LDAPProvider - Code Metrics - Inspection of "Merge pull request #25128 from nextcloud/ldapprovi..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( b28cea...939433 )

by Blizzz

created 2021-01-22 13:31 UTC

LDAPProvider B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	300
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	100
dl	0
loc	300
rs	8.72
c	0
b	0
f	0
wmc	46

19 Methods

Rating	Name	Size	Complexity
A	getUserDN()	9	3
B	__construct()	25	7
A	DNasBaseParameter()	2	1
A	getUserName()	6	2
A	sanitizeDN()	2	1
A	getGroupDN()	9	3
A	getLDAPConnection()	5	2
A	getGroupLDAPConnection()	5	2
A	clearGroupCache()	5	2
A	getLDAPGroupMemberAssoc()	5	2
A	getLDAPDisplayNameField()	5	2
A	dnExists()	3	2
A	clearCache()	5	2
A	getLDAPBaseUsers()	22	4
A	getLDAPBaseGroups()	6	2
A	flagRecord()	2	1
A	unflagRecord()	1	1
A	getLDAPEmailField()	5	2
A	getUserAttribute()	22	5

How to fix Complexity

<?php
/**
 * @copyright Copyright (c) 2016, Roger Szabo ([email protected])
 *
 * @author Arthur Schiwon <[email protected]>
 * @author Christoph Wurst <[email protected]>
 * @author Roeland Jago Douma <[email protected]>
 * @author Roger Szabo <[email protected]>
 * @author root <[email protected]>
 * @author Vinicius Cubas Brand <[email protected]>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\User_LDAP;

use OCA\User_LDAP\User\DeletedUsersIndex;
use OCP\IServerContainer;
use OCP\LDAP\IDeletionFlagSupport;
use OCP\LDAP\ILDAPProvider;

/**
 * LDAP provider for pulic access to the LDAP backend.
 */
class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
	private $userBackend;
	private $groupBackend;
	private $logger;
	private $helper;
	private $deletedUsersIndex;

	/**
	 * Create new LDAPProvider
	 * @param \OCP\IServerContainer $serverContainer
	 * @param Helper $helper
	 * @param DeletedUsersIndex $deletedUsersIndex
	 * @throws \Exception if user_ldap app was not enabled
	 */
	public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) {
		$this->logger = $serverContainer->getLogger();
		$this->helper = $helper;
		$this->deletedUsersIndex = $deletedUsersIndex;
		$userBackendFound = false;
		$groupBackendFound = false;
		foreach ($serverContainer->getUserManager()->getBackends() as $backend) {
			$this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']);
			if ($backend instanceof IUserLDAP) {
				$this->userBackend = $backend;
				$userBackendFound = true;
				break;
			}
		}
		foreach ($serverContainer->getGroupManager()->getBackends() as $backend) {
			$this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']);
			if ($backend instanceof IGroupLDAP) {
				$this->groupBackend = $backend;
				$groupBackendFound = true;
				break;
			}
		}

		if (!$userBackendFound or !$groupBackendFound) {
			throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
		}
	}

	/**
	 * Translate an user id to LDAP DN
	 * @param string $uid user id
	 * @return string with the LDAP DN
	 * @throws \Exception if translation was unsuccessful
	 */
	public function getUserDN($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		$result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid);
		if (!$result) {
			throw new \Exception('Translation to LDAP DN unsuccessful');
		}
		return $result;
	}

	/**
	 * Translate a group id to LDAP DN.
	 * @param string $gid group id
	 * @return string
	 * @throws \Exception
	 */
	public function getGroupDN($gid) {
		if (!$this->groupBackend->groupExists($gid)) {
			throw new \Exception('Group id not found in LDAP');
		}
		$result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid);
		if (!$result) {
			throw new \Exception('Translation to LDAP DN unsuccessful');
		}
		return $result;
	}

	/**
	 * Translate a LDAP DN to an internal user name. If there is no mapping between
	 * the DN and the user name, a new one will be created.
	 * @param string $dn LDAP DN
	 * @return string with the internal user name
	 * @throws \Exception if translation was unsuccessful
	 */
	public function getUserName($dn) {
		$result = $this->userBackend->dn2UserName($dn);
		if (!$result) {
			throw new \Exception('Translation to internal user name unsuccessful');
		}
		return $result;
	}

	/**
	 * Convert a stored DN so it can be used as base parameter for LDAP queries.
	 * @param string $dn the DN in question
	 * @return string
	 */
	public function DNasBaseParameter($dn) {
		return $this->helper->DNasBaseParameter($dn);
	}

	/**
	 * Sanitize a DN received from the LDAP server.
	 * @param array $dn the DN in question
	 * @return array the sanitized DN
	 */
	public function sanitizeDN($dn) {
		return $this->helper->sanitizeDN($dn);
	}

	/**
	 * Return a new LDAP connection resource for the specified user.
	 * The connection must be closed manually.
	 * @param string $uid user id
	 * @return resource of the LDAP connection
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function getLDAPConnection($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		return $this->userBackend->getNewLDAPConnection($uid);
	}

	/**
	 * Return a new LDAP connection resource for the specified user.
	 * The connection must be closed manually.
	 * @param string $gid group id
	 * @return resource of the LDAP connection
	 * @throws \Exception if group id was not found in LDAP
	 */
	public function getGroupLDAPConnection($gid) {
		if (!$this->groupBackend->groupExists($gid)) {
			throw new \Exception('Group id not found in LDAP');
		}
		return $this->groupBackend->getNewLDAPConnection($gid);
	}

	/**
	 * Get the LDAP base for users.
	 * @param string $uid user id
	 * @return string the base for users
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function getLDAPBaseUsers($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		$access = $this->userBackend->getLDAPAccess($uid);
		$bases = $access->getConnection()->ldapBaseUsers;
		$dn = $this->getUserDN($uid);
		foreach ($bases as $base) {
			if ($access->isDNPartOfBase($dn, [$base])) {
				return $base;
			}
		}
		// should not occur, because the user does not qualify to use NC in this case
		$this->logger->info(
			'No matching user base found for user {dn}, available: {bases}.',
			[
				'app' => 'user_ldap',
				'dn' => $dn,
				'bases' => $bases,
			]
		);
		return array_shift($bases);
	}

	/**
	 * Get the LDAP base for groups.
	 * @param string $uid user id
	 * @return string the base for groups
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function getLDAPBaseGroups($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		$bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
		return array_shift($bases);
	}

	/**
	 * Clear the cache if a cache is used, otherwise do nothing.
	 * @param string $uid user id
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function clearCache($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		$this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache();
	}

	/**
	 * Clear the cache if a cache is used, otherwise do nothing.
	 * Acts on the LDAP connection of a group
	 * @param string $gid group id
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function clearGroupCache($gid) {
		if (!$this->groupBackend->groupExists($gid)) {
			throw new \Exception('Group id not found in LDAP');
		}
		$this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
	}

	/**
	 * Check whether a LDAP DN exists
	 * @param string $dn LDAP DN
	 * @return bool whether the DN exists
	 */
	public function dnExists($dn) {
		$result = $this->userBackend->dn2UserName($dn);
		return !$result ? false : true;
	}

	/**
	 * Flag record for deletion.
	 * @param string $uid user id
	 */
	public function flagRecord($uid) {
		$this->deletedUsersIndex->markUser($uid);
	}

	/**
	 * Unflag record for deletion.
	 * @param string $uid user id
	 */
	public function unflagRecord($uid) {
		//do nothing
	}

	/**
	 * Get the LDAP attribute name for the user's display name
	 * @param string $uid user id
	 * @return string the display name field
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function getLDAPDisplayNameField($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name'];
	}

	/**
	 * Get the LDAP attribute name for the email
	 * @param string $uid user id
	 * @return string the email field
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function getLDAPEmailField($uid) {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr'];
	}

	/**
	 * Get the LDAP type of association between users and groups
	 * @param string $gid group id
	 * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', ''
	 * @throws \Exception if group id was not found in LDAP
	 */
	public function getLDAPGroupMemberAssoc($gid) {
		if (!$this->groupBackend->groupExists($gid)) {
			throw new \Exception('Group id not found in LDAP');
		}
		return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
	}

	/**
	 * Get an LDAP attribute for a nextcloud user
	 * @param string $uid the nextcloud user id to get the attribute for
	 * @param string $attribute the name of the attribute to read
	 * @return string|null
	 * @throws \Exception if user id was not found in LDAP
	 */
	public function getUserAttribute(string $uid, string $attribute): ?string {
		if (!$this->userBackend->userExists($uid)) {
			throw new \Exception('User id not found in LDAP');
		}
		$access = $this->userBackend->getLDAPAccess($uid);
		$connection = $access->getConnection();
		$key = $uid . "::" . $attribute;
		$cached = $connection->getFromCache($key);

		if ($cached !== null) {
			return $cached;
		}

		$value = $access->readAttribute($access->username2dn($uid), $attribute);
		if (is_array($value) && count($value) > 0) {
			$value = current($value);
		} else {
			return null;
		}
		$connection->writeToCache($key, $value);

		return $value;
	}
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2016, Roger Szabo ([email protected])
4			*
5			* @author Arthur Schiwon <[email protected]>
6			* @author Christoph Wurst <[email protected]>
7			* @author Roeland Jago Douma <[email protected]>
8			* @author Roger Szabo <[email protected]>
9			* @author root <[email protected]>
10			* @author Vinicius Cubas Brand <[email protected]>
11			*
12			* @license GNU AGPL version 3 or any later version
13			*
14			* This program is free software: you can redistribute it and/or modify
15			* it under the terms of the GNU Affero General Public License as
16			* published by the Free Software Foundation, either version 3 of the
17			* License, or (at your option) any later version.
18			*
19			* This program is distributed in the hope that it will be useful,
20			* but WITHOUT ANY WARRANTY; without even the implied warranty of
21			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22			* GNU Affero General Public License for more details.
23			*
24			* You should have received a copy of the GNU Affero General Public License
25			* along with this program. If not, see <http://www.gnu.org/licenses/>.
26			*
27			*/
28
29			namespace OCA\User_LDAP;
30
31			use OCA\User_LDAP\User\DeletedUsersIndex;
32			use OCP\IServerContainer;
33			use OCP\LDAP\IDeletionFlagSupport;
34			use OCP\LDAP\ILDAPProvider;
35
36			/**
37			* LDAP provider for pulic access to the LDAP backend.
38			*/
39			class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
40			private $userBackend;
41			private $groupBackend;
42			private $logger;
43			private $helper;
44			private $deletedUsersIndex;
45
46			/**
47			* Create new LDAPProvider
48			* @param \OCP\IServerContainer $serverContainer
49			* @param Helper $helper
50			* @param DeletedUsersIndex $deletedUsersIndex
51			* @throws \Exception if user_ldap app was not enabled
52			*/
53			public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) {
54			$this->logger = $serverContainer->getLogger();
55			$this->helper = $helper;
56			$this->deletedUsersIndex = $deletedUsersIndex;
57			$userBackendFound = false;
58			$groupBackendFound = false;
59			foreach ($serverContainer->getUserManager()->getBackends() as $backend) {
60			$this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']);
61			if ($backend instanceof IUserLDAP) {
62			$this->userBackend = $backend;
63			$userBackendFound = true;
64			break;
65			}
66			}
67			foreach ($serverContainer->getGroupManager()->getBackends() as $backend) {
68			$this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']);
69			if ($backend instanceof IGroupLDAP) {
70			$this->groupBackend = $backend;
71			$groupBackendFound = true;
72			break;
73			}
74			}
75
76			if (!$userBackendFound or !$groupBackendFound) {
77			throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
78			}
79			}
80
81			/**
82			* Translate an user id to LDAP DN
83			* @param string $uid user id
84			* @return string with the LDAP DN
85			* @throws \Exception if translation was unsuccessful
86			*/
87			public function getUserDN($uid) {
88			if (!$this->userBackend->userExists($uid)) {
89			throw new \Exception('User id not found in LDAP');
90			}
91			$result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid);
92			if (!$result) {
93			throw new \Exception('Translation to LDAP DN unsuccessful');
94			}
95			return $result;
96			}
97
98			/**
99			* Translate a group id to LDAP DN.
100			* @param string $gid group id
101			* @return string
102			* @throws \Exception
103			*/
104			public function getGroupDN($gid) {
105			if (!$this->groupBackend->groupExists($gid)) {
106			throw new \Exception('Group id not found in LDAP');
107			}
108			$result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid);
109			if (!$result) {
110			throw new \Exception('Translation to LDAP DN unsuccessful');
111			}
112			return $result;
113			}
114
115			/**
116			* Translate a LDAP DN to an internal user name. If there is no mapping between
117			* the DN and the user name, a new one will be created.
118			* @param string $dn LDAP DN
119			* @return string with the internal user name
120			* @throws \Exception if translation was unsuccessful
121			*/
122			public function getUserName($dn) {
123			$result = $this->userBackend->dn2UserName($dn);
124			if (!$result) {
125			throw new \Exception('Translation to internal user name unsuccessful');
126			}
127			return $result;
128			}
129
130			/**
131			* Convert a stored DN so it can be used as base parameter for LDAP queries.
132			* @param string $dn the DN in question
133			* @return string
134			*/
135			public function DNasBaseParameter($dn) {
136			return $this->helper->DNasBaseParameter($dn);
137			}
138
139			/**
140			* Sanitize a DN received from the LDAP server.
141			* @param array $dn the DN in question
142			* @return array the sanitized DN
143			*/
144			public function sanitizeDN($dn) {
145			return $this->helper->sanitizeDN($dn);
146			}
147
148			/**
149			* Return a new LDAP connection resource for the specified user.
150			* The connection must be closed manually.
151			* @param string $uid user id
152			* @return resource of the LDAP connection
153			* @throws \Exception if user id was not found in LDAP
154			*/
155			public function getLDAPConnection($uid) {
156			if (!$this->userBackend->userExists($uid)) {
157			throw new \Exception('User id not found in LDAP');
158			}
159			return $this->userBackend->getNewLDAPConnection($uid);
160			}
161
162			/**
163			* Return a new LDAP connection resource for the specified user.
164			* The connection must be closed manually.
165			* @param string $gid group id
166			* @return resource of the LDAP connection
167			* @throws \Exception if group id was not found in LDAP
168			*/
169			public function getGroupLDAPConnection($gid) {
170			if (!$this->groupBackend->groupExists($gid)) {
171			throw new \Exception('Group id not found in LDAP');
172			}
173			return $this->groupBackend->getNewLDAPConnection($gid);
174			}
175
176			/**
177			* Get the LDAP base for users.
178			* @param string $uid user id
179			* @return string the base for users
180			* @throws \Exception if user id was not found in LDAP
181			*/
182			public function getLDAPBaseUsers($uid) {
183			if (!$this->userBackend->userExists($uid)) {
184			throw new \Exception('User id not found in LDAP');
185			}
186			$access = $this->userBackend->getLDAPAccess($uid);
187			$bases = $access->getConnection()->ldapBaseUsers;
188			$dn = $this->getUserDN($uid);
189			foreach ($bases as $base) {
190			if ($access->isDNPartOfBase($dn, [$base])) {
191			return $base;
192			}
193			}
194			// should not occur, because the user does not qualify to use NC in this case
195			$this->logger->info(
196			'No matching user base found for user {dn}, available: {bases}.',
197			[
198			'app' => 'user_ldap',
199			'dn' => $dn,
200			'bases' => $bases,
201			]
202			);
203			return array_shift($bases);
204			}
205
206			/**
207			* Get the LDAP base for groups.
208			* @param string $uid user id
209			* @return string the base for groups
210			* @throws \Exception if user id was not found in LDAP
211			*/
212			public function getLDAPBaseGroups($uid) {
213			if (!$this->userBackend->userExists($uid)) {
214			throw new \Exception('User id not found in LDAP');
215			}
216			$bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
217			return array_shift($bases);
218			}
219
220			/**
221			* Clear the cache if a cache is used, otherwise do nothing.
222			* @param string $uid user id
223			* @throws \Exception if user id was not found in LDAP
224			*/
225			public function clearCache($uid) {
226			if (!$this->userBackend->userExists($uid)) {
227			throw new \Exception('User id not found in LDAP');
228			}
229			$this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache();
230			}
231
232			/**
233			* Clear the cache if a cache is used, otherwise do nothing.
234			* Acts on the LDAP connection of a group
235			* @param string $gid group id
236			* @throws \Exception if user id was not found in LDAP
237			*/
238			public function clearGroupCache($gid) {
239			if (!$this->groupBackend->groupExists($gid)) {
240			throw new \Exception('Group id not found in LDAP');
241			}
242			$this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
243			}
244
245			/**
246			* Check whether a LDAP DN exists
247			* @param string $dn LDAP DN
248			* @return bool whether the DN exists
249			*/
250			public function dnExists($dn) {
251			$result = $this->userBackend->dn2UserName($dn);
252			return !$result ? false : true;
253			}
254
255			/**
256			* Flag record for deletion.
257			* @param string $uid user id
258			*/
259			public function flagRecord($uid) {
260			$this->deletedUsersIndex->markUser($uid);
261			}
262
263			/**
264			* Unflag record for deletion.
265			* @param string $uid user id
266			*/
267			public function unflagRecord($uid) {
268			//do nothing
269			}
270
271			/**
272			* Get the LDAP attribute name for the user's display name
273			* @param string $uid user id
274			* @return string the display name field
275			* @throws \Exception if user id was not found in LDAP
276			*/
277			public function getLDAPDisplayNameField($uid) {
278			if (!$this->userBackend->userExists($uid)) {
279			throw new \Exception('User id not found in LDAP');
280			}
281			return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name'];
282			}
283
284			/**
285			* Get the LDAP attribute name for the email
286			* @param string $uid user id
287			* @return string the email field
288			* @throws \Exception if user id was not found in LDAP
289			*/
290			public function getLDAPEmailField($uid) {
291			if (!$this->userBackend->userExists($uid)) {
292			throw new \Exception('User id not found in LDAP');
293			}
294			return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr'];
295			}
296
297			/**
298			* Get the LDAP type of association between users and groups
299			* @param string $gid group id
300			* @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', ''
301			* @throws \Exception if group id was not found in LDAP
302			*/
303			public function getLDAPGroupMemberAssoc($gid) {
304			if (!$this->groupBackend->groupExists($gid)) {
305			throw new \Exception('Group id not found in LDAP');
306			}
307			return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
308			}
309
310			/**
311			* Get an LDAP attribute for a nextcloud user
312			* @param string $uid the nextcloud user id to get the attribute for
313			* @param string $attribute the name of the attribute to read
314			* @return string\|null
315			* @throws \Exception if user id was not found in LDAP
316			*/
317			public function getUserAttribute(string $uid, string $attribute): ?string {
318			if (!$this->userBackend->userExists($uid)) {
319			throw new \Exception('User id not found in LDAP');
320			}
321			$access = $this->userBackend->getLDAPAccess($uid);
322			$connection = $access->getConnection();
323			$key = $uid . "::" . $attribute;
324			$cached = $connection->getFromCache($key);
325
326			if ($cached !== null) {
327			return $cached;
328			}
329
330			$value = $access->readAttribute($access->username2dn($uid), $attribute);
331			if (is_array($value) && count($value) > 0) {
332			$value = current($value);
333			} else {
334			return null;
335			}
336			$connection->writeToCache($key, $value);
337
338			return $value;
339			}
340			}
341

nextcloud / server

Push — master ( b28cea...939433 )

LDAPProvider B

Complexity

Size/Duplication

Importance

19 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like