 @@ discard block |
||
102 | 102 | $this->dui->markUser($uid); |
103 | 103 | $output->writeln('The user does not exists on LDAP anymore.'); |
104 | 104 | $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' |
105 | - . $uid . '"'); |
|
105 | + . $uid.'"'); |
|
106 | 106 | } catch (\Exception $e) { |
107 | - $output->writeln('<error>' . $e->getMessage(). '</error>'); |
|
107 | + $output->writeln('<error>'.$e->getMessage().'</error>'); |
|
108 | 108 | } |
109 | 109 | } |
110 | 110 | |
@@ -129,7 +129,7 @@ discard block |
||
129 | 129 | * @return true |
130 | 130 | */ |
131 | 131 | protected function isAllowed($force) { |
132 | - if($this->helper->haveDisabledConfigurations() && !$force) { |
|
132 | + if ($this->helper->haveDisabledConfigurations() && !$force) { |
|
133 | 133 | throw new \Exception('Cannot check user existence, because ' |
134 | 134 | . 'disabled LDAP configurations are present.'); |
135 | 135 | } |
@@ -149,12 +149,12 @@ discard block |
||
149 | 149 | $avatarAttributes = $access->getConnection()->resolveRule('avatar'); |
150 | 150 | $result = $access->search('objectclass=*', [$user->getDN()], $attrs, 1, 0); |
151 | 151 | foreach ($result[0] as $attribute => $valueSet) { |
152 | - $output->writeln(' ' . $attribute . ': '); |
|
152 | + $output->writeln(' '.$attribute.': '); |
|
153 | 153 | foreach ($valueSet as $value) { |
154 | 154 | if (in_array($attribute, $avatarAttributes)) { |
155 | 155 | $value = '{ImageData}'; |
156 | 156 | } |
157 | - $output->writeln(' ' . $value); |
|
157 | + $output->writeln(' '.$value); |
|
158 | 158 | } |
159 | 159 | } |
160 | 160 | $access->batchApplyUserAttributes($result); |