nextcloud / server

apps/user_ldap/appinfo/register_command.php

Indentation +7 added lines, -7 removed lines

@@ -33,13 +33,13 @@ 
 $helper = new Helper(\OC::$server->getConfig());
 $ocConfig = \OC::$server->getConfig();
 $uBackend = new User_Proxy(
-	$helper->getServerConfigurationPrefixes(true),
-	new LDAP(),
-	$ocConfig,
-	\OC::$server->getNotificationManager()
+    $helper->getServerConfigurationPrefixes(true),
+    new LDAP(),
+    $ocConfig,
+    \OC::$server->getNotificationManager()
 );
 $deletedUsersIndex = new DeletedUsersIndex(
-	$ocConfig, $dbConnection, $userMapping
+    $ocConfig, $dbConnection, $userMapping
 );
 
 $application->add(new OCA\User_LDAP\Command\ShowConfig($helper));
@@ -49,8 +49,8 @@ 
 $application->add(new OCA\User_LDAP\Command\DeleteConfig($helper));
 $application->add(new OCA\User_LDAP\Command\Search($ocConfig));
 $application->add(new OCA\User_LDAP\Command\ShowRemnants(
-	$deletedUsersIndex, \OC::$server->getDateTimeFormatter())
+    $deletedUsersIndex, \OC::$server->getDateTimeFormatter())
 );
 $application->add(new OCA\User_LDAP\Command\CheckUser(
-	$uBackend, $helper, $deletedUsersIndex, $userMapping)
+    $uBackend, $helper, $deletedUsersIndex, $userMapping)
 );

apps/user_ldap/lib/Proxy.php

Indentation +173 added lines, -173 removed lines

@@ -35,177 +35,177 @@
 use OCA\User_LDAP\User\Manager;
 
 abstract class Proxy {
-	static private $accesses = array();
-	private $ldap = null;
-
-	/** @var \OCP\ICache|null */
-	private $cache;
-
-	/**
-	 * @param ILDAPWrapper $ldap
-	 */
-	public function __construct(ILDAPWrapper $ldap) {
-		$this->ldap = $ldap;
-		$memcache = \OC::$server->getMemCacheFactory();
-		if($memcache->isAvailable()) {
-			$this->cache = $memcache->create();
-		}
-	}
-
-	/**
-	 * @param string $configPrefix
-	 */
-	private function addAccess($configPrefix) {
-		static $ocConfig;
-		static $fs;
-		static $log;
-		static $avatarM;
-		static $userMap;
-		static $groupMap;
-		static $db;
-		static $coreUserManager;
-		static $coreNotificationManager;
-		if(is_null($fs)) {
-			$ocConfig = \OC::$server->getConfig();
-			$fs       = new FilesystemHelper();
-			$log      = new LogWrapper();
-			$avatarM  = \OC::$server->getAvatarManager();
-			$db       = \OC::$server->getDatabaseConnection();
-			$userMap  = new UserMapping($db);
-			$groupMap = new GroupMapping($db);
-			$coreUserManager = \OC::$server->getUserManager();
-			$coreNotificationManager = \OC::$server->getNotificationManager();
-		}
-		$userManager =
-			new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db,
-				$coreUserManager, $coreNotificationManager);
-		$connector = new Connection($this->ldap, $configPrefix);
-		$access = new Access($connector, $this->ldap, $userManager, new Helper(\OC::$server->getConfig()));
-		$access->setUserMapper($userMap);
-		$access->setGroupMapper($groupMap);
-		self::$accesses[$configPrefix] = $access;
-	}
-
-	/**
-	 * @param string $configPrefix
-	 * @return mixed
-	 */
-	protected function getAccess($configPrefix) {
-		if(!isset(self::$accesses[$configPrefix])) {
-			$this->addAccess($configPrefix);
-		}
-		return self::$accesses[$configPrefix];
-	}
-
-	/**
-	 * @param string $uid
-	 * @return string
-	 */
-	protected function getUserCacheKey($uid) {
-		return 'user-'.$uid.'-lastSeenOn';
-	}
-
-	/**
-	 * @param string $gid
-	 * @return string
-	 */
-	protected function getGroupCacheKey($gid) {
-		return 'group-'.$gid.'-lastSeenOn';
-	}
-
-	/**
-	 * @param string $id
-	 * @param string $method
-	 * @param array $parameters
-	 * @param bool $passOnWhen
-	 * @return mixed
-	 */
-	abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
-
-	/**
-	 * @param string $id
-	 * @param string $method
-	 * @param array $parameters
-	 * @return mixed
-	 */
-	abstract protected function walkBackends($id, $method, $parameters);
-
-	/**
-	 * @param string $id
-	 * @return Access
-	 */
-	abstract public function getLDAPAccess($id);
-
-	/**
-	 * Takes care of the request to the User backend
-	 * @param string $id
-	 * @param string $method string, the method of the user backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @param bool $passOnWhen
-	 * @return mixed, the result of the specified method
-	 */
-	protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
-		$result = $this->callOnLastSeenOn($id,  $method, $parameters, $passOnWhen);
-		if($result === $passOnWhen) {
-			$result = $this->walkBackends($id, $method, $parameters);
-		}
-		return $result;
-	}
-
-	/**
-	 * @param string|null $key
-	 * @return string
-	 */
-	private function getCacheKey($key) {
-		$prefix = 'LDAP-Proxy-';
-		if(is_null($key)) {
-			return $prefix;
-		}
-		return $prefix.md5($key);
-	}
-
-	/**
-	 * @param string $key
-	 * @return mixed|null
-	 */
-	public function getFromCache($key) {
-		if(is_null($this->cache) || !$this->isCached($key)) {
-			return null;
-		}
-		$key = $this->getCacheKey($key);
-
-		return json_decode(base64_decode($this->cache->get($key)));
-	}
-
-	/**
-	 * @param string $key
-	 * @return bool
-	 */
-	public function isCached($key) {
-		if(is_null($this->cache)) {
-			return false;
-		}
-		$key = $this->getCacheKey($key);
-		return $this->cache->hasKey($key);
-	}
-
-	/**
-	 * @param string $key
-	 * @param mixed $value
-	 */
-	public function writeToCache($key, $value) {
-		if(is_null($this->cache)) {
-			return;
-		}
-		$key   = $this->getCacheKey($key);
-		$value = base64_encode(json_encode($value));
-		$this->cache->set($key, $value, '2592000');
-	}
-
-	public function clearCache() {
-		if(is_null($this->cache)) {
-			return;
-		}
-		$this->cache->clear($this->getCacheKey(null));
-	}
+    static private $accesses = array();
+    private $ldap = null;
+
+    /** @var \OCP\ICache|null */
+    private $cache;
+
+    /**
+     * @param ILDAPWrapper $ldap
+     */
+    public function __construct(ILDAPWrapper $ldap) {
+        $this->ldap = $ldap;
+        $memcache = \OC::$server->getMemCacheFactory();
+        if($memcache->isAvailable()) {
+            $this->cache = $memcache->create();
+        }
+    }
+
+    /**
+     * @param string $configPrefix
+     */
+    private function addAccess($configPrefix) {
+        static $ocConfig;
+        static $fs;
+        static $log;
+        static $avatarM;
+        static $userMap;
+        static $groupMap;
+        static $db;
+        static $coreUserManager;
+        static $coreNotificationManager;
+        if(is_null($fs)) {
+            $ocConfig = \OC::$server->getConfig();
+            $fs       = new FilesystemHelper();
+            $log      = new LogWrapper();
+            $avatarM  = \OC::$server->getAvatarManager();
+            $db       = \OC::$server->getDatabaseConnection();
+            $userMap  = new UserMapping($db);
+            $groupMap = new GroupMapping($db);
+            $coreUserManager = \OC::$server->getUserManager();
+            $coreNotificationManager = \OC::$server->getNotificationManager();
+        }
+        $userManager =
+            new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db,
+                $coreUserManager, $coreNotificationManager);
+        $connector = new Connection($this->ldap, $configPrefix);
+        $access = new Access($connector, $this->ldap, $userManager, new Helper(\OC::$server->getConfig()));
+        $access->setUserMapper($userMap);
+        $access->setGroupMapper($groupMap);
+        self::$accesses[$configPrefix] = $access;
+    }
+
+    /**
+     * @param string $configPrefix
+     * @return mixed
+     */
+    protected function getAccess($configPrefix) {
+        if(!isset(self::$accesses[$configPrefix])) {
+            $this->addAccess($configPrefix);
+        }
+        return self::$accesses[$configPrefix];
+    }
+
+    /**
+     * @param string $uid
+     * @return string
+     */
+    protected function getUserCacheKey($uid) {
+        return 'user-'.$uid.'-lastSeenOn';
+    }
+
+    /**
+     * @param string $gid
+     * @return string
+     */
+    protected function getGroupCacheKey($gid) {
+        return 'group-'.$gid.'-lastSeenOn';
+    }
+
+    /**
+     * @param string $id
+     * @param string $method
+     * @param array $parameters
+     * @param bool $passOnWhen
+     * @return mixed
+     */
+    abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
+
+    /**
+     * @param string $id
+     * @param string $method
+     * @param array $parameters
+     * @return mixed
+     */
+    abstract protected function walkBackends($id, $method, $parameters);
+
+    /**
+     * @param string $id
+     * @return Access
+     */
+    abstract public function getLDAPAccess($id);
+
+    /**
+     * Takes care of the request to the User backend
+     * @param string $id
+     * @param string $method string, the method of the user backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @param bool $passOnWhen
+     * @return mixed, the result of the specified method
+     */
+    protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
+        $result = $this->callOnLastSeenOn($id,  $method, $parameters, $passOnWhen);
+        if($result === $passOnWhen) {
+            $result = $this->walkBackends($id, $method, $parameters);
+        }
+        return $result;
+    }
+
+    /**
+     * @param string|null $key
+     * @return string
+     */
+    private function getCacheKey($key) {
+        $prefix = 'LDAP-Proxy-';
+        if(is_null($key)) {
+            return $prefix;
+        }
+        return $prefix.md5($key);
+    }
+
+    /**
+     * @param string $key
+     * @return mixed|null
+     */
+    public function getFromCache($key) {
+        if(is_null($this->cache) || !$this->isCached($key)) {
+            return null;
+        }
+        $key = $this->getCacheKey($key);
+
+        return json_decode(base64_decode($this->cache->get($key)));
+    }
+
+    /**
+     * @param string $key
+     * @return bool
+     */
+    public function isCached($key) {
+        if(is_null($this->cache)) {
+            return false;
+        }
+        $key = $this->getCacheKey($key);
+        return $this->cache->hasKey($key);
+    }
+
+    /**
+     * @param string $key
+     * @param mixed $value
+     */
+    public function writeToCache($key, $value) {
+        if(is_null($this->cache)) {
+            return;
+        }
+        $key   = $this->getCacheKey($key);
+        $value = base64_encode(json_encode($value));
+        $this->cache->set($key, $value, '2592000');
+    }
+
+    public function clearCache() {
+        if(is_null($this->cache)) {
+            return;
+        }
+        $this->cache->clear($this->getCacheKey(null));
+    }
 }

Spacing +10 added lines, -10 removed lines

@@ -47,7 +47,7 @@ 
 	public function __construct(ILDAPWrapper $ldap) {
 		$this->ldap = $ldap;
 		$memcache = \OC::$server->getMemCacheFactory();
-		if($memcache->isAvailable()) {
+		if ($memcache->isAvailable()) {
 			$this->cache = $memcache->create();
 		}
 	}
@@ -65,7 +65,7 @@ 
 		static $db;
 		static $coreUserManager;
 		static $coreNotificationManager;
-		if(is_null($fs)) {
+		if (is_null($fs)) {
 			$ocConfig = \OC::$server->getConfig();
 			$fs       = new FilesystemHelper();
 			$log      = new LogWrapper();
@@ -91,7 +91,7 @@ 
 	 * @return mixed
 	 */
 	protected function getAccess($configPrefix) {
-		if(!isset(self::$accesses[$configPrefix])) {
+		if (!isset(self::$accesses[$configPrefix])) {
 			$this->addAccess($configPrefix);
 		}
 		return self::$accesses[$configPrefix];
@@ -145,8 +145,8 @@ 
 	 * @return mixed, the result of the specified method
 	 */
 	protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
-		$result = $this->callOnLastSeenOn($id,  $method, $parameters, $passOnWhen);
-		if($result === $passOnWhen) {
+		$result = $this->callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
+		if ($result === $passOnWhen) {
 			$result = $this->walkBackends($id, $method, $parameters);
 		}
 		return $result;
@@ -158,7 +158,7 @@ 
 	 */
 	private function getCacheKey($key) {
 		$prefix = 'LDAP-Proxy-';
-		if(is_null($key)) {
+		if (is_null($key)) {
 			return $prefix;
 		}
 		return $prefix.md5($key);
@@ -169,7 +169,7 @@ 
 	 * @return mixed|null
 	 */
 	public function getFromCache($key) {
-		if(is_null($this->cache) || !$this->isCached($key)) {
+		if (is_null($this->cache) || !$this->isCached($key)) {
 			return null;
 		}
 		$key = $this->getCacheKey($key);
@@ -182,7 +182,7 @@ 
 	 * @return bool
 	 */
 	public function isCached($key) {
-		if(is_null($this->cache)) {
+		if (is_null($this->cache)) {
 			return false;
 		}
 		$key = $this->getCacheKey($key);
@@ -194,7 +194,7 @@ 
 	 * @param mixed $value
 	 */
 	public function writeToCache($key, $value) {
-		if(is_null($this->cache)) {
+		if (is_null($this->cache)) {
 			return;
 		}
 		$key   = $this->getCacheKey($key);
@@ -203,7 +203,7 @@ 
 	}
 
 	public function clearCache() {
-		if(is_null($this->cache)) {
+		if (is_null($this->cache)) {
 			return;
 		}
 		$this->cache->clear($this->getCacheKey(null));

apps/user_ldap/lib/Migration/UUIDFixGroup.php

Indentation +5 added lines, -5 removed lines

@@ -30,9 +30,9 @@
 use OCP\IConfig;
 
 class UUIDFixGroup extends UUIDFix {
-	public function __construct(GroupMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) {
-		$this->mapper = $mapper;
-		$this->proxy = new User_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config, 
-			\OC::$server->getNotificationManager());
-	}
+    public function __construct(GroupMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) {
+        $this->mapper = $mapper;
+        $this->proxy = new User_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config, 
+            \OC::$server->getNotificationManager());
+    }
 }

apps/user_ldap/appinfo/app.php

Indentation +38 added lines, -38 removed lines

@@ -33,56 +33,56 @@
 $ocConfig = \OC::$server->getConfig();
 $notificationManager = \OC::$server->getNotificationManager();
 $notificationManager->registerNotifier(function() {
-	return new \OCA\User_LDAP\Notification\Notifier(
-	  \OC::$server->getL10NFactory()
-	);
+    return new \OCA\User_LDAP\Notification\Notifier(
+        \OC::$server->getL10NFactory()
+    );
 }, function() {
-		$l = \OC::$server->getL10N('user_ldap');
-		return [
-			'id' => 'user_ldap',
-			'name' => $l->t('LDAP user and group backend'),
-		];
+        $l = \OC::$server->getL10N('user_ldap');
+        return [
+            'id' => 'user_ldap',
+            'name' => $l->t('LDAP user and group backend'),
+        ];
 });
 if(count($configPrefixes) === 1) {
-	$dbc = \OC::$server->getDatabaseConnection();
-	$userManager = new OCA\User_LDAP\User\Manager($ocConfig,
-		new OCA\User_LDAP\FilesystemHelper(),
-		new OCA\User_LDAP\LogWrapper(),
-		\OC::$server->getAvatarManager(),
-		new \OCP\Image(),
-		$dbc,
-		\OC::$server->getUserManager(),
-		$notificationManager
-	);
-	$connector = new OCA\User_LDAP\Connection($ldapWrapper, $configPrefixes[0]);
-	$ldapAccess = new OCA\User_LDAP\Access($connector, $ldapWrapper, $userManager, $helper);
+    $dbc = \OC::$server->getDatabaseConnection();
+    $userManager = new OCA\User_LDAP\User\Manager($ocConfig,
+        new OCA\User_LDAP\FilesystemHelper(),
+        new OCA\User_LDAP\LogWrapper(),
+        \OC::$server->getAvatarManager(),
+        new \OCP\Image(),
+        $dbc,
+        \OC::$server->getUserManager(),
+        $notificationManager
+    );
+    $connector = new OCA\User_LDAP\Connection($ldapWrapper, $configPrefixes[0]);
+    $ldapAccess = new OCA\User_LDAP\Access($connector, $ldapWrapper, $userManager, $helper);
 
-	$ldapAccess->setUserMapper(new OCA\User_LDAP\Mapping\UserMapping($dbc));
-	$ldapAccess->setGroupMapper(new OCA\User_LDAP\Mapping\GroupMapping($dbc));
-	$userBackend  = new OCA\User_LDAP\User_LDAP($ldapAccess, $ocConfig, $notificationManager);
-	$groupBackend = new \OCA\User_LDAP\Group_LDAP($ldapAccess);
+    $ldapAccess->setUserMapper(new OCA\User_LDAP\Mapping\UserMapping($dbc));
+    $ldapAccess->setGroupMapper(new OCA\User_LDAP\Mapping\GroupMapping($dbc));
+    $userBackend  = new OCA\User_LDAP\User_LDAP($ldapAccess, $ocConfig, $notificationManager);
+    $groupBackend = new \OCA\User_LDAP\Group_LDAP($ldapAccess);
 } else if(count($configPrefixes) > 1) {
-	$userBackend  = new OCA\User_LDAP\User_Proxy(
-		$configPrefixes, $ldapWrapper, $ocConfig, $notificationManager
-	);
-	$groupBackend  = new OCA\User_LDAP\Group_Proxy($configPrefixes, $ldapWrapper);
+    $userBackend  = new OCA\User_LDAP\User_Proxy(
+        $configPrefixes, $ldapWrapper, $ocConfig, $notificationManager
+    );
+    $groupBackend  = new OCA\User_LDAP\Group_Proxy($configPrefixes, $ldapWrapper);
 }
 
 if(count($configPrefixes) > 0) {
-	// register user backend
-	OC_User::useBackend($userBackend);
-	\OC::$server->getGroupManager()->addBackend($groupBackend);
+    // register user backend
+    OC_User::useBackend($userBackend);
+    \OC::$server->getGroupManager()->addBackend($groupBackend);
 }
 
 \OCP\Util::connectHook(
-	'\OCA\Files_Sharing\API\Server2Server',
-	'preLoginNameUsedAsUserName',
-	'\OCA\User_LDAP\Helper',
-	'loginName2UserName'
+    '\OCA\Files_Sharing\API\Server2Server',
+    'preLoginNameUsedAsUserName',
+    '\OCA\User_LDAP\Helper',
+    'loginName2UserName'
 );
 
 if(OCP\App::isEnabled('user_webdavauth')) {
-	OCP\Util::writeLog('user_ldap',
-		'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
-		OCP\Util::WARN);
+    OCP\Util::writeLog('user_ldap',
+        'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
+        OCP\Util::WARN);
 }

Spacing +5 added lines, -5 removed lines

@@ -43,7 +43,7 @@ 
 			'name' => $l->t('LDAP user and group backend'),
 		];
 });
-if(count($configPrefixes) === 1) {
+if (count($configPrefixes) === 1) {
 	$dbc = \OC::$server->getDatabaseConnection();
 	$userManager = new OCA\User_LDAP\User\Manager($ocConfig,
 		new OCA\User_LDAP\FilesystemHelper(),
@@ -61,14 +61,14 @@ 
 	$ldapAccess->setGroupMapper(new OCA\User_LDAP\Mapping\GroupMapping($dbc));
 	$userBackend  = new OCA\User_LDAP\User_LDAP($ldapAccess, $ocConfig, $notificationManager);
 	$groupBackend = new \OCA\User_LDAP\Group_LDAP($ldapAccess);
-} else if(count($configPrefixes) > 1) {
+} else if (count($configPrefixes) > 1) {
 	$userBackend  = new OCA\User_LDAP\User_Proxy(
 		$configPrefixes, $ldapWrapper, $ocConfig, $notificationManager
 	);
-	$groupBackend  = new OCA\User_LDAP\Group_Proxy($configPrefixes, $ldapWrapper);
+	$groupBackend = new OCA\User_LDAP\Group_Proxy($configPrefixes, $ldapWrapper);
 }
 
-if(count($configPrefixes) > 0) {
+if (count($configPrefixes) > 0) {
 	// register user backend
 	OC_User::useBackend($userBackend);
 	\OC::$server->getGroupManager()->addBackend($groupBackend);
@@ -81,7 +81,7 @@ 
 	'loginName2UserName'
 );
 
-if(OCP\App::isEnabled('user_webdavauth')) {
+if (OCP\App::isEnabled('user_webdavauth')) {
 	OCP\Util::writeLog('user_ldap',
 		'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
 		OCP\Util::WARN);

apps/user_ldap/lib/Command/Search.php

Indentation +87 added lines, -87 removed lines

@@ -37,98 +37,98 @@
 use OCP\IConfig;
 
 class Search extends Command {
-	/** @var \OCP\IConfig */
-	protected $ocConfig;
+    /** @var \OCP\IConfig */
+    protected $ocConfig;
 
-	/**
-	 * @param \OCP\IConfig $ocConfig
-	 */
-	public function __construct(IConfig $ocConfig) {
-		$this->ocConfig = $ocConfig;
-		parent::__construct();
-	}
+    /**
+     * @param \OCP\IConfig $ocConfig
+     */
+    public function __construct(IConfig $ocConfig) {
+        $this->ocConfig = $ocConfig;
+        parent::__construct();
+    }
 
-	protected function configure() {
-		$this
-			->setName('ldap:search')
-			->setDescription('executes a user or group search')
-			->addArgument(
-					'search',
-					InputArgument::REQUIRED,
-					'the search string (can be empty)'
-				     )
-			->addOption(
-					'group',
-					null,
-					InputOption::VALUE_NONE,
-					'searches groups instead of users'
-				     )
-			->addOption(
-					'offset',
-					null,
-					InputOption::VALUE_REQUIRED,
-					'The offset of the result set. Needs to be a multiple of limit. defaults to 0.',
-					0
-				     )
-			->addOption(
-					'limit',
-					null,
-					InputOption::VALUE_REQUIRED,
-					'limit the results. 0 means no limit, defaults to 15',
-					15
-				     )
-		;
-	}
+    protected function configure() {
+        $this
+            ->setName('ldap:search')
+            ->setDescription('executes a user or group search')
+            ->addArgument(
+                    'search',
+                    InputArgument::REQUIRED,
+                    'the search string (can be empty)'
+                        )
+            ->addOption(
+                    'group',
+                    null,
+                    InputOption::VALUE_NONE,
+                    'searches groups instead of users'
+                        )
+            ->addOption(
+                    'offset',
+                    null,
+                    InputOption::VALUE_REQUIRED,
+                    'The offset of the result set. Needs to be a multiple of limit. defaults to 0.',
+                    0
+                        )
+            ->addOption(
+                    'limit',
+                    null,
+                    InputOption::VALUE_REQUIRED,
+                    'limit the results. 0 means no limit, defaults to 15',
+                    15
+                        )
+        ;
+    }
 
-	/**
-	 * Tests whether the offset and limit options are valid
-	 * @param int $offset
-	 * @param int $limit
-	 * @throws \InvalidArgumentException
-	 */
-	protected function validateOffsetAndLimit($offset, $limit) {
-		if($limit < 0) {
-			throw new \InvalidArgumentException('limit must be  0 or greater');
-		}
-		if($offset  < 0) {
-			throw new \InvalidArgumentException('offset must be 0 or greater');
-		}
-		if($limit === 0 && $offset !== 0) {
-			throw new \InvalidArgumentException('offset must be 0 if limit is also set to 0');
-		}
-		if($offset > 0 && ($offset % $limit !== 0)) {
-			throw new \InvalidArgumentException('offset must be a multiple of limit');
-		}
-	}
+    /**
+     * Tests whether the offset and limit options are valid
+     * @param int $offset
+     * @param int $limit
+     * @throws \InvalidArgumentException
+     */
+    protected function validateOffsetAndLimit($offset, $limit) {
+        if($limit < 0) {
+            throw new \InvalidArgumentException('limit must be  0 or greater');
+        }
+        if($offset  < 0) {
+            throw new \InvalidArgumentException('offset must be 0 or greater');
+        }
+        if($limit === 0 && $offset !== 0) {
+            throw new \InvalidArgumentException('offset must be 0 if limit is also set to 0');
+        }
+        if($offset > 0 && ($offset % $limit !== 0)) {
+            throw new \InvalidArgumentException('offset must be a multiple of limit');
+        }
+    }
 
-	protected function execute(InputInterface $input, OutputInterface $output) {
-		$helper = new Helper($this->ocConfig);
-		$configPrefixes = $helper->getServerConfigurationPrefixes(true);
-		$ldapWrapper = new LDAP();
+    protected function execute(InputInterface $input, OutputInterface $output) {
+        $helper = new Helper($this->ocConfig);
+        $configPrefixes = $helper->getServerConfigurationPrefixes(true);
+        $ldapWrapper = new LDAP();
 
-		$offset = intval($input->getOption('offset'));
-		$limit = intval($input->getOption('limit'));
-		$this->validateOffsetAndLimit($offset, $limit);
+        $offset = intval($input->getOption('offset'));
+        $limit = intval($input->getOption('limit'));
+        $this->validateOffsetAndLimit($offset, $limit);
 
-		if($input->getOption('group')) {
-			$proxy = new Group_Proxy($configPrefixes, $ldapWrapper);
-			$getMethod = 'getGroups';
-			$printID = false;
-			// convert the limit of groups to null. This will show all the groups available instead of
-			// nothing, and will match the same behaviour the search for users has.
-			if ($limit === 0) {
-				$limit = null;
-			}
-		} else {
-			$proxy = new User_Proxy($configPrefixes, $ldapWrapper, $this->ocConfig, \OC::$server->getNotificationManager());
-			$getMethod = 'getDisplayNames';
-			$printID = true;
-		}
+        if($input->getOption('group')) {
+            $proxy = new Group_Proxy($configPrefixes, $ldapWrapper);
+            $getMethod = 'getGroups';
+            $printID = false;
+            // convert the limit of groups to null. This will show all the groups available instead of
+            // nothing, and will match the same behaviour the search for users has.
+            if ($limit === 0) {
+                $limit = null;
+            }
+        } else {
+            $proxy = new User_Proxy($configPrefixes, $ldapWrapper, $this->ocConfig, \OC::$server->getNotificationManager());
+            $getMethod = 'getDisplayNames';
+            $printID = true;
+        }
 
-		$result = $proxy->$getMethod($input->getArgument('search'), $limit, $offset);
-		foreach($result as $id => $name) {
-			$line = $name . ($printID ? ' ('.$id.')' : '');
-			$output->writeln($line);
-		}
-	}
+        $result = $proxy->$getMethod($input->getArgument('search'), $limit, $offset);
+        foreach($result as $id => $name) {
+            $line = $name . ($printID ? ' ('.$id.')' : '');
+            $output->writeln($line);
+        }
+    }
 }

apps/user_ldap/templates/settings.php

Spacing +48 added lines, -48 removed lines

@@ -59,73 +59,73 @@
 
 	<div id="ldapSettings">
 	<ul>
-		<li id="#ldapWizard1"><a href="#ldapWizard1"><?php p($l->t('Server'));?></a></li>
-		<li id="#ldapWizard2"><a href="#ldapWizard2"><?php p($l->t('Users'));?></a></li>
-		<li id="#ldapWizard3"><a href="#ldapWizard3"><?php p($l->t('Login Attributes'));?></a></li>
-		<li id="#ldapWizard4"><a href="#ldapWizard4"><?php p($l->t('Groups'));?></a></li>
-		<li class="ldapSettingsTabs"><a href="#ldapSettings-2"><?php p($l->t('Expert'));?></a></li>
-		<li class="ldapSettingsTabs"><a href="#ldapSettings-1"><?php p($l->t('Advanced'));?></a></li>
+		<li id="#ldapWizard1"><a href="#ldapWizard1"><?php p($l->t('Server')); ?></a></li>
+		<li id="#ldapWizard2"><a href="#ldapWizard2"><?php p($l->t('Users')); ?></a></li>
+		<li id="#ldapWizard3"><a href="#ldapWizard3"><?php p($l->t('Login Attributes')); ?></a></li>
+		<li id="#ldapWizard4"><a href="#ldapWizard4"><?php p($l->t('Groups')); ?></a></li>
+		<li class="ldapSettingsTabs"><a href="#ldapSettings-2"><?php p($l->t('Expert')); ?></a></li>
+		<li class="ldapSettingsTabs"><a href="#ldapSettings-1"><?php p($l->t('Advanced')); ?></a></li>
 	</ul>
-	<?php if(OCP\App::isEnabled('user_webdavauth')) {
+	<?php if (OCP\App::isEnabled('user_webdavauth')) {
 		print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behavior. Please ask your system administrator to disable one of them.').'</p>');
 	}
-	if(!function_exists('ldap_connect')) {
+	if (!function_exists('ldap_connect')) {
 		print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>');
 	}
 	?>
-	<?php require_once(__DIR__ . '/part.wizard-server.php'); ?>
-	<?php require_once(__DIR__ . '/part.wizard-userfilter.php'); ?>
-	<?php require_once(__DIR__ . '/part.wizard-loginfilter.php'); ?>
-	<?php require_once(__DIR__ . '/part.wizard-groupfilter.php'); ?>
+	<?php require_once(__DIR__.'/part.wizard-server.php'); ?>
+	<?php require_once(__DIR__.'/part.wizard-userfilter.php'); ?>
+	<?php require_once(__DIR__.'/part.wizard-loginfilter.php'); ?>
+	<?php require_once(__DIR__.'/part.wizard-groupfilter.php'); ?>
 	<fieldset id="ldapSettings-1">
 		<div id="ldapAdvancedAccordion">
-			<h3><?php p($l->t('Connection Settings'));?></h3>
+			<h3><?php p($l->t('Connection Settings')); ?></h3>
 			<div>
-				<p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>"  title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p>
-				<p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p>
-				<p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port'));?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>"  /></p>
-				<p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server'));?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>"  title="<?php p($l->t('Only connect to the replica server.'));?>" /></p>
-				<p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.'));?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your %s server.', $theme->getName() ));?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/></p>
-				<p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live'));?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.'));?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p>
+				<p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active')); ?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>"  title="<?php p($l->t('When unchecked, this configuration will be skipped.')); ?>" /></p>
+				<p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host')); ?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.')); ?>"></p>
+				<p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port')); ?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>"  /></p>
+				<p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server')); ?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>"  title="<?php p($l->t('Only connect to the replica server.')); ?>" /></p>
+				<p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.')); ?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your %s server.', $theme->getName())); ?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/></p>
+				<p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live')); ?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.')); ?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p>
 			</div>
-			<h3><?php p($l->t('Directory Settings'));?></h3>
+			<h3><?php p($l->t('Directory Settings')); ?></h3>
 			<div>
-				<p><label for="ldap_display_name"><?php p($l->t('User Display Name Field'));?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php p($_['ldap_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the user\'s display name.'));?>" /></p>
-				<p><label for="ldap_user_display_name_2"><?php p($l->t('2nd User Display Name Field'));?></label><input type="text" id="ldap_user_display_name_2" name="ldap_user_display_name_2" data-default="<?php p($_['ldap_user_display_name_2_default']); ?>" title="<?php p($l->t('Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.'));?>" /></p>
-				<p><label for="ldap_base_users"><?php p($l->t('Base User Tree'));?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php p($l->t('One User Base DN per line'));?>" data-default="<?php p($_['ldap_base_users_default']); ?>" title="<?php p($l->t('Base User Tree'));?>"></textarea></p>
-				<p><label for="ldap_attributes_for_user_search"><?php p($l->t('User Search Attributes'));?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php p($l->t('Optional; one attribute per line'));?>" data-default="<?php p($_['ldap_attributes_for_user_search_default']); ?>" title="<?php p($l->t('User Search Attributes'));?>"></textarea></p>
-				<p><label for="ldap_group_display_name"><?php p($l->t('Group Display Name Field'));?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php p($_['ldap_group_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the groups\'s display name.'));?>" /></p>
-				<p><label for="ldap_base_groups"><?php p($l->t('Base Group Tree'));?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php p($l->t('One Group Base DN per line'));?>" data-default="<?php p($_['ldap_base_groups_default']); ?>" title="<?php p($l->t('Base Group Tree'));?>"></textarea></p>
-				<p><label for="ldap_attributes_for_group_search"><?php p($l->t('Group Search Attributes'));?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php p($l->t('Optional; one attribute per line'));?>" data-default="<?php p($_['ldap_attributes_for_group_search_default']); ?>" title="<?php p($l->t('Group Search Attributes'));?>"></textarea></p>
-				<p><label for="ldap_group_member_assoc_attribute"><?php p($l->t('Group-Member association'));?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php p($_['ldap_group_member_assoc_attribute_default']); ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'uniqueMember')) p(' selected'); ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'memberUid')) p(' selected'); ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'member')) p(' selected'); ?>>member (AD)</option></select></p>
-				<p><label for="ldap_dynamic_group_member_url"><?php p($l->t('Dynamic Group Member URL'));?></label><input type="text" id="ldap_dynamic_group_member_url" name="ldap_dynamic_group_member_url" title="<?php p($l->t('The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)'));?>" data-default="<?php p($_['ldap_dynamic_group_member_url_default']); ?>" /></p>
-				<p><label for="ldap_nested_groups"><?php p($l->t('Nested Groups'));?></label><input type="checkbox" id="ldap_nested_groups" name="ldap_nested_groups" value="1" data-default="<?php p($_['ldap_nested_groups_default']); ?>"  title="<?php p($l->t('When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)'));?>" /></p>
-				<p><label for="ldap_paging_size"><?php p($l->t('Paging chunksize'));?></label><input type="number" id="ldap_paging_size" name="ldap_paging_size" title="<?php p($l->t('Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)'));?>" data-default="<?php p($_['ldap_paging_size_default']); ?>" /></p>
-				<p><label for="ldap_turn_on_pwd_change"><?php p($l->t('Enable LDAP password changes per user'));?></label><span class="inlinetable"><span class="tablerow left"><input type="checkbox" id="ldap_turn_on_pwd_change" name="ldap_turn_on_pwd_change" value="1" data-default="<?php p($_['ldap_turn_on_pwd_change_default']); ?>" title="<?php p($l->t('Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.'));?>" /><span class="tablecell"><?php p($l->t('(New password is sent as plain text to LDAP)'));?></span></span>
+				<p><label for="ldap_display_name"><?php p($l->t('User Display Name Field')); ?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php p($_['ldap_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the user\'s display name.')); ?>" /></p>
+				<p><label for="ldap_user_display_name_2"><?php p($l->t('2nd User Display Name Field')); ?></label><input type="text" id="ldap_user_display_name_2" name="ldap_user_display_name_2" data-default="<?php p($_['ldap_user_display_name_2_default']); ?>" title="<?php p($l->t('Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe (john.doe@example.org)«.')); ?>" /></p>
+				<p><label for="ldap_base_users"><?php p($l->t('Base User Tree')); ?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php p($l->t('One User Base DN per line')); ?>" data-default="<?php p($_['ldap_base_users_default']); ?>" title="<?php p($l->t('Base User Tree')); ?>"></textarea></p>
+				<p><label for="ldap_attributes_for_user_search"><?php p($l->t('User Search Attributes')); ?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php p($l->t('Optional; one attribute per line')); ?>" data-default="<?php p($_['ldap_attributes_for_user_search_default']); ?>" title="<?php p($l->t('User Search Attributes')); ?>"></textarea></p>
+				<p><label for="ldap_group_display_name"><?php p($l->t('Group Display Name Field')); ?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php p($_['ldap_group_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the groups\'s display name.')); ?>" /></p>
+				<p><label for="ldap_base_groups"><?php p($l->t('Base Group Tree')); ?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php p($l->t('One Group Base DN per line')); ?>" data-default="<?php p($_['ldap_base_groups_default']); ?>" title="<?php p($l->t('Base Group Tree')); ?>"></textarea></p>
+				<p><label for="ldap_attributes_for_group_search"><?php p($l->t('Group Search Attributes')); ?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php p($l->t('Optional; one attribute per line')); ?>" data-default="<?php p($_['ldap_attributes_for_group_search_default']); ?>" title="<?php p($l->t('Group Search Attributes')); ?>"></textarea></p>
+				<p><label for="ldap_group_member_assoc_attribute"><?php p($l->t('Group-Member association')); ?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php p($_['ldap_group_member_assoc_attribute_default']); ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'uniqueMember')) p(' selected'); ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'memberUid')) p(' selected'); ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'member')) p(' selected'); ?>>member (AD)</option></select></p>
+				<p><label for="ldap_dynamic_group_member_url"><?php p($l->t('Dynamic Group Member URL')); ?></label><input type="text" id="ldap_dynamic_group_member_url" name="ldap_dynamic_group_member_url" title="<?php p($l->t('The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)')); ?>" data-default="<?php p($_['ldap_dynamic_group_member_url_default']); ?>" /></p>
+				<p><label for="ldap_nested_groups"><?php p($l->t('Nested Groups')); ?></label><input type="checkbox" id="ldap_nested_groups" name="ldap_nested_groups" value="1" data-default="<?php p($_['ldap_nested_groups_default']); ?>"  title="<?php p($l->t('When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)')); ?>" /></p>
+				<p><label for="ldap_paging_size"><?php p($l->t('Paging chunksize')); ?></label><input type="number" id="ldap_paging_size" name="ldap_paging_size" title="<?php p($l->t('Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)')); ?>" data-default="<?php p($_['ldap_paging_size_default']); ?>" /></p>
+				<p><label for="ldap_turn_on_pwd_change"><?php p($l->t('Enable LDAP password changes per user')); ?></label><span class="inlinetable"><span class="tablerow left"><input type="checkbox" id="ldap_turn_on_pwd_change" name="ldap_turn_on_pwd_change" value="1" data-default="<?php p($_['ldap_turn_on_pwd_change_default']); ?>" title="<?php p($l->t('Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.')); ?>" /><span class="tablecell"><?php p($l->t('(New password is sent as plain text to LDAP)')); ?></span></span>
 			</span><br/></p>
-				<p><label for="ldap_default_ppolicy_dn"><?php p($l->t('Default password policy DN'));?></label><input type="text" id="ldap_default_ppolicy_dn" name="ldap_default_ppolicy_dn" title="<?php p($l->t('The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.'));?>" data-default="<?php p($_['ldap_default_ppolicy_dn_default']); ?>" /></p>
+				<p><label for="ldap_default_ppolicy_dn"><?php p($l->t('Default password policy DN')); ?></label><input type="text" id="ldap_default_ppolicy_dn" name="ldap_default_ppolicy_dn" title="<?php p($l->t('The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.')); ?>" data-default="<?php p($_['ldap_default_ppolicy_dn_default']); ?>" /></p>
 			</div>
-			<h3><?php p($l->t('Special Attributes'));?></h3>
+			<h3><?php p($l->t('Special Attributes')); ?></h3>
 			<div>
-				<p><label for="ldap_quota_attr"><?php p($l->t('Quota Field'));?></label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php p($_['ldap_quota_attr_default']); ?>" title="<?php p($l->t('Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.'));?>" /></p>
-				<p><label for="ldap_quota_def"><?php p($l->t('Quota Default'));?></label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php p($_['ldap_quota_def_default']); ?>" title="<?php p($l->t('Override default quota for LDAP users who do not have a quota set in the Quota Field.'));?>" /></p>
-				<p><label for="ldap_email_attr"><?php p($l->t('Email Field'));?></label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php p($_['ldap_email_attr_default']); ?>" title="<?php p($l->t('Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.'));?>" /></p>
-				<p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule'));?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.'));?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p>
+				<p><label for="ldap_quota_attr"><?php p($l->t('Quota Field')); ?></label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php p($_['ldap_quota_attr_default']); ?>" title="<?php p($l->t('Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.')); ?>" /></p>
+				<p><label for="ldap_quota_def"><?php p($l->t('Quota Default')); ?></label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php p($_['ldap_quota_def_default']); ?>" title="<?php p($l->t('Override default quota for LDAP users who do not have a quota set in the Quota Field.')); ?>" /></p>
+				<p><label for="ldap_email_attr"><?php p($l->t('Email Field')); ?></label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php p($_['ldap_email_attr_default']); ?>" title="<?php p($l->t('Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.')); ?>" /></p>
+				<p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule')); ?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.')); ?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p>
 			</div>
 		</div>
 		<?php print_unescaped($_['settingControls']); ?>
 	</fieldset>
 	<fieldset id="ldapSettings-2">
-		<p><strong><?php p($l->t('Internal Username'));?></strong></p>
-		<p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ].  Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.'));?></p>
-		<p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:'));?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p>
-		<p><strong><?php p($l->t('Override UUID detection'));?></strong></p>
-		<p class="ldapIndent"><?php p($l->t('By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.'));?></p>
-		<p class="ldapIndent"><label for="ldap_expert_uuid_user_attr"><?php p($l->t('UUID Attribute for Users:'));?></label><input type="text" id="ldap_expert_uuid_user_attr" name="ldap_expert_uuid_user_attr" data-default="<?php p($_['ldap_expert_uuid_user_attr_default']); ?>" /></p>
-		<p class="ldapIndent"><label for="ldap_expert_uuid_group_attr"><?php p($l->t('UUID Attribute for Groups:'));?></label><input type="text" id="ldap_expert_uuid_group_attr" name="ldap_expert_uuid_group_attr" data-default="<?php p($_['ldap_expert_uuid_group_attr_default']); ?>" /></p>
-		<p><strong><?php p($l->t('Username-LDAP User Mapping'));?></strong></p>
-		<p class="ldapIndent"><?php p($l->t('Usernames are used to store and assign (meta) data. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.'));?></p>
-		<p class="ldapIndent"><button type="button" id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping'));?></button><br/><button type="button" id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping'));?></button></p>
+		<p><strong><?php p($l->t('Internal Username')); ?></strong></p>
+		<p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ].  Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.')); ?></p>
+		<p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:')); ?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p>
+		<p><strong><?php p($l->t('Override UUID detection')); ?></strong></p>
+		<p class="ldapIndent"><?php p($l->t('By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.')); ?></p>
+		<p class="ldapIndent"><label for="ldap_expert_uuid_user_attr"><?php p($l->t('UUID Attribute for Users:')); ?></label><input type="text" id="ldap_expert_uuid_user_attr" name="ldap_expert_uuid_user_attr" data-default="<?php p($_['ldap_expert_uuid_user_attr_default']); ?>" /></p>
+		<p class="ldapIndent"><label for="ldap_expert_uuid_group_attr"><?php p($l->t('UUID Attribute for Groups:')); ?></label><input type="text" id="ldap_expert_uuid_group_attr" name="ldap_expert_uuid_group_attr" data-default="<?php p($_['ldap_expert_uuid_group_attr_default']); ?>" /></p>
+		<p><strong><?php p($l->t('Username-LDAP User Mapping')); ?></strong></p>
+		<p class="ldapIndent"><?php p($l->t('Usernames are used to store and assign (meta) data. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.')); ?></p>
+		<p class="ldapIndent"><button type="button" id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping')); ?></button><br/><button type="button" id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping')); ?></button></p>
 		<?php print_unescaped($_['settingControls']); ?>
 	</fieldset>
 	</div>

apps/user_ldap/appinfo/routes.php

Indentation +19 added lines, -19 removed lines

@@ -23,36 +23,36 @@
 
 /** @var $this \OCP\Route\IRouter */
 $this->create('user_ldap_ajax_clearMappings', 'ajax/clearMappings.php')
-	->actionInclude('user_ldap/ajax/clearMappings.php');
+    ->actionInclude('user_ldap/ajax/clearMappings.php');
 $this->create('user_ldap_ajax_deleteConfiguration', 'ajax/deleteConfiguration.php')
-	->actionInclude('user_ldap/ajax/deleteConfiguration.php');
+    ->actionInclude('user_ldap/ajax/deleteConfiguration.php');
 $this->create('user_ldap_ajax_getConfiguration', 'ajax/getConfiguration.php')
-	->actionInclude('user_ldap/ajax/getConfiguration.php');
+    ->actionInclude('user_ldap/ajax/getConfiguration.php');
 $this->create('user_ldap_ajax_getNewServerConfigPrefix', 'ajax/getNewServerConfigPrefix.php')
-	->actionInclude('user_ldap/ajax/getNewServerConfigPrefix.php');
+    ->actionInclude('user_ldap/ajax/getNewServerConfigPrefix.php');
 $this->create('user_ldap_ajax_setConfiguration', 'ajax/setConfiguration.php')
-	->actionInclude('user_ldap/ajax/setConfiguration.php');
+    ->actionInclude('user_ldap/ajax/setConfiguration.php');
 $this->create('user_ldap_ajax_testConfiguration', 'ajax/testConfiguration.php')
-	->actionInclude('user_ldap/ajax/testConfiguration.php');
+    ->actionInclude('user_ldap/ajax/testConfiguration.php');
 $this->create('user_ldap_ajax_wizard', 'ajax/wizard.php')
-	->actionInclude('user_ldap/ajax/wizard.php');
+    ->actionInclude('user_ldap/ajax/wizard.php');
 
 $application = new \OCP\AppFramework\App('user_ldap');
 $application->registerRoutes($this, [
-	'ocs' => [
-		['name' => 'ConfigAPI#create', 'url' => '/api/v1/config', 'verb' => 'POST'],
-		['name' => 'ConfigAPI#show',   'url' => '/api/v1/config/{configID}', 'verb' => 'GET'],
-		['name' => 'ConfigAPI#modify', 'url' => '/api/v1/config/{configID}', 'verb' => 'PUT'],
-		['name' => 'ConfigAPI#delete', 'url' => '/api/v1/config/{configID}', 'verb' => 'DELETE'],
-	]
+    'ocs' => [
+        ['name' => 'ConfigAPI#create', 'url' => '/api/v1/config', 'verb' => 'POST'],
+        ['name' => 'ConfigAPI#show',   'url' => '/api/v1/config/{configID}', 'verb' => 'GET'],
+        ['name' => 'ConfigAPI#modify', 'url' => '/api/v1/config/{configID}', 'verb' => 'PUT'],
+        ['name' => 'ConfigAPI#delete', 'url' => '/api/v1/config/{configID}', 'verb' => 'DELETE'],
+    ]
 ]);
 
 $application = new OCA\User_LDAP\AppInfo\Application();
 $application->registerRoutes($this, [
-	'routes' => [
-		['name' => 'renewPassword#tryRenewPassword', 'url' => '/renewpassword', 'verb' => 'POST'],
-		['name' => 'renewPassword#showRenewPasswordForm', 'url' => '/renewpassword/{user}', 'verb' => 'GET'],
-		['name' => 'renewPassword#cancel', 'url' => '/renewpassword/cancel', 'verb' => 'GET'],
-		['name' => 'renewPassword#showLoginFormInvalidPassword', 'url' => '/renewpassword/invalidlogin/{user}', 'verb' => 'GET'],
-	]
+    'routes' => [
+        ['name' => 'renewPassword#tryRenewPassword', 'url' => '/renewpassword', 'verb' => 'POST'],
+        ['name' => 'renewPassword#showRenewPasswordForm', 'url' => '/renewpassword/{user}', 'verb' => 'GET'],
+        ['name' => 'renewPassword#cancel', 'url' => '/renewpassword/cancel', 'verb' => 'GET'],
+        ['name' => 'renewPassword#showLoginFormInvalidPassword', 'url' => '/renewpassword/invalidlogin/{user}', 'verb' => 'GET'],
+    ]
 ]);

apps/user_ldap/lib/User/User.php

Spacing +58 added lines, -58 removed lines

@@ -149,17 +149,17 @@ 
 	 * @return null
 	 */
 	public function update() {
-		if(is_null($this->dn)) {
+		if (is_null($this->dn)) {
 			return null;
 		}
 
 		$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
 				self::USER_PREFKEY_FIRSTLOGIN, 0);
 
-		if($this->needsRefresh()) {
+		if ($this->needsRefresh()) {
 			$this->updateEmail();
 			$this->updateQuota();
-			if($hasLoggedIn !== 0) {
+			if ($hasLoggedIn !== 0) {
 				//we do not need to try it, when the user has not been logged in
 				//before, because the file system will not be ready.
 				$this->updateAvatar();
@@ -178,7 +178,7 @@ 
 		$this->markRefreshTime();
 		//Quota
 		$attr = strtolower($this->connection->ldapQuotaAttribute);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$this->updateQuota($ldapEntry[$attr][0]);
 		} else {
 			if ($this->connection->ldapQuotaDefault !== '') {
@@ -189,7 +189,7 @@ 
 
 		//Email
 		$attr = strtolower($this->connection->ldapEmailAttribute);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$this->updateEmail($ldapEntry[$attr][0]);
 		}
 		unset($attr);
@@ -197,11 +197,11 @@ 
 		//displayName
 		$displayName = $displayName2 = '';
 		$attr = strtolower($this->connection->ldapUserDisplayName);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$displayName = strval($ldapEntry[$attr][0]);
 		}
 		$attr = strtolower($this->connection->ldapUserDisplayName2);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$displayName2 = strval($ldapEntry[$attr][0]);
 		}
 		if ($displayName !== '') {
@@ -215,16 +215,16 @@ 
 		unset($attr);
 
 		// LDAP Username, needed for s2s sharing
-		if(isset($ldapEntry['uid'])) {
+		if (isset($ldapEntry['uid'])) {
 			$this->storeLDAPUserName($ldapEntry['uid'][0]);
-		} else if(isset($ldapEntry['samaccountname'])) {
+		} else if (isset($ldapEntry['samaccountname'])) {
 			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
 		}
 
 		//homePath
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
+		if (strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
 			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
-			if(isset($ldapEntry[$attr])) {
+			if (isset($ldapEntry[$attr])) {
 				$this->access->cacheUserHome(
 					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
 			}
@@ -233,15 +233,15 @@ 
 		//memberOf groups
 		$cacheKey = 'getMemberOf'.$this->getUsername();
 		$groups = false;
-		if(isset($ldapEntry['memberof'])) {
+		if (isset($ldapEntry['memberof'])) {
 			$groups = $ldapEntry['memberof'];
 		}
 		$this->connection->writeToCache($cacheKey, $groups);
 
 		//Avatar
 		$attrs = array('jpegphoto', 'thumbnailphoto');
-		foreach ($attrs as $attr)  {
-			if(isset($ldapEntry[$attr])) {
+		foreach ($attrs as $attr) {
+			if (isset($ldapEntry[$attr])) {
 				$this->avatarImage = $ldapEntry[$attr][0];
 				// the call to the method that saves the avatar in the file
 				// system must be postponed after the login. It is to ensure
@@ -294,12 +294,12 @@ 
 		if ($path !== '') {
 			//if attribute's value is an absolute path take this, otherwise append it to data dir
 			//check for / at the beginning or pattern c:\ resp. c:/
-			if(   '/' !== $path[0]
+			if ('/' !== $path[0]
 			   && !(3 < strlen($path) && ctype_alpha($path[0])
 			       && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
 			) {
 				$path = $this->config->getSystemValue('datadirectory',
-						\OC::$SERVERROOT.'/data' ) . '/' . $path;
+						\OC::$SERVERROOT.'/data').'/'.$path;
 			}
 			//we need it to store it in the DB as well in case a user gets
 			//deleted so we can clean up afterwards
@@ -309,11 +309,11 @@ 
 			return $path;
 		}
 
-		if(    !is_null($attr)
+		if (!is_null($attr)
 			&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
 		) {
 			// a naming rule attribute is defined, but it doesn't exist for that LDAP user
-			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
+			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: '.$this->getUsername());
 		}
 
 		//false will apply default behaviour as defined and done by OC_User
@@ -324,7 +324,7 @@ 
 	public function getMemberOfGroups() {
 		$cacheKey = 'getMemberOf'.$this->getUsername();
 		$memberOfGroups = $this->connection->getFromCache($cacheKey);
-		if(!is_null($memberOfGroups)) {
+		if (!is_null($memberOfGroups)) {
 			return $memberOfGroups;
 		}
 		$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
@@ -337,15 +337,15 @@ 
 	 * @return string data (provided by LDAP) | false
 	 */
 	public function getAvatarImage() {
-		if(!is_null($this->avatarImage)) {
+		if (!is_null($this->avatarImage)) {
 			return $this->avatarImage;
 		}
 
 		$this->avatarImage = false;
 		$attributes = array('jpegPhoto', 'thumbnailPhoto');
-		foreach($attributes as $attribute) {
+		foreach ($attributes as $attribute) {
 			$result = $this->access->readAttribute($this->dn, $attribute);
-			if($result !== false && is_array($result) && isset($result[0])) {
+			if ($result !== false && is_array($result) && isset($result[0])) {
 				$this->avatarImage = $result[0];
 				break;
 			}
@@ -383,7 +383,7 @@ 
 			self::USER_PREFKEY_LASTREFRESH, 0);
 
 		//TODO make interval configurable
-		if((time() - intval($lastChecked)) < 86400 ) {
+		if ((time() - intval($lastChecked)) < 86400) {
 			return false;
 		}
 		return  true;
@@ -409,8 +409,8 @@ 
 	 */
 	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
 		$displayName2 = strval($displayName2);
-		if($displayName2 !== '') {
-			$displayName .= ' (' . $displayName2 . ')';
+		if ($displayName2 !== '') {
+			$displayName .= ' ('.$displayName2.')';
 		}
 		$this->store('displayName', $displayName);
 		return $displayName;
@@ -432,7 +432,7 @@ 
 	 * @return bool
 	 */
 	private function wasRefreshed($feature) {
-		if(isset($this->refreshedFeatures[$feature])) {
+		if (isset($this->refreshedFeatures[$feature])) {
 			return true;
 		}
 		$this->refreshedFeatures[$feature] = 1;
@@ -445,15 +445,15 @@ 
 	 * @return null
 	 */
 	public function updateEmail($valueFromLDAP = null) {
-		if($this->wasRefreshed('email')) {
+		if ($this->wasRefreshed('email')) {
 			return;
 		}
 		$email = strval($valueFromLDAP);
-		if(is_null($valueFromLDAP)) {
+		if (is_null($valueFromLDAP)) {
 			$emailAttribute = $this->connection->ldapEmailAttribute;
 			if ($emailAttribute !== '') {
 				$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
-				if(is_array($aEmail) && (count($aEmail) > 0)) {
+				if (is_array($aEmail) && (count($aEmail) > 0)) {
 					$email = strval($aEmail[0]);
 				}
 			}
@@ -490,20 +490,20 @@ 
 	 * @return null
 	 */
 	public function updateQuota($valueFromLDAP = null) {
-		if($this->wasRefreshed('quota')) {
+		if ($this->wasRefreshed('quota')) {
 			return;
 		}
 
 		$quota = false;
-		if(is_null($valueFromLDAP)) {
+		if (is_null($valueFromLDAP)) {
 			$quotaAttribute = $this->connection->ldapQuotaAttribute;
 			if ($quotaAttribute !== '') {
 				$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
-				if($aQuota && (count($aQuota) > 0)) {
+				if ($aQuota && (count($aQuota) > 0)) {
 					if ($this->verifyQuotaValue($aQuota[0])) {
 						$quota = $aQuota[0];
 					} else {
-						$this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', \OCP\Util::WARN);
+						$this->log->log('not suitable LDAP quota found for user '.$this->uid.': ['.$aQuota[0].']', \OCP\Util::WARN);
 					}
 				}
 			}
@@ -511,7 +511,7 @@ 
 			if ($this->verifyQuotaValue($valueFromLDAP)) {
 				$quota = $valueFromLDAP;
 			} else {
-				$this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', \OCP\Util::WARN);
+				$this->log->log('not suitable LDAP quota found for user '.$this->uid.': ['.$valueFromLDAP.']', \OCP\Util::WARN);
 			}
 		}
 
@@ -525,14 +525,14 @@ 
 
 		$targetUser = $this->userManager->get($this->uid);
 		if ($targetUser) {
-			if($quota !== false) {
+			if ($quota !== false) {
 				$targetUser->setQuota($quota);
 			} else {
-				$this->log->log('not suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', \OCP\Util::WARN);
+				$this->log->log('not suitable default quota found for user '.$this->uid.': ['.$defaultQuota.']', \OCP\Util::WARN);
 				$targetUser->setQuota('default');
 			}
 		} else {
-			$this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', \OCP\Util::ERROR);
+			$this->log->log('trying to set a quota for user '.$this->uid.' but the user is missing', \OCP\Util::ERROR);
 		}
 	}
 
@@ -546,7 +546,7 @@ 
 	 * @param array $params
 	 */
 	public function updateAvatarPostLogin($params) {
-		if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
+		if (isset($params['uid']) && $params['uid'] === $this->getUsername()) {
 			$this->updateAvatar();
 		}
 	}
@@ -556,11 +556,11 @@ 
 	 * @return null
 	 */
 	public function updateAvatar() {
-		if($this->wasRefreshed('avatar')) {
+		if ($this->wasRefreshed('avatar')) {
 			return;
 		}
 		$avatarImage = $this->getAvatarImage();
-		if($avatarImage === false) {
+		if ($avatarImage === false) {
 			//not set, nothing left to do;
 			return;
 		}
@@ -573,18 +573,18 @@ 
 	 * @return null
 	 */
 	private function setOwnCloudAvatar() {
-		if(!$this->image->valid()) {
+		if (!$this->image->valid()) {
 			$this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
 			return;
 		}
 		//make sure it is a square and not bigger than 128x128
 		$size = min(array($this->image->width(), $this->image->height(), 128));
-		if(!$this->image->centerCrop($size)) {
+		if (!$this->image->centerCrop($size)) {
 			$this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
 			return;
 		}
 
-		if(!$this->fs->isLoaded()) {
+		if (!$this->fs->isLoaded()) {
 			$this->fs->setup($this->uid);
 		}
 
@@ -593,7 +593,7 @@ 
 			$avatar->set($this->image);
 		} catch (\Exception $e) {
 			\OC::$server->getLogger()->notice(
-				'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
+				'Could not set avatar for '.$this->dn.', because: '.$e->getMessage(),
 				['app' => 'user_ldap']);
 		}
 	}
@@ -606,17 +606,17 @@ 
 	public function handlePasswordExpiry($params) {
 		$ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
 		if (empty($ppolicyDN) || (intval($this->connection->turnOnPasswordChange) !== 1)) {
-			return;//password expiry handling disabled
+			return; //password expiry handling disabled
 		}
 		$uid = $params['uid'];
-		if(isset($uid) && $uid === $this->getUsername()) {
+		if (isset($uid) && $uid === $this->getUsername()) {
 			//retrieve relevant user attributes
 			$result = $this->access->search('objectclass=*', $this->dn, ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
 			
-			if(array_key_exists('pwdpolicysubentry', $result[0])) {
+			if (array_key_exists('pwdpolicysubentry', $result[0])) {
 				$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
-				if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
-					$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
+				if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)) {
+					$ppolicyDN = $pwdPolicySubentry[0]; //custom ppolicy DN
 				}
 			}
 			
@@ -625,9 +625,9 @@ 
 			$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null;
 			
 			//retrieve relevant password policy attributes
-			$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
+			$cacheKey = 'ppolicyAttributes'.$ppolicyDN;
 			$result = $this->connection->getFromCache($cacheKey);
-			if(is_null($result)) {
+			if (is_null($result)) {
 				$result = $this->access->search('objectclass=*', $ppolicyDN, ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
 				$this->connection->writeToCache($cacheKey, $result);
 			}
@@ -638,8 +638,8 @@ 
 			
 			//handle grace login
 			$pwdGraceUseTimeCount = count($pwdGraceUseTime);
-			if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login?
-				if($pwdGraceAuthNLimit 
+			if ($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login?
+				if ($pwdGraceAuthNLimit 
 					&& (count($pwdGraceAuthNLimit) > 0)
 					&&($pwdGraceUseTimeCount < intval($pwdGraceAuthNLimit[0]))) { //at least one more grace login available?
 					$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
@@ -652,24 +652,24 @@ 
 				exit();
 			}
 			//handle pwdReset attribute
-			if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password
+			if ($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password
 				$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
 				header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
 				'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
 				exit();
 			}
 			//handle password expiry warning
-			if($pwdChangedTime && (count($pwdChangedTime) > 0)) {
-				if($pwdMaxAge && (count($pwdMaxAge) > 0)
+			if ($pwdChangedTime && (count($pwdChangedTime) > 0)) {
+				if ($pwdMaxAge && (count($pwdMaxAge) > 0)
 					&& $pwdExpireWarning && (count($pwdExpireWarning) > 0)) {
 					$pwdMaxAgeInt = intval($pwdMaxAge[0]);
 					$pwdExpireWarningInt = intval($pwdExpireWarning[0]);
-					if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
+					if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0) {
 						$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
 						$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
 						$currentDateTime = new \DateTime();
 						$secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
-						if($secondsToExpiry <= $pwdExpireWarningInt) {
+						if ($secondsToExpiry <= $pwdExpireWarningInt) {
 							//remove last password expiry warning if any
 							$notification = $this->notificationManager->createNotification();
 							$notification->setApp('user_ldap')

Indentation +643 added lines, -643 removed lines

@@ -43,653 +43,653 @@
  * represents an LDAP user, gets and holds user-specific information from LDAP
  */
 class User {
-	/**
-	 * @var IUserTools
-	 */
-	protected $access;
-	/**
-	 * @var Connection
-	 */
-	protected $connection;
-	/**
-	 * @var IConfig
-	 */
-	protected $config;
-	/**
-	 * @var FilesystemHelper
-	 */
-	protected $fs;
-	/**
-	 * @var Image
-	 */
-	protected $image;
-	/**
-	 * @var LogWrapper
-	 */
-	protected $log;
-	/**
-	 * @var IAvatarManager
-	 */
-	protected $avatarManager;
-	/**
-	 * @var IUserManager
-	 */
-	protected $userManager;
-	/**
-	 * @var INotificationManager
-	 */
-	protected $notificationManager;
-	/**
-	 * @var string
-	 */
-	protected $dn;
-	/**
-	 * @var string
-	 */
-	protected $uid;
-	/**
-	 * @var string[]
-	 */
-	protected $refreshedFeatures = array();
-	/**
-	 * @var string
-	 */
-	protected $avatarImage;
-
-	/**
-	 * DB config keys for user preferences
-	 */
-	const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
-	const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
-
-	/**
-	 * @brief constructor, make sure the subclasses call this one!
-	 * @param string $username the internal username
-	 * @param string $dn the LDAP DN
-	 * @param IUserTools $access an instance that implements IUserTools for
-	 * LDAP interaction
-	 * @param IConfig $config
-	 * @param FilesystemHelper $fs
-	 * @param Image $image any empty instance
-	 * @param LogWrapper $log
-	 * @param IAvatarManager $avatarManager
-	 * @param IUserManager $userManager
-	 * @param INotificationManager $notificationManager
-	 */
-	public function __construct($username, $dn, IUserTools $access,
-		IConfig $config, FilesystemHelper $fs, Image $image,
-		LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager,
-		INotificationManager $notificationManager) {
+    /**
+     * @var IUserTools
+     */
+    protected $access;
+    /**
+     * @var Connection
+     */
+    protected $connection;
+    /**
+     * @var IConfig
+     */
+    protected $config;
+    /**
+     * @var FilesystemHelper
+     */
+    protected $fs;
+    /**
+     * @var Image
+     */
+    protected $image;
+    /**
+     * @var LogWrapper
+     */
+    protected $log;
+    /**
+     * @var IAvatarManager
+     */
+    protected $avatarManager;
+    /**
+     * @var IUserManager
+     */
+    protected $userManager;
+    /**
+     * @var INotificationManager
+     */
+    protected $notificationManager;
+    /**
+     * @var string
+     */
+    protected $dn;
+    /**
+     * @var string
+     */
+    protected $uid;
+    /**
+     * @var string[]
+     */
+    protected $refreshedFeatures = array();
+    /**
+     * @var string
+     */
+    protected $avatarImage;
+
+    /**
+     * DB config keys for user preferences
+     */
+    const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
+    const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
+
+    /**
+     * @brief constructor, make sure the subclasses call this one!
+     * @param string $username the internal username
+     * @param string $dn the LDAP DN
+     * @param IUserTools $access an instance that implements IUserTools for
+     * LDAP interaction
+     * @param IConfig $config
+     * @param FilesystemHelper $fs
+     * @param Image $image any empty instance
+     * @param LogWrapper $log
+     * @param IAvatarManager $avatarManager
+     * @param IUserManager $userManager
+     * @param INotificationManager $notificationManager
+     */
+    public function __construct($username, $dn, IUserTools $access,
+        IConfig $config, FilesystemHelper $fs, Image $image,
+        LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager,
+        INotificationManager $notificationManager) {
 	
-		if ($username === null) {
-			$log->log("uid for '$dn' must not be null!", Util::ERROR);
-			throw new \InvalidArgumentException('uid must not be null!');
-		} else if ($username === '') {
-			$log->log("uid for '$dn' must not be an empty string", Util::ERROR);
-			throw new \InvalidArgumentException('uid must not be an empty string!');
-		}
-
-		$this->access              = $access;
-		$this->connection          = $access->getConnection();
-		$this->config              = $config;
-		$this->fs                  = $fs;
-		$this->dn                  = $dn;
-		$this->uid                 = $username;
-		$this->image               = $image;
-		$this->log                 = $log;
-		$this->avatarManager       = $avatarManager;
-		$this->userManager         = $userManager;
-		$this->notificationManager = $notificationManager;
-
-		\OCP\Util::connectHook('OC_User', 'post_login', $this, 'handlePasswordExpiry');
-	}
-
-	/**
-	 * @brief updates properties like email, quota or avatar provided by LDAP
-	 * @return null
-	 */
-	public function update() {
-		if(is_null($this->dn)) {
-			return null;
-		}
-
-		$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
-				self::USER_PREFKEY_FIRSTLOGIN, 0);
-
-		if($this->needsRefresh()) {
-			$this->updateEmail();
-			$this->updateQuota();
-			if($hasLoggedIn !== 0) {
-				//we do not need to try it, when the user has not been logged in
-				//before, because the file system will not be ready.
-				$this->updateAvatar();
-				//in order to get an avatar as soon as possible, mark the user
-				//as refreshed only when updating the avatar did happen
-				$this->markRefreshTime();
-			}
-		}
-	}
-
-	/**
-	 * processes results from LDAP for attributes as returned by getAttributesToRead()
-	 * @param array $ldapEntry the user entry as retrieved from LDAP
-	 */
-	public function processAttributes($ldapEntry) {
-		$this->markRefreshTime();
-		//Quota
-		$attr = strtolower($this->connection->ldapQuotaAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateQuota($ldapEntry[$attr][0]);
-		} else {
-			if ($this->connection->ldapQuotaDefault !== '') {
-				$this->updateQuota();
-			}
-		}
-		unset($attr);
-
-		//Email
-		$attr = strtolower($this->connection->ldapEmailAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateEmail($ldapEntry[$attr][0]);
-		}
-		unset($attr);
-
-		//displayName
-		$displayName = $displayName2 = '';
-		$attr = strtolower($this->connection->ldapUserDisplayName);
-		if(isset($ldapEntry[$attr])) {
-			$displayName = strval($ldapEntry[$attr][0]);
-		}
-		$attr = strtolower($this->connection->ldapUserDisplayName2);
-		if(isset($ldapEntry[$attr])) {
-			$displayName2 = strval($ldapEntry[$attr][0]);
-		}
-		if ($displayName !== '') {
-			$this->composeAndStoreDisplayName($displayName);
-			$this->access->cacheUserDisplayName(
-				$this->getUsername(),
-				$displayName,
-				$displayName2
-			);
-		}
-		unset($attr);
-
-		// LDAP Username, needed for s2s sharing
-		if(isset($ldapEntry['uid'])) {
-			$this->storeLDAPUserName($ldapEntry['uid'][0]);
-		} else if(isset($ldapEntry['samaccountname'])) {
-			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
-		}
-
-		//homePath
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
-			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
-			if(isset($ldapEntry[$attr])) {
-				$this->access->cacheUserHome(
-					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
-			}
-		}
-
-		//memberOf groups
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$groups = false;
-		if(isset($ldapEntry['memberof'])) {
-			$groups = $ldapEntry['memberof'];
-		}
-		$this->connection->writeToCache($cacheKey, $groups);
-
-		//Avatar
-		$attrs = array('jpegphoto', 'thumbnailphoto');
-		foreach ($attrs as $attr)  {
-			if(isset($ldapEntry[$attr])) {
-				$this->avatarImage = $ldapEntry[$attr][0];
-				// the call to the method that saves the avatar in the file
-				// system must be postponed after the login. It is to ensure
-				// external mounts are mounted properly (e.g. with login
-				// credentials from the session).
-				\OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
-				break;
-			}
-		}
-	}
-
-	/**
-	 * @brief returns the LDAP DN of the user
-	 * @return string
-	 */
-	public function getDN() {
-		return $this->dn;
-	}
-
-	/**
-	 * @brief returns the Nextcloud internal username of the user
-	 * @return string
-	 */
-	public function getUsername() {
-		return $this->uid;
-	}
-
-	/**
-	 * returns the home directory of the user if specified by LDAP settings
-	 * @param string $valueFromLDAP
-	 * @return bool|string
-	 * @throws \Exception
-	 */
-	public function getHomePath($valueFromLDAP = null) {
-		$path = strval($valueFromLDAP);
-		$attr = null;
-
-		if (is_null($valueFromLDAP)
-		   && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
-		   && $this->access->connection->homeFolderNamingRule !== 'attr:')
-		{
-			$attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
-			$homedir = $this->access->readAttribute(
-				$this->access->username2dn($this->getUsername()), $attr);
-			if ($homedir && isset($homedir[0])) {
-				$path = $homedir[0];
-			}
-		}
-
-		if ($path !== '') {
-			//if attribute's value is an absolute path take this, otherwise append it to data dir
-			//check for / at the beginning or pattern c:\ resp. c:/
-			if(   '/' !== $path[0]
-			   && !(3 < strlen($path) && ctype_alpha($path[0])
-			       && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
-			) {
-				$path = $this->config->getSystemValue('datadirectory',
-						\OC::$SERVERROOT.'/data' ) . '/' . $path;
-			}
-			//we need it to store it in the DB as well in case a user gets
-			//deleted so we can clean up afterwards
-			$this->config->setUserValue(
-				$this->getUsername(), 'user_ldap', 'homePath', $path
-			);
-			return $path;
-		}
-
-		if(    !is_null($attr)
-			&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
-		) {
-			// a naming rule attribute is defined, but it doesn't exist for that LDAP user
-			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
-		}
-
-		//false will apply default behaviour as defined and done by OC_User
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
-		return false;
-	}
-
-	public function getMemberOfGroups() {
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$memberOfGroups = $this->connection->getFromCache($cacheKey);
-		if(!is_null($memberOfGroups)) {
-			return $memberOfGroups;
-		}
-		$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
-		$this->connection->writeToCache($cacheKey, $groupDNs);
-		return $groupDNs;
-	}
-
-	/**
-	 * @brief reads the image from LDAP that shall be used as Avatar
-	 * @return string data (provided by LDAP) | false
-	 */
-	public function getAvatarImage() {
-		if(!is_null($this->avatarImage)) {
-			return $this->avatarImage;
-		}
-
-		$this->avatarImage = false;
-		$attributes = array('jpegPhoto', 'thumbnailPhoto');
-		foreach($attributes as $attribute) {
-			$result = $this->access->readAttribute($this->dn, $attribute);
-			if($result !== false && is_array($result) && isset($result[0])) {
-				$this->avatarImage = $result[0];
-				break;
-			}
-		}
-
-		return $this->avatarImage;
-	}
-
-	/**
-	 * @brief marks the user as having logged in at least once
-	 * @return null
-	 */
-	public function markLogin() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
-	}
-
-	/**
-	 * @brief marks the time when user features like email have been updated
-	 * @return null
-	 */
-	public function markRefreshTime() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
-	}
-
-	/**
-	 * @brief checks whether user features needs to be updated again by
-	 * comparing the difference of time of the last refresh to now with the
-	 * desired interval
-	 * @return bool
-	 */
-	private function needsRefresh() {
-		$lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
-			self::USER_PREFKEY_LASTREFRESH, 0);
-
-		//TODO make interval configurable
-		if((time() - intval($lastChecked)) < 86400 ) {
-			return false;
-		}
-		return  true;
-	}
-
-	/**
-	 * Stores a key-value pair in relation to this user
-	 *
-	 * @param string $key
-	 * @param string $value
-	 */
-	private function store($key, $value) {
-		$this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
-	}
-
-	/**
-	 * Composes the display name and stores it in the database. The final
-	 * display name is returned.
-	 *
-	 * @param string $displayName
-	 * @param string $displayName2
-	 * @returns string the effective display name
-	 */
-	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
-		$displayName2 = strval($displayName2);
-		if($displayName2 !== '') {
-			$displayName .= ' (' . $displayName2 . ')';
-		}
-		$this->store('displayName', $displayName);
-		return $displayName;
-	}
-
-	/**
-	 * Stores the LDAP Username in the Database
-	 * @param string $userName
-	 */
-	public function storeLDAPUserName($userName) {
-		$this->store('uid', $userName);
-	}
-
-	/**
-	 * @brief checks whether an update method specified by feature was run
-	 * already. If not, it will marked like this, because it is expected that
-	 * the method will be run, when false is returned.
-	 * @param string $feature email | quota | avatar (can be extended)
-	 * @return bool
-	 */
-	private function wasRefreshed($feature) {
-		if(isset($this->refreshedFeatures[$feature])) {
-			return true;
-		}
-		$this->refreshedFeatures[$feature] = 1;
-		return false;
-	}
-
-	/**
-	 * fetches the email from LDAP and stores it as Nextcloud user value
-	 * @param string $valueFromLDAP if known, to save an LDAP read request
-	 * @return null
-	 */
-	public function updateEmail($valueFromLDAP = null) {
-		if($this->wasRefreshed('email')) {
-			return;
-		}
-		$email = strval($valueFromLDAP);
-		if(is_null($valueFromLDAP)) {
-			$emailAttribute = $this->connection->ldapEmailAttribute;
-			if ($emailAttribute !== '') {
-				$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
-				if(is_array($aEmail) && (count($aEmail) > 0)) {
-					$email = strval($aEmail[0]);
-				}
-			}
-		}
-		if ($email !== '') {
-			$user = $this->userManager->get($this->uid);
-			if (!is_null($user)) {
-				$currentEmail = strval($user->getEMailAddress());
-				if ($currentEmail !== $email) {
-					$user->setEMailAddress($email);
-				}
-			}
-		}
-	}
-
-	/**
-	 * Overall process goes as follow:
-	 * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function
-	 * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota
-	 * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default')
-	 * 4. check if the target user exists and set the quota for the user.
-	 *
-	 * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP
-	 * parameter can be passed with the value of the attribute. This value will be considered as the
-	 * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to
-	 * fetch all the user's attributes in one call and use the fetched values in this function.
-	 * The expected value for that parameter is a string describing the quota for the user. Valid
-	 * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in
-	 * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info)
-	 *
-	 * fetches the quota from LDAP and stores it as Nextcloud user value
-	 * @param string $valueFromLDAP the quota attribute's value can be passed,
-	 * to save the readAttribute request
-	 * @return null
-	 */
-	public function updateQuota($valueFromLDAP = null) {
-		if($this->wasRefreshed('quota')) {
-			return;
-		}
-
-		$quota = false;
-		if(is_null($valueFromLDAP)) {
-			$quotaAttribute = $this->connection->ldapQuotaAttribute;
-			if ($quotaAttribute !== '') {
-				$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
-				if($aQuota && (count($aQuota) > 0)) {
-					if ($this->verifyQuotaValue($aQuota[0])) {
-						$quota = $aQuota[0];
-					} else {
-						$this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', \OCP\Util::WARN);
-					}
-				}
-			}
-		} else {
-			if ($this->verifyQuotaValue($valueFromLDAP)) {
-				$quota = $valueFromLDAP;
-			} else {
-				$this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', \OCP\Util::WARN);
-			}
-		}
-
-		if ($quota === false) {
-			// quota not found using the LDAP attribute (or not parseable). Try the default quota
-			$defaultQuota = $this->connection->ldapQuotaDefault;
-			if ($this->verifyQuotaValue($defaultQuota)) {
-				$quota = $defaultQuota;
-			}
-		}
-
-		$targetUser = $this->userManager->get($this->uid);
-		if ($targetUser) {
-			if($quota !== false) {
-				$targetUser->setQuota($quota);
-			} else {
-				$this->log->log('not suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', \OCP\Util::WARN);
-				$targetUser->setQuota('default');
-			}
-		} else {
-			$this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', \OCP\Util::ERROR);
-		}
-	}
-
-	private function verifyQuotaValue($quotaValue) {
-		return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false;
-	}
-
-	/**
-	 * called by a post_login hook to save the avatar picture
-	 *
-	 * @param array $params
-	 */
-	public function updateAvatarPostLogin($params) {
-		if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
-			$this->updateAvatar();
-		}
-	}
-
-	/**
-	 * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar
-	 * @return null
-	 */
-	public function updateAvatar() {
-		if($this->wasRefreshed('avatar')) {
-			return;
-		}
-		$avatarImage = $this->getAvatarImage();
-		if($avatarImage === false) {
-			//not set, nothing left to do;
-			return;
-		}
-		$this->image->loadFromBase64(base64_encode($avatarImage));
-		$this->setOwnCloudAvatar();
-	}
-
-	/**
-	 * @brief sets an image as Nextcloud avatar
-	 * @return null
-	 */
-	private function setOwnCloudAvatar() {
-		if(!$this->image->valid()) {
-			$this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
-			return;
-		}
-		//make sure it is a square and not bigger than 128x128
-		$size = min(array($this->image->width(), $this->image->height(), 128));
-		if(!$this->image->centerCrop($size)) {
-			$this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
-			return;
-		}
-
-		if(!$this->fs->isLoaded()) {
-			$this->fs->setup($this->uid);
-		}
-
-		try {
-			$avatar = $this->avatarManager->getAvatar($this->uid);
-			$avatar->set($this->image);
-		} catch (\Exception $e) {
-			\OC::$server->getLogger()->notice(
-				'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
-				['app' => 'user_ldap']);
-		}
-	}
-
-	/**
-	 * called by a post_login hook to handle password expiry
-	 *
-	 * @param array $params
-	 */
-	public function handlePasswordExpiry($params) {
-		$ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
-		if (empty($ppolicyDN) || (intval($this->connection->turnOnPasswordChange) !== 1)) {
-			return;//password expiry handling disabled
-		}
-		$uid = $params['uid'];
-		if(isset($uid) && $uid === $this->getUsername()) {
-			//retrieve relevant user attributes
-			$result = $this->access->search('objectclass=*', $this->dn, ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
+        if ($username === null) {
+            $log->log("uid for '$dn' must not be null!", Util::ERROR);
+            throw new \InvalidArgumentException('uid must not be null!');
+        } else if ($username === '') {
+            $log->log("uid for '$dn' must not be an empty string", Util::ERROR);
+            throw new \InvalidArgumentException('uid must not be an empty string!');
+        }
+
+        $this->access              = $access;
+        $this->connection          = $access->getConnection();
+        $this->config              = $config;
+        $this->fs                  = $fs;
+        $this->dn                  = $dn;
+        $this->uid                 = $username;
+        $this->image               = $image;
+        $this->log                 = $log;
+        $this->avatarManager       = $avatarManager;
+        $this->userManager         = $userManager;
+        $this->notificationManager = $notificationManager;
+
+        \OCP\Util::connectHook('OC_User', 'post_login', $this, 'handlePasswordExpiry');
+    }
+
+    /**
+     * @brief updates properties like email, quota or avatar provided by LDAP
+     * @return null
+     */
+    public function update() {
+        if(is_null($this->dn)) {
+            return null;
+        }
+
+        $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
+                self::USER_PREFKEY_FIRSTLOGIN, 0);
+
+        if($this->needsRefresh()) {
+            $this->updateEmail();
+            $this->updateQuota();
+            if($hasLoggedIn !== 0) {
+                //we do not need to try it, when the user has not been logged in
+                //before, because the file system will not be ready.
+                $this->updateAvatar();
+                //in order to get an avatar as soon as possible, mark the user
+                //as refreshed only when updating the avatar did happen
+                $this->markRefreshTime();
+            }
+        }
+    }
+
+    /**
+     * processes results from LDAP for attributes as returned by getAttributesToRead()
+     * @param array $ldapEntry the user entry as retrieved from LDAP
+     */
+    public function processAttributes($ldapEntry) {
+        $this->markRefreshTime();
+        //Quota
+        $attr = strtolower($this->connection->ldapQuotaAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateQuota($ldapEntry[$attr][0]);
+        } else {
+            if ($this->connection->ldapQuotaDefault !== '') {
+                $this->updateQuota();
+            }
+        }
+        unset($attr);
+
+        //Email
+        $attr = strtolower($this->connection->ldapEmailAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateEmail($ldapEntry[$attr][0]);
+        }
+        unset($attr);
+
+        //displayName
+        $displayName = $displayName2 = '';
+        $attr = strtolower($this->connection->ldapUserDisplayName);
+        if(isset($ldapEntry[$attr])) {
+            $displayName = strval($ldapEntry[$attr][0]);
+        }
+        $attr = strtolower($this->connection->ldapUserDisplayName2);
+        if(isset($ldapEntry[$attr])) {
+            $displayName2 = strval($ldapEntry[$attr][0]);
+        }
+        if ($displayName !== '') {
+            $this->composeAndStoreDisplayName($displayName);
+            $this->access->cacheUserDisplayName(
+                $this->getUsername(),
+                $displayName,
+                $displayName2
+            );
+        }
+        unset($attr);
+
+        // LDAP Username, needed for s2s sharing
+        if(isset($ldapEntry['uid'])) {
+            $this->storeLDAPUserName($ldapEntry['uid'][0]);
+        } else if(isset($ldapEntry['samaccountname'])) {
+            $this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
+        }
+
+        //homePath
+        if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
+            $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
+            if(isset($ldapEntry[$attr])) {
+                $this->access->cacheUserHome(
+                    $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
+            }
+        }
+
+        //memberOf groups
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $groups = false;
+        if(isset($ldapEntry['memberof'])) {
+            $groups = $ldapEntry['memberof'];
+        }
+        $this->connection->writeToCache($cacheKey, $groups);
+
+        //Avatar
+        $attrs = array('jpegphoto', 'thumbnailphoto');
+        foreach ($attrs as $attr)  {
+            if(isset($ldapEntry[$attr])) {
+                $this->avatarImage = $ldapEntry[$attr][0];
+                // the call to the method that saves the avatar in the file
+                // system must be postponed after the login. It is to ensure
+                // external mounts are mounted properly (e.g. with login
+                // credentials from the session).
+                \OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
+                break;
+            }
+        }
+    }
+
+    /**
+     * @brief returns the LDAP DN of the user
+     * @return string
+     */
+    public function getDN() {
+        return $this->dn;
+    }
+
+    /**
+     * @brief returns the Nextcloud internal username of the user
+     * @return string
+     */
+    public function getUsername() {
+        return $this->uid;
+    }
+
+    /**
+     * returns the home directory of the user if specified by LDAP settings
+     * @param string $valueFromLDAP
+     * @return bool|string
+     * @throws \Exception
+     */
+    public function getHomePath($valueFromLDAP = null) {
+        $path = strval($valueFromLDAP);
+        $attr = null;
+
+        if (is_null($valueFromLDAP)
+           && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
+           && $this->access->connection->homeFolderNamingRule !== 'attr:')
+        {
+            $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
+            $homedir = $this->access->readAttribute(
+                $this->access->username2dn($this->getUsername()), $attr);
+            if ($homedir && isset($homedir[0])) {
+                $path = $homedir[0];
+            }
+        }
+
+        if ($path !== '') {
+            //if attribute's value is an absolute path take this, otherwise append it to data dir
+            //check for / at the beginning or pattern c:\ resp. c:/
+            if(   '/' !== $path[0]
+               && !(3 < strlen($path) && ctype_alpha($path[0])
+                   && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
+            ) {
+                $path = $this->config->getSystemValue('datadirectory',
+                        \OC::$SERVERROOT.'/data' ) . '/' . $path;
+            }
+            //we need it to store it in the DB as well in case a user gets
+            //deleted so we can clean up afterwards
+            $this->config->setUserValue(
+                $this->getUsername(), 'user_ldap', 'homePath', $path
+            );
+            return $path;
+        }
+
+        if(    !is_null($attr)
+            && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
+        ) {
+            // a naming rule attribute is defined, but it doesn't exist for that LDAP user
+            throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
+        }
+
+        //false will apply default behaviour as defined and done by OC_User
+        $this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
+        return false;
+    }
+
+    public function getMemberOfGroups() {
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $memberOfGroups = $this->connection->getFromCache($cacheKey);
+        if(!is_null($memberOfGroups)) {
+            return $memberOfGroups;
+        }
+        $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
+        $this->connection->writeToCache($cacheKey, $groupDNs);
+        return $groupDNs;
+    }
+
+    /**
+     * @brief reads the image from LDAP that shall be used as Avatar
+     * @return string data (provided by LDAP) | false
+     */
+    public function getAvatarImage() {
+        if(!is_null($this->avatarImage)) {
+            return $this->avatarImage;
+        }
+
+        $this->avatarImage = false;
+        $attributes = array('jpegPhoto', 'thumbnailPhoto');
+        foreach($attributes as $attribute) {
+            $result = $this->access->readAttribute($this->dn, $attribute);
+            if($result !== false && is_array($result) && isset($result[0])) {
+                $this->avatarImage = $result[0];
+                break;
+            }
+        }
+
+        return $this->avatarImage;
+    }
+
+    /**
+     * @brief marks the user as having logged in at least once
+     * @return null
+     */
+    public function markLogin() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
+    }
+
+    /**
+     * @brief marks the time when user features like email have been updated
+     * @return null
+     */
+    public function markRefreshTime() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
+    }
+
+    /**
+     * @brief checks whether user features needs to be updated again by
+     * comparing the difference of time of the last refresh to now with the
+     * desired interval
+     * @return bool
+     */
+    private function needsRefresh() {
+        $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
+            self::USER_PREFKEY_LASTREFRESH, 0);
+
+        //TODO make interval configurable
+        if((time() - intval($lastChecked)) < 86400 ) {
+            return false;
+        }
+        return  true;
+    }
+
+    /**
+     * Stores a key-value pair in relation to this user
+     *
+     * @param string $key
+     * @param string $value
+     */
+    private function store($key, $value) {
+        $this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
+    }
+
+    /**
+     * Composes the display name and stores it in the database. The final
+     * display name is returned.
+     *
+     * @param string $displayName
+     * @param string $displayName2
+     * @returns string the effective display name
+     */
+    public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
+        $displayName2 = strval($displayName2);
+        if($displayName2 !== '') {
+            $displayName .= ' (' . $displayName2 . ')';
+        }
+        $this->store('displayName', $displayName);
+        return $displayName;
+    }
+
+    /**
+     * Stores the LDAP Username in the Database
+     * @param string $userName
+     */
+    public function storeLDAPUserName($userName) {
+        $this->store('uid', $userName);
+    }
+
+    /**
+     * @brief checks whether an update method specified by feature was run
+     * already. If not, it will marked like this, because it is expected that
+     * the method will be run, when false is returned.
+     * @param string $feature email | quota | avatar (can be extended)
+     * @return bool
+     */
+    private function wasRefreshed($feature) {
+        if(isset($this->refreshedFeatures[$feature])) {
+            return true;
+        }
+        $this->refreshedFeatures[$feature] = 1;
+        return false;
+    }
+
+    /**
+     * fetches the email from LDAP and stores it as Nextcloud user value
+     * @param string $valueFromLDAP if known, to save an LDAP read request
+     * @return null
+     */
+    public function updateEmail($valueFromLDAP = null) {
+        if($this->wasRefreshed('email')) {
+            return;
+        }
+        $email = strval($valueFromLDAP);
+        if(is_null($valueFromLDAP)) {
+            $emailAttribute = $this->connection->ldapEmailAttribute;
+            if ($emailAttribute !== '') {
+                $aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
+                if(is_array($aEmail) && (count($aEmail) > 0)) {
+                    $email = strval($aEmail[0]);
+                }
+            }
+        }
+        if ($email !== '') {
+            $user = $this->userManager->get($this->uid);
+            if (!is_null($user)) {
+                $currentEmail = strval($user->getEMailAddress());
+                if ($currentEmail !== $email) {
+                    $user->setEMailAddress($email);
+                }
+            }
+        }
+    }
+
+    /**
+     * Overall process goes as follow:
+     * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function
+     * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota
+     * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default')
+     * 4. check if the target user exists and set the quota for the user.
+     *
+     * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP
+     * parameter can be passed with the value of the attribute. This value will be considered as the
+     * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to
+     * fetch all the user's attributes in one call and use the fetched values in this function.
+     * The expected value for that parameter is a string describing the quota for the user. Valid
+     * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in
+     * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info)
+     *
+     * fetches the quota from LDAP and stores it as Nextcloud user value
+     * @param string $valueFromLDAP the quota attribute's value can be passed,
+     * to save the readAttribute request
+     * @return null
+     */
+    public function updateQuota($valueFromLDAP = null) {
+        if($this->wasRefreshed('quota')) {
+            return;
+        }
+
+        $quota = false;
+        if(is_null($valueFromLDAP)) {
+            $quotaAttribute = $this->connection->ldapQuotaAttribute;
+            if ($quotaAttribute !== '') {
+                $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
+                if($aQuota && (count($aQuota) > 0)) {
+                    if ($this->verifyQuotaValue($aQuota[0])) {
+                        $quota = $aQuota[0];
+                    } else {
+                        $this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', \OCP\Util::WARN);
+                    }
+                }
+            }
+        } else {
+            if ($this->verifyQuotaValue($valueFromLDAP)) {
+                $quota = $valueFromLDAP;
+            } else {
+                $this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', \OCP\Util::WARN);
+            }
+        }
+
+        if ($quota === false) {
+            // quota not found using the LDAP attribute (or not parseable). Try the default quota
+            $defaultQuota = $this->connection->ldapQuotaDefault;
+            if ($this->verifyQuotaValue($defaultQuota)) {
+                $quota = $defaultQuota;
+            }
+        }
+
+        $targetUser = $this->userManager->get($this->uid);
+        if ($targetUser) {
+            if($quota !== false) {
+                $targetUser->setQuota($quota);
+            } else {
+                $this->log->log('not suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', \OCP\Util::WARN);
+                $targetUser->setQuota('default');
+            }
+        } else {
+            $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', \OCP\Util::ERROR);
+        }
+    }
+
+    private function verifyQuotaValue($quotaValue) {
+        return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false;
+    }
+
+    /**
+     * called by a post_login hook to save the avatar picture
+     *
+     * @param array $params
+     */
+    public function updateAvatarPostLogin($params) {
+        if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
+            $this->updateAvatar();
+        }
+    }
+
+    /**
+     * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar
+     * @return null
+     */
+    public function updateAvatar() {
+        if($this->wasRefreshed('avatar')) {
+            return;
+        }
+        $avatarImage = $this->getAvatarImage();
+        if($avatarImage === false) {
+            //not set, nothing left to do;
+            return;
+        }
+        $this->image->loadFromBase64(base64_encode($avatarImage));
+        $this->setOwnCloudAvatar();
+    }
+
+    /**
+     * @brief sets an image as Nextcloud avatar
+     * @return null
+     */
+    private function setOwnCloudAvatar() {
+        if(!$this->image->valid()) {
+            $this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
+            return;
+        }
+        //make sure it is a square and not bigger than 128x128
+        $size = min(array($this->image->width(), $this->image->height(), 128));
+        if(!$this->image->centerCrop($size)) {
+            $this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
+            return;
+        }
+
+        if(!$this->fs->isLoaded()) {
+            $this->fs->setup($this->uid);
+        }
+
+        try {
+            $avatar = $this->avatarManager->getAvatar($this->uid);
+            $avatar->set($this->image);
+        } catch (\Exception $e) {
+            \OC::$server->getLogger()->notice(
+                'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
+                ['app' => 'user_ldap']);
+        }
+    }
+
+    /**
+     * called by a post_login hook to handle password expiry
+     *
+     * @param array $params
+     */
+    public function handlePasswordExpiry($params) {
+        $ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
+        if (empty($ppolicyDN) || (intval($this->connection->turnOnPasswordChange) !== 1)) {
+            return;//password expiry handling disabled
+        }
+        $uid = $params['uid'];
+        if(isset($uid) && $uid === $this->getUsername()) {
+            //retrieve relevant user attributes
+            $result = $this->access->search('objectclass=*', $this->dn, ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
 			
-			if(array_key_exists('pwdpolicysubentry', $result[0])) {
-				$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
-				if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
-					$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
-				}
-			}
+            if(array_key_exists('pwdpolicysubentry', $result[0])) {
+                $pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
+                if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
+                    $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
+                }
+            }
 			
-			$pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : null;
-			$pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : null;
-			$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null;
+            $pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : null;
+            $pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : null;
+            $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null;
 			
-			//retrieve relevant password policy attributes
-			$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
-			$result = $this->connection->getFromCache($cacheKey);
-			if(is_null($result)) {
-				$result = $this->access->search('objectclass=*', $ppolicyDN, ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
-				$this->connection->writeToCache($cacheKey, $result);
-			}
+            //retrieve relevant password policy attributes
+            $cacheKey = 'ppolicyAttributes' . $ppolicyDN;
+            $result = $this->connection->getFromCache($cacheKey);
+            if(is_null($result)) {
+                $result = $this->access->search('objectclass=*', $ppolicyDN, ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
+                $this->connection->writeToCache($cacheKey, $result);
+            }
 			
-			$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : null;
-			$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : null;
-			$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : null;
+            $pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : null;
+            $pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : null;
+            $pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : null;
 			
-			//handle grace login
-			$pwdGraceUseTimeCount = count($pwdGraceUseTime);
-			if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login?
-				if($pwdGraceAuthNLimit 
-					&& (count($pwdGraceAuthNLimit) > 0)
-					&&($pwdGraceUseTimeCount < intval($pwdGraceAuthNLimit[0]))) { //at least one more grace login available?
-					$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
-					header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
-					'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
-				} else { //no more grace login available
-					header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
-					'user_ldap.renewPassword.showLoginFormInvalidPassword', array('user' => $uid)));
-				}
-				exit();
-			}
-			//handle pwdReset attribute
-			if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password
-				$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
-				header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
-				'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
-				exit();
-			}
-			//handle password expiry warning
-			if($pwdChangedTime && (count($pwdChangedTime) > 0)) {
-				if($pwdMaxAge && (count($pwdMaxAge) > 0)
-					&& $pwdExpireWarning && (count($pwdExpireWarning) > 0)) {
-					$pwdMaxAgeInt = intval($pwdMaxAge[0]);
-					$pwdExpireWarningInt = intval($pwdExpireWarning[0]);
-					if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
-						$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
-						$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
-						$currentDateTime = new \DateTime();
-						$secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
-						if($secondsToExpiry <= $pwdExpireWarningInt) {
-							//remove last password expiry warning if any
-							$notification = $this->notificationManager->createNotification();
-							$notification->setApp('user_ldap')
-								->setUser($uid)
-								->setObject('pwd_exp_warn', $uid)
-							;
-							$this->notificationManager->markProcessed($notification);
-							//create new password expiry warning
-							$notification = $this->notificationManager->createNotification();
-							$notification->setApp('user_ldap')
-								->setUser($uid)
-								->setDateTime($currentDateTime)
-								->setObject('pwd_exp_warn', $uid) 
-								->setSubject('pwd_exp_warn_days', [strval(ceil($secondsToExpiry / 60 / 60 / 24))])
-							;
-							$this->notificationManager->notify($notification);
-						}
-					}
-				}
-			}
-		}
-	}
+            //handle grace login
+            $pwdGraceUseTimeCount = count($pwdGraceUseTime);
+            if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login?
+                if($pwdGraceAuthNLimit 
+                    && (count($pwdGraceAuthNLimit) > 0)
+                    &&($pwdGraceUseTimeCount < intval($pwdGraceAuthNLimit[0]))) { //at least one more grace login available?
+                    $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
+                    header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
+                    'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
+                } else { //no more grace login available
+                    header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
+                    'user_ldap.renewPassword.showLoginFormInvalidPassword', array('user' => $uid)));
+                }
+                exit();
+            }
+            //handle pwdReset attribute
+            if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password
+                $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
+                header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
+                'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
+                exit();
+            }
+            //handle password expiry warning
+            if($pwdChangedTime && (count($pwdChangedTime) > 0)) {
+                if($pwdMaxAge && (count($pwdMaxAge) > 0)
+                    && $pwdExpireWarning && (count($pwdExpireWarning) > 0)) {
+                    $pwdMaxAgeInt = intval($pwdMaxAge[0]);
+                    $pwdExpireWarningInt = intval($pwdExpireWarning[0]);
+                    if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
+                        $pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
+                        $pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
+                        $currentDateTime = new \DateTime();
+                        $secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
+                        if($secondsToExpiry <= $pwdExpireWarningInt) {
+                            //remove last password expiry warning if any
+                            $notification = $this->notificationManager->createNotification();
+                            $notification->setApp('user_ldap')
+                                ->setUser($uid)
+                                ->setObject('pwd_exp_warn', $uid)
+                            ;
+                            $this->notificationManager->markProcessed($notification);
+                            //create new password expiry warning
+                            $notification = $this->notificationManager->createNotification();
+                            $notification->setApp('user_ldap')
+                                ->setUser($uid)
+                                ->setDateTime($currentDateTime)
+                                ->setObject('pwd_exp_warn', $uid) 
+                                ->setSubject('pwd_exp_warn_days', [strval(ceil($secondsToExpiry / 60 / 60 / 24))])
+                            ;
+                            $this->notificationManager->notify($notification);
+                        }
+                    }
+                }
+            }
+        }
+    }
 }

apps/user_ldap/lib/User/Manager.php

Indentation +204 added lines, -204 removed lines

@@ -43,209 +43,209 @@
  * cache
  */
 class Manager {
-	/** @var IUserTools */
-	protected $access;
-
-	/** @var IConfig */
-	protected $ocConfig;
-
-	/** @var IDBConnection */
-	protected $db;
-
-	/** @var IUserManager */
-	protected $userManager;
-
-	/** @var INotificationManager */
-	protected $notificationManager;
-
-	/** @var FilesystemHelper */
-	protected $ocFilesystem;
-
-	/** @var LogWrapper */
-	protected $ocLog;
-
-	/** @var Image */
-	protected $image;
-
-	/** @param \OCP\IAvatarManager */
-	protected $avatarManager;
-
-	/**
-	 * @var CappedMemoryCache $usersByDN
-	 */
-	protected $usersByDN;
-	/**
-	 * @var CappedMemoryCache $usersByUid
-	 */
-	protected $usersByUid;
-
-	/**
-	 * @param IConfig $ocConfig
-	 * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that
-	 * gives access to necessary functions from the OC filesystem
-	 * @param  \OCA\User_LDAP\LogWrapper $ocLog
-	 * @param IAvatarManager $avatarManager
-	 * @param Image $image an empty image instance
-	 * @param IDBConnection $db
-	 * @throws \Exception when the methods mentioned above do not exist
-	 */
-	public function __construct(IConfig $ocConfig,
-								FilesystemHelper $ocFilesystem, LogWrapper $ocLog,
-								IAvatarManager $avatarManager, Image $image,
-								IDBConnection $db, IUserManager $userManager,
-								INotificationManager $notificationManager) {
-
-		$this->ocConfig            = $ocConfig;
-		$this->ocFilesystem        = $ocFilesystem;
-		$this->ocLog               = $ocLog;
-		$this->avatarManager       = $avatarManager;
-		$this->image               = $image;
-		$this->db                  = $db;
-		$this->userManager         = $userManager;
-		$this->notificationManager = $notificationManager;
-		$this->usersByDN           = new CappedMemoryCache();
-		$this->usersByUid          = new CappedMemoryCache();
-	}
-
-	/**
-	 * @brief binds manager to an instance of IUserTools (implemented by
-	 * Access). It needs to be assigned first before the manager can be used.
-	 * @param IUserTools
-	 */
-	public function setLdapAccess(IUserTools $access) {
-		$this->access = $access;
-	}
-
-	/**
-	 * @brief creates an instance of User and caches (just runtime) it in the
-	 * property array
-	 * @param string $dn the DN of the user
-	 * @param string $uid the internal (owncloud) username
-	 * @return \OCA\User_LDAP\User\User
-	 */
-	private function createAndCache($dn, $uid) {
-		$this->checkAccess();
-		$user = new User($uid, $dn, $this->access, $this->ocConfig,
-			$this->ocFilesystem, clone $this->image, $this->ocLog,
-			$this->avatarManager, $this->userManager, 
-			$this->notificationManager);
-		$this->usersByDN[$dn]   = $user;
-		$this->usersByUid[$uid] = $user;
-		return $user;
-	}
-
-	/**
-	 * @brief checks whether the Access instance has been set
-	 * @throws \Exception if Access has not been set
-	 * @return null
-	 */
-	private function checkAccess() {
-		if(is_null($this->access)) {
-			throw new \Exception('LDAP Access instance must be set first');
-		}
-	}
-
-	/**
-	 * returns a list of attributes that will be processed further, e.g. quota,
-	 * email, displayname, or others.
-	 * @param bool $minimal - optional, set to true to skip attributes with big
-	 * payload
-	 * @return string[]
-	 */
-	public function getAttributes($minimal = false) {
-		$attributes = array('dn', 'uid', 'samaccountname', 'memberof');
-		$possible = array(
-			$this->access->getConnection()->ldapQuotaAttribute,
-			$this->access->getConnection()->ldapEmailAttribute,
-			$this->access->getConnection()->ldapUserDisplayName,
-			$this->access->getConnection()->ldapUserDisplayName2,
-		);
-		foreach($possible as $attr) {
-			if(!is_null($attr)) {
-				$attributes[] = $attr;
-			}
-		}
-
-		$homeRule = $this->access->getConnection()->homeFolderNamingRule;
-		if(strpos($homeRule, 'attr:') === 0) {
-			$attributes[] = substr($homeRule, strlen('attr:'));
-		}
-
-		if(!$minimal) {
-			// attributes that are not really important but may come with big
-			// payload.
-			$attributes = array_merge($attributes, array(
-				'jpegphoto',
-				'thumbnailphoto'
-			));
-		}
-
-		return $attributes;
-	}
-
-	/**
-	 * Checks whether the specified user is marked as deleted
-	 * @param string $id the Nextcloud user name
-	 * @return bool
-	 */
-	public function isDeletedUser($id) {
-		$isDeleted = $this->ocConfig->getUserValue(
-			$id, 'user_ldap', 'isDeleted', 0);
-		return intval($isDeleted) === 1;
-	}
-
-	/**
-	 * creates and returns an instance of OfflineUser for the specified user
-	 * @param string $id
-	 * @return \OCA\User_LDAP\User\OfflineUser
-	 */
-	public function getDeletedUser($id) {
-		return new OfflineUser(
-			$id,
-			$this->ocConfig,
-			$this->db,
-			$this->access->getUserMapper());
-	}
-
-	/**
-	 * @brief returns a User object by it's Nextcloud username
-	 * @param string $id the DN or username of the user
-	 * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
-	 */
-	protected function createInstancyByUserName($id) {
-		//most likely a uid. Check whether it is a deleted user
-		if($this->isDeletedUser($id)) {
-			return $this->getDeletedUser($id);
-		}
-		$dn = $this->access->username2dn($id);
-		if($dn !== false) {
-			return $this->createAndCache($dn, $id);
-		}
-		return null;
-	}
-
-	/**
-	 * @brief returns a User object by it's DN or Nextcloud username
-	 * @param string $id the DN or username of the user
-	 * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
-	 * @throws \Exception when connection could not be established
-	 */
-	public function get($id) {
-		$this->checkAccess();
-		if(isset($this->usersByDN[$id])) {
-			return $this->usersByDN[$id];
-		} else if(isset($this->usersByUid[$id])) {
-			return $this->usersByUid[$id];
-		}
-
-		if($this->access->stringResemblesDN($id) ) {
-			$uid = $this->access->dn2username($id);
-			if($uid !== false) {
-				return $this->createAndCache($id, $uid);
-			}
-		}
-
-		return $this->createInstancyByUserName($id);
-	}
+    /** @var IUserTools */
+    protected $access;
+
+    /** @var IConfig */
+    protected $ocConfig;
+
+    /** @var IDBConnection */
+    protected $db;
+
+    /** @var IUserManager */
+    protected $userManager;
+
+    /** @var INotificationManager */
+    protected $notificationManager;
+
+    /** @var FilesystemHelper */
+    protected $ocFilesystem;
+
+    /** @var LogWrapper */
+    protected $ocLog;
+
+    /** @var Image */
+    protected $image;
+
+    /** @param \OCP\IAvatarManager */
+    protected $avatarManager;
+
+    /**
+     * @var CappedMemoryCache $usersByDN
+     */
+    protected $usersByDN;
+    /**
+     * @var CappedMemoryCache $usersByUid
+     */
+    protected $usersByUid;
+
+    /**
+     * @param IConfig $ocConfig
+     * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that
+     * gives access to necessary functions from the OC filesystem
+     * @param  \OCA\User_LDAP\LogWrapper $ocLog
+     * @param IAvatarManager $avatarManager
+     * @param Image $image an empty image instance
+     * @param IDBConnection $db
+     * @throws \Exception when the methods mentioned above do not exist
+     */
+    public function __construct(IConfig $ocConfig,
+                                FilesystemHelper $ocFilesystem, LogWrapper $ocLog,
+                                IAvatarManager $avatarManager, Image $image,
+                                IDBConnection $db, IUserManager $userManager,
+                                INotificationManager $notificationManager) {
+
+        $this->ocConfig            = $ocConfig;
+        $this->ocFilesystem        = $ocFilesystem;
+        $this->ocLog               = $ocLog;
+        $this->avatarManager       = $avatarManager;
+        $this->image               = $image;
+        $this->db                  = $db;
+        $this->userManager         = $userManager;
+        $this->notificationManager = $notificationManager;
+        $this->usersByDN           = new CappedMemoryCache();
+        $this->usersByUid          = new CappedMemoryCache();
+    }
+
+    /**
+     * @brief binds manager to an instance of IUserTools (implemented by
+     * Access). It needs to be assigned first before the manager can be used.
+     * @param IUserTools
+     */
+    public function setLdapAccess(IUserTools $access) {
+        $this->access = $access;
+    }
+
+    /**
+     * @brief creates an instance of User and caches (just runtime) it in the
+     * property array
+     * @param string $dn the DN of the user
+     * @param string $uid the internal (owncloud) username
+     * @return \OCA\User_LDAP\User\User
+     */
+    private function createAndCache($dn, $uid) {
+        $this->checkAccess();
+        $user = new User($uid, $dn, $this->access, $this->ocConfig,
+            $this->ocFilesystem, clone $this->image, $this->ocLog,
+            $this->avatarManager, $this->userManager, 
+            $this->notificationManager);
+        $this->usersByDN[$dn]   = $user;
+        $this->usersByUid[$uid] = $user;
+        return $user;
+    }
+
+    /**
+     * @brief checks whether the Access instance has been set
+     * @throws \Exception if Access has not been set
+     * @return null
+     */
+    private function checkAccess() {
+        if(is_null($this->access)) {
+            throw new \Exception('LDAP Access instance must be set first');
+        }
+    }
+
+    /**
+     * returns a list of attributes that will be processed further, e.g. quota,
+     * email, displayname, or others.
+     * @param bool $minimal - optional, set to true to skip attributes with big
+     * payload
+     * @return string[]
+     */
+    public function getAttributes($minimal = false) {
+        $attributes = array('dn', 'uid', 'samaccountname', 'memberof');
+        $possible = array(
+            $this->access->getConnection()->ldapQuotaAttribute,
+            $this->access->getConnection()->ldapEmailAttribute,
+            $this->access->getConnection()->ldapUserDisplayName,
+            $this->access->getConnection()->ldapUserDisplayName2,
+        );
+        foreach($possible as $attr) {
+            if(!is_null($attr)) {
+                $attributes[] = $attr;
+            }
+        }
+
+        $homeRule = $this->access->getConnection()->homeFolderNamingRule;
+        if(strpos($homeRule, 'attr:') === 0) {
+            $attributes[] = substr($homeRule, strlen('attr:'));
+        }
+
+        if(!$minimal) {
+            // attributes that are not really important but may come with big
+            // payload.
+            $attributes = array_merge($attributes, array(
+                'jpegphoto',
+                'thumbnailphoto'
+            ));
+        }
+
+        return $attributes;
+    }
+
+    /**
+     * Checks whether the specified user is marked as deleted
+     * @param string $id the Nextcloud user name
+     * @return bool
+     */
+    public function isDeletedUser($id) {
+        $isDeleted = $this->ocConfig->getUserValue(
+            $id, 'user_ldap', 'isDeleted', 0);
+        return intval($isDeleted) === 1;
+    }
+
+    /**
+     * creates and returns an instance of OfflineUser for the specified user
+     * @param string $id
+     * @return \OCA\User_LDAP\User\OfflineUser
+     */
+    public function getDeletedUser($id) {
+        return new OfflineUser(
+            $id,
+            $this->ocConfig,
+            $this->db,
+            $this->access->getUserMapper());
+    }
+
+    /**
+     * @brief returns a User object by it's Nextcloud username
+     * @param string $id the DN or username of the user
+     * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
+     */
+    protected function createInstancyByUserName($id) {
+        //most likely a uid. Check whether it is a deleted user
+        if($this->isDeletedUser($id)) {
+            return $this->getDeletedUser($id);
+        }
+        $dn = $this->access->username2dn($id);
+        if($dn !== false) {
+            return $this->createAndCache($dn, $id);
+        }
+        return null;
+    }
+
+    /**
+     * @brief returns a User object by it's DN or Nextcloud username
+     * @param string $id the DN or username of the user
+     * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
+     * @throws \Exception when connection could not be established
+     */
+    public function get($id) {
+        $this->checkAccess();
+        if(isset($this->usersByDN[$id])) {
+            return $this->usersByDN[$id];
+        } else if(isset($this->usersByUid[$id])) {
+            return $this->usersByUid[$id];
+        }
+
+        if($this->access->stringResemblesDN($id) ) {
+            $uid = $this->access->dn2username($id);
+            if($uid !== false) {
+                return $this->createAndCache($id, $uid);
+            }
+        }
+
+        return $this->createInstancyByUserName($id);
+    }
 
 }