nextcloud /
server
@@ -35,132 +35,132 @@ |
||
| 35 | 35 | use OCA\User_LDAP\User_Proxy; |
| 36 | 36 | |
| 37 | 37 | class CheckUser extends Command { |
| 38 | - /** @var User_Proxy */ |
|
| 39 | - protected $backend; |
|
| 40 | - |
|
| 41 | - /** @var Helper */ |
|
| 42 | - protected $helper; |
|
| 43 | - |
|
| 44 | - /** @var DeletedUsersIndex */ |
|
| 45 | - protected $dui; |
|
| 46 | - |
|
| 47 | - /** @var UserMapping */ |
|
| 48 | - protected $mapping; |
|
| 49 | - |
|
| 50 | - /** |
|
| 51 | - * @param User_Proxy $uBackend |
|
| 52 | - * @param Helper $helper |
|
| 53 | - * @param DeletedUsersIndex $dui |
|
| 54 | - * @param UserMapping $mapping |
|
| 55 | - */ |
|
| 56 | - public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) { |
|
| 57 | - $this->backend = $uBackend; |
|
| 58 | - $this->helper = $helper; |
|
| 59 | - $this->dui = $dui; |
|
| 60 | - $this->mapping = $mapping; |
|
| 61 | - parent::__construct(); |
|
| 62 | - } |
|
| 63 | - |
|
| 64 | - protected function configure() { |
|
| 65 | - $this |
|
| 66 | - ->setName('ldap:check-user') |
|
| 67 | - ->setDescription('checks whether a user exists on LDAP.') |
|
| 68 | - ->addArgument( |
|
| 69 | - 'ocName', |
|
| 70 | - InputArgument::REQUIRED, |
|
| 71 | - 'the user name as used in Nextcloud' |
|
| 72 | - ) |
|
| 73 | - ->addOption( |
|
| 74 | - 'force', |
|
| 75 | - null, |
|
| 76 | - InputOption::VALUE_NONE, |
|
| 77 | - 'ignores disabled LDAP configuration' |
|
| 78 | - ) |
|
| 79 | - ->addOption( |
|
| 80 | - 'update', |
|
| 81 | - null, |
|
| 82 | - InputOption::VALUE_NONE, |
|
| 83 | - 'syncs values from LDAP' |
|
| 84 | - ) |
|
| 85 | - ; |
|
| 86 | - } |
|
| 87 | - |
|
| 88 | - protected function execute(InputInterface $input, OutputInterface $output) { |
|
| 89 | - try { |
|
| 90 | - $uid = $input->getArgument('ocName'); |
|
| 91 | - $this->isAllowed($input->getOption('force')); |
|
| 92 | - $this->confirmUserIsMapped($uid); |
|
| 93 | - $exists = $this->backend->userExistsOnLDAP($uid); |
|
| 94 | - if($exists === true) { |
|
| 95 | - $output->writeln('The user is still available on LDAP.'); |
|
| 96 | - if($input->getOption('update')) { |
|
| 97 | - $this->updateUser($uid, $output); |
|
| 98 | - } |
|
| 99 | - return; |
|
| 100 | - } |
|
| 101 | - |
|
| 102 | - $this->dui->markUser($uid); |
|
| 103 | - $output->writeln('The user does not exists on LDAP anymore.'); |
|
| 104 | - $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' |
|
| 105 | - . $uid . '"'); |
|
| 106 | - } catch (\Exception $e) { |
|
| 107 | - $output->writeln('<error>' . $e->getMessage(). '</error>'); |
|
| 108 | - } |
|
| 109 | - } |
|
| 110 | - |
|
| 111 | - /** |
|
| 112 | - * checks whether a user is actually mapped |
|
| 113 | - * @param string $ocName the username as used in Nextcloud |
|
| 114 | - * @throws \Exception |
|
| 115 | - * @return true |
|
| 116 | - */ |
|
| 117 | - protected function confirmUserIsMapped($ocName) { |
|
| 118 | - $dn = $this->mapping->getDNByName($ocName); |
|
| 119 | - if ($dn === false) { |
|
| 120 | - throw new \Exception('The given user is not a recognized LDAP user.'); |
|
| 121 | - } |
|
| 122 | - |
|
| 123 | - return true; |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - /** |
|
| 127 | - * checks whether the setup allows reliable checking of LDAP user existence |
|
| 128 | - * @throws \Exception |
|
| 129 | - * @return true |
|
| 130 | - */ |
|
| 131 | - protected function isAllowed($force) { |
|
| 132 | - if($this->helper->haveDisabledConfigurations() && !$force) { |
|
| 133 | - throw new \Exception('Cannot check user existence, because ' |
|
| 134 | - . 'disabled LDAP configurations are present.'); |
|
| 135 | - } |
|
| 136 | - |
|
| 137 | - // we don't check ldapUserCleanupInterval from config.php because this |
|
| 138 | - // action is triggered manually, while the setting only controls the |
|
| 139 | - // background job. |
|
| 140 | - |
|
| 141 | - return true; |
|
| 142 | - } |
|
| 143 | - |
|
| 144 | - private function updateUser(string $uid, OutputInterface $output): void { |
|
| 145 | - try { |
|
| 146 | - $access = $this->backend->getLDAPAccess($uid); |
|
| 147 | - $attrs = $access->userManager->getAttributes(); |
|
| 148 | - $user = $access->userManager->get($uid); |
|
| 149 | - $avatarAttributes = $access->getConnection()->resolveRule('avatar'); |
|
| 150 | - $result = $access->search('objectclass=*', [$user->getDN()], $attrs, 1, 0); |
|
| 151 | - foreach ($result[0] as $attribute => $valueSet) { |
|
| 152 | - $output->writeln(' ' . $attribute . ': '); |
|
| 153 | - foreach ($valueSet as $value) { |
|
| 154 | - if (in_array($attribute, $avatarAttributes)) { |
|
| 155 | - $value = '{ImageData}'; |
|
| 156 | - } |
|
| 157 | - $output->writeln(' ' . $value); |
|
| 158 | - } |
|
| 159 | - } |
|
| 160 | - $access->batchApplyUserAttributes($result); |
|
| 161 | - } catch (\Exception $e) { |
|
| 162 | - $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>'); |
|
| 163 | - } |
|
| 164 | - } |
|
| 38 | + /** @var User_Proxy */ |
|
| 39 | + protected $backend; |
|
| 40 | + |
|
| 41 | + /** @var Helper */ |
|
| 42 | + protected $helper; |
|
| 43 | + |
|
| 44 | + /** @var DeletedUsersIndex */ |
|
| 45 | + protected $dui; |
|
| 46 | + |
|
| 47 | + /** @var UserMapping */ |
|
| 48 | + protected $mapping; |
|
| 49 | + |
|
| 50 | + /** |
|
| 51 | + * @param User_Proxy $uBackend |
|
| 52 | + * @param Helper $helper |
|
| 53 | + * @param DeletedUsersIndex $dui |
|
| 54 | + * @param UserMapping $mapping |
|
| 55 | + */ |
|
| 56 | + public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) { |
|
| 57 | + $this->backend = $uBackend; |
|
| 58 | + $this->helper = $helper; |
|
| 59 | + $this->dui = $dui; |
|
| 60 | + $this->mapping = $mapping; |
|
| 61 | + parent::__construct(); |
|
| 62 | + } |
|
| 63 | + |
|
| 64 | + protected function configure() { |
|
| 65 | + $this |
|
| 66 | + ->setName('ldap:check-user') |
|
| 67 | + ->setDescription('checks whether a user exists on LDAP.') |
|
| 68 | + ->addArgument( |
|
| 69 | + 'ocName', |
|
| 70 | + InputArgument::REQUIRED, |
|
| 71 | + 'the user name as used in Nextcloud' |
|
| 72 | + ) |
|
| 73 | + ->addOption( |
|
| 74 | + 'force', |
|
| 75 | + null, |
|
| 76 | + InputOption::VALUE_NONE, |
|
| 77 | + 'ignores disabled LDAP configuration' |
|
| 78 | + ) |
|
| 79 | + ->addOption( |
|
| 80 | + 'update', |
|
| 81 | + null, |
|
| 82 | + InputOption::VALUE_NONE, |
|
| 83 | + 'syncs values from LDAP' |
|
| 84 | + ) |
|
| 85 | + ; |
|
| 86 | + } |
|
| 87 | + |
|
| 88 | + protected function execute(InputInterface $input, OutputInterface $output) { |
|
| 89 | + try { |
|
| 90 | + $uid = $input->getArgument('ocName'); |
|
| 91 | + $this->isAllowed($input->getOption('force')); |
|
| 92 | + $this->confirmUserIsMapped($uid); |
|
| 93 | + $exists = $this->backend->userExistsOnLDAP($uid); |
|
| 94 | + if($exists === true) { |
|
| 95 | + $output->writeln('The user is still available on LDAP.'); |
|
| 96 | + if($input->getOption('update')) { |
|
| 97 | + $this->updateUser($uid, $output); |
|
| 98 | + } |
|
| 99 | + return; |
|
| 100 | + } |
|
| 101 | + |
|
| 102 | + $this->dui->markUser($uid); |
|
| 103 | + $output->writeln('The user does not exists on LDAP anymore.'); |
|
| 104 | + $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' |
|
| 105 | + . $uid . '"'); |
|
| 106 | + } catch (\Exception $e) { |
|
| 107 | + $output->writeln('<error>' . $e->getMessage(). '</error>'); |
|
| 108 | + } |
|
| 109 | + } |
|
| 110 | + |
|
| 111 | + /** |
|
| 112 | + * checks whether a user is actually mapped |
|
| 113 | + * @param string $ocName the username as used in Nextcloud |
|
| 114 | + * @throws \Exception |
|
| 115 | + * @return true |
|
| 116 | + */ |
|
| 117 | + protected function confirmUserIsMapped($ocName) { |
|
| 118 | + $dn = $this->mapping->getDNByName($ocName); |
|
| 119 | + if ($dn === false) { |
|
| 120 | + throw new \Exception('The given user is not a recognized LDAP user.'); |
|
| 121 | + } |
|
| 122 | + |
|
| 123 | + return true; |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + /** |
|
| 127 | + * checks whether the setup allows reliable checking of LDAP user existence |
|
| 128 | + * @throws \Exception |
|
| 129 | + * @return true |
|
| 130 | + */ |
|
| 131 | + protected function isAllowed($force) { |
|
| 132 | + if($this->helper->haveDisabledConfigurations() && !$force) { |
|
| 133 | + throw new \Exception('Cannot check user existence, because ' |
|
| 134 | + . 'disabled LDAP configurations are present.'); |
|
| 135 | + } |
|
| 136 | + |
|
| 137 | + // we don't check ldapUserCleanupInterval from config.php because this |
|
| 138 | + // action is triggered manually, while the setting only controls the |
|
| 139 | + // background job. |
|
| 140 | + |
|
| 141 | + return true; |
|
| 142 | + } |
|
| 143 | + |
|
| 144 | + private function updateUser(string $uid, OutputInterface $output): void { |
|
| 145 | + try { |
|
| 146 | + $access = $this->backend->getLDAPAccess($uid); |
|
| 147 | + $attrs = $access->userManager->getAttributes(); |
|
| 148 | + $user = $access->userManager->get($uid); |
|
| 149 | + $avatarAttributes = $access->getConnection()->resolveRule('avatar'); |
|
| 150 | + $result = $access->search('objectclass=*', [$user->getDN()], $attrs, 1, 0); |
|
| 151 | + foreach ($result[0] as $attribute => $valueSet) { |
|
| 152 | + $output->writeln(' ' . $attribute . ': '); |
|
| 153 | + foreach ($valueSet as $value) { |
|
| 154 | + if (in_array($attribute, $avatarAttributes)) { |
|
| 155 | + $value = '{ImageData}'; |
|
| 156 | + } |
|
| 157 | + $output->writeln(' ' . $value); |
|
| 158 | + } |
|
| 159 | + } |
|
| 160 | + $access->batchApplyUserAttributes($result); |
|
| 161 | + } catch (\Exception $e) { |
|
| 162 | + $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>'); |
|
| 163 | + } |
|
| 164 | + } |
|
| 165 | 165 | |
| 166 | 166 | } |
@@ -91,9 +91,9 @@ discard block |
||
| 91 | 91 | $this->isAllowed($input->getOption('force')); |
| 92 | 92 | $this->confirmUserIsMapped($uid); |
| 93 | 93 | $exists = $this->backend->userExistsOnLDAP($uid); |
| 94 | - if($exists === true) { |
|
| 94 | + if ($exists === true) { |
|
| 95 | 95 | $output->writeln('The user is still available on LDAP.'); |
| 96 | - if($input->getOption('update')) { |
|
| 96 | + if ($input->getOption('update')) { |
|
| 97 | 97 | $this->updateUser($uid, $output); |
| 98 | 98 | } |
| 99 | 99 | return; |
@@ -102,9 +102,9 @@ discard block |
||
| 102 | 102 | $this->dui->markUser($uid); |
| 103 | 103 | $output->writeln('The user does not exists on LDAP anymore.'); |
| 104 | 104 | $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' |
| 105 | - . $uid . '"'); |
|
| 105 | + . $uid.'"'); |
|
| 106 | 106 | } catch (\Exception $e) { |
| 107 | - $output->writeln('<error>' . $e->getMessage(). '</error>'); |
|
| 107 | + $output->writeln('<error>'.$e->getMessage().'</error>'); |
|
| 108 | 108 | } |
| 109 | 109 | } |
| 110 | 110 | |
@@ -129,7 +129,7 @@ discard block |
||
| 129 | 129 | * @return true |
| 130 | 130 | */ |
| 131 | 131 | protected function isAllowed($force) { |
| 132 | - if($this->helper->haveDisabledConfigurations() && !$force) { |
|
| 132 | + if ($this->helper->haveDisabledConfigurations() && !$force) { |
|
| 133 | 133 | throw new \Exception('Cannot check user existence, because ' |
| 134 | 134 | . 'disabled LDAP configurations are present.'); |
| 135 | 135 | } |
@@ -149,12 +149,12 @@ discard block |
||
| 149 | 149 | $avatarAttributes = $access->getConnection()->resolveRule('avatar'); |
| 150 | 150 | $result = $access->search('objectclass=*', [$user->getDN()], $attrs, 1, 0); |
| 151 | 151 | foreach ($result[0] as $attribute => $valueSet) { |
| 152 | - $output->writeln(' ' . $attribute . ': '); |
|
| 152 | + $output->writeln(' '.$attribute.': '); |
|
| 153 | 153 | foreach ($valueSet as $value) { |
| 154 | 154 | if (in_array($attribute, $avatarAttributes)) { |
| 155 | 155 | $value = '{ImageData}'; |
| 156 | 156 | } |
| 157 | - $output->writeln(' ' . $value); |
|
| 157 | + $output->writeln(' '.$value); |
|
| 158 | 158 | } |
| 159 | 159 | } |
| 160 | 160 | $access->batchApplyUserAttributes($result); |
