nextcloud /
server
@@ -70,7 +70,7 @@ discard block |
||
| 70 | 70 | } |
| 71 | 71 | |
| 72 | 72 | if (isset($parsedUrl['port']) && $parsedUrl['port']) { |
| 73 | - return $this->isTrustedDomain($parsedUrl['host'] . ':' . $parsedUrl['port']); |
|
| 73 | + return $this->isTrustedDomain($parsedUrl['host'].':'.$parsedUrl['port']); |
|
| 74 | 74 | } |
| 75 | 75 | |
| 76 | 76 | return $this->isTrustedDomain($parsedUrl['host']); |
@@ -106,9 +106,9 @@ discard block |
||
| 106 | 106 | if (gettype($trusted) !== 'string') { |
| 107 | 107 | break; |
| 108 | 108 | } |
| 109 | - $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { |
|
| 109 | + $regex = '/^'.implode('[-\.a-zA-Z0-9]*', array_map(function($v) { |
|
| 110 | 110 | return preg_quote($v, '/'); |
| 111 | - }, explode('*', $trusted))) . '$/i'; |
|
| 111 | + }, explode('*', $trusted))).'$/i'; |
|
| 112 | 112 | if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { |
| 113 | 113 | return true; |
| 114 | 114 | } |
@@ -13,79 +13,79 @@ |
||
| 13 | 13 | use OCP\Security\ITrustedDomainHelper; |
| 14 | 14 | |
| 15 | 15 | class TrustedDomainHelper implements ITrustedDomainHelper { |
| 16 | - public function __construct( |
|
| 17 | - private IConfig $config, |
|
| 18 | - ) { |
|
| 19 | - } |
|
| 16 | + public function __construct( |
|
| 17 | + private IConfig $config, |
|
| 18 | + ) { |
|
| 19 | + } |
|
| 20 | 20 | |
| 21 | - /** |
|
| 22 | - * Strips a potential port from a domain (in format domain:port) |
|
| 23 | - * @return string $host without appended port |
|
| 24 | - */ |
|
| 25 | - private function getDomainWithoutPort(string $host): string { |
|
| 26 | - $pos = strrpos($host, ':'); |
|
| 27 | - if ($pos !== false) { |
|
| 28 | - $port = substr($host, $pos + 1); |
|
| 29 | - if (is_numeric($port)) { |
|
| 30 | - $host = substr($host, 0, $pos); |
|
| 31 | - } |
|
| 32 | - } |
|
| 33 | - return $host; |
|
| 34 | - } |
|
| 21 | + /** |
|
| 22 | + * Strips a potential port from a domain (in format domain:port) |
|
| 23 | + * @return string $host without appended port |
|
| 24 | + */ |
|
| 25 | + private function getDomainWithoutPort(string $host): string { |
|
| 26 | + $pos = strrpos($host, ':'); |
|
| 27 | + if ($pos !== false) { |
|
| 28 | + $port = substr($host, $pos + 1); |
|
| 29 | + if (is_numeric($port)) { |
|
| 30 | + $host = substr($host, 0, $pos); |
|
| 31 | + } |
|
| 32 | + } |
|
| 33 | + return $host; |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - /** |
|
| 37 | - * {@inheritDoc} |
|
| 38 | - */ |
|
| 39 | - public function isTrustedUrl(string $url): bool { |
|
| 40 | - $parsedUrl = parse_url($url); |
|
| 41 | - if (empty($parsedUrl['host'])) { |
|
| 42 | - return false; |
|
| 43 | - } |
|
| 36 | + /** |
|
| 37 | + * {@inheritDoc} |
|
| 38 | + */ |
|
| 39 | + public function isTrustedUrl(string $url): bool { |
|
| 40 | + $parsedUrl = parse_url($url); |
|
| 41 | + if (empty($parsedUrl['host'])) { |
|
| 42 | + return false; |
|
| 43 | + } |
|
| 44 | 44 | |
| 45 | - if (isset($parsedUrl['port']) && $parsedUrl['port']) { |
|
| 46 | - return $this->isTrustedDomain($parsedUrl['host'] . ':' . $parsedUrl['port']); |
|
| 47 | - } |
|
| 45 | + if (isset($parsedUrl['port']) && $parsedUrl['port']) { |
|
| 46 | + return $this->isTrustedDomain($parsedUrl['host'] . ':' . $parsedUrl['port']); |
|
| 47 | + } |
|
| 48 | 48 | |
| 49 | - return $this->isTrustedDomain($parsedUrl['host']); |
|
| 50 | - } |
|
| 49 | + return $this->isTrustedDomain($parsedUrl['host']); |
|
| 50 | + } |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * {@inheritDoc} |
|
| 54 | - */ |
|
| 55 | - public function isTrustedDomain(string $domainWithPort): bool { |
|
| 56 | - // overwritehost is always trusted |
|
| 57 | - if ($this->config->getSystemValue('overwritehost') !== '') { |
|
| 58 | - return true; |
|
| 59 | - } |
|
| 52 | + /** |
|
| 53 | + * {@inheritDoc} |
|
| 54 | + */ |
|
| 55 | + public function isTrustedDomain(string $domainWithPort): bool { |
|
| 56 | + // overwritehost is always trusted |
|
| 57 | + if ($this->config->getSystemValue('overwritehost') !== '') { |
|
| 58 | + return true; |
|
| 59 | + } |
|
| 60 | 60 | |
| 61 | - $domain = $this->getDomainWithoutPort($domainWithPort); |
|
| 61 | + $domain = $this->getDomainWithoutPort($domainWithPort); |
|
| 62 | 62 | |
| 63 | - // Read trusted domains from config |
|
| 64 | - $trustedList = $this->config->getSystemValue('trusted_domains', []); |
|
| 65 | - if (!is_array($trustedList)) { |
|
| 66 | - return false; |
|
| 67 | - } |
|
| 63 | + // Read trusted domains from config |
|
| 64 | + $trustedList = $this->config->getSystemValue('trusted_domains', []); |
|
| 65 | + if (!is_array($trustedList)) { |
|
| 66 | + return false; |
|
| 67 | + } |
|
| 68 | 68 | |
| 69 | - // Always allow access from localhost |
|
| 70 | - if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) { |
|
| 71 | - return true; |
|
| 72 | - } |
|
| 73 | - // Reject malformed domains in any case |
|
| 74 | - if (str_starts_with($domain, '-') || str_contains($domain, '..')) { |
|
| 75 | - return false; |
|
| 76 | - } |
|
| 77 | - // Match, allowing for * wildcards |
|
| 78 | - foreach ($trustedList as $trusted) { |
|
| 79 | - if (gettype($trusted) !== 'string') { |
|
| 80 | - break; |
|
| 81 | - } |
|
| 82 | - $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { |
|
| 83 | - return preg_quote($v, '/'); |
|
| 84 | - }, explode('*', $trusted))) . '$/i'; |
|
| 85 | - if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { |
|
| 86 | - return true; |
|
| 87 | - } |
|
| 88 | - } |
|
| 89 | - return false; |
|
| 90 | - } |
|
| 69 | + // Always allow access from localhost |
|
| 70 | + if (preg_match(Request::REGEX_LOCALHOST, $domain) === 1) { |
|
| 71 | + return true; |
|
| 72 | + } |
|
| 73 | + // Reject malformed domains in any case |
|
| 74 | + if (str_starts_with($domain, '-') || str_contains($domain, '..')) { |
|
| 75 | + return false; |
|
| 76 | + } |
|
| 77 | + // Match, allowing for * wildcards |
|
| 78 | + foreach ($trustedList as $trusted) { |
|
| 79 | + if (gettype($trusted) !== 'string') { |
|
| 80 | + break; |
|
| 81 | + } |
|
| 82 | + $regex = '/^' . implode('[-\.a-zA-Z0-9]*', array_map(function ($v) { |
|
| 83 | + return preg_quote($v, '/'); |
|
| 84 | + }, explode('*', $trusted))) . '$/i'; |
|
| 85 | + if (preg_match($regex, $domain) || preg_match($regex, $domainWithPort)) { |
|
| 86 | + return true; |
|
| 87 | + } |
|
| 88 | + } |
|
| 89 | + return false; |
|
| 90 | + } |
|
| 91 | 91 | } |
@@ -32,25 +32,25 @@ |
||
| 32 | 32 | use OCP\Migration\SimpleMigrationStep; |
| 33 | 33 | |
| 34 | 34 | class Version1130Date20220110154719 extends SimpleMigrationStep { |
| 35 | - public function getName() { |
|
| 36 | - return 'Drop ldap_group_mapping_backup'; |
|
| 37 | - } |
|
| 38 | - |
|
| 39 | - /** |
|
| 40 | - * @param IOutput $output |
|
| 41 | - * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 42 | - * @param array $options |
|
| 43 | - * @return null|ISchemaWrapper |
|
| 44 | - */ |
|
| 45 | - public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 46 | - /** @var ISchemaWrapper $schema */ |
|
| 47 | - $schema = $schemaClosure(); |
|
| 48 | - |
|
| 49 | - if ($schema->hasTable('ldap_group_mapping_backup')) { |
|
| 50 | - $schema->dropTable('ldap_group_mapping_backup'); |
|
| 51 | - return $schema; |
|
| 52 | - } |
|
| 53 | - |
|
| 54 | - return null; |
|
| 55 | - } |
|
| 35 | + public function getName() { |
|
| 36 | + return 'Drop ldap_group_mapping_backup'; |
|
| 37 | + } |
|
| 38 | + |
|
| 39 | + /** |
|
| 40 | + * @param IOutput $output |
|
| 41 | + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 42 | + * @param array $options |
|
| 43 | + * @return null|ISchemaWrapper |
|
| 44 | + */ |
|
| 45 | + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 46 | + /** @var ISchemaWrapper $schema */ |
|
| 47 | + $schema = $schemaClosure(); |
|
| 48 | + |
|
| 49 | + if ($schema->hasTable('ldap_group_mapping_backup')) { |
|
| 50 | + $schema->dropTable('ldap_group_mapping_backup'); |
|
| 51 | + return $schema; |
|
| 52 | + } |
|
| 53 | + |
|
| 54 | + return null; |
|
| 55 | + } |
|
| 56 | 56 | } |
@@ -94,7 +94,7 @@ discard block |
||
| 94 | 94 | */ |
| 95 | 95 | protected function getPath(string $user, string $path): string { |
| 96 | 96 | $node = $this->rootFolder->getUserFolder($user)->get($path); |
| 97 | - return 'files/' . md5($node->getStorage()->getId() . '::' . trim($node->getInternalPath(), '/')); |
|
| 97 | + return 'files/'.md5($node->getStorage()->getId().'::'.trim($node->getInternalPath(), '/')); |
|
| 98 | 98 | } |
| 99 | 99 | |
| 100 | 100 | /** |
@@ -125,7 +125,7 @@ discard block |
||
| 125 | 125 | |
| 126 | 126 | try { |
| 127 | 127 | $lockingProvider->acquireLock($path, $type); |
| 128 | - $this->config->setAppValue('testing', 'locking_' . $path, (string)$type); |
|
| 128 | + $this->config->setAppValue('testing', 'locking_'.$path, (string) $type); |
|
| 129 | 129 | return new DataResponse(); |
| 130 | 130 | } catch (LockedException $e) { |
| 131 | 131 | throw new OCSException('', Http::STATUS_LOCKED, $e); |
@@ -148,7 +148,7 @@ discard block |
||
| 148 | 148 | |
| 149 | 149 | try { |
| 150 | 150 | $lockingProvider->changeLock($path, $type); |
| 151 | - $this->config->setAppValue('testing', 'locking_' . $path, (string)$type); |
|
| 151 | + $this->config->setAppValue('testing', 'locking_'.$path, (string) $type); |
|
| 152 | 152 | return new DataResponse(); |
| 153 | 153 | } catch (LockedException $e) { |
| 154 | 154 | throw new OCSException('', Http::STATUS_LOCKED, $e); |
@@ -171,7 +171,7 @@ discard block |
||
| 171 | 171 | |
| 172 | 172 | try { |
| 173 | 173 | $lockingProvider->releaseLock($path, $type); |
| 174 | - $this->config->deleteAppValue('testing', 'locking_' . $path); |
|
| 174 | + $this->config->deleteAppValue('testing', 'locking_'.$path); |
|
| 175 | 175 | return new DataResponse(); |
| 176 | 176 | } catch (LockedException $e) { |
| 177 | 177 | throw new OCSException('', Http::STATUS_LOCKED, $e); |
@@ -206,12 +206,12 @@ discard block |
||
| 206 | 206 | if (strpos($lock, 'locking_') === 0) { |
| 207 | 207 | $path = substr($lock, strlen('locking_')); |
| 208 | 208 | |
| 209 | - if ($type === ILockingProvider::LOCK_EXCLUSIVE && (int)$this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_EXCLUSIVE) { |
|
| 210 | - $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 211 | - } elseif ($type === ILockingProvider::LOCK_SHARED && (int)$this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_SHARED) { |
|
| 212 | - $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 209 | + if ($type === ILockingProvider::LOCK_EXCLUSIVE && (int) $this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_EXCLUSIVE) { |
|
| 210 | + $lockingProvider->releaseLock($path, (int) $this->config->getAppValue('testing', $lock)); |
|
| 211 | + } elseif ($type === ILockingProvider::LOCK_SHARED && (int) $this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_SHARED) { |
|
| 212 | + $lockingProvider->releaseLock($path, (int) $this->config->getAppValue('testing', $lock)); |
|
| 213 | 213 | } else { |
| 214 | - $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 214 | + $lockingProvider->releaseLock($path, (int) $this->config->getAppValue('testing', $lock)); |
|
| 215 | 215 | } |
| 216 | 216 | } |
| 217 | 217 | } |
@@ -23,164 +23,164 @@ |
||
| 23 | 23 | |
| 24 | 24 | class LockingController extends OCSController { |
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * @param string $appName |
|
| 28 | - * @param IRequest $request |
|
| 29 | - * @param ILockingProvider $lockingProvider |
|
| 30 | - * @param FakeDBLockingProvider $fakeDBLockingProvider |
|
| 31 | - * @param IDBConnection $connection |
|
| 32 | - * @param IConfig $config |
|
| 33 | - * @param IRootFolder $rootFolder |
|
| 34 | - */ |
|
| 35 | - public function __construct( |
|
| 36 | - $appName, |
|
| 37 | - IRequest $request, |
|
| 38 | - protected ILockingProvider $lockingProvider, |
|
| 39 | - protected FakeDBLockingProvider $fakeDBLockingProvider, |
|
| 40 | - protected IDBConnection $connection, |
|
| 41 | - protected IConfig $config, |
|
| 42 | - protected IRootFolder $rootFolder, |
|
| 43 | - ) { |
|
| 44 | - parent::__construct($appName, $request); |
|
| 45 | - } |
|
| 46 | - |
|
| 47 | - /** |
|
| 48 | - * @throws \RuntimeException |
|
| 49 | - */ |
|
| 50 | - protected function getLockingProvider(): ILockingProvider { |
|
| 51 | - if ($this->lockingProvider instanceof DBLockingProvider) { |
|
| 52 | - return $this->fakeDBLockingProvider; |
|
| 53 | - } |
|
| 54 | - throw new \RuntimeException('Lock provisioning is only possible using the DBLockingProvider'); |
|
| 55 | - } |
|
| 56 | - |
|
| 57 | - /** |
|
| 58 | - * @throws NotFoundException |
|
| 59 | - */ |
|
| 60 | - protected function getPath(string $user, string $path): string { |
|
| 61 | - $node = $this->rootFolder->getUserFolder($user)->get($path); |
|
| 62 | - return 'files/' . md5($node->getStorage()->getId() . '::' . trim($node->getInternalPath(), '/')); |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - /** |
|
| 66 | - * @throws OCSException |
|
| 67 | - */ |
|
| 68 | - public function isLockingEnabled(): DataResponse { |
|
| 69 | - try { |
|
| 70 | - $this->getLockingProvider(); |
|
| 71 | - return new DataResponse(); |
|
| 72 | - } catch (\RuntimeException $e) { |
|
| 73 | - throw new OCSException($e->getMessage(), Http::STATUS_NOT_IMPLEMENTED, $e); |
|
| 74 | - } |
|
| 75 | - } |
|
| 76 | - |
|
| 77 | - /** |
|
| 78 | - * @throws OCSException |
|
| 79 | - */ |
|
| 80 | - public function acquireLock(int $type, string $user, string $path): DataResponse { |
|
| 81 | - try { |
|
| 82 | - $path = $this->getPath($user, $path); |
|
| 83 | - } catch (NoUserException $e) { |
|
| 84 | - throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 85 | - } catch (NotFoundException $e) { |
|
| 86 | - throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - $lockingProvider = $this->getLockingProvider(); |
|
| 90 | - |
|
| 91 | - try { |
|
| 92 | - $lockingProvider->acquireLock($path, $type); |
|
| 93 | - $this->config->setAppValue('testing', 'locking_' . $path, (string)$type); |
|
| 94 | - return new DataResponse(); |
|
| 95 | - } catch (LockedException $e) { |
|
| 96 | - throw new OCSException('', Http::STATUS_LOCKED, $e); |
|
| 97 | - } |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - /** |
|
| 101 | - * @throws OCSException |
|
| 102 | - */ |
|
| 103 | - public function changeLock(int $type, string $user, string $path): DataResponse { |
|
| 104 | - try { |
|
| 105 | - $path = $this->getPath($user, $path); |
|
| 106 | - } catch (NoUserException $e) { |
|
| 107 | - throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 108 | - } catch (NotFoundException $e) { |
|
| 109 | - throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 110 | - } |
|
| 111 | - |
|
| 112 | - $lockingProvider = $this->getLockingProvider(); |
|
| 113 | - |
|
| 114 | - try { |
|
| 115 | - $lockingProvider->changeLock($path, $type); |
|
| 116 | - $this->config->setAppValue('testing', 'locking_' . $path, (string)$type); |
|
| 117 | - return new DataResponse(); |
|
| 118 | - } catch (LockedException $e) { |
|
| 119 | - throw new OCSException('', Http::STATUS_LOCKED, $e); |
|
| 120 | - } |
|
| 121 | - } |
|
| 122 | - |
|
| 123 | - /** |
|
| 124 | - * @throws OCSException |
|
| 125 | - */ |
|
| 126 | - public function releaseLock(int $type, string $user, string $path): DataResponse { |
|
| 127 | - try { |
|
| 128 | - $path = $this->getPath($user, $path); |
|
| 129 | - } catch (NoUserException $e) { |
|
| 130 | - throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 131 | - } catch (NotFoundException $e) { |
|
| 132 | - throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 133 | - } |
|
| 134 | - |
|
| 135 | - $lockingProvider = $this->getLockingProvider(); |
|
| 136 | - |
|
| 137 | - try { |
|
| 138 | - $lockingProvider->releaseLock($path, $type); |
|
| 139 | - $this->config->deleteAppValue('testing', 'locking_' . $path); |
|
| 140 | - return new DataResponse(); |
|
| 141 | - } catch (LockedException $e) { |
|
| 142 | - throw new OCSException('', Http::STATUS_LOCKED, $e); |
|
| 143 | - } |
|
| 144 | - } |
|
| 145 | - |
|
| 146 | - /** |
|
| 147 | - * @throws OCSException |
|
| 148 | - */ |
|
| 149 | - public function isLocked(int $type, string $user, string $path): DataResponse { |
|
| 150 | - try { |
|
| 151 | - $path = $this->getPath($user, $path); |
|
| 152 | - } catch (NoUserException $e) { |
|
| 153 | - throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 154 | - } catch (NotFoundException $e) { |
|
| 155 | - throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 156 | - } |
|
| 157 | - |
|
| 158 | - $lockingProvider = $this->getLockingProvider(); |
|
| 159 | - |
|
| 160 | - if ($lockingProvider->isLocked($path, $type)) { |
|
| 161 | - return new DataResponse(); |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - throw new OCSException('', Http::STATUS_LOCKED); |
|
| 165 | - } |
|
| 166 | - |
|
| 167 | - public function releaseAll(?int $type = null): DataResponse { |
|
| 168 | - $lockingProvider = $this->getLockingProvider(); |
|
| 169 | - |
|
| 170 | - foreach ($this->config->getAppKeys('testing') as $lock) { |
|
| 171 | - if (strpos($lock, 'locking_') === 0) { |
|
| 172 | - $path = substr($lock, strlen('locking_')); |
|
| 173 | - |
|
| 174 | - if ($type === ILockingProvider::LOCK_EXCLUSIVE && (int)$this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_EXCLUSIVE) { |
|
| 175 | - $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 176 | - } elseif ($type === ILockingProvider::LOCK_SHARED && (int)$this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_SHARED) { |
|
| 177 | - $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 178 | - } else { |
|
| 179 | - $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 180 | - } |
|
| 181 | - } |
|
| 182 | - } |
|
| 183 | - |
|
| 184 | - return new DataResponse(); |
|
| 185 | - } |
|
| 26 | + /** |
|
| 27 | + * @param string $appName |
|
| 28 | + * @param IRequest $request |
|
| 29 | + * @param ILockingProvider $lockingProvider |
|
| 30 | + * @param FakeDBLockingProvider $fakeDBLockingProvider |
|
| 31 | + * @param IDBConnection $connection |
|
| 32 | + * @param IConfig $config |
|
| 33 | + * @param IRootFolder $rootFolder |
|
| 34 | + */ |
|
| 35 | + public function __construct( |
|
| 36 | + $appName, |
|
| 37 | + IRequest $request, |
|
| 38 | + protected ILockingProvider $lockingProvider, |
|
| 39 | + protected FakeDBLockingProvider $fakeDBLockingProvider, |
|
| 40 | + protected IDBConnection $connection, |
|
| 41 | + protected IConfig $config, |
|
| 42 | + protected IRootFolder $rootFolder, |
|
| 43 | + ) { |
|
| 44 | + parent::__construct($appName, $request); |
|
| 45 | + } |
|
| 46 | + |
|
| 47 | + /** |
|
| 48 | + * @throws \RuntimeException |
|
| 49 | + */ |
|
| 50 | + protected function getLockingProvider(): ILockingProvider { |
|
| 51 | + if ($this->lockingProvider instanceof DBLockingProvider) { |
|
| 52 | + return $this->fakeDBLockingProvider; |
|
| 53 | + } |
|
| 54 | + throw new \RuntimeException('Lock provisioning is only possible using the DBLockingProvider'); |
|
| 55 | + } |
|
| 56 | + |
|
| 57 | + /** |
|
| 58 | + * @throws NotFoundException |
|
| 59 | + */ |
|
| 60 | + protected function getPath(string $user, string $path): string { |
|
| 61 | + $node = $this->rootFolder->getUserFolder($user)->get($path); |
|
| 62 | + return 'files/' . md5($node->getStorage()->getId() . '::' . trim($node->getInternalPath(), '/')); |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + /** |
|
| 66 | + * @throws OCSException |
|
| 67 | + */ |
|
| 68 | + public function isLockingEnabled(): DataResponse { |
|
| 69 | + try { |
|
| 70 | + $this->getLockingProvider(); |
|
| 71 | + return new DataResponse(); |
|
| 72 | + } catch (\RuntimeException $e) { |
|
| 73 | + throw new OCSException($e->getMessage(), Http::STATUS_NOT_IMPLEMENTED, $e); |
|
| 74 | + } |
|
| 75 | + } |
|
| 76 | + |
|
| 77 | + /** |
|
| 78 | + * @throws OCSException |
|
| 79 | + */ |
|
| 80 | + public function acquireLock(int $type, string $user, string $path): DataResponse { |
|
| 81 | + try { |
|
| 82 | + $path = $this->getPath($user, $path); |
|
| 83 | + } catch (NoUserException $e) { |
|
| 84 | + throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 85 | + } catch (NotFoundException $e) { |
|
| 86 | + throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + $lockingProvider = $this->getLockingProvider(); |
|
| 90 | + |
|
| 91 | + try { |
|
| 92 | + $lockingProvider->acquireLock($path, $type); |
|
| 93 | + $this->config->setAppValue('testing', 'locking_' . $path, (string)$type); |
|
| 94 | + return new DataResponse(); |
|
| 95 | + } catch (LockedException $e) { |
|
| 96 | + throw new OCSException('', Http::STATUS_LOCKED, $e); |
|
| 97 | + } |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + /** |
|
| 101 | + * @throws OCSException |
|
| 102 | + */ |
|
| 103 | + public function changeLock(int $type, string $user, string $path): DataResponse { |
|
| 104 | + try { |
|
| 105 | + $path = $this->getPath($user, $path); |
|
| 106 | + } catch (NoUserException $e) { |
|
| 107 | + throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 108 | + } catch (NotFoundException $e) { |
|
| 109 | + throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 110 | + } |
|
| 111 | + |
|
| 112 | + $lockingProvider = $this->getLockingProvider(); |
|
| 113 | + |
|
| 114 | + try { |
|
| 115 | + $lockingProvider->changeLock($path, $type); |
|
| 116 | + $this->config->setAppValue('testing', 'locking_' . $path, (string)$type); |
|
| 117 | + return new DataResponse(); |
|
| 118 | + } catch (LockedException $e) { |
|
| 119 | + throw new OCSException('', Http::STATUS_LOCKED, $e); |
|
| 120 | + } |
|
| 121 | + } |
|
| 122 | + |
|
| 123 | + /** |
|
| 124 | + * @throws OCSException |
|
| 125 | + */ |
|
| 126 | + public function releaseLock(int $type, string $user, string $path): DataResponse { |
|
| 127 | + try { |
|
| 128 | + $path = $this->getPath($user, $path); |
|
| 129 | + } catch (NoUserException $e) { |
|
| 130 | + throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 131 | + } catch (NotFoundException $e) { |
|
| 132 | + throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 133 | + } |
|
| 134 | + |
|
| 135 | + $lockingProvider = $this->getLockingProvider(); |
|
| 136 | + |
|
| 137 | + try { |
|
| 138 | + $lockingProvider->releaseLock($path, $type); |
|
| 139 | + $this->config->deleteAppValue('testing', 'locking_' . $path); |
|
| 140 | + return new DataResponse(); |
|
| 141 | + } catch (LockedException $e) { |
|
| 142 | + throw new OCSException('', Http::STATUS_LOCKED, $e); |
|
| 143 | + } |
|
| 144 | + } |
|
| 145 | + |
|
| 146 | + /** |
|
| 147 | + * @throws OCSException |
|
| 148 | + */ |
|
| 149 | + public function isLocked(int $type, string $user, string $path): DataResponse { |
|
| 150 | + try { |
|
| 151 | + $path = $this->getPath($user, $path); |
|
| 152 | + } catch (NoUserException $e) { |
|
| 153 | + throw new OCSException('User not found', Http::STATUS_NOT_FOUND, $e); |
|
| 154 | + } catch (NotFoundException $e) { |
|
| 155 | + throw new OCSException('Path not found', Http::STATUS_NOT_FOUND, $e); |
|
| 156 | + } |
|
| 157 | + |
|
| 158 | + $lockingProvider = $this->getLockingProvider(); |
|
| 159 | + |
|
| 160 | + if ($lockingProvider->isLocked($path, $type)) { |
|
| 161 | + return new DataResponse(); |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + throw new OCSException('', Http::STATUS_LOCKED); |
|
| 165 | + } |
|
| 166 | + |
|
| 167 | + public function releaseAll(?int $type = null): DataResponse { |
|
| 168 | + $lockingProvider = $this->getLockingProvider(); |
|
| 169 | + |
|
| 170 | + foreach ($this->config->getAppKeys('testing') as $lock) { |
|
| 171 | + if (strpos($lock, 'locking_') === 0) { |
|
| 172 | + $path = substr($lock, strlen('locking_')); |
|
| 173 | + |
|
| 174 | + if ($type === ILockingProvider::LOCK_EXCLUSIVE && (int)$this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_EXCLUSIVE) { |
|
| 175 | + $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 176 | + } elseif ($type === ILockingProvider::LOCK_SHARED && (int)$this->config->getAppValue('testing', $lock) === ILockingProvider::LOCK_SHARED) { |
|
| 177 | + $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 178 | + } else { |
|
| 179 | + $lockingProvider->releaseLock($path, (int)$this->config->getAppValue('testing', $lock)); |
|
| 180 | + } |
|
| 181 | + } |
|
| 182 | + } |
|
| 183 | + |
|
| 184 | + return new DataResponse(); |
|
| 185 | + } |
|
| 186 | 186 | } |
@@ -30,37 +30,37 @@ |
||
| 30 | 30 | use OCP\Migration\SimpleMigrationStep; |
| 31 | 31 | |
| 32 | 32 | class Version24000Date20211213081604 extends SimpleMigrationStep { |
| 33 | - /** |
|
| 34 | - * @param IOutput $output |
|
| 35 | - * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 36 | - * @param array $options |
|
| 37 | - * @return null|ISchemaWrapper |
|
| 38 | - */ |
|
| 39 | - public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 40 | - /** @var ISchemaWrapper $schema */ |
|
| 41 | - $schema = $schemaClosure(); |
|
| 33 | + /** |
|
| 34 | + * @param IOutput $output |
|
| 35 | + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 36 | + * @param array $options |
|
| 37 | + * @return null|ISchemaWrapper |
|
| 38 | + */ |
|
| 39 | + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 40 | + /** @var ISchemaWrapper $schema */ |
|
| 41 | + $schema = $schemaClosure(); |
|
| 42 | 42 | |
| 43 | - $hasTable = $schema->hasTable('ratelimit_entries'); |
|
| 43 | + $hasTable = $schema->hasTable('ratelimit_entries'); |
|
| 44 | 44 | |
| 45 | - if (!$hasTable) { |
|
| 46 | - $table = $schema->createTable('ratelimit_entries'); |
|
| 47 | - $table->addColumn('id', Types::BIGINT, [ |
|
| 48 | - 'autoincrement' => true, |
|
| 49 | - 'notnull' => true, |
|
| 50 | - ]); |
|
| 51 | - $table->addColumn('hash', Types::STRING, [ |
|
| 52 | - 'notnull' => true, |
|
| 53 | - 'length' => 128, |
|
| 54 | - ]); |
|
| 55 | - $table->addColumn('delete_after', Types::DATETIME, [ |
|
| 56 | - 'notnull' => true, |
|
| 57 | - ]); |
|
| 58 | - $table->setPrimaryKey(['id']); |
|
| 59 | - $table->addIndex(['hash'], 'ratelimit_hash'); |
|
| 60 | - $table->addIndex(['delete_after'], 'ratelimit_delete_after'); |
|
| 61 | - return $schema; |
|
| 62 | - } |
|
| 45 | + if (!$hasTable) { |
|
| 46 | + $table = $schema->createTable('ratelimit_entries'); |
|
| 47 | + $table->addColumn('id', Types::BIGINT, [ |
|
| 48 | + 'autoincrement' => true, |
|
| 49 | + 'notnull' => true, |
|
| 50 | + ]); |
|
| 51 | + $table->addColumn('hash', Types::STRING, [ |
|
| 52 | + 'notnull' => true, |
|
| 53 | + 'length' => 128, |
|
| 54 | + ]); |
|
| 55 | + $table->addColumn('delete_after', Types::DATETIME, [ |
|
| 56 | + 'notnull' => true, |
|
| 57 | + ]); |
|
| 58 | + $table->setPrimaryKey(['id']); |
|
| 59 | + $table->addIndex(['hash'], 'ratelimit_hash'); |
|
| 60 | + $table->addIndex(['delete_after'], 'ratelimit_delete_after'); |
|
| 61 | + return $schema; |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - return null; |
|
| 65 | - } |
|
| 64 | + return null; |
|
| 65 | + } |
|
| 66 | 66 | } |
@@ -29,22 +29,22 @@ |
||
| 29 | 29 | use OCP\Migration\SimpleMigrationStep; |
| 30 | 30 | |
| 31 | 31 | class Version24000Date20211213081506 extends SimpleMigrationStep { |
| 32 | - /** |
|
| 33 | - * @param IOutput $output |
|
| 34 | - * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 35 | - * @param array $options |
|
| 36 | - * @return null|ISchemaWrapper |
|
| 37 | - */ |
|
| 38 | - public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 39 | - /** @var ISchemaWrapper $schema */ |
|
| 40 | - $schema = $schemaClosure(); |
|
| 32 | + /** |
|
| 33 | + * @param IOutput $output |
|
| 34 | + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 35 | + * @param array $options |
|
| 36 | + * @return null|ISchemaWrapper |
|
| 37 | + */ |
|
| 38 | + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 39 | + /** @var ISchemaWrapper $schema */ |
|
| 40 | + $schema = $schemaClosure(); |
|
| 41 | 41 | |
| 42 | - $hasTable = $schema->hasTable('ratelimit_entries'); |
|
| 43 | - if ($hasTable) { |
|
| 44 | - $schema->dropTable('ratelimit_entries'); |
|
| 45 | - return $schema; |
|
| 46 | - } |
|
| 42 | + $hasTable = $schema->hasTable('ratelimit_entries'); |
|
| 43 | + if ($hasTable) { |
|
| 44 | + $schema->dropTable('ratelimit_entries'); |
|
| 45 | + return $schema; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - return null; |
|
| 49 | - } |
|
| 48 | + return null; |
|
| 49 | + } |
|
| 50 | 50 | } |
@@ -28,22 +28,22 @@ |
||
| 28 | 28 | use OCP\Talk\IConversationOptions; |
| 29 | 29 | |
| 30 | 30 | class ConversationOptions implements IConversationOptions { |
| 31 | - private bool $isPublic; |
|
| 31 | + private bool $isPublic; |
|
| 32 | 32 | |
| 33 | - private function __construct(bool $isPublic) { |
|
| 34 | - $this->isPublic = $isPublic; |
|
| 35 | - } |
|
| 33 | + private function __construct(bool $isPublic) { |
|
| 34 | + $this->isPublic = $isPublic; |
|
| 35 | + } |
|
| 36 | 36 | |
| 37 | - public static function default(): self { |
|
| 38 | - return new self(false); |
|
| 39 | - } |
|
| 37 | + public static function default(): self { |
|
| 38 | + return new self(false); |
|
| 39 | + } |
|
| 40 | 40 | |
| 41 | - public function setPublic(bool $isPublic = true): IConversationOptions { |
|
| 42 | - $this->isPublic = $isPublic; |
|
| 43 | - return $this; |
|
| 44 | - } |
|
| 41 | + public function setPublic(bool $isPublic = true): IConversationOptions { |
|
| 42 | + $this->isPublic = $isPublic; |
|
| 43 | + return $this; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - public function isPublic(): bool { |
|
| 47 | - return $this->isPublic; |
|
| 48 | - } |
|
| 46 | + public function isPublic(): bool { |
|
| 47 | + return $this->isPublic; |
|
| 48 | + } |
|
| 49 | 49 | } |
@@ -32,24 +32,24 @@ |
||
| 32 | 32 | use OCP\Migration\SimpleMigrationStep; |
| 33 | 33 | |
| 34 | 34 | class Version24000Date20220131153041 extends SimpleMigrationStep { |
| 35 | - /** |
|
| 36 | - * @param IOutput $output |
|
| 37 | - * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 38 | - * @param array $options |
|
| 39 | - * @return null|ISchemaWrapper |
|
| 40 | - */ |
|
| 41 | - public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 42 | - /** @var ISchemaWrapper $schema */ |
|
| 43 | - $schema = $schemaClosure(); |
|
| 35 | + /** |
|
| 36 | + * @param IOutput $output |
|
| 37 | + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 38 | + * @param array $options |
|
| 39 | + * @return null|ISchemaWrapper |
|
| 40 | + */ |
|
| 41 | + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 42 | + /** @var ISchemaWrapper $schema */ |
|
| 43 | + $schema = $schemaClosure(); |
|
| 44 | 44 | |
| 45 | - $table = $schema->getTable('jobs'); |
|
| 46 | - if (!$table->hasColumn('time_sensitive')) { |
|
| 47 | - $table->addColumn('time_sensitive', Types::SMALLINT, [ |
|
| 48 | - 'default' => 1, |
|
| 49 | - ]); |
|
| 50 | - $table->addIndex(['time_sensitive'], 'jobs_time_sensitive'); |
|
| 51 | - return $schema; |
|
| 52 | - } |
|
| 53 | - return null; |
|
| 54 | - } |
|
| 45 | + $table = $schema->getTable('jobs'); |
|
| 46 | + if (!$table->hasColumn('time_sensitive')) { |
|
| 47 | + $table->addColumn('time_sensitive', Types::SMALLINT, [ |
|
| 48 | + 'default' => 1, |
|
| 49 | + ]); |
|
| 50 | + $table->addIndex(['time_sensitive'], 'jobs_time_sensitive'); |
|
| 51 | + return $schema; |
|
| 52 | + } |
|
| 53 | + return null; |
|
| 54 | + } |
|
| 55 | 55 | } |
@@ -214,7 +214,7 @@ |
||
| 214 | 214 | |
| 215 | 215 | while ($nextcloudId = array_shift($idList)) { |
| 216 | 216 | $update->setParameter('nextcloudId', $nextcloudId); |
| 217 | - $update->setParameter('invalidatedUuid', 'invalidated_' . \bin2hex(\random_bytes(6))); |
|
| 217 | + $update->setParameter('invalidatedUuid', 'invalidated_'.\bin2hex(\random_bytes(6))); |
|
| 218 | 218 | try { |
| 219 | 219 | $update->executeStatement(); |
| 220 | 220 | $this->logger->warning( |
@@ -22,245 +22,245 @@ |
||
| 22 | 22 | |
| 23 | 23 | class Version1130Date20211102154716 extends SimpleMigrationStep { |
| 24 | 24 | |
| 25 | - /** @var string[] */ |
|
| 26 | - private $hashColumnAddedToTables = []; |
|
| 25 | + /** @var string[] */ |
|
| 26 | + private $hashColumnAddedToTables = []; |
|
| 27 | 27 | |
| 28 | - public function __construct( |
|
| 29 | - private IDBConnection $dbc, |
|
| 30 | - private LoggerInterface $logger, |
|
| 31 | - ) { |
|
| 32 | - } |
|
| 28 | + public function __construct( |
|
| 29 | + private IDBConnection $dbc, |
|
| 30 | + private LoggerInterface $logger, |
|
| 31 | + ) { |
|
| 32 | + } |
|
| 33 | 33 | |
| 34 | - public function getName() { |
|
| 35 | - return 'Adjust LDAP user and group ldap_dn column lengths and add ldap_dn_hash columns'; |
|
| 36 | - } |
|
| 34 | + public function getName() { |
|
| 35 | + return 'Adjust LDAP user and group ldap_dn column lengths and add ldap_dn_hash columns'; |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | - public function preSchemaChange(IOutput $output, \Closure $schemaClosure, array $options) { |
|
| 39 | - foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { |
|
| 40 | - $this->processDuplicateUUIDs($tableName); |
|
| 41 | - } |
|
| 38 | + public function preSchemaChange(IOutput $output, \Closure $schemaClosure, array $options) { |
|
| 39 | + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { |
|
| 40 | + $this->processDuplicateUUIDs($tableName); |
|
| 41 | + } |
|
| 42 | 42 | |
| 43 | - /** @var ISchemaWrapper $schema */ |
|
| 44 | - $schema = $schemaClosure(); |
|
| 45 | - if ($schema->hasTable('ldap_group_mapping_backup')) { |
|
| 46 | - // Previous upgrades of a broken release might have left an incomplete |
|
| 47 | - // ldap_group_mapping_backup table. No need to recreate, but it |
|
| 48 | - // should be empty. |
|
| 49 | - // TRUNCATE is not available from Query Builder, but faster than DELETE FROM. |
|
| 50 | - $sql = $this->dbc->getDatabasePlatform()->getTruncateTableSQL('`*PREFIX*ldap_group_mapping_backup`', false); |
|
| 51 | - $this->dbc->executeStatement($sql); |
|
| 52 | - } |
|
| 53 | - } |
|
| 43 | + /** @var ISchemaWrapper $schema */ |
|
| 44 | + $schema = $schemaClosure(); |
|
| 45 | + if ($schema->hasTable('ldap_group_mapping_backup')) { |
|
| 46 | + // Previous upgrades of a broken release might have left an incomplete |
|
| 47 | + // ldap_group_mapping_backup table. No need to recreate, but it |
|
| 48 | + // should be empty. |
|
| 49 | + // TRUNCATE is not available from Query Builder, but faster than DELETE FROM. |
|
| 50 | + $sql = $this->dbc->getDatabasePlatform()->getTruncateTableSQL('`*PREFIX*ldap_group_mapping_backup`', false); |
|
| 51 | + $this->dbc->executeStatement($sql); |
|
| 52 | + } |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - /** |
|
| 56 | - * @param IOutput $output |
|
| 57 | - * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 58 | - * @param array $options |
|
| 59 | - * @return null|ISchemaWrapper |
|
| 60 | - */ |
|
| 61 | - public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 62 | - /** @var ISchemaWrapper $schema */ |
|
| 63 | - $schema = $schemaClosure(); |
|
| 55 | + /** |
|
| 56 | + * @param IOutput $output |
|
| 57 | + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 58 | + * @param array $options |
|
| 59 | + * @return null|ISchemaWrapper |
|
| 60 | + */ |
|
| 61 | + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { |
|
| 62 | + /** @var ISchemaWrapper $schema */ |
|
| 63 | + $schema = $schemaClosure(); |
|
| 64 | 64 | |
| 65 | - $changeSchema = false; |
|
| 66 | - foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { |
|
| 67 | - $table = $schema->getTable($tableName); |
|
| 68 | - if (!$table->hasColumn('ldap_dn_hash')) { |
|
| 69 | - $table->addColumn('ldap_dn_hash', Types::STRING, [ |
|
| 70 | - 'notnull' => false, |
|
| 71 | - 'length' => 64, |
|
| 72 | - ]); |
|
| 73 | - $changeSchema = true; |
|
| 74 | - $this->hashColumnAddedToTables[] = $tableName; |
|
| 75 | - } |
|
| 76 | - $column = $table->getColumn('ldap_dn'); |
|
| 77 | - if ($tableName === 'ldap_user_mapping') { |
|
| 78 | - if ($column->getLength() < 4000) { |
|
| 79 | - $column->setLength(4000); |
|
| 80 | - $changeSchema = true; |
|
| 81 | - } |
|
| 65 | + $changeSchema = false; |
|
| 66 | + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { |
|
| 67 | + $table = $schema->getTable($tableName); |
|
| 68 | + if (!$table->hasColumn('ldap_dn_hash')) { |
|
| 69 | + $table->addColumn('ldap_dn_hash', Types::STRING, [ |
|
| 70 | + 'notnull' => false, |
|
| 71 | + 'length' => 64, |
|
| 72 | + ]); |
|
| 73 | + $changeSchema = true; |
|
| 74 | + $this->hashColumnAddedToTables[] = $tableName; |
|
| 75 | + } |
|
| 76 | + $column = $table->getColumn('ldap_dn'); |
|
| 77 | + if ($tableName === 'ldap_user_mapping') { |
|
| 78 | + if ($column->getLength() < 4000) { |
|
| 79 | + $column->setLength(4000); |
|
| 80 | + $changeSchema = true; |
|
| 81 | + } |
|
| 82 | 82 | |
| 83 | - if ($table->hasIndex('ldap_dn_users')) { |
|
| 84 | - $table->dropIndex('ldap_dn_users'); |
|
| 85 | - $changeSchema = true; |
|
| 86 | - } |
|
| 87 | - if (!$table->hasIndex('ldap_user_dn_hashes')) { |
|
| 88 | - $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes'); |
|
| 89 | - $changeSchema = true; |
|
| 90 | - } |
|
| 91 | - if (!$table->hasIndex('ldap_user_directory_uuid')) { |
|
| 92 | - $table->addUniqueIndex(['directory_uuid'], 'ldap_user_directory_uuid'); |
|
| 93 | - $changeSchema = true; |
|
| 94 | - } |
|
| 95 | - } elseif (!$schema->hasTable('ldap_group_mapping_backup')) { |
|
| 96 | - // We need to copy the table twice to be able to change primary key, prepare the backup table |
|
| 97 | - $table2 = $schema->createTable('ldap_group_mapping_backup'); |
|
| 98 | - $table2->addColumn('ldap_dn', Types::STRING, [ |
|
| 99 | - 'notnull' => true, |
|
| 100 | - 'length' => 4000, |
|
| 101 | - 'default' => '', |
|
| 102 | - ]); |
|
| 103 | - $table2->addColumn('owncloud_name', Types::STRING, [ |
|
| 104 | - 'notnull' => true, |
|
| 105 | - 'length' => 64, |
|
| 106 | - 'default' => '', |
|
| 107 | - ]); |
|
| 108 | - $table2->addColumn('directory_uuid', Types::STRING, [ |
|
| 109 | - 'notnull' => true, |
|
| 110 | - 'length' => 255, |
|
| 111 | - 'default' => '', |
|
| 112 | - ]); |
|
| 113 | - $table2->addColumn('ldap_dn_hash', Types::STRING, [ |
|
| 114 | - 'notnull' => false, |
|
| 115 | - 'length' => 64, |
|
| 116 | - ]); |
|
| 117 | - $table2->setPrimaryKey(['owncloud_name'], 'lgm_backup_primary'); |
|
| 118 | - $changeSchema = true; |
|
| 119 | - } |
|
| 120 | - } |
|
| 83 | + if ($table->hasIndex('ldap_dn_users')) { |
|
| 84 | + $table->dropIndex('ldap_dn_users'); |
|
| 85 | + $changeSchema = true; |
|
| 86 | + } |
|
| 87 | + if (!$table->hasIndex('ldap_user_dn_hashes')) { |
|
| 88 | + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes'); |
|
| 89 | + $changeSchema = true; |
|
| 90 | + } |
|
| 91 | + if (!$table->hasIndex('ldap_user_directory_uuid')) { |
|
| 92 | + $table->addUniqueIndex(['directory_uuid'], 'ldap_user_directory_uuid'); |
|
| 93 | + $changeSchema = true; |
|
| 94 | + } |
|
| 95 | + } elseif (!$schema->hasTable('ldap_group_mapping_backup')) { |
|
| 96 | + // We need to copy the table twice to be able to change primary key, prepare the backup table |
|
| 97 | + $table2 = $schema->createTable('ldap_group_mapping_backup'); |
|
| 98 | + $table2->addColumn('ldap_dn', Types::STRING, [ |
|
| 99 | + 'notnull' => true, |
|
| 100 | + 'length' => 4000, |
|
| 101 | + 'default' => '', |
|
| 102 | + ]); |
|
| 103 | + $table2->addColumn('owncloud_name', Types::STRING, [ |
|
| 104 | + 'notnull' => true, |
|
| 105 | + 'length' => 64, |
|
| 106 | + 'default' => '', |
|
| 107 | + ]); |
|
| 108 | + $table2->addColumn('directory_uuid', Types::STRING, [ |
|
| 109 | + 'notnull' => true, |
|
| 110 | + 'length' => 255, |
|
| 111 | + 'default' => '', |
|
| 112 | + ]); |
|
| 113 | + $table2->addColumn('ldap_dn_hash', Types::STRING, [ |
|
| 114 | + 'notnull' => false, |
|
| 115 | + 'length' => 64, |
|
| 116 | + ]); |
|
| 117 | + $table2->setPrimaryKey(['owncloud_name'], 'lgm_backup_primary'); |
|
| 118 | + $changeSchema = true; |
|
| 119 | + } |
|
| 120 | + } |
|
| 121 | 121 | |
| 122 | - return $changeSchema ? $schema : null; |
|
| 123 | - } |
|
| 122 | + return $changeSchema ? $schema : null; |
|
| 123 | + } |
|
| 124 | 124 | |
| 125 | - /** |
|
| 126 | - * @param IOutput $output |
|
| 127 | - * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 128 | - * @param array $options |
|
| 129 | - */ |
|
| 130 | - public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) { |
|
| 131 | - $this->handleDNHashes('ldap_group_mapping'); |
|
| 132 | - $this->handleDNHashes('ldap_user_mapping'); |
|
| 133 | - } |
|
| 125 | + /** |
|
| 126 | + * @param IOutput $output |
|
| 127 | + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` |
|
| 128 | + * @param array $options |
|
| 129 | + */ |
|
| 130 | + public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) { |
|
| 131 | + $this->handleDNHashes('ldap_group_mapping'); |
|
| 132 | + $this->handleDNHashes('ldap_user_mapping'); |
|
| 133 | + } |
|
| 134 | 134 | |
| 135 | - protected function handleDNHashes(string $table): void { |
|
| 136 | - $select = $this->getSelectQuery($table); |
|
| 137 | - $update = $this->getUpdateQuery($table); |
|
| 135 | + protected function handleDNHashes(string $table): void { |
|
| 136 | + $select = $this->getSelectQuery($table); |
|
| 137 | + $update = $this->getUpdateQuery($table); |
|
| 138 | 138 | |
| 139 | - $result = $select->executeQuery(); |
|
| 140 | - while ($row = $result->fetch()) { |
|
| 141 | - $dnHash = hash('sha256', $row['ldap_dn'], false); |
|
| 142 | - $update->setParameter('name', $row['owncloud_name']); |
|
| 143 | - $update->setParameter('dn_hash', $dnHash); |
|
| 144 | - try { |
|
| 145 | - $update->executeStatement(); |
|
| 146 | - } catch (Exception $e) { |
|
| 147 | - $this->logger->error('Failed to add hash "{dnHash}" ("{name}" of {table})', |
|
| 148 | - [ |
|
| 149 | - 'app' => 'user_ldap', |
|
| 150 | - 'name' => $row['owncloud_name'], |
|
| 151 | - 'dnHash' => $dnHash, |
|
| 152 | - 'table' => $table, |
|
| 153 | - 'exception' => $e, |
|
| 154 | - ] |
|
| 155 | - ); |
|
| 156 | - } |
|
| 157 | - } |
|
| 158 | - $result->closeCursor(); |
|
| 159 | - } |
|
| 139 | + $result = $select->executeQuery(); |
|
| 140 | + while ($row = $result->fetch()) { |
|
| 141 | + $dnHash = hash('sha256', $row['ldap_dn'], false); |
|
| 142 | + $update->setParameter('name', $row['owncloud_name']); |
|
| 143 | + $update->setParameter('dn_hash', $dnHash); |
|
| 144 | + try { |
|
| 145 | + $update->executeStatement(); |
|
| 146 | + } catch (Exception $e) { |
|
| 147 | + $this->logger->error('Failed to add hash "{dnHash}" ("{name}" of {table})', |
|
| 148 | + [ |
|
| 149 | + 'app' => 'user_ldap', |
|
| 150 | + 'name' => $row['owncloud_name'], |
|
| 151 | + 'dnHash' => $dnHash, |
|
| 152 | + 'table' => $table, |
|
| 153 | + 'exception' => $e, |
|
| 154 | + ] |
|
| 155 | + ); |
|
| 156 | + } |
|
| 157 | + } |
|
| 158 | + $result->closeCursor(); |
|
| 159 | + } |
|
| 160 | 160 | |
| 161 | - protected function getSelectQuery(string $table): IQueryBuilder { |
|
| 162 | - $qb = $this->dbc->getQueryBuilder(); |
|
| 163 | - $qb->select('owncloud_name', 'ldap_dn') |
|
| 164 | - ->from($table); |
|
| 161 | + protected function getSelectQuery(string $table): IQueryBuilder { |
|
| 162 | + $qb = $this->dbc->getQueryBuilder(); |
|
| 163 | + $qb->select('owncloud_name', 'ldap_dn') |
|
| 164 | + ->from($table); |
|
| 165 | 165 | |
| 166 | - // when added we may run into risk that it's read from a DB node |
|
| 167 | - // where the column is not present. Then the where clause is also |
|
| 168 | - // not necessary since all rows qualify. |
|
| 169 | - if (!in_array($table, $this->hashColumnAddedToTables, true)) { |
|
| 170 | - $qb->where($qb->expr()->isNull('ldap_dn_hash')); |
|
| 171 | - } |
|
| 166 | + // when added we may run into risk that it's read from a DB node |
|
| 167 | + // where the column is not present. Then the where clause is also |
|
| 168 | + // not necessary since all rows qualify. |
|
| 169 | + if (!in_array($table, $this->hashColumnAddedToTables, true)) { |
|
| 170 | + $qb->where($qb->expr()->isNull('ldap_dn_hash')); |
|
| 171 | + } |
|
| 172 | 172 | |
| 173 | - return $qb; |
|
| 174 | - } |
|
| 173 | + return $qb; |
|
| 174 | + } |
|
| 175 | 175 | |
| 176 | - protected function getUpdateQuery(string $table): IQueryBuilder { |
|
| 177 | - $qb = $this->dbc->getQueryBuilder(); |
|
| 178 | - $qb->update($table) |
|
| 179 | - ->set('ldap_dn_hash', $qb->createParameter('dn_hash')) |
|
| 180 | - ->where($qb->expr()->eq('owncloud_name', $qb->createParameter('name'))); |
|
| 181 | - return $qb; |
|
| 182 | - } |
|
| 176 | + protected function getUpdateQuery(string $table): IQueryBuilder { |
|
| 177 | + $qb = $this->dbc->getQueryBuilder(); |
|
| 178 | + $qb->update($table) |
|
| 179 | + ->set('ldap_dn_hash', $qb->createParameter('dn_hash')) |
|
| 180 | + ->where($qb->expr()->eq('owncloud_name', $qb->createParameter('name'))); |
|
| 181 | + return $qb; |
|
| 182 | + } |
|
| 183 | 183 | |
| 184 | - /** |
|
| 185 | - * @throws Exception |
|
| 186 | - */ |
|
| 187 | - protected function processDuplicateUUIDs(string $table): void { |
|
| 188 | - $uuids = $this->getDuplicatedUuids($table); |
|
| 189 | - $idsWithUuidToInvalidate = []; |
|
| 190 | - foreach ($uuids as $uuid) { |
|
| 191 | - array_push($idsWithUuidToInvalidate, ...$this->getNextcloudIdsByUuid($table, $uuid)); |
|
| 192 | - } |
|
| 193 | - $this->invalidateUuids($table, $idsWithUuidToInvalidate); |
|
| 194 | - } |
|
| 184 | + /** |
|
| 185 | + * @throws Exception |
|
| 186 | + */ |
|
| 187 | + protected function processDuplicateUUIDs(string $table): void { |
|
| 188 | + $uuids = $this->getDuplicatedUuids($table); |
|
| 189 | + $idsWithUuidToInvalidate = []; |
|
| 190 | + foreach ($uuids as $uuid) { |
|
| 191 | + array_push($idsWithUuidToInvalidate, ...$this->getNextcloudIdsByUuid($table, $uuid)); |
|
| 192 | + } |
|
| 193 | + $this->invalidateUuids($table, $idsWithUuidToInvalidate); |
|
| 194 | + } |
|
| 195 | 195 | |
| 196 | - /** |
|
| 197 | - * @throws Exception |
|
| 198 | - */ |
|
| 199 | - protected function invalidateUuids(string $table, array $idList): void { |
|
| 200 | - $update = $this->dbc->getQueryBuilder(); |
|
| 201 | - $update->update($table) |
|
| 202 | - ->set('directory_uuid', $update->createParameter('invalidatedUuid')) |
|
| 203 | - ->where($update->expr()->eq('owncloud_name', $update->createParameter('nextcloudId'))); |
|
| 196 | + /** |
|
| 197 | + * @throws Exception |
|
| 198 | + */ |
|
| 199 | + protected function invalidateUuids(string $table, array $idList): void { |
|
| 200 | + $update = $this->dbc->getQueryBuilder(); |
|
| 201 | + $update->update($table) |
|
| 202 | + ->set('directory_uuid', $update->createParameter('invalidatedUuid')) |
|
| 203 | + ->where($update->expr()->eq('owncloud_name', $update->createParameter('nextcloudId'))); |
|
| 204 | 204 | |
| 205 | - while ($nextcloudId = array_shift($idList)) { |
|
| 206 | - $update->setParameter('nextcloudId', $nextcloudId); |
|
| 207 | - $update->setParameter('invalidatedUuid', 'invalidated_' . \bin2hex(\random_bytes(6))); |
|
| 208 | - try { |
|
| 209 | - $update->executeStatement(); |
|
| 210 | - $this->logger->warning( |
|
| 211 | - 'LDAP user or group with ID {nid} has a duplicated UUID value which therefore was invalidated. You may double-check your LDAP configuration and trigger an update of the UUID.', |
|
| 212 | - [ |
|
| 213 | - 'app' => 'user_ldap', |
|
| 214 | - 'nid' => $nextcloudId, |
|
| 215 | - ] |
|
| 216 | - ); |
|
| 217 | - } catch (Exception $e) { |
|
| 218 | - // Catch possible, but unlikely duplications if new invalidated errors. |
|
| 219 | - // There is the theoretical chance of an infinity loop is, when |
|
| 220 | - // the constraint violation has a different background. I cannot |
|
| 221 | - // think of one at the moment. |
|
| 222 | - if ($e->getReason() !== Exception::REASON_CONSTRAINT_VIOLATION) { |
|
| 223 | - throw $e; |
|
| 224 | - } |
|
| 225 | - $idList[] = $nextcloudId; |
|
| 226 | - } |
|
| 227 | - } |
|
| 228 | - } |
|
| 205 | + while ($nextcloudId = array_shift($idList)) { |
|
| 206 | + $update->setParameter('nextcloudId', $nextcloudId); |
|
| 207 | + $update->setParameter('invalidatedUuid', 'invalidated_' . \bin2hex(\random_bytes(6))); |
|
| 208 | + try { |
|
| 209 | + $update->executeStatement(); |
|
| 210 | + $this->logger->warning( |
|
| 211 | + 'LDAP user or group with ID {nid} has a duplicated UUID value which therefore was invalidated. You may double-check your LDAP configuration and trigger an update of the UUID.', |
|
| 212 | + [ |
|
| 213 | + 'app' => 'user_ldap', |
|
| 214 | + 'nid' => $nextcloudId, |
|
| 215 | + ] |
|
| 216 | + ); |
|
| 217 | + } catch (Exception $e) { |
|
| 218 | + // Catch possible, but unlikely duplications if new invalidated errors. |
|
| 219 | + // There is the theoretical chance of an infinity loop is, when |
|
| 220 | + // the constraint violation has a different background. I cannot |
|
| 221 | + // think of one at the moment. |
|
| 222 | + if ($e->getReason() !== Exception::REASON_CONSTRAINT_VIOLATION) { |
|
| 223 | + throw $e; |
|
| 224 | + } |
|
| 225 | + $idList[] = $nextcloudId; |
|
| 226 | + } |
|
| 227 | + } |
|
| 228 | + } |
|
| 229 | 229 | |
| 230 | - /** |
|
| 231 | - * @throws \OCP\DB\Exception |
|
| 232 | - * @return array<string> |
|
| 233 | - */ |
|
| 234 | - protected function getNextcloudIdsByUuid(string $table, string $uuid): array { |
|
| 235 | - $select = $this->dbc->getQueryBuilder(); |
|
| 236 | - $select->select('owncloud_name') |
|
| 237 | - ->from($table) |
|
| 238 | - ->where($select->expr()->eq('directory_uuid', $select->createNamedParameter($uuid))); |
|
| 230 | + /** |
|
| 231 | + * @throws \OCP\DB\Exception |
|
| 232 | + * @return array<string> |
|
| 233 | + */ |
|
| 234 | + protected function getNextcloudIdsByUuid(string $table, string $uuid): array { |
|
| 235 | + $select = $this->dbc->getQueryBuilder(); |
|
| 236 | + $select->select('owncloud_name') |
|
| 237 | + ->from($table) |
|
| 238 | + ->where($select->expr()->eq('directory_uuid', $select->createNamedParameter($uuid))); |
|
| 239 | 239 | |
| 240 | - $result = $select->executeQuery(); |
|
| 241 | - $idList = []; |
|
| 242 | - while (($id = $result->fetchOne()) !== false) { |
|
| 243 | - $idList[] = $id; |
|
| 244 | - } |
|
| 245 | - $result->closeCursor(); |
|
| 246 | - return $idList; |
|
| 247 | - } |
|
| 240 | + $result = $select->executeQuery(); |
|
| 241 | + $idList = []; |
|
| 242 | + while (($id = $result->fetchOne()) !== false) { |
|
| 243 | + $idList[] = $id; |
|
| 244 | + } |
|
| 245 | + $result->closeCursor(); |
|
| 246 | + return $idList; |
|
| 247 | + } |
|
| 248 | 248 | |
| 249 | - /** |
|
| 250 | - * @return Generator<string> |
|
| 251 | - * @throws \OCP\DB\Exception |
|
| 252 | - */ |
|
| 253 | - protected function getDuplicatedUuids(string $table): Generator { |
|
| 254 | - $select = $this->dbc->getQueryBuilder(); |
|
| 255 | - $select->select('directory_uuid') |
|
| 256 | - ->from($table) |
|
| 257 | - ->groupBy('directory_uuid') |
|
| 258 | - ->having($select->expr()->gt($select->func()->count('owncloud_name'), $select->createNamedParameter(1))); |
|
| 249 | + /** |
|
| 250 | + * @return Generator<string> |
|
| 251 | + * @throws \OCP\DB\Exception |
|
| 252 | + */ |
|
| 253 | + protected function getDuplicatedUuids(string $table): Generator { |
|
| 254 | + $select = $this->dbc->getQueryBuilder(); |
|
| 255 | + $select->select('directory_uuid') |
|
| 256 | + ->from($table) |
|
| 257 | + ->groupBy('directory_uuid') |
|
| 258 | + ->having($select->expr()->gt($select->func()->count('owncloud_name'), $select->createNamedParameter(1))); |
|
| 259 | 259 | |
| 260 | - $result = $select->executeQuery(); |
|
| 261 | - while (($uuid = $result->fetchOne()) !== false) { |
|
| 262 | - yield $uuid; |
|
| 263 | - } |
|
| 264 | - $result->closeCursor(); |
|
| 265 | - } |
|
| 260 | + $result = $select->executeQuery(); |
|
| 261 | + while (($uuid = $result->fetchOne()) !== false) { |
|
| 262 | + yield $uuid; |
|
| 263 | + } |
|
| 264 | + $result->closeCursor(); |
|
| 265 | + } |
|
| 266 | 266 | } |
@@ -128,12 +128,12 @@ discard block |
||
| 128 | 128 | |
| 129 | 129 | sort($serverConnections); |
| 130 | 130 | $lastKey = array_pop($serverConnections); |
| 131 | - $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 132 | - return 's' . str_pad((string)($lastNumber + 1), 2, '0', STR_PAD_LEFT); |
|
| 131 | + $lastNumber = (int) str_replace('s', '', $lastKey); |
|
| 132 | + return 's'.str_pad((string) ($lastNumber + 1), 2, '0', STR_PAD_LEFT); |
|
| 133 | 133 | } |
| 134 | 134 | |
| 135 | 135 | private function getServersConfig(string $value): array { |
| 136 | - $regex = '/' . $value . '$/S'; |
|
| 136 | + $regex = '/'.$value.'$/S'; |
|
| 137 | 137 | |
| 138 | 138 | $keys = $this->config->getAppKeys('user_ldap'); |
| 139 | 139 | $result = []; |
@@ -160,7 +160,7 @@ discard block |
||
| 160 | 160 | $query = $this->connection->getQueryBuilder(); |
| 161 | 161 | $query->delete('appconfig') |
| 162 | 162 | ->where($query->expr()->eq('appid', $query->createNamedParameter('user_ldap'))) |
| 163 | - ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string)$prefix . '%'))) |
|
| 163 | + ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string) $prefix.'%'))) |
|
| 164 | 164 | ->andWhere($query->expr()->notIn('configkey', $query->createNamedParameter([ |
| 165 | 165 | 'enabled', |
| 166 | 166 | 'installed_version', |
@@ -225,7 +225,7 @@ discard block |
||
| 225 | 225 | } |
| 226 | 226 | |
| 227 | 227 | if (!is_string($dn)) { |
| 228 | - throw new \LogicException('String expected ' . \gettype($dn) . ' given'); |
|
| 228 | + throw new \LogicException('String expected '.\gettype($dn).' given'); |
|
| 229 | 229 | } |
| 230 | 230 | |
| 231 | 231 | if (($sanitizedDn = $this->sanitizeDnCache->get($dn)) !== null) { |
@@ -14,266 +14,266 @@ |
||
| 14 | 14 | use OCP\Server; |
| 15 | 15 | |
| 16 | 16 | class Helper { |
| 17 | - /** @var CappedMemoryCache<string> */ |
|
| 18 | - protected CappedMemoryCache $sanitizeDnCache; |
|
| 19 | - |
|
| 20 | - public function __construct( |
|
| 21 | - private IConfig $config, |
|
| 22 | - private IDBConnection $connection, |
|
| 23 | - ) { |
|
| 24 | - $this->sanitizeDnCache = new CappedMemoryCache(10000); |
|
| 25 | - } |
|
| 26 | - |
|
| 27 | - /** |
|
| 28 | - * returns prefixes for each saved LDAP/AD server configuration. |
|
| 29 | - * |
|
| 30 | - * @param bool $activeConfigurations optional, whether only active configuration shall be |
|
| 31 | - * retrieved, defaults to false |
|
| 32 | - * @return array with a list of the available prefixes |
|
| 33 | - * |
|
| 34 | - * Configuration prefixes are used to set up configurations for n LDAP or |
|
| 35 | - * AD servers. Since configuration is stored in the database, table |
|
| 36 | - * appconfig under appid user_ldap, the common identifiers in column |
|
| 37 | - * 'configkey' have a prefix. The prefix for the very first server |
|
| 38 | - * configuration is empty. |
|
| 39 | - * Configkey Examples: |
|
| 40 | - * Server 1: ldap_login_filter |
|
| 41 | - * Server 2: s1_ldap_login_filter |
|
| 42 | - * Server 3: s2_ldap_login_filter |
|
| 43 | - * |
|
| 44 | - * The prefix needs to be passed to the constructor of Connection class, |
|
| 45 | - * except the default (first) server shall be connected to. |
|
| 46 | - * |
|
| 47 | - */ |
|
| 48 | - public function getServerConfigurationPrefixes($activeConfigurations = false): array { |
|
| 49 | - $referenceConfigkey = 'ldap_configuration_active'; |
|
| 50 | - |
|
| 51 | - $keys = $this->getServersConfig($referenceConfigkey); |
|
| 52 | - |
|
| 53 | - $prefixes = []; |
|
| 54 | - foreach ($keys as $key) { |
|
| 55 | - if ($activeConfigurations && $this->config->getAppValue('user_ldap', $key, '0') !== '1') { |
|
| 56 | - continue; |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - $len = strlen($key) - strlen($referenceConfigkey); |
|
| 60 | - $prefixes[] = substr($key, 0, $len); |
|
| 61 | - } |
|
| 62 | - asort($prefixes); |
|
| 63 | - |
|
| 64 | - return $prefixes; |
|
| 65 | - } |
|
| 66 | - |
|
| 67 | - /** |
|
| 68 | - * |
|
| 69 | - * determines the host for every configured connection |
|
| 70 | - * |
|
| 71 | - * @return array an array with configprefix as keys |
|
| 72 | - * |
|
| 73 | - */ |
|
| 74 | - public function getServerConfigurationHosts() { |
|
| 75 | - $referenceConfigkey = 'ldap_host'; |
|
| 76 | - |
|
| 77 | - $keys = $this->getServersConfig($referenceConfigkey); |
|
| 78 | - |
|
| 79 | - $result = []; |
|
| 80 | - foreach ($keys as $key) { |
|
| 81 | - $len = strlen($key) - strlen($referenceConfigkey); |
|
| 82 | - $prefix = substr($key, 0, $len); |
|
| 83 | - $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
|
| 84 | - } |
|
| 85 | - |
|
| 86 | - return $result; |
|
| 87 | - } |
|
| 88 | - |
|
| 89 | - /** |
|
| 90 | - * return the next available configuration prefix |
|
| 91 | - * |
|
| 92 | - * @return string |
|
| 93 | - */ |
|
| 94 | - public function getNextServerConfigurationPrefix() { |
|
| 95 | - $serverConnections = $this->getServerConfigurationPrefixes(); |
|
| 96 | - |
|
| 97 | - if (count($serverConnections) === 0) { |
|
| 98 | - return 's01'; |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - sort($serverConnections); |
|
| 102 | - $lastKey = array_pop($serverConnections); |
|
| 103 | - $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 104 | - return 's' . str_pad((string)($lastNumber + 1), 2, '0', STR_PAD_LEFT); |
|
| 105 | - } |
|
| 106 | - |
|
| 107 | - private function getServersConfig(string $value): array { |
|
| 108 | - $regex = '/' . $value . '$/S'; |
|
| 109 | - |
|
| 110 | - $keys = $this->config->getAppKeys('user_ldap'); |
|
| 111 | - $result = []; |
|
| 112 | - foreach ($keys as $key) { |
|
| 113 | - if (preg_match($regex, $key) === 1) { |
|
| 114 | - $result[] = $key; |
|
| 115 | - } |
|
| 116 | - } |
|
| 117 | - |
|
| 118 | - return $result; |
|
| 119 | - } |
|
| 120 | - |
|
| 121 | - /** |
|
| 122 | - * deletes a given saved LDAP/AD server configuration. |
|
| 123 | - * |
|
| 124 | - * @param string $prefix the configuration prefix of the config to delete |
|
| 125 | - * @return bool true on success, false otherwise |
|
| 126 | - */ |
|
| 127 | - public function deleteServerConfiguration($prefix) { |
|
| 128 | - if (!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 129 | - return false; |
|
| 130 | - } |
|
| 131 | - |
|
| 132 | - $query = $this->connection->getQueryBuilder(); |
|
| 133 | - $query->delete('appconfig') |
|
| 134 | - ->where($query->expr()->eq('appid', $query->createNamedParameter('user_ldap'))) |
|
| 135 | - ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string)$prefix . '%'))) |
|
| 136 | - ->andWhere($query->expr()->notIn('configkey', $query->createNamedParameter([ |
|
| 137 | - 'enabled', |
|
| 138 | - 'installed_version', |
|
| 139 | - 'types', |
|
| 140 | - 'bgjUpdateGroupsLastRun', |
|
| 141 | - ], IQueryBuilder::PARAM_STR_ARRAY))); |
|
| 142 | - |
|
| 143 | - if (empty($prefix)) { |
|
| 144 | - $query->andWhere($query->expr()->notLike('configkey', $query->createNamedParameter('s%'))); |
|
| 145 | - } |
|
| 146 | - |
|
| 147 | - $deletedRows = $query->execute(); |
|
| 148 | - return $deletedRows !== 0; |
|
| 149 | - } |
|
| 150 | - |
|
| 151 | - /** |
|
| 152 | - * checks whether there is one or more disabled LDAP configurations |
|
| 153 | - */ |
|
| 154 | - public function haveDisabledConfigurations(): bool { |
|
| 155 | - $all = $this->getServerConfigurationPrefixes(false); |
|
| 156 | - $active = $this->getServerConfigurationPrefixes(true); |
|
| 157 | - |
|
| 158 | - return count($all) !== count($active) || count($all) === 0; |
|
| 159 | - } |
|
| 160 | - |
|
| 161 | - /** |
|
| 162 | - * extracts the domain from a given URL |
|
| 163 | - * |
|
| 164 | - * @param string $url the URL |
|
| 165 | - * @return string|false domain as string on success, false otherwise |
|
| 166 | - */ |
|
| 167 | - public function getDomainFromURL($url) { |
|
| 168 | - $uinfo = parse_url($url); |
|
| 169 | - if (!is_array($uinfo)) { |
|
| 170 | - return false; |
|
| 171 | - } |
|
| 172 | - |
|
| 173 | - $domain = false; |
|
| 174 | - if (isset($uinfo['host'])) { |
|
| 175 | - $domain = $uinfo['host']; |
|
| 176 | - } elseif (isset($uinfo['path'])) { |
|
| 177 | - $domain = $uinfo['path']; |
|
| 178 | - } |
|
| 179 | - |
|
| 180 | - return $domain; |
|
| 181 | - } |
|
| 182 | - |
|
| 183 | - /** |
|
| 184 | - * sanitizes a DN received from the LDAP server |
|
| 185 | - * |
|
| 186 | - * This is used and done to have a stable format of DNs that can be compared |
|
| 187 | - * and identified again. The input DN value is modified as following: |
|
| 188 | - * |
|
| 189 | - * 1) whitespaces after commas are removed |
|
| 190 | - * 2) the DN is turned to lower-case |
|
| 191 | - * 3) the DN is escaped according to RFC 2253 |
|
| 192 | - * |
|
| 193 | - * When a future DN is supposed to be used as a base parameter, it has to be |
|
| 194 | - * run through DNasBaseParameter() first, to recode \5c into a backslash |
|
| 195 | - * again, otherwise the search or read operation will fail with LDAP error |
|
| 196 | - * 32, NO_SUCH_OBJECT. Regular usage in LDAP filters requires the backslash |
|
| 197 | - * being escaped, however. |
|
| 198 | - * |
|
| 199 | - * Internally, DNs are stored in their sanitized form. |
|
| 200 | - * |
|
| 201 | - * @param array|string $dn the DN in question |
|
| 202 | - * @return array|string the sanitized DN |
|
| 203 | - */ |
|
| 204 | - public function sanitizeDN($dn) { |
|
| 205 | - //treating multiple base DNs |
|
| 206 | - if (is_array($dn)) { |
|
| 207 | - $result = []; |
|
| 208 | - foreach ($dn as $singleDN) { |
|
| 209 | - $result[] = $this->sanitizeDN($singleDN); |
|
| 210 | - } |
|
| 211 | - return $result; |
|
| 212 | - } |
|
| 213 | - |
|
| 214 | - if (!is_string($dn)) { |
|
| 215 | - throw new \LogicException('String expected ' . \gettype($dn) . ' given'); |
|
| 216 | - } |
|
| 217 | - |
|
| 218 | - if (($sanitizedDn = $this->sanitizeDnCache->get($dn)) !== null) { |
|
| 219 | - return $sanitizedDn; |
|
| 220 | - } |
|
| 221 | - |
|
| 222 | - //OID sometimes gives back DNs with whitespace after the comma |
|
| 223 | - // a la "uid=foo, cn=bar, dn=..." We need to tackle this! |
|
| 224 | - $sanitizedDn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); |
|
| 225 | - |
|
| 226 | - //make comparisons and everything work |
|
| 227 | - $sanitizedDn = mb_strtolower($sanitizedDn, 'UTF-8'); |
|
| 228 | - |
|
| 229 | - //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn |
|
| 230 | - //to use the DN in search filters, \ needs to be escaped to \5c additionally |
|
| 231 | - //to use them in bases, we convert them back to simple backslashes in readAttribute() |
|
| 232 | - $replacements = [ |
|
| 233 | - '\,' => '\5c2C', |
|
| 234 | - '\=' => '\5c3D', |
|
| 235 | - '\+' => '\5c2B', |
|
| 236 | - '\<' => '\5c3C', |
|
| 237 | - '\>' => '\5c3E', |
|
| 238 | - '\;' => '\5c3B', |
|
| 239 | - '\"' => '\5c22', |
|
| 240 | - '\#' => '\5c23', |
|
| 241 | - '(' => '\28', |
|
| 242 | - ')' => '\29', |
|
| 243 | - '*' => '\2A', |
|
| 244 | - ]; |
|
| 245 | - $sanitizedDn = str_replace(array_keys($replacements), array_values($replacements), $sanitizedDn); |
|
| 246 | - $this->sanitizeDnCache->set($dn, $sanitizedDn); |
|
| 247 | - |
|
| 248 | - return $sanitizedDn; |
|
| 249 | - } |
|
| 250 | - |
|
| 251 | - /** |
|
| 252 | - * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters |
|
| 253 | - * |
|
| 254 | - * @param string $dn the DN |
|
| 255 | - * @return string |
|
| 256 | - */ |
|
| 257 | - public function DNasBaseParameter($dn) { |
|
| 258 | - return str_ireplace('\\5c', '\\', $dn); |
|
| 259 | - } |
|
| 260 | - |
|
| 261 | - /** |
|
| 262 | - * listens to a hook thrown by server2server sharing and replaces the given |
|
| 263 | - * login name by a username, if it matches an LDAP user. |
|
| 264 | - * |
|
| 265 | - * @param array $param contains a reference to a $uid var under 'uid' key |
|
| 266 | - * @throws \Exception |
|
| 267 | - */ |
|
| 268 | - public static function loginName2UserName($param): void { |
|
| 269 | - if (!isset($param['uid'])) { |
|
| 270 | - throw new \Exception('key uid is expected to be set in $param'); |
|
| 271 | - } |
|
| 272 | - |
|
| 273 | - $userBackend = Server::get(User_Proxy::class); |
|
| 274 | - $uid = $userBackend->loginName2UserName($param['uid']); |
|
| 275 | - if ($uid !== false) { |
|
| 276 | - $param['uid'] = $uid; |
|
| 277 | - } |
|
| 278 | - } |
|
| 17 | + /** @var CappedMemoryCache<string> */ |
|
| 18 | + protected CappedMemoryCache $sanitizeDnCache; |
|
| 19 | + |
|
| 20 | + public function __construct( |
|
| 21 | + private IConfig $config, |
|
| 22 | + private IDBConnection $connection, |
|
| 23 | + ) { |
|
| 24 | + $this->sanitizeDnCache = new CappedMemoryCache(10000); |
|
| 25 | + } |
|
| 26 | + |
|
| 27 | + /** |
|
| 28 | + * returns prefixes for each saved LDAP/AD server configuration. |
|
| 29 | + * |
|
| 30 | + * @param bool $activeConfigurations optional, whether only active configuration shall be |
|
| 31 | + * retrieved, defaults to false |
|
| 32 | + * @return array with a list of the available prefixes |
|
| 33 | + * |
|
| 34 | + * Configuration prefixes are used to set up configurations for n LDAP or |
|
| 35 | + * AD servers. Since configuration is stored in the database, table |
|
| 36 | + * appconfig under appid user_ldap, the common identifiers in column |
|
| 37 | + * 'configkey' have a prefix. The prefix for the very first server |
|
| 38 | + * configuration is empty. |
|
| 39 | + * Configkey Examples: |
|
| 40 | + * Server 1: ldap_login_filter |
|
| 41 | + * Server 2: s1_ldap_login_filter |
|
| 42 | + * Server 3: s2_ldap_login_filter |
|
| 43 | + * |
|
| 44 | + * The prefix needs to be passed to the constructor of Connection class, |
|
| 45 | + * except the default (first) server shall be connected to. |
|
| 46 | + * |
|
| 47 | + */ |
|
| 48 | + public function getServerConfigurationPrefixes($activeConfigurations = false): array { |
|
| 49 | + $referenceConfigkey = 'ldap_configuration_active'; |
|
| 50 | + |
|
| 51 | + $keys = $this->getServersConfig($referenceConfigkey); |
|
| 52 | + |
|
| 53 | + $prefixes = []; |
|
| 54 | + foreach ($keys as $key) { |
|
| 55 | + if ($activeConfigurations && $this->config->getAppValue('user_ldap', $key, '0') !== '1') { |
|
| 56 | + continue; |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + $len = strlen($key) - strlen($referenceConfigkey); |
|
| 60 | + $prefixes[] = substr($key, 0, $len); |
|
| 61 | + } |
|
| 62 | + asort($prefixes); |
|
| 63 | + |
|
| 64 | + return $prefixes; |
|
| 65 | + } |
|
| 66 | + |
|
| 67 | + /** |
|
| 68 | + * |
|
| 69 | + * determines the host for every configured connection |
|
| 70 | + * |
|
| 71 | + * @return array an array with configprefix as keys |
|
| 72 | + * |
|
| 73 | + */ |
|
| 74 | + public function getServerConfigurationHosts() { |
|
| 75 | + $referenceConfigkey = 'ldap_host'; |
|
| 76 | + |
|
| 77 | + $keys = $this->getServersConfig($referenceConfigkey); |
|
| 78 | + |
|
| 79 | + $result = []; |
|
| 80 | + foreach ($keys as $key) { |
|
| 81 | + $len = strlen($key) - strlen($referenceConfigkey); |
|
| 82 | + $prefix = substr($key, 0, $len); |
|
| 83 | + $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
|
| 84 | + } |
|
| 85 | + |
|
| 86 | + return $result; |
|
| 87 | + } |
|
| 88 | + |
|
| 89 | + /** |
|
| 90 | + * return the next available configuration prefix |
|
| 91 | + * |
|
| 92 | + * @return string |
|
| 93 | + */ |
|
| 94 | + public function getNextServerConfigurationPrefix() { |
|
| 95 | + $serverConnections = $this->getServerConfigurationPrefixes(); |
|
| 96 | + |
|
| 97 | + if (count($serverConnections) === 0) { |
|
| 98 | + return 's01'; |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + sort($serverConnections); |
|
| 102 | + $lastKey = array_pop($serverConnections); |
|
| 103 | + $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 104 | + return 's' . str_pad((string)($lastNumber + 1), 2, '0', STR_PAD_LEFT); |
|
| 105 | + } |
|
| 106 | + |
|
| 107 | + private function getServersConfig(string $value): array { |
|
| 108 | + $regex = '/' . $value . '$/S'; |
|
| 109 | + |
|
| 110 | + $keys = $this->config->getAppKeys('user_ldap'); |
|
| 111 | + $result = []; |
|
| 112 | + foreach ($keys as $key) { |
|
| 113 | + if (preg_match($regex, $key) === 1) { |
|
| 114 | + $result[] = $key; |
|
| 115 | + } |
|
| 116 | + } |
|
| 117 | + |
|
| 118 | + return $result; |
|
| 119 | + } |
|
| 120 | + |
|
| 121 | + /** |
|
| 122 | + * deletes a given saved LDAP/AD server configuration. |
|
| 123 | + * |
|
| 124 | + * @param string $prefix the configuration prefix of the config to delete |
|
| 125 | + * @return bool true on success, false otherwise |
|
| 126 | + */ |
|
| 127 | + public function deleteServerConfiguration($prefix) { |
|
| 128 | + if (!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 129 | + return false; |
|
| 130 | + } |
|
| 131 | + |
|
| 132 | + $query = $this->connection->getQueryBuilder(); |
|
| 133 | + $query->delete('appconfig') |
|
| 134 | + ->where($query->expr()->eq('appid', $query->createNamedParameter('user_ldap'))) |
|
| 135 | + ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string)$prefix . '%'))) |
|
| 136 | + ->andWhere($query->expr()->notIn('configkey', $query->createNamedParameter([ |
|
| 137 | + 'enabled', |
|
| 138 | + 'installed_version', |
|
| 139 | + 'types', |
|
| 140 | + 'bgjUpdateGroupsLastRun', |
|
| 141 | + ], IQueryBuilder::PARAM_STR_ARRAY))); |
|
| 142 | + |
|
| 143 | + if (empty($prefix)) { |
|
| 144 | + $query->andWhere($query->expr()->notLike('configkey', $query->createNamedParameter('s%'))); |
|
| 145 | + } |
|
| 146 | + |
|
| 147 | + $deletedRows = $query->execute(); |
|
| 148 | + return $deletedRows !== 0; |
|
| 149 | + } |
|
| 150 | + |
|
| 151 | + /** |
|
| 152 | + * checks whether there is one or more disabled LDAP configurations |
|
| 153 | + */ |
|
| 154 | + public function haveDisabledConfigurations(): bool { |
|
| 155 | + $all = $this->getServerConfigurationPrefixes(false); |
|
| 156 | + $active = $this->getServerConfigurationPrefixes(true); |
|
| 157 | + |
|
| 158 | + return count($all) !== count($active) || count($all) === 0; |
|
| 159 | + } |
|
| 160 | + |
|
| 161 | + /** |
|
| 162 | + * extracts the domain from a given URL |
|
| 163 | + * |
|
| 164 | + * @param string $url the URL |
|
| 165 | + * @return string|false domain as string on success, false otherwise |
|
| 166 | + */ |
|
| 167 | + public function getDomainFromURL($url) { |
|
| 168 | + $uinfo = parse_url($url); |
|
| 169 | + if (!is_array($uinfo)) { |
|
| 170 | + return false; |
|
| 171 | + } |
|
| 172 | + |
|
| 173 | + $domain = false; |
|
| 174 | + if (isset($uinfo['host'])) { |
|
| 175 | + $domain = $uinfo['host']; |
|
| 176 | + } elseif (isset($uinfo['path'])) { |
|
| 177 | + $domain = $uinfo['path']; |
|
| 178 | + } |
|
| 179 | + |
|
| 180 | + return $domain; |
|
| 181 | + } |
|
| 182 | + |
|
| 183 | + /** |
|
| 184 | + * sanitizes a DN received from the LDAP server |
|
| 185 | + * |
|
| 186 | + * This is used and done to have a stable format of DNs that can be compared |
|
| 187 | + * and identified again. The input DN value is modified as following: |
|
| 188 | + * |
|
| 189 | + * 1) whitespaces after commas are removed |
|
| 190 | + * 2) the DN is turned to lower-case |
|
| 191 | + * 3) the DN is escaped according to RFC 2253 |
|
| 192 | + * |
|
| 193 | + * When a future DN is supposed to be used as a base parameter, it has to be |
|
| 194 | + * run through DNasBaseParameter() first, to recode \5c into a backslash |
|
| 195 | + * again, otherwise the search or read operation will fail with LDAP error |
|
| 196 | + * 32, NO_SUCH_OBJECT. Regular usage in LDAP filters requires the backslash |
|
| 197 | + * being escaped, however. |
|
| 198 | + * |
|
| 199 | + * Internally, DNs are stored in their sanitized form. |
|
| 200 | + * |
|
| 201 | + * @param array|string $dn the DN in question |
|
| 202 | + * @return array|string the sanitized DN |
|
| 203 | + */ |
|
| 204 | + public function sanitizeDN($dn) { |
|
| 205 | + //treating multiple base DNs |
|
| 206 | + if (is_array($dn)) { |
|
| 207 | + $result = []; |
|
| 208 | + foreach ($dn as $singleDN) { |
|
| 209 | + $result[] = $this->sanitizeDN($singleDN); |
|
| 210 | + } |
|
| 211 | + return $result; |
|
| 212 | + } |
|
| 213 | + |
|
| 214 | + if (!is_string($dn)) { |
|
| 215 | + throw new \LogicException('String expected ' . \gettype($dn) . ' given'); |
|
| 216 | + } |
|
| 217 | + |
|
| 218 | + if (($sanitizedDn = $this->sanitizeDnCache->get($dn)) !== null) { |
|
| 219 | + return $sanitizedDn; |
|
| 220 | + } |
|
| 221 | + |
|
| 222 | + //OID sometimes gives back DNs with whitespace after the comma |
|
| 223 | + // a la "uid=foo, cn=bar, dn=..." We need to tackle this! |
|
| 224 | + $sanitizedDn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); |
|
| 225 | + |
|
| 226 | + //make comparisons and everything work |
|
| 227 | + $sanitizedDn = mb_strtolower($sanitizedDn, 'UTF-8'); |
|
| 228 | + |
|
| 229 | + //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn |
|
| 230 | + //to use the DN in search filters, \ needs to be escaped to \5c additionally |
|
| 231 | + //to use them in bases, we convert them back to simple backslashes in readAttribute() |
|
| 232 | + $replacements = [ |
|
| 233 | + '\,' => '\5c2C', |
|
| 234 | + '\=' => '\5c3D', |
|
| 235 | + '\+' => '\5c2B', |
|
| 236 | + '\<' => '\5c3C', |
|
| 237 | + '\>' => '\5c3E', |
|
| 238 | + '\;' => '\5c3B', |
|
| 239 | + '\"' => '\5c22', |
|
| 240 | + '\#' => '\5c23', |
|
| 241 | + '(' => '\28', |
|
| 242 | + ')' => '\29', |
|
| 243 | + '*' => '\2A', |
|
| 244 | + ]; |
|
| 245 | + $sanitizedDn = str_replace(array_keys($replacements), array_values($replacements), $sanitizedDn); |
|
| 246 | + $this->sanitizeDnCache->set($dn, $sanitizedDn); |
|
| 247 | + |
|
| 248 | + return $sanitizedDn; |
|
| 249 | + } |
|
| 250 | + |
|
| 251 | + /** |
|
| 252 | + * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters |
|
| 253 | + * |
|
| 254 | + * @param string $dn the DN |
|
| 255 | + * @return string |
|
| 256 | + */ |
|
| 257 | + public function DNasBaseParameter($dn) { |
|
| 258 | + return str_ireplace('\\5c', '\\', $dn); |
|
| 259 | + } |
|
| 260 | + |
|
| 261 | + /** |
|
| 262 | + * listens to a hook thrown by server2server sharing and replaces the given |
|
| 263 | + * login name by a username, if it matches an LDAP user. |
|
| 264 | + * |
|
| 265 | + * @param array $param contains a reference to a $uid var under 'uid' key |
|
| 266 | + * @throws \Exception |
|
| 267 | + */ |
|
| 268 | + public static function loginName2UserName($param): void { |
|
| 269 | + if (!isset($param['uid'])) { |
|
| 270 | + throw new \Exception('key uid is expected to be set in $param'); |
|
| 271 | + } |
|
| 272 | + |
|
| 273 | + $userBackend = Server::get(User_Proxy::class); |
|
| 274 | + $uid = $userBackend->loginName2UserName($param['uid']); |
|
| 275 | + if ($uid !== false) { |
|
| 276 | + $param['uid'] = $uid; |
|
| 277 | + } |
|
| 278 | + } |
|
| 279 | 279 | } |
