nextcloud /
server
@@ -59,71 +59,71 @@ |
||
| 59 | 59 | |
| 60 | 60 | <div id="ldapSettings"> |
| 61 | 61 | <ul> |
| 62 | - <li id="#ldapWizard1"><a href="#ldapWizard1"><?php p($l->t('Server'));?></a></li> |
|
| 63 | - <li id="#ldapWizard2"><a href="#ldapWizard2"><?php p($l->t('Users'));?></a></li> |
|
| 64 | - <li id="#ldapWizard3"><a href="#ldapWizard3"><?php p($l->t('Login Attributes'));?></a></li> |
|
| 65 | - <li id="#ldapWizard4"><a href="#ldapWizard4"><?php p($l->t('Groups'));?></a></li> |
|
| 66 | - <li class="ldapSettingsTabs"><a href="#ldapSettings-2"><?php p($l->t('Expert'));?></a></li> |
|
| 67 | - <li class="ldapSettingsTabs"><a href="#ldapSettings-1"><?php p($l->t('Advanced'));?></a></li> |
|
| 62 | + <li id="#ldapWizard1"><a href="#ldapWizard1"><?php p($l->t('Server')); ?></a></li> |
|
| 63 | + <li id="#ldapWizard2"><a href="#ldapWizard2"><?php p($l->t('Users')); ?></a></li> |
|
| 64 | + <li id="#ldapWizard3"><a href="#ldapWizard3"><?php p($l->t('Login Attributes')); ?></a></li> |
|
| 65 | + <li id="#ldapWizard4"><a href="#ldapWizard4"><?php p($l->t('Groups')); ?></a></li> |
|
| 66 | + <li class="ldapSettingsTabs"><a href="#ldapSettings-2"><?php p($l->t('Expert')); ?></a></li> |
|
| 67 | + <li class="ldapSettingsTabs"><a href="#ldapSettings-1"><?php p($l->t('Advanced')); ?></a></li> |
|
| 68 | 68 | </ul> |
| 69 | 69 | <?php |
| 70 | - if(!function_exists('ldap_connect')) { |
|
| 70 | + if (!function_exists('ldap_connect')) { |
|
| 71 | 71 | print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>'); |
| 72 | 72 | } |
| 73 | 73 | ?> |
| 74 | - <?php require_once __DIR__ . '/part.wizard-server.php'; ?> |
|
| 75 | - <?php require_once __DIR__ . '/part.wizard-userfilter.php'; ?> |
|
| 76 | - <?php require_once __DIR__ . '/part.wizard-loginfilter.php'; ?> |
|
| 77 | - <?php require_once __DIR__ . '/part.wizard-groupfilter.php'; ?> |
|
| 74 | + <?php require_once __DIR__.'/part.wizard-server.php'; ?> |
|
| 75 | + <?php require_once __DIR__.'/part.wizard-userfilter.php'; ?> |
|
| 76 | + <?php require_once __DIR__.'/part.wizard-loginfilter.php'; ?> |
|
| 77 | + <?php require_once __DIR__.'/part.wizard-groupfilter.php'; ?> |
|
| 78 | 78 | <fieldset id="ldapSettings-1"> |
| 79 | 79 | <div id="ldapAdvancedAccordion"> |
| 80 | - <h3><?php p($l->t('Connection Settings'));?></h3> |
|
| 80 | + <h3><?php p($l->t('Connection Settings')); ?></h3> |
|
| 81 | 81 | <div> |
| 82 | - <p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p> |
|
| 83 | - <p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p> |
|
| 84 | - <p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port'));?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>" /></p> |
|
| 85 | - <p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server'));?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>" title="<?php p($l->t('Only connect to the replica server.'));?>" /></p> |
|
| 86 | - <p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.'));?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your %s server.', [$theme->getName()]));?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/></p> |
|
| 87 | - <p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live'));?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.'));?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p> |
|
| 82 | + <p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active')); ?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.')); ?>" /></p> |
|
| 83 | + <p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host')); ?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.')); ?>"></p> |
|
| 84 | + <p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port')); ?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>" /></p> |
|
| 85 | + <p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server')); ?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>" title="<?php p($l->t('Only connect to the replica server.')); ?>" /></p> |
|
| 86 | + <p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.')); ?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your %s server.', [$theme->getName()])); ?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/></p> |
|
| 87 | + <p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live')); ?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.')); ?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p> |
|
| 88 | 88 | </div> |
| 89 | - <h3><?php p($l->t('Directory Settings'));?></h3> |
|
| 89 | + <h3><?php p($l->t('Directory Settings')); ?></h3> |
|
| 90 | 90 | <div> |
| 91 | - <p><label for="ldap_display_name"><?php p($l->t('User Display Name Field'));?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php p($_['ldap_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the user\'s display name.'));?>" /></p> |
|
| 92 | - <p><label for="ldap_user_display_name_2"><?php p($l->t('2nd User Display Name Field'));?></label><input type="text" id="ldap_user_display_name_2" name="ldap_user_display_name_2" data-default="<?php p($_['ldap_user_display_name_2_default']); ?>" title="<?php p($l->t('Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe ([email protected])«.'));?>" /></p> |
|
| 93 | - <p><label for="ldap_base_users"><?php p($l->t('Base User Tree'));?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php p($l->t('One User Base DN per line'));?>" data-default="<?php p($_['ldap_base_users_default']); ?>" title="<?php p($l->t('Base User Tree'));?>"></textarea></p> |
|
| 94 | - <p><label for="ldap_attributes_for_user_search"><?php p($l->t('User Search Attributes'));?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php p($l->t('Optional; one attribute per line'));?>" data-default="<?php p($_['ldap_attributes_for_user_search_default']); ?>" title="<?php p($l->t('User Search Attributes'));?>"></textarea></p> |
|
| 95 | - <p><label for="ldap_group_display_name"><?php p($l->t('Group Display Name Field'));?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php p($_['ldap_group_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the groups\'s display name.'));?>" /></p> |
|
| 96 | - <p><label for="ldap_base_groups"><?php p($l->t('Base Group Tree'));?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php p($l->t('One Group Base DN per line'));?>" data-default="<?php p($_['ldap_base_groups_default']); ?>" title="<?php p($l->t('Base Group Tree'));?>"></textarea></p> |
|
| 97 | - <p><label for="ldap_attributes_for_group_search"><?php p($l->t('Group Search Attributes'));?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php p($l->t('Optional; one attribute per line'));?>" data-default="<?php p($_['ldap_attributes_for_group_search_default']); ?>" title="<?php p($l->t('Group Search Attributes'));?>"></textarea></p> |
|
| 98 | - <p><label for="ldap_group_member_assoc_attribute"><?php p($l->t('Group-Member association'));?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php p($_['ldap_group_member_assoc_attribute_default']); ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'uniqueMember')) p(' selected'); ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'memberUid')) p(' selected'); ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'member')) p(' selected'); ?>>member (AD)</option><option value="gidNumber"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'gidNumber')) p(' selected'); ?>>gidNumber</option></select></p> <p><label for="ldap_dynamic_group_member_url"><?php p($l->t('Dynamic Group Member URL'));?></label><input type="text" id="ldap_dynamic_group_member_url" name="ldap_dynamic_group_member_url" title="<?php p($l->t('The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)'));?>" data-default="<?php p($_['ldap_dynamic_group_member_url_default']); ?>" /></p> |
|
| 99 | - <p><label for="ldap_nested_groups"><?php p($l->t('Nested Groups'));?></label><input type="checkbox" id="ldap_nested_groups" name="ldap_nested_groups" value="1" data-default="<?php p($_['ldap_nested_groups_default']); ?>" title="<?php p($l->t('When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)'));?>" /></p> |
|
| 100 | - <p><label for="ldap_paging_size"><?php p($l->t('Paging chunksize'));?></label><input type="number" id="ldap_paging_size" name="ldap_paging_size" title="<?php p($l->t('Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)'));?>" data-default="<?php p($_['ldap_paging_size_default']); ?>" /></p> |
|
| 101 | - <p><label for="ldap_turn_on_pwd_change"><?php p($l->t('Enable LDAP password changes per user'));?></label><span class="inlinetable"><span class="tablerow left"><input type="checkbox" id="ldap_turn_on_pwd_change" name="ldap_turn_on_pwd_change" value="1" data-default="<?php p($_['ldap_turn_on_pwd_change_default']); ?>" title="<?php p($l->t('Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.'));?>" /><span class="tablecell"><?php p($l->t('(New password is sent as plain text to LDAP)'));?></span></span> |
|
| 91 | + <p><label for="ldap_display_name"><?php p($l->t('User Display Name Field')); ?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php p($_['ldap_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the user\'s display name.')); ?>" /></p> |
|
| 92 | + <p><label for="ldap_user_display_name_2"><?php p($l->t('2nd User Display Name Field')); ?></label><input type="text" id="ldap_user_display_name_2" name="ldap_user_display_name_2" data-default="<?php p($_['ldap_user_display_name_2_default']); ?>" title="<?php p($l->t('Optional. An LDAP attribute to be added to the display name in brackets. Results in e.g. »John Doe ([email protected])«.')); ?>" /></p> |
|
| 93 | + <p><label for="ldap_base_users"><?php p($l->t('Base User Tree')); ?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php p($l->t('One User Base DN per line')); ?>" data-default="<?php p($_['ldap_base_users_default']); ?>" title="<?php p($l->t('Base User Tree')); ?>"></textarea></p> |
|
| 94 | + <p><label for="ldap_attributes_for_user_search"><?php p($l->t('User Search Attributes')); ?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php p($l->t('Optional; one attribute per line')); ?>" data-default="<?php p($_['ldap_attributes_for_user_search_default']); ?>" title="<?php p($l->t('User Search Attributes')); ?>"></textarea></p> |
|
| 95 | + <p><label for="ldap_group_display_name"><?php p($l->t('Group Display Name Field')); ?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php p($_['ldap_group_display_name_default']); ?>" title="<?php p($l->t('The LDAP attribute to use to generate the groups\'s display name.')); ?>" /></p> |
|
| 96 | + <p><label for="ldap_base_groups"><?php p($l->t('Base Group Tree')); ?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php p($l->t('One Group Base DN per line')); ?>" data-default="<?php p($_['ldap_base_groups_default']); ?>" title="<?php p($l->t('Base Group Tree')); ?>"></textarea></p> |
|
| 97 | + <p><label for="ldap_attributes_for_group_search"><?php p($l->t('Group Search Attributes')); ?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php p($l->t('Optional; one attribute per line')); ?>" data-default="<?php p($_['ldap_attributes_for_group_search_default']); ?>" title="<?php p($l->t('Group Search Attributes')); ?>"></textarea></p> |
|
| 98 | + <p><label for="ldap_group_member_assoc_attribute"><?php p($l->t('Group-Member association')); ?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php p($_['ldap_group_member_assoc_attribute_default']); ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'uniqueMember')) p(' selected'); ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'memberUid')) p(' selected'); ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'member')) p(' selected'); ?>>member (AD)</option><option value="gidNumber"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] === 'gidNumber')) p(' selected'); ?>>gidNumber</option></select></p> <p><label for="ldap_dynamic_group_member_url"><?php p($l->t('Dynamic Group Member URL')); ?></label><input type="text" id="ldap_dynamic_group_member_url" name="ldap_dynamic_group_member_url" title="<?php p($l->t('The LDAP attribute that on group objects contains an LDAP search URL that determines what objects belong to the group. (An empty setting disables dynamic group membership functionality.)')); ?>" data-default="<?php p($_['ldap_dynamic_group_member_url_default']); ?>" /></p> |
|
| 99 | + <p><label for="ldap_nested_groups"><?php p($l->t('Nested Groups')); ?></label><input type="checkbox" id="ldap_nested_groups" name="ldap_nested_groups" value="1" data-default="<?php p($_['ldap_nested_groups_default']); ?>" title="<?php p($l->t('When switched on, groups that contain groups are supported. (Only works if the group member attribute contains DNs.)')); ?>" /></p> |
|
| 100 | + <p><label for="ldap_paging_size"><?php p($l->t('Paging chunksize')); ?></label><input type="number" id="ldap_paging_size" name="ldap_paging_size" title="<?php p($l->t('Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)')); ?>" data-default="<?php p($_['ldap_paging_size_default']); ?>" /></p> |
|
| 101 | + <p><label for="ldap_turn_on_pwd_change"><?php p($l->t('Enable LDAP password changes per user')); ?></label><span class="inlinetable"><span class="tablerow left"><input type="checkbox" id="ldap_turn_on_pwd_change" name="ldap_turn_on_pwd_change" value="1" data-default="<?php p($_['ldap_turn_on_pwd_change_default']); ?>" title="<?php p($l->t('Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server.')); ?>" /><span class="tablecell"><?php p($l->t('(New password is sent as plain text to LDAP)')); ?></span></span> |
|
| 102 | 102 | </span><br/></p> |
| 103 | - <p><label for="ldap_default_ppolicy_dn"><?php p($l->t('Default password policy DN'));?></label><input type="text" id="ldap_default_ppolicy_dn" name="ldap_default_ppolicy_dn" title="<?php p($l->t('The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.'));?>" data-default="<?php p($_['ldap_default_ppolicy_dn_default']); ?>" /></p> |
|
| 103 | + <p><label for="ldap_default_ppolicy_dn"><?php p($l->t('Default password policy DN')); ?></label><input type="text" id="ldap_default_ppolicy_dn" name="ldap_default_ppolicy_dn" title="<?php p($l->t('The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling.')); ?>" data-default="<?php p($_['ldap_default_ppolicy_dn_default']); ?>" /></p> |
|
| 104 | 104 | </div> |
| 105 | - <h3><?php p($l->t('Special Attributes'));?></h3> |
|
| 105 | + <h3><?php p($l->t('Special Attributes')); ?></h3> |
|
| 106 | 106 | <div> |
| 107 | - <p><label for="ldap_quota_attr"><?php p($l->t('Quota Field'));?></label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php p($_['ldap_quota_attr_default']); ?>" title="<?php p($l->t('Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.'));?>" /></p> |
|
| 108 | - <p><label for="ldap_quota_def"><?php p($l->t('Quota Default'));?></label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php p($_['ldap_quota_def_default']); ?>" title="<?php p($l->t('Override default quota for LDAP users who do not have a quota set in the Quota Field.'));?>" /></p> |
|
| 109 | - <p><label for="ldap_email_attr"><?php p($l->t('Email Field'));?></label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php p($_['ldap_email_attr_default']); ?>" title="<?php p($l->t('Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.'));?>" /></p> |
|
| 110 | - <p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule'));?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for username (default). Otherwise, specify an LDAP/AD attribute.'));?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p> |
|
| 107 | + <p><label for="ldap_quota_attr"><?php p($l->t('Quota Field')); ?></label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php p($_['ldap_quota_attr_default']); ?>" title="<?php p($l->t('Leave empty for user\'s default quota. Otherwise, specify an LDAP/AD attribute.')); ?>" /></p> |
|
| 108 | + <p><label for="ldap_quota_def"><?php p($l->t('Quota Default')); ?></label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php p($_['ldap_quota_def_default']); ?>" title="<?php p($l->t('Override default quota for LDAP users who do not have a quota set in the Quota Field.')); ?>" /></p> |
|
| 109 | + <p><label for="ldap_email_attr"><?php p($l->t('Email Field')); ?></label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php p($_['ldap_email_attr_default']); ?>" title="<?php p($l->t('Set the user\'s email from their LDAP attribute. Leave it empty for default behaviour.')); ?>" /></p> |
|
| 110 | + <p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule')); ?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for username (default). Otherwise, specify an LDAP/AD attribute.')); ?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p> |
|
| 111 | 111 | <p><label for="ldap_ext_storage_home_attribute"> <?php p($l->t('"$home" Placeholder Field')); ?></label><input type="text" id="ldap_ext_storage_home_attribute" name="ldap_ext_storage_home_attribute" title="<?php p($l->t('$home in an external storage configuration will be replaced with the value of the specified attribute')); ?>" data-default="<?php p($_['ldap_ext_storage_home_attribute_default']); ?>"></p> |
| 112 | 112 | </div> |
| 113 | 113 | </div> |
| 114 | 114 | <?php print_unescaped($_['settingControls']); ?> |
| 115 | 115 | </fieldset> |
| 116 | 116 | <fieldset id="ldapSettings-2"> |
| 117 | - <p><strong><?php p($l->t('Internal Username'));?></strong></p> |
|
| 118 | - <p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.'));?></p> |
|
| 119 | - <p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:'));?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p> |
|
| 120 | - <p><strong><?php p($l->t('Override UUID detection'));?></strong></p> |
|
| 121 | - <p class="ldapIndent"><?php p($l->t('By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.'));?></p> |
|
| 122 | - <p class="ldapIndent"><label for="ldap_expert_uuid_user_attr"><?php p($l->t('UUID Attribute for Users:'));?></label><input type="text" id="ldap_expert_uuid_user_attr" name="ldap_expert_uuid_user_attr" data-default="<?php p($_['ldap_expert_uuid_user_attr_default']); ?>" /></p> |
|
| 123 | - <p class="ldapIndent"><label for="ldap_expert_uuid_group_attr"><?php p($l->t('UUID Attribute for Groups:'));?></label><input type="text" id="ldap_expert_uuid_group_attr" name="ldap_expert_uuid_group_attr" data-default="<?php p($_['ldap_expert_uuid_group_attr_default']); ?>" /></p> |
|
| 124 | - <p><strong><?php p($l->t('Username-LDAP User Mapping'));?></strong></p> |
|
| 125 | - <p class="ldapIndent"><?php p($l->t('Usernames are used to store and assign metadata. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.'));?></p> |
|
| 126 | - <p class="ldapIndent"><button type="button" id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping'));?></button><br/><button type="button" id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping'));?></button></p> |
|
| 117 | + <p><strong><?php p($l->t('Internal Username')); ?></strong></p> |
|
| 118 | + <p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.')); ?></p> |
|
| 119 | + <p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:')); ?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p> |
|
| 120 | + <p><strong><?php p($l->t('Override UUID detection')); ?></strong></p> |
|
| 121 | + <p class="ldapIndent"><?php p($l->t('By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.')); ?></p> |
|
| 122 | + <p class="ldapIndent"><label for="ldap_expert_uuid_user_attr"><?php p($l->t('UUID Attribute for Users:')); ?></label><input type="text" id="ldap_expert_uuid_user_attr" name="ldap_expert_uuid_user_attr" data-default="<?php p($_['ldap_expert_uuid_user_attr_default']); ?>" /></p> |
|
| 123 | + <p class="ldapIndent"><label for="ldap_expert_uuid_group_attr"><?php p($l->t('UUID Attribute for Groups:')); ?></label><input type="text" id="ldap_expert_uuid_group_attr" name="ldap_expert_uuid_group_attr" data-default="<?php p($_['ldap_expert_uuid_group_attr_default']); ?>" /></p> |
|
| 124 | + <p><strong><?php p($l->t('Username-LDAP User Mapping')); ?></strong></p> |
|
| 125 | + <p class="ldapIndent"><?php p($l->t('Usernames are used to store and assign metadata. In order to precisely identify and recognize users, each LDAP user will have an internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.')); ?></p> |
|
| 126 | + <p class="ldapIndent"><button type="button" id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping')); ?></button><br/><button type="button" id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping')); ?></button></p> |
|
| 127 | 127 | <?php print_unescaped($_['settingControls']); ?> |
| 128 | 128 | </fieldset> |
| 129 | 129 | </div> |
@@ -32,10 +32,10 @@ |
||
| 32 | 32 | use OCP\IConfig; |
| 33 | 33 | |
| 34 | 34 | class UUIDFixGroup extends UUIDFix { |
| 35 | - public function __construct(GroupMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) { |
|
| 36 | - $this->mapper = $mapper; |
|
| 37 | - $this->proxy = new User_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config, |
|
| 38 | - \OC::$server->getNotificationManager(), \OC::$server->getUserSession(), |
|
| 39 | - \OC::$server->query('LDAPUserPluginManager')); |
|
| 40 | - } |
|
| 35 | + public function __construct(GroupMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) { |
|
| 36 | + $this->mapper = $mapper; |
|
| 37 | + $this->proxy = new User_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config, |
|
| 38 | + \OC::$server->getNotificationManager(), \OC::$server->getUserSession(), |
|
| 39 | + \OC::$server->query('LDAPUserPluginManager')); |
|
| 40 | + } |
|
| 41 | 41 | } |
@@ -46,232 +46,232 @@ |
||
| 46 | 46 | * cache |
| 47 | 47 | */ |
| 48 | 48 | class Manager { |
| 49 | - /** @var Access */ |
|
| 50 | - protected $access; |
|
| 49 | + /** @var Access */ |
|
| 50 | + protected $access; |
|
| 51 | 51 | |
| 52 | - /** @var IConfig */ |
|
| 53 | - protected $ocConfig; |
|
| 52 | + /** @var IConfig */ |
|
| 53 | + protected $ocConfig; |
|
| 54 | 54 | |
| 55 | - /** @var IDBConnection */ |
|
| 56 | - protected $db; |
|
| 55 | + /** @var IDBConnection */ |
|
| 56 | + protected $db; |
|
| 57 | 57 | |
| 58 | - /** @var IUserManager */ |
|
| 59 | - protected $userManager; |
|
| 58 | + /** @var IUserManager */ |
|
| 59 | + protected $userManager; |
|
| 60 | 60 | |
| 61 | - /** @var INotificationManager */ |
|
| 62 | - protected $notificationManager; |
|
| 61 | + /** @var INotificationManager */ |
|
| 62 | + protected $notificationManager; |
|
| 63 | 63 | |
| 64 | - /** @var FilesystemHelper */ |
|
| 65 | - protected $ocFilesystem; |
|
| 64 | + /** @var FilesystemHelper */ |
|
| 65 | + protected $ocFilesystem; |
|
| 66 | 66 | |
| 67 | - /** @var LogWrapper */ |
|
| 68 | - protected $ocLog; |
|
| 67 | + /** @var LogWrapper */ |
|
| 68 | + protected $ocLog; |
|
| 69 | 69 | |
| 70 | - /** @var Image */ |
|
| 71 | - protected $image; |
|
| 70 | + /** @var Image */ |
|
| 71 | + protected $image; |
|
| 72 | 72 | |
| 73 | - /** @param \OCP\IAvatarManager */ |
|
| 74 | - protected $avatarManager; |
|
| 73 | + /** @param \OCP\IAvatarManager */ |
|
| 74 | + protected $avatarManager; |
|
| 75 | 75 | |
| 76 | - /** |
|
| 77 | - * @var CappedMemoryCache $usersByDN |
|
| 78 | - */ |
|
| 79 | - protected $usersByDN; |
|
| 80 | - /** |
|
| 81 | - * @var CappedMemoryCache $usersByUid |
|
| 82 | - */ |
|
| 83 | - protected $usersByUid; |
|
| 76 | + /** |
|
| 77 | + * @var CappedMemoryCache $usersByDN |
|
| 78 | + */ |
|
| 79 | + protected $usersByDN; |
|
| 80 | + /** |
|
| 81 | + * @var CappedMemoryCache $usersByUid |
|
| 82 | + */ |
|
| 83 | + protected $usersByUid; |
|
| 84 | 84 | |
| 85 | - /** |
|
| 86 | - * @param IConfig $ocConfig |
|
| 87 | - * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that |
|
| 88 | - * gives access to necessary functions from the OC filesystem |
|
| 89 | - * @param \OCA\User_LDAP\LogWrapper $ocLog |
|
| 90 | - * @param IAvatarManager $avatarManager |
|
| 91 | - * @param Image $image an empty image instance |
|
| 92 | - * @param IDBConnection $db |
|
| 93 | - * @throws \Exception when the methods mentioned above do not exist |
|
| 94 | - */ |
|
| 95 | - public function __construct(IConfig $ocConfig, |
|
| 96 | - FilesystemHelper $ocFilesystem, LogWrapper $ocLog, |
|
| 97 | - IAvatarManager $avatarManager, Image $image, |
|
| 98 | - IDBConnection $db, IUserManager $userManager, |
|
| 99 | - INotificationManager $notificationManager) { |
|
| 85 | + /** |
|
| 86 | + * @param IConfig $ocConfig |
|
| 87 | + * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that |
|
| 88 | + * gives access to necessary functions from the OC filesystem |
|
| 89 | + * @param \OCA\User_LDAP\LogWrapper $ocLog |
|
| 90 | + * @param IAvatarManager $avatarManager |
|
| 91 | + * @param Image $image an empty image instance |
|
| 92 | + * @param IDBConnection $db |
|
| 93 | + * @throws \Exception when the methods mentioned above do not exist |
|
| 94 | + */ |
|
| 95 | + public function __construct(IConfig $ocConfig, |
|
| 96 | + FilesystemHelper $ocFilesystem, LogWrapper $ocLog, |
|
| 97 | + IAvatarManager $avatarManager, Image $image, |
|
| 98 | + IDBConnection $db, IUserManager $userManager, |
|
| 99 | + INotificationManager $notificationManager) { |
|
| 100 | 100 | |
| 101 | - $this->ocConfig = $ocConfig; |
|
| 102 | - $this->ocFilesystem = $ocFilesystem; |
|
| 103 | - $this->ocLog = $ocLog; |
|
| 104 | - $this->avatarManager = $avatarManager; |
|
| 105 | - $this->image = $image; |
|
| 106 | - $this->db = $db; |
|
| 107 | - $this->userManager = $userManager; |
|
| 108 | - $this->notificationManager = $notificationManager; |
|
| 109 | - $this->usersByDN = new CappedMemoryCache(); |
|
| 110 | - $this->usersByUid = new CappedMemoryCache(); |
|
| 111 | - } |
|
| 101 | + $this->ocConfig = $ocConfig; |
|
| 102 | + $this->ocFilesystem = $ocFilesystem; |
|
| 103 | + $this->ocLog = $ocLog; |
|
| 104 | + $this->avatarManager = $avatarManager; |
|
| 105 | + $this->image = $image; |
|
| 106 | + $this->db = $db; |
|
| 107 | + $this->userManager = $userManager; |
|
| 108 | + $this->notificationManager = $notificationManager; |
|
| 109 | + $this->usersByDN = new CappedMemoryCache(); |
|
| 110 | + $this->usersByUid = new CappedMemoryCache(); |
|
| 111 | + } |
|
| 112 | 112 | |
| 113 | - /** |
|
| 114 | - * Binds manager to an instance of Access. |
|
| 115 | - * It needs to be assigned first before the manager can be used. |
|
| 116 | - * @param Access |
|
| 117 | - */ |
|
| 118 | - public function setLdapAccess(Access $access) { |
|
| 119 | - $this->access = $access; |
|
| 120 | - } |
|
| 113 | + /** |
|
| 114 | + * Binds manager to an instance of Access. |
|
| 115 | + * It needs to be assigned first before the manager can be used. |
|
| 116 | + * @param Access |
|
| 117 | + */ |
|
| 118 | + public function setLdapAccess(Access $access) { |
|
| 119 | + $this->access = $access; |
|
| 120 | + } |
|
| 121 | 121 | |
| 122 | - /** |
|
| 123 | - * @brief creates an instance of User and caches (just runtime) it in the |
|
| 124 | - * property array |
|
| 125 | - * @param string $dn the DN of the user |
|
| 126 | - * @param string $uid the internal (owncloud) username |
|
| 127 | - * @return \OCA\User_LDAP\User\User |
|
| 128 | - */ |
|
| 129 | - private function createAndCache($dn, $uid) { |
|
| 130 | - $this->checkAccess(); |
|
| 131 | - $user = new User($uid, $dn, $this->access, $this->ocConfig, |
|
| 132 | - $this->ocFilesystem, clone $this->image, $this->ocLog, |
|
| 133 | - $this->avatarManager, $this->userManager, |
|
| 134 | - $this->notificationManager); |
|
| 135 | - $this->usersByDN[$dn] = $user; |
|
| 136 | - $this->usersByUid[$uid] = $user; |
|
| 137 | - return $user; |
|
| 138 | - } |
|
| 122 | + /** |
|
| 123 | + * @brief creates an instance of User and caches (just runtime) it in the |
|
| 124 | + * property array |
|
| 125 | + * @param string $dn the DN of the user |
|
| 126 | + * @param string $uid the internal (owncloud) username |
|
| 127 | + * @return \OCA\User_LDAP\User\User |
|
| 128 | + */ |
|
| 129 | + private function createAndCache($dn, $uid) { |
|
| 130 | + $this->checkAccess(); |
|
| 131 | + $user = new User($uid, $dn, $this->access, $this->ocConfig, |
|
| 132 | + $this->ocFilesystem, clone $this->image, $this->ocLog, |
|
| 133 | + $this->avatarManager, $this->userManager, |
|
| 134 | + $this->notificationManager); |
|
| 135 | + $this->usersByDN[$dn] = $user; |
|
| 136 | + $this->usersByUid[$uid] = $user; |
|
| 137 | + return $user; |
|
| 138 | + } |
|
| 139 | 139 | |
| 140 | - /** |
|
| 141 | - * removes a user entry from the cache |
|
| 142 | - * @param $uid |
|
| 143 | - */ |
|
| 144 | - public function invalidate($uid) { |
|
| 145 | - if(!isset($this->usersByUid[$uid])) { |
|
| 146 | - return; |
|
| 147 | - } |
|
| 148 | - $dn = $this->usersByUid[$uid]->getDN(); |
|
| 149 | - unset($this->usersByUid[$uid]); |
|
| 150 | - unset($this->usersByDN[$dn]); |
|
| 151 | - } |
|
| 140 | + /** |
|
| 141 | + * removes a user entry from the cache |
|
| 142 | + * @param $uid |
|
| 143 | + */ |
|
| 144 | + public function invalidate($uid) { |
|
| 145 | + if(!isset($this->usersByUid[$uid])) { |
|
| 146 | + return; |
|
| 147 | + } |
|
| 148 | + $dn = $this->usersByUid[$uid]->getDN(); |
|
| 149 | + unset($this->usersByUid[$uid]); |
|
| 150 | + unset($this->usersByDN[$dn]); |
|
| 151 | + } |
|
| 152 | 152 | |
| 153 | - /** |
|
| 154 | - * @brief checks whether the Access instance has been set |
|
| 155 | - * @throws \Exception if Access has not been set |
|
| 156 | - * @return null |
|
| 157 | - */ |
|
| 158 | - private function checkAccess() { |
|
| 159 | - if(is_null($this->access)) { |
|
| 160 | - throw new \Exception('LDAP Access instance must be set first'); |
|
| 161 | - } |
|
| 162 | - } |
|
| 153 | + /** |
|
| 154 | + * @brief checks whether the Access instance has been set |
|
| 155 | + * @throws \Exception if Access has not been set |
|
| 156 | + * @return null |
|
| 157 | + */ |
|
| 158 | + private function checkAccess() { |
|
| 159 | + if(is_null($this->access)) { |
|
| 160 | + throw new \Exception('LDAP Access instance must be set first'); |
|
| 161 | + } |
|
| 162 | + } |
|
| 163 | 163 | |
| 164 | - /** |
|
| 165 | - * returns a list of attributes that will be processed further, e.g. quota, |
|
| 166 | - * email, displayname, or others. |
|
| 167 | - * |
|
| 168 | - * @param bool $minimal - optional, set to true to skip attributes with big |
|
| 169 | - * payload |
|
| 170 | - * @return string[] |
|
| 171 | - */ |
|
| 172 | - public function getAttributes($minimal = false) { |
|
| 173 | - $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']); |
|
| 174 | - $attributes = [ |
|
| 175 | - $this->access->getConnection()->ldapExpertUUIDUserAttr, |
|
| 176 | - $this->access->getConnection()->ldapQuotaAttribute, |
|
| 177 | - $this->access->getConnection()->ldapEmailAttribute, |
|
| 178 | - $this->access->getConnection()->ldapUserDisplayName, |
|
| 179 | - $this->access->getConnection()->ldapUserDisplayName2, |
|
| 180 | - $this->access->getConnection()->ldapExtStorageHomeAttribute, |
|
| 181 | - ]; |
|
| 164 | + /** |
|
| 165 | + * returns a list of attributes that will be processed further, e.g. quota, |
|
| 166 | + * email, displayname, or others. |
|
| 167 | + * |
|
| 168 | + * @param bool $minimal - optional, set to true to skip attributes with big |
|
| 169 | + * payload |
|
| 170 | + * @return string[] |
|
| 171 | + */ |
|
| 172 | + public function getAttributes($minimal = false) { |
|
| 173 | + $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']); |
|
| 174 | + $attributes = [ |
|
| 175 | + $this->access->getConnection()->ldapExpertUUIDUserAttr, |
|
| 176 | + $this->access->getConnection()->ldapQuotaAttribute, |
|
| 177 | + $this->access->getConnection()->ldapEmailAttribute, |
|
| 178 | + $this->access->getConnection()->ldapUserDisplayName, |
|
| 179 | + $this->access->getConnection()->ldapUserDisplayName2, |
|
| 180 | + $this->access->getConnection()->ldapExtStorageHomeAttribute, |
|
| 181 | + ]; |
|
| 182 | 182 | |
| 183 | - $homeRule = $this->access->getConnection()->homeFolderNamingRule; |
|
| 184 | - if(strpos($homeRule, 'attr:') === 0) { |
|
| 185 | - $attributes[] = substr($homeRule, strlen('attr:')); |
|
| 186 | - } |
|
| 183 | + $homeRule = $this->access->getConnection()->homeFolderNamingRule; |
|
| 184 | + if(strpos($homeRule, 'attr:') === 0) { |
|
| 185 | + $attributes[] = substr($homeRule, strlen('attr:')); |
|
| 186 | + } |
|
| 187 | 187 | |
| 188 | - if(!$minimal) { |
|
| 189 | - // attributes that are not really important but may come with big |
|
| 190 | - // payload. |
|
| 191 | - $attributes = array_merge( |
|
| 192 | - $attributes, |
|
| 193 | - $this->access->getConnection()->resolveRule('avatar') |
|
| 194 | - ); |
|
| 195 | - } |
|
| 188 | + if(!$minimal) { |
|
| 189 | + // attributes that are not really important but may come with big |
|
| 190 | + // payload. |
|
| 191 | + $attributes = array_merge( |
|
| 192 | + $attributes, |
|
| 193 | + $this->access->getConnection()->resolveRule('avatar') |
|
| 194 | + ); |
|
| 195 | + } |
|
| 196 | 196 | |
| 197 | - $attributes = array_reduce($attributes, |
|
| 198 | - function ($list, $attribute) { |
|
| 199 | - $attribute = strtolower(trim((string)$attribute)); |
|
| 200 | - if(!empty($attribute) && !in_array($attribute, $list)) { |
|
| 201 | - $list[] = $attribute; |
|
| 202 | - } |
|
| 197 | + $attributes = array_reduce($attributes, |
|
| 198 | + function ($list, $attribute) { |
|
| 199 | + $attribute = strtolower(trim((string)$attribute)); |
|
| 200 | + if(!empty($attribute) && !in_array($attribute, $list)) { |
|
| 201 | + $list[] = $attribute; |
|
| 202 | + } |
|
| 203 | 203 | |
| 204 | - return $list; |
|
| 205 | - }, |
|
| 206 | - $baseAttributes // hard-coded, lower-case, non-empty attributes |
|
| 207 | - ); |
|
| 204 | + return $list; |
|
| 205 | + }, |
|
| 206 | + $baseAttributes // hard-coded, lower-case, non-empty attributes |
|
| 207 | + ); |
|
| 208 | 208 | |
| 209 | - return $attributes; |
|
| 210 | - } |
|
| 209 | + return $attributes; |
|
| 210 | + } |
|
| 211 | 211 | |
| 212 | - /** |
|
| 213 | - * Checks whether the specified user is marked as deleted |
|
| 214 | - * @param string $id the Nextcloud user name |
|
| 215 | - * @return bool |
|
| 216 | - */ |
|
| 217 | - public function isDeletedUser($id) { |
|
| 218 | - $isDeleted = $this->ocConfig->getUserValue( |
|
| 219 | - $id, 'user_ldap', 'isDeleted', 0); |
|
| 220 | - return (int)$isDeleted === 1; |
|
| 221 | - } |
|
| 212 | + /** |
|
| 213 | + * Checks whether the specified user is marked as deleted |
|
| 214 | + * @param string $id the Nextcloud user name |
|
| 215 | + * @return bool |
|
| 216 | + */ |
|
| 217 | + public function isDeletedUser($id) { |
|
| 218 | + $isDeleted = $this->ocConfig->getUserValue( |
|
| 219 | + $id, 'user_ldap', 'isDeleted', 0); |
|
| 220 | + return (int)$isDeleted === 1; |
|
| 221 | + } |
|
| 222 | 222 | |
| 223 | - /** |
|
| 224 | - * creates and returns an instance of OfflineUser for the specified user |
|
| 225 | - * @param string $id |
|
| 226 | - * @return \OCA\User_LDAP\User\OfflineUser |
|
| 227 | - */ |
|
| 228 | - public function getDeletedUser($id) { |
|
| 229 | - return new OfflineUser( |
|
| 230 | - $id, |
|
| 231 | - $this->ocConfig, |
|
| 232 | - $this->db, |
|
| 233 | - $this->access->getUserMapper()); |
|
| 234 | - } |
|
| 223 | + /** |
|
| 224 | + * creates and returns an instance of OfflineUser for the specified user |
|
| 225 | + * @param string $id |
|
| 226 | + * @return \OCA\User_LDAP\User\OfflineUser |
|
| 227 | + */ |
|
| 228 | + public function getDeletedUser($id) { |
|
| 229 | + return new OfflineUser( |
|
| 230 | + $id, |
|
| 231 | + $this->ocConfig, |
|
| 232 | + $this->db, |
|
| 233 | + $this->access->getUserMapper()); |
|
| 234 | + } |
|
| 235 | 235 | |
| 236 | - /** |
|
| 237 | - * @brief returns a User object by it's Nextcloud username |
|
| 238 | - * @param string $id the DN or username of the user |
|
| 239 | - * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null |
|
| 240 | - */ |
|
| 241 | - protected function createInstancyByUserName($id) { |
|
| 242 | - //most likely a uid. Check whether it is a deleted user |
|
| 243 | - if($this->isDeletedUser($id)) { |
|
| 244 | - return $this->getDeletedUser($id); |
|
| 245 | - } |
|
| 246 | - $dn = $this->access->username2dn($id); |
|
| 247 | - if($dn !== false) { |
|
| 248 | - return $this->createAndCache($dn, $id); |
|
| 249 | - } |
|
| 250 | - return null; |
|
| 251 | - } |
|
| 236 | + /** |
|
| 237 | + * @brief returns a User object by it's Nextcloud username |
|
| 238 | + * @param string $id the DN or username of the user |
|
| 239 | + * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null |
|
| 240 | + */ |
|
| 241 | + protected function createInstancyByUserName($id) { |
|
| 242 | + //most likely a uid. Check whether it is a deleted user |
|
| 243 | + if($this->isDeletedUser($id)) { |
|
| 244 | + return $this->getDeletedUser($id); |
|
| 245 | + } |
|
| 246 | + $dn = $this->access->username2dn($id); |
|
| 247 | + if($dn !== false) { |
|
| 248 | + return $this->createAndCache($dn, $id); |
|
| 249 | + } |
|
| 250 | + return null; |
|
| 251 | + } |
|
| 252 | 252 | |
| 253 | - /** |
|
| 254 | - * @brief returns a User object by it's DN or Nextcloud username |
|
| 255 | - * @param string $id the DN or username of the user |
|
| 256 | - * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null |
|
| 257 | - * @throws \Exception when connection could not be established |
|
| 258 | - */ |
|
| 259 | - public function get($id) { |
|
| 260 | - $this->checkAccess(); |
|
| 261 | - if(isset($this->usersByDN[$id])) { |
|
| 262 | - return $this->usersByDN[$id]; |
|
| 263 | - } else if(isset($this->usersByUid[$id])) { |
|
| 264 | - return $this->usersByUid[$id]; |
|
| 265 | - } |
|
| 253 | + /** |
|
| 254 | + * @brief returns a User object by it's DN or Nextcloud username |
|
| 255 | + * @param string $id the DN or username of the user |
|
| 256 | + * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null |
|
| 257 | + * @throws \Exception when connection could not be established |
|
| 258 | + */ |
|
| 259 | + public function get($id) { |
|
| 260 | + $this->checkAccess(); |
|
| 261 | + if(isset($this->usersByDN[$id])) { |
|
| 262 | + return $this->usersByDN[$id]; |
|
| 263 | + } else if(isset($this->usersByUid[$id])) { |
|
| 264 | + return $this->usersByUid[$id]; |
|
| 265 | + } |
|
| 266 | 266 | |
| 267 | - if($this->access->stringResemblesDN($id)) { |
|
| 268 | - $uid = $this->access->dn2username($id); |
|
| 269 | - if($uid !== false) { |
|
| 270 | - return $this->createAndCache($id, $uid); |
|
| 271 | - } |
|
| 272 | - } |
|
| 267 | + if($this->access->stringResemblesDN($id)) { |
|
| 268 | + $uid = $this->access->dn2username($id); |
|
| 269 | + if($uid !== false) { |
|
| 270 | + return $this->createAndCache($id, $uid); |
|
| 271 | + } |
|
| 272 | + } |
|
| 273 | 273 | |
| 274 | - return $this->createInstancyByUserName($id); |
|
| 275 | - } |
|
| 274 | + return $this->createInstancyByUserName($id); |
|
| 275 | + } |
|
| 276 | 276 | |
| 277 | 277 | } |
@@ -142,7 +142,7 @@ discard block |
||
| 142 | 142 | * @param $uid |
| 143 | 143 | */ |
| 144 | 144 | public function invalidate($uid) { |
| 145 | - if(!isset($this->usersByUid[$uid])) { |
|
| 145 | + if (!isset($this->usersByUid[$uid])) { |
|
| 146 | 146 | return; |
| 147 | 147 | } |
| 148 | 148 | $dn = $this->usersByUid[$uid]->getDN(); |
@@ -156,7 +156,7 @@ discard block |
||
| 156 | 156 | * @return null |
| 157 | 157 | */ |
| 158 | 158 | private function checkAccess() { |
| 159 | - if(is_null($this->access)) { |
|
| 159 | + if (is_null($this->access)) { |
|
| 160 | 160 | throw new \Exception('LDAP Access instance must be set first'); |
| 161 | 161 | } |
| 162 | 162 | } |
@@ -181,11 +181,11 @@ discard block |
||
| 181 | 181 | ]; |
| 182 | 182 | |
| 183 | 183 | $homeRule = $this->access->getConnection()->homeFolderNamingRule; |
| 184 | - if(strpos($homeRule, 'attr:') === 0) { |
|
| 184 | + if (strpos($homeRule, 'attr:') === 0) { |
|
| 185 | 185 | $attributes[] = substr($homeRule, strlen('attr:')); |
| 186 | 186 | } |
| 187 | 187 | |
| 188 | - if(!$minimal) { |
|
| 188 | + if (!$minimal) { |
|
| 189 | 189 | // attributes that are not really important but may come with big |
| 190 | 190 | // payload. |
| 191 | 191 | $attributes = array_merge( |
@@ -195,9 +195,9 @@ discard block |
||
| 195 | 195 | } |
| 196 | 196 | |
| 197 | 197 | $attributes = array_reduce($attributes, |
| 198 | - function ($list, $attribute) { |
|
| 199 | - $attribute = strtolower(trim((string)$attribute)); |
|
| 200 | - if(!empty($attribute) && !in_array($attribute, $list)) { |
|
| 198 | + function($list, $attribute) { |
|
| 199 | + $attribute = strtolower(trim((string) $attribute)); |
|
| 200 | + if (!empty($attribute) && !in_array($attribute, $list)) { |
|
| 201 | 201 | $list[] = $attribute; |
| 202 | 202 | } |
| 203 | 203 | |
@@ -217,7 +217,7 @@ discard block |
||
| 217 | 217 | public function isDeletedUser($id) { |
| 218 | 218 | $isDeleted = $this->ocConfig->getUserValue( |
| 219 | 219 | $id, 'user_ldap', 'isDeleted', 0); |
| 220 | - return (int)$isDeleted === 1; |
|
| 220 | + return (int) $isDeleted === 1; |
|
| 221 | 221 | } |
| 222 | 222 | |
| 223 | 223 | /** |
@@ -240,11 +240,11 @@ discard block |
||
| 240 | 240 | */ |
| 241 | 241 | protected function createInstancyByUserName($id) { |
| 242 | 242 | //most likely a uid. Check whether it is a deleted user |
| 243 | - if($this->isDeletedUser($id)) { |
|
| 243 | + if ($this->isDeletedUser($id)) { |
|
| 244 | 244 | return $this->getDeletedUser($id); |
| 245 | 245 | } |
| 246 | 246 | $dn = $this->access->username2dn($id); |
| 247 | - if($dn !== false) { |
|
| 247 | + if ($dn !== false) { |
|
| 248 | 248 | return $this->createAndCache($dn, $id); |
| 249 | 249 | } |
| 250 | 250 | return null; |
@@ -258,15 +258,15 @@ discard block |
||
| 258 | 258 | */ |
| 259 | 259 | public function get($id) { |
| 260 | 260 | $this->checkAccess(); |
| 261 | - if(isset($this->usersByDN[$id])) { |
|
| 261 | + if (isset($this->usersByDN[$id])) { |
|
| 262 | 262 | return $this->usersByDN[$id]; |
| 263 | - } else if(isset($this->usersByUid[$id])) { |
|
| 263 | + } else if (isset($this->usersByUid[$id])) { |
|
| 264 | 264 | return $this->usersByUid[$id]; |
| 265 | 265 | } |
| 266 | 266 | |
| 267 | - if($this->access->stringResemblesDN($id)) { |
|
| 267 | + if ($this->access->stringResemblesDN($id)) { |
|
| 268 | 268 | $uid = $this->access->dn2username($id); |
| 269 | - if($uid !== false) { |
|
| 269 | + if ($uid !== false) { |
|
| 270 | 270 | return $this->createAndCache($id, $uid); |
| 271 | 271 | } |
| 272 | 272 | } |
@@ -51,745 +51,745 @@ |
||
| 51 | 51 | * represents an LDAP user, gets and holds user-specific information from LDAP |
| 52 | 52 | */ |
| 53 | 53 | class User { |
| 54 | - /** |
|
| 55 | - * @var Access |
|
| 56 | - */ |
|
| 57 | - protected $access; |
|
| 58 | - /** |
|
| 59 | - * @var Connection |
|
| 60 | - */ |
|
| 61 | - protected $connection; |
|
| 62 | - /** |
|
| 63 | - * @var IConfig |
|
| 64 | - */ |
|
| 65 | - protected $config; |
|
| 66 | - /** |
|
| 67 | - * @var FilesystemHelper |
|
| 68 | - */ |
|
| 69 | - protected $fs; |
|
| 70 | - /** |
|
| 71 | - * @var Image |
|
| 72 | - */ |
|
| 73 | - protected $image; |
|
| 74 | - /** |
|
| 75 | - * @var LogWrapper |
|
| 76 | - */ |
|
| 77 | - protected $log; |
|
| 78 | - /** |
|
| 79 | - * @var IAvatarManager |
|
| 80 | - */ |
|
| 81 | - protected $avatarManager; |
|
| 82 | - /** |
|
| 83 | - * @var IUserManager |
|
| 84 | - */ |
|
| 85 | - protected $userManager; |
|
| 86 | - /** |
|
| 87 | - * @var INotificationManager |
|
| 88 | - */ |
|
| 89 | - protected $notificationManager; |
|
| 90 | - /** |
|
| 91 | - * @var string |
|
| 92 | - */ |
|
| 93 | - protected $dn; |
|
| 94 | - /** |
|
| 95 | - * @var string |
|
| 96 | - */ |
|
| 97 | - protected $uid; |
|
| 98 | - /** |
|
| 99 | - * @var string[] |
|
| 100 | - */ |
|
| 101 | - protected $refreshedFeatures = []; |
|
| 102 | - /** |
|
| 103 | - * @var string |
|
| 104 | - */ |
|
| 105 | - protected $avatarImage; |
|
| 106 | - |
|
| 107 | - /** |
|
| 108 | - * DB config keys for user preferences |
|
| 109 | - */ |
|
| 110 | - const USER_PREFKEY_FIRSTLOGIN = 'firstLoginAccomplished'; |
|
| 111 | - const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh'; |
|
| 112 | - |
|
| 113 | - /** |
|
| 114 | - * @brief constructor, make sure the subclasses call this one! |
|
| 115 | - * @param string $username the internal username |
|
| 116 | - * @param string $dn the LDAP DN |
|
| 117 | - * @param Access $access |
|
| 118 | - * @param IConfig $config |
|
| 119 | - * @param FilesystemHelper $fs |
|
| 120 | - * @param Image $image any empty instance |
|
| 121 | - * @param LogWrapper $log |
|
| 122 | - * @param IAvatarManager $avatarManager |
|
| 123 | - * @param IUserManager $userManager |
|
| 124 | - * @param INotificationManager $notificationManager |
|
| 125 | - */ |
|
| 126 | - public function __construct($username, $dn, Access $access, |
|
| 127 | - IConfig $config, FilesystemHelper $fs, Image $image, |
|
| 128 | - LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager, |
|
| 129 | - INotificationManager $notificationManager) { |
|
| 130 | - |
|
| 131 | - if ($username === null) { |
|
| 132 | - $log->log("uid for '$dn' must not be null!", ILogger::ERROR); |
|
| 133 | - throw new \InvalidArgumentException('uid must not be null!'); |
|
| 134 | - } else if ($username === '') { |
|
| 135 | - $log->log("uid for '$dn' must not be an empty string", ILogger::ERROR); |
|
| 136 | - throw new \InvalidArgumentException('uid must not be an empty string!'); |
|
| 137 | - } |
|
| 138 | - |
|
| 139 | - $this->access = $access; |
|
| 140 | - $this->connection = $access->getConnection(); |
|
| 141 | - $this->config = $config; |
|
| 142 | - $this->fs = $fs; |
|
| 143 | - $this->dn = $dn; |
|
| 144 | - $this->uid = $username; |
|
| 145 | - $this->image = $image; |
|
| 146 | - $this->log = $log; |
|
| 147 | - $this->avatarManager = $avatarManager; |
|
| 148 | - $this->userManager = $userManager; |
|
| 149 | - $this->notificationManager = $notificationManager; |
|
| 150 | - |
|
| 151 | - \OCP\Util::connectHook('OC_User', 'post_login', $this, 'handlePasswordExpiry'); |
|
| 152 | - } |
|
| 153 | - |
|
| 154 | - /** |
|
| 155 | - * @brief updates properties like email, quota or avatar provided by LDAP |
|
| 156 | - * @return null |
|
| 157 | - */ |
|
| 158 | - public function update() { |
|
| 159 | - if(is_null($this->dn)) { |
|
| 160 | - return null; |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap', |
|
| 164 | - self::USER_PREFKEY_FIRSTLOGIN, 0); |
|
| 165 | - |
|
| 166 | - if($this->needsRefresh()) { |
|
| 167 | - $this->updateEmail(); |
|
| 168 | - $this->updateQuota(); |
|
| 169 | - if($hasLoggedIn !== 0) { |
|
| 170 | - //we do not need to try it, when the user has not been logged in |
|
| 171 | - //before, because the file system will not be ready. |
|
| 172 | - $this->updateAvatar(); |
|
| 173 | - //in order to get an avatar as soon as possible, mark the user |
|
| 174 | - //as refreshed only when updating the avatar did happen |
|
| 175 | - $this->markRefreshTime(); |
|
| 176 | - } |
|
| 177 | - } |
|
| 178 | - } |
|
| 179 | - |
|
| 180 | - /** |
|
| 181 | - * marks a user as deleted |
|
| 182 | - * |
|
| 183 | - * @throws \OCP\PreConditionNotMetException |
|
| 184 | - */ |
|
| 185 | - public function markUser() { |
|
| 186 | - $curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0'); |
|
| 187 | - if($curValue === '1') { |
|
| 188 | - // the user is already marked, do not write to DB again |
|
| 189 | - return; |
|
| 190 | - } |
|
| 191 | - $this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1'); |
|
| 192 | - $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time()); |
|
| 193 | - } |
|
| 194 | - |
|
| 195 | - /** |
|
| 196 | - * processes results from LDAP for attributes as returned by getAttributesToRead() |
|
| 197 | - * @param array $ldapEntry the user entry as retrieved from LDAP |
|
| 198 | - */ |
|
| 199 | - public function processAttributes($ldapEntry) { |
|
| 200 | - $this->markRefreshTime(); |
|
| 201 | - //Quota |
|
| 202 | - $attr = strtolower($this->connection->ldapQuotaAttribute); |
|
| 203 | - if(isset($ldapEntry[$attr])) { |
|
| 204 | - $this->updateQuota($ldapEntry[$attr][0]); |
|
| 205 | - } else { |
|
| 206 | - if ($this->connection->ldapQuotaDefault !== '') { |
|
| 207 | - $this->updateQuota(); |
|
| 208 | - } |
|
| 209 | - } |
|
| 210 | - unset($attr); |
|
| 211 | - |
|
| 212 | - //displayName |
|
| 213 | - $displayName = $displayName2 = ''; |
|
| 214 | - $attr = strtolower($this->connection->ldapUserDisplayName); |
|
| 215 | - if(isset($ldapEntry[$attr])) { |
|
| 216 | - $displayName = (string)$ldapEntry[$attr][0]; |
|
| 217 | - } |
|
| 218 | - $attr = strtolower($this->connection->ldapUserDisplayName2); |
|
| 219 | - if(isset($ldapEntry[$attr])) { |
|
| 220 | - $displayName2 = (string)$ldapEntry[$attr][0]; |
|
| 221 | - } |
|
| 222 | - if ($displayName !== '') { |
|
| 223 | - $this->composeAndStoreDisplayName($displayName, $displayName2); |
|
| 224 | - $this->access->cacheUserDisplayName( |
|
| 225 | - $this->getUsername(), |
|
| 226 | - $displayName, |
|
| 227 | - $displayName2 |
|
| 228 | - ); |
|
| 229 | - } |
|
| 230 | - unset($attr); |
|
| 231 | - |
|
| 232 | ||
| 233 | - //email must be stored after displayname, because it would cause a user |
|
| 234 | - //change event that will trigger fetching the display name again |
|
| 235 | - $attr = strtolower($this->connection->ldapEmailAttribute); |
|
| 236 | - if(isset($ldapEntry[$attr])) { |
|
| 237 | - $this->updateEmail($ldapEntry[$attr][0]); |
|
| 238 | - } |
|
| 239 | - unset($attr); |
|
| 240 | - |
|
| 241 | - // LDAP Username, needed for s2s sharing |
|
| 242 | - if(isset($ldapEntry['uid'])) { |
|
| 243 | - $this->storeLDAPUserName($ldapEntry['uid'][0]); |
|
| 244 | - } else if(isset($ldapEntry['samaccountname'])) { |
|
| 245 | - $this->storeLDAPUserName($ldapEntry['samaccountname'][0]); |
|
| 246 | - } |
|
| 247 | - |
|
| 248 | - //homePath |
|
| 249 | - if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) { |
|
| 250 | - $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:'))); |
|
| 251 | - if(isset($ldapEntry[$attr])) { |
|
| 252 | - $this->access->cacheUserHome( |
|
| 253 | - $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0])); |
|
| 254 | - } |
|
| 255 | - } |
|
| 256 | - |
|
| 257 | - //memberOf groups |
|
| 258 | - $cacheKey = 'getMemberOf'.$this->getUsername(); |
|
| 259 | - $groups = false; |
|
| 260 | - if(isset($ldapEntry['memberof'])) { |
|
| 261 | - $groups = $ldapEntry['memberof']; |
|
| 262 | - } |
|
| 263 | - $this->connection->writeToCache($cacheKey, $groups); |
|
| 264 | - |
|
| 265 | - //external storage var |
|
| 266 | - $attr = strtolower($this->connection->ldapExtStorageHomeAttribute); |
|
| 267 | - if(isset($ldapEntry[$attr])) { |
|
| 268 | - $this->updateExtStorageHome($ldapEntry[$attr][0]); |
|
| 269 | - } |
|
| 270 | - unset($attr); |
|
| 271 | - |
|
| 272 | - //Avatar |
|
| 273 | - /** @var Connection $connection */ |
|
| 274 | - $connection = $this->access->getConnection(); |
|
| 275 | - $attributes = $connection->resolveRule('avatar'); |
|
| 276 | - foreach ($attributes as $attribute) { |
|
| 277 | - if(isset($ldapEntry[$attribute])) { |
|
| 278 | - $this->avatarImage = $ldapEntry[$attribute][0]; |
|
| 279 | - // the call to the method that saves the avatar in the file |
|
| 280 | - // system must be postponed after the login. It is to ensure |
|
| 281 | - // external mounts are mounted properly (e.g. with login |
|
| 282 | - // credentials from the session). |
|
| 283 | - \OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin'); |
|
| 284 | - break; |
|
| 285 | - } |
|
| 286 | - } |
|
| 287 | - } |
|
| 288 | - |
|
| 289 | - /** |
|
| 290 | - * @brief returns the LDAP DN of the user |
|
| 291 | - * @return string |
|
| 292 | - */ |
|
| 293 | - public function getDN() { |
|
| 294 | - return $this->dn; |
|
| 295 | - } |
|
| 296 | - |
|
| 297 | - /** |
|
| 298 | - * @brief returns the Nextcloud internal username of the user |
|
| 299 | - * @return string |
|
| 300 | - */ |
|
| 301 | - public function getUsername() { |
|
| 302 | - return $this->uid; |
|
| 303 | - } |
|
| 304 | - |
|
| 305 | - /** |
|
| 306 | - * returns the home directory of the user if specified by LDAP settings |
|
| 307 | - * @param string $valueFromLDAP |
|
| 308 | - * @return bool|string |
|
| 309 | - * @throws \Exception |
|
| 310 | - */ |
|
| 311 | - public function getHomePath($valueFromLDAP = null) { |
|
| 312 | - $path = (string)$valueFromLDAP; |
|
| 313 | - $attr = null; |
|
| 314 | - |
|
| 315 | - if (is_null($valueFromLDAP) |
|
| 316 | - && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0 |
|
| 317 | - && $this->access->connection->homeFolderNamingRule !== 'attr:') |
|
| 318 | - { |
|
| 319 | - $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:')); |
|
| 320 | - $homedir = $this->access->readAttribute( |
|
| 321 | - $this->access->username2dn($this->getUsername()), $attr); |
|
| 322 | - if ($homedir && isset($homedir[0])) { |
|
| 323 | - $path = $homedir[0]; |
|
| 324 | - } |
|
| 325 | - } |
|
| 326 | - |
|
| 327 | - if ($path !== '') { |
|
| 328 | - //if attribute's value is an absolute path take this, otherwise append it to data dir |
|
| 329 | - //check for / at the beginning or pattern c:\ resp. c:/ |
|
| 330 | - if('/' !== $path[0] |
|
| 331 | - && !(3 < strlen($path) && ctype_alpha($path[0]) |
|
| 332 | - && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2])) |
|
| 333 | - ) { |
|
| 334 | - $path = $this->config->getSystemValue('datadirectory', |
|
| 335 | - \OC::$SERVERROOT.'/data') . '/' . $path; |
|
| 336 | - } |
|
| 337 | - //we need it to store it in the DB as well in case a user gets |
|
| 338 | - //deleted so we can clean up afterwards |
|
| 339 | - $this->config->setUserValue( |
|
| 340 | - $this->getUsername(), 'user_ldap', 'homePath', $path |
|
| 341 | - ); |
|
| 342 | - return $path; |
|
| 343 | - } |
|
| 344 | - |
|
| 345 | - if(!is_null($attr) |
|
| 346 | - && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true) |
|
| 347 | - ) { |
|
| 348 | - // a naming rule attribute is defined, but it doesn't exist for that LDAP user |
|
| 349 | - throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername()); |
|
| 350 | - } |
|
| 351 | - |
|
| 352 | - //false will apply default behaviour as defined and done by OC_User |
|
| 353 | - $this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', ''); |
|
| 354 | - return false; |
|
| 355 | - } |
|
| 356 | - |
|
| 357 | - public function getMemberOfGroups() { |
|
| 358 | - $cacheKey = 'getMemberOf'.$this->getUsername(); |
|
| 359 | - $memberOfGroups = $this->connection->getFromCache($cacheKey); |
|
| 360 | - if(!is_null($memberOfGroups)) { |
|
| 361 | - return $memberOfGroups; |
|
| 362 | - } |
|
| 363 | - $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf'); |
|
| 364 | - $this->connection->writeToCache($cacheKey, $groupDNs); |
|
| 365 | - return $groupDNs; |
|
| 366 | - } |
|
| 367 | - |
|
| 368 | - /** |
|
| 369 | - * @brief reads the image from LDAP that shall be used as Avatar |
|
| 370 | - * @return string data (provided by LDAP) | false |
|
| 371 | - */ |
|
| 372 | - public function getAvatarImage() { |
|
| 373 | - if(!is_null($this->avatarImage)) { |
|
| 374 | - return $this->avatarImage; |
|
| 375 | - } |
|
| 376 | - |
|
| 377 | - $this->avatarImage = false; |
|
| 378 | - /** @var Connection $connection */ |
|
| 379 | - $connection = $this->access->getConnection(); |
|
| 380 | - $attributes = $connection->resolveRule('avatar'); |
|
| 381 | - foreach($attributes as $attribute) { |
|
| 382 | - $result = $this->access->readAttribute($this->dn, $attribute); |
|
| 383 | - if($result !== false && is_array($result) && isset($result[0])) { |
|
| 384 | - $this->avatarImage = $result[0]; |
|
| 385 | - break; |
|
| 386 | - } |
|
| 387 | - } |
|
| 388 | - |
|
| 389 | - return $this->avatarImage; |
|
| 390 | - } |
|
| 391 | - |
|
| 392 | - /** |
|
| 393 | - * @brief marks the user as having logged in at least once |
|
| 394 | - * @return null |
|
| 395 | - */ |
|
| 396 | - public function markLogin() { |
|
| 397 | - $this->config->setUserValue( |
|
| 398 | - $this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1); |
|
| 399 | - } |
|
| 400 | - |
|
| 401 | - /** |
|
| 402 | - * @brief marks the time when user features like email have been updated |
|
| 403 | - * @return null |
|
| 404 | - */ |
|
| 405 | - public function markRefreshTime() { |
|
| 406 | - $this->config->setUserValue( |
|
| 407 | - $this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time()); |
|
| 408 | - } |
|
| 409 | - |
|
| 410 | - /** |
|
| 411 | - * @brief checks whether user features needs to be updated again by |
|
| 412 | - * comparing the difference of time of the last refresh to now with the |
|
| 413 | - * desired interval |
|
| 414 | - * @return bool |
|
| 415 | - */ |
|
| 416 | - private function needsRefresh() { |
|
| 417 | - $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap', |
|
| 418 | - self::USER_PREFKEY_LASTREFRESH, 0); |
|
| 419 | - |
|
| 420 | - if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) { |
|
| 421 | - return false; |
|
| 422 | - } |
|
| 423 | - return true; |
|
| 424 | - } |
|
| 425 | - |
|
| 426 | - /** |
|
| 427 | - * Stores a key-value pair in relation to this user |
|
| 428 | - * |
|
| 429 | - * @param string $key |
|
| 430 | - * @param string $value |
|
| 431 | - */ |
|
| 432 | - private function store($key, $value) { |
|
| 433 | - $this->config->setUserValue($this->uid, 'user_ldap', $key, $value); |
|
| 434 | - } |
|
| 435 | - |
|
| 436 | - /** |
|
| 437 | - * Composes the display name and stores it in the database. The final |
|
| 438 | - * display name is returned. |
|
| 439 | - * |
|
| 440 | - * @param string $displayName |
|
| 441 | - * @param string $displayName2 |
|
| 442 | - * @return string the effective display name |
|
| 443 | - */ |
|
| 444 | - public function composeAndStoreDisplayName($displayName, $displayName2 = '') { |
|
| 445 | - $displayName2 = (string)$displayName2; |
|
| 446 | - if($displayName2 !== '') { |
|
| 447 | - $displayName .= ' (' . $displayName2 . ')'; |
|
| 448 | - } |
|
| 449 | - $oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null); |
|
| 450 | - if ($oldName !== $displayName) { |
|
| 451 | - $this->store('displayName', $displayName); |
|
| 452 | - $user = $this->userManager->get($this->getUsername()); |
|
| 453 | - if (!empty($oldName) && $user instanceof \OC\User\User) { |
|
| 454 | - // if it was empty, it would be a new record, not a change emitting the trigger could |
|
| 455 | - // potentially cause a UniqueConstraintViolationException, depending on some factors. |
|
| 456 | - $user->triggerChange('displayName', $displayName, $oldName); |
|
| 457 | - } |
|
| 458 | - } |
|
| 459 | - return $displayName; |
|
| 460 | - } |
|
| 461 | - |
|
| 462 | - /** |
|
| 463 | - * Stores the LDAP Username in the Database |
|
| 464 | - * @param string $userName |
|
| 465 | - */ |
|
| 466 | - public function storeLDAPUserName($userName) { |
|
| 467 | - $this->store('uid', $userName); |
|
| 468 | - } |
|
| 469 | - |
|
| 470 | - /** |
|
| 471 | - * @brief checks whether an update method specified by feature was run |
|
| 472 | - * already. If not, it will marked like this, because it is expected that |
|
| 473 | - * the method will be run, when false is returned. |
|
| 474 | - * @param string $feature email | quota | avatar (can be extended) |
|
| 475 | - * @return bool |
|
| 476 | - */ |
|
| 477 | - private function wasRefreshed($feature) { |
|
| 478 | - if(isset($this->refreshedFeatures[$feature])) { |
|
| 479 | - return true; |
|
| 480 | - } |
|
| 481 | - $this->refreshedFeatures[$feature] = 1; |
|
| 482 | - return false; |
|
| 483 | - } |
|
| 484 | - |
|
| 485 | - /** |
|
| 486 | - * fetches the email from LDAP and stores it as Nextcloud user value |
|
| 487 | - * @param string $valueFromLDAP if known, to save an LDAP read request |
|
| 488 | - * @return null |
|
| 489 | - */ |
|
| 490 | - public function updateEmail($valueFromLDAP = null) { |
|
| 491 | - if($this->wasRefreshed('email')) { |
|
| 492 | - return; |
|
| 493 | - } |
|
| 494 | - $email = (string)$valueFromLDAP; |
|
| 495 | - if(is_null($valueFromLDAP)) { |
|
| 496 | - $emailAttribute = $this->connection->ldapEmailAttribute; |
|
| 497 | - if ($emailAttribute !== '') { |
|
| 498 | - $aEmail = $this->access->readAttribute($this->dn, $emailAttribute); |
|
| 499 | - if(is_array($aEmail) && (count($aEmail) > 0)) { |
|
| 500 | - $email = (string)$aEmail[0]; |
|
| 501 | - } |
|
| 502 | - } |
|
| 503 | - } |
|
| 504 | - if ($email !== '') { |
|
| 505 | - $user = $this->userManager->get($this->uid); |
|
| 506 | - if (!is_null($user)) { |
|
| 507 | - $currentEmail = (string)$user->getEMailAddress(); |
|
| 508 | - if ($currentEmail !== $email) { |
|
| 509 | - $user->setEMailAddress($email); |
|
| 510 | - } |
|
| 511 | - } |
|
| 512 | - } |
|
| 513 | - } |
|
| 514 | - |
|
| 515 | - /** |
|
| 516 | - * Overall process goes as follow: |
|
| 517 | - * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function |
|
| 518 | - * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota |
|
| 519 | - * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default') |
|
| 520 | - * 4. check if the target user exists and set the quota for the user. |
|
| 521 | - * |
|
| 522 | - * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP |
|
| 523 | - * parameter can be passed with the value of the attribute. This value will be considered as the |
|
| 524 | - * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to |
|
| 525 | - * fetch all the user's attributes in one call and use the fetched values in this function. |
|
| 526 | - * The expected value for that parameter is a string describing the quota for the user. Valid |
|
| 527 | - * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in |
|
| 528 | - * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info) |
|
| 529 | - * |
|
| 530 | - * fetches the quota from LDAP and stores it as Nextcloud user value |
|
| 531 | - * @param string $valueFromLDAP the quota attribute's value can be passed, |
|
| 532 | - * to save the readAttribute request |
|
| 533 | - * @return null |
|
| 534 | - */ |
|
| 535 | - public function updateQuota($valueFromLDAP = null) { |
|
| 536 | - if($this->wasRefreshed('quota')) { |
|
| 537 | - return; |
|
| 538 | - } |
|
| 539 | - |
|
| 540 | - $quotaAttribute = $this->connection->ldapQuotaAttribute; |
|
| 541 | - $defaultQuota = $this->connection->ldapQuotaDefault; |
|
| 542 | - if($quotaAttribute === '' && $defaultQuota === '') { |
|
| 543 | - return; |
|
| 544 | - } |
|
| 545 | - |
|
| 546 | - $quota = false; |
|
| 547 | - if(is_null($valueFromLDAP) && $quotaAttribute !== '') { |
|
| 548 | - $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute); |
|
| 549 | - if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) { |
|
| 550 | - $quota = $aQuota[0]; |
|
| 551 | - } else if(is_array($aQuota) && isset($aQuota[0])) { |
|
| 552 | - $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG); |
|
| 553 | - } |
|
| 554 | - } else if ($this->verifyQuotaValue($valueFromLDAP)) { |
|
| 555 | - $quota = $valueFromLDAP; |
|
| 556 | - } else { |
|
| 557 | - $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG); |
|
| 558 | - } |
|
| 559 | - |
|
| 560 | - if ($quota === false && $this->verifyQuotaValue($defaultQuota)) { |
|
| 561 | - // quota not found using the LDAP attribute (or not parseable). Try the default quota |
|
| 562 | - $quota = $defaultQuota; |
|
| 563 | - } else if($quota === false) { |
|
| 564 | - $this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG); |
|
| 565 | - return; |
|
| 566 | - } |
|
| 567 | - |
|
| 568 | - $targetUser = $this->userManager->get($this->uid); |
|
| 569 | - if ($targetUser instanceof IUser) { |
|
| 570 | - $targetUser->setQuota($quota); |
|
| 571 | - } else { |
|
| 572 | - $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO); |
|
| 573 | - } |
|
| 574 | - } |
|
| 575 | - |
|
| 576 | - private function verifyQuotaValue($quotaValue) { |
|
| 577 | - return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false; |
|
| 578 | - } |
|
| 579 | - |
|
| 580 | - /** |
|
| 581 | - * called by a post_login hook to save the avatar picture |
|
| 582 | - * |
|
| 583 | - * @param array $params |
|
| 584 | - */ |
|
| 585 | - public function updateAvatarPostLogin($params) { |
|
| 586 | - if(isset($params['uid']) && $params['uid'] === $this->getUsername()) { |
|
| 587 | - $this->updateAvatar(); |
|
| 588 | - } |
|
| 589 | - } |
|
| 590 | - |
|
| 591 | - /** |
|
| 592 | - * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar |
|
| 593 | - * @return bool |
|
| 594 | - */ |
|
| 595 | - public function updateAvatar($force = false) { |
|
| 596 | - if(!$force && $this->wasRefreshed('avatar')) { |
|
| 597 | - return false; |
|
| 598 | - } |
|
| 599 | - $avatarImage = $this->getAvatarImage(); |
|
| 600 | - if($avatarImage === false) { |
|
| 601 | - //not set, nothing left to do; |
|
| 602 | - return false; |
|
| 603 | - } |
|
| 604 | - |
|
| 605 | - if(!$this->image->loadFromBase64(base64_encode($avatarImage))) { |
|
| 606 | - return false; |
|
| 607 | - } |
|
| 608 | - |
|
| 609 | - // use the checksum before modifications |
|
| 610 | - $checksum = md5($this->image->data()); |
|
| 611 | - |
|
| 612 | - if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) { |
|
| 613 | - return true; |
|
| 614 | - } |
|
| 615 | - |
|
| 616 | - $isSet = $this->setOwnCloudAvatar(); |
|
| 617 | - |
|
| 618 | - if($isSet) { |
|
| 619 | - // save checksum only after successful setting |
|
| 620 | - $this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum); |
|
| 621 | - } |
|
| 622 | - |
|
| 623 | - return $isSet; |
|
| 624 | - } |
|
| 625 | - |
|
| 626 | - /** |
|
| 627 | - * @brief sets an image as Nextcloud avatar |
|
| 628 | - * @return bool |
|
| 629 | - */ |
|
| 630 | - private function setOwnCloudAvatar() { |
|
| 631 | - if(!$this->image->valid()) { |
|
| 632 | - $this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR); |
|
| 633 | - return false; |
|
| 634 | - } |
|
| 635 | - |
|
| 636 | - |
|
| 637 | - //make sure it is a square and not bigger than 128x128 |
|
| 638 | - $size = min([$this->image->width(), $this->image->height(), 128]); |
|
| 639 | - if(!$this->image->centerCrop($size)) { |
|
| 640 | - $this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR); |
|
| 641 | - return false; |
|
| 642 | - } |
|
| 643 | - |
|
| 644 | - if(!$this->fs->isLoaded()) { |
|
| 645 | - $this->fs->setup($this->uid); |
|
| 646 | - } |
|
| 647 | - |
|
| 648 | - try { |
|
| 649 | - $avatar = $this->avatarManager->getAvatar($this->uid); |
|
| 650 | - $avatar->set($this->image); |
|
| 651 | - return true; |
|
| 652 | - } catch (\Exception $e) { |
|
| 653 | - \OC::$server->getLogger()->logException($e, [ |
|
| 654 | - 'message' => 'Could not set avatar for ' . $this->dn, |
|
| 655 | - 'level' => ILogger::INFO, |
|
| 656 | - 'app' => 'user_ldap', |
|
| 657 | - ]); |
|
| 658 | - } |
|
| 659 | - return false; |
|
| 660 | - } |
|
| 661 | - |
|
| 662 | - /** |
|
| 663 | - * @throws AttributeNotSet |
|
| 664 | - * @throws \OC\ServerNotAvailableException |
|
| 665 | - * @throws \OCP\PreConditionNotMetException |
|
| 666 | - */ |
|
| 667 | - public function getExtStorageHome():string { |
|
| 668 | - $value = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', ''); |
|
| 669 | - if ($value !== '') { |
|
| 670 | - return $value; |
|
| 671 | - } |
|
| 672 | - |
|
| 673 | - $value = $this->updateExtStorageHome(); |
|
| 674 | - if ($value !== '') { |
|
| 675 | - return $value; |
|
| 676 | - } |
|
| 677 | - |
|
| 678 | - throw new AttributeNotSet(sprintf( |
|
| 679 | - 'external home storage attribute yield no value for %s', $this->getUsername() |
|
| 680 | - )); |
|
| 681 | - } |
|
| 682 | - |
|
| 683 | - /** |
|
| 684 | - * @throws \OCP\PreConditionNotMetException |
|
| 685 | - * @throws \OC\ServerNotAvailableException |
|
| 686 | - */ |
|
| 687 | - public function updateExtStorageHome(string $valueFromLDAP = null):string { |
|
| 688 | - if ($valueFromLDAP === null) { |
|
| 689 | - $extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute); |
|
| 690 | - } else { |
|
| 691 | - $extHomeValues = [$valueFromLDAP]; |
|
| 692 | - } |
|
| 693 | - if ($extHomeValues && isset($extHomeValues[0])) { |
|
| 694 | - $extHome = $extHomeValues[0]; |
|
| 695 | - $this->config->setUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', $extHome); |
|
| 696 | - return $extHome; |
|
| 697 | - } else { |
|
| 698 | - $this->config->deleteUserValue($this->getUsername(), 'user_ldap', 'extStorageHome'); |
|
| 699 | - return ''; |
|
| 700 | - } |
|
| 701 | - } |
|
| 702 | - |
|
| 703 | - /** |
|
| 704 | - * called by a post_login hook to handle password expiry |
|
| 705 | - * |
|
| 706 | - * @param array $params |
|
| 707 | - */ |
|
| 708 | - public function handlePasswordExpiry($params) { |
|
| 709 | - $ppolicyDN = $this->connection->ldapDefaultPPolicyDN; |
|
| 710 | - if (empty($ppolicyDN) || ((int)$this->connection->turnOnPasswordChange !== 1)) { |
|
| 711 | - return;//password expiry handling disabled |
|
| 712 | - } |
|
| 713 | - $uid = $params['uid']; |
|
| 714 | - if (isset($uid) && $uid === $this->getUsername()) { |
|
| 715 | - //retrieve relevant user attributes |
|
| 716 | - $result = $this->access->search('objectclass=*', [$this->dn], ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']); |
|
| 717 | - |
|
| 718 | - if (array_key_exists('pwdpolicysubentry', $result[0])) { |
|
| 719 | - $pwdPolicySubentry = $result[0]['pwdpolicysubentry']; |
|
| 720 | - if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ |
|
| 721 | - $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN |
|
| 722 | - } |
|
| 723 | - } |
|
| 724 | - |
|
| 725 | - $pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : []; |
|
| 726 | - $pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : []; |
|
| 727 | - $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : []; |
|
| 728 | - |
|
| 729 | - //retrieve relevant password policy attributes |
|
| 730 | - $cacheKey = 'ppolicyAttributes' . $ppolicyDN; |
|
| 731 | - $result = $this->connection->getFromCache($cacheKey); |
|
| 732 | - if(is_null($result)) { |
|
| 733 | - $result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']); |
|
| 734 | - $this->connection->writeToCache($cacheKey, $result); |
|
| 735 | - } |
|
| 736 | - |
|
| 737 | - $pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : []; |
|
| 738 | - $pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : []; |
|
| 739 | - $pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : []; |
|
| 740 | - |
|
| 741 | - //handle grace login |
|
| 742 | - if (!empty($pwdGraceUseTime)) { //was this a grace login? |
|
| 743 | - if (!empty($pwdGraceAuthNLimit) |
|
| 744 | - && count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available? |
|
| 745 | - $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
|
| 746 | - header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
| 747 | - 'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid])); |
|
| 748 | - } else { //no more grace login available |
|
| 749 | - header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
| 750 | - 'user_ldap.renewPassword.showLoginFormInvalidPassword', ['user' => $uid])); |
|
| 751 | - } |
|
| 752 | - exit(); |
|
| 753 | - } |
|
| 754 | - //handle pwdReset attribute |
|
| 755 | - if (!empty($pwdReset) && $pwdReset[0] === 'TRUE') { //user must change his password |
|
| 756 | - $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
|
| 757 | - header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
| 758 | - 'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid])); |
|
| 759 | - exit(); |
|
| 760 | - } |
|
| 761 | - //handle password expiry warning |
|
| 762 | - if (!empty($pwdChangedTime)) { |
|
| 763 | - if (!empty($pwdMaxAge) |
|
| 764 | - && !empty($pwdExpireWarning)) { |
|
| 765 | - $pwdMaxAgeInt = (int)$pwdMaxAge[0]; |
|
| 766 | - $pwdExpireWarningInt = (int)$pwdExpireWarning[0]; |
|
| 767 | - if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){ |
|
| 768 | - $pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]); |
|
| 769 | - $pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S')); |
|
| 770 | - $currentDateTime = new \DateTime(); |
|
| 771 | - $secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp(); |
|
| 772 | - if ($secondsToExpiry <= $pwdExpireWarningInt) { |
|
| 773 | - //remove last password expiry warning if any |
|
| 774 | - $notification = $this->notificationManager->createNotification(); |
|
| 775 | - $notification->setApp('user_ldap') |
|
| 776 | - ->setUser($uid) |
|
| 777 | - ->setObject('pwd_exp_warn', $uid) |
|
| 778 | - ; |
|
| 779 | - $this->notificationManager->markProcessed($notification); |
|
| 780 | - //create new password expiry warning |
|
| 781 | - $notification = $this->notificationManager->createNotification(); |
|
| 782 | - $notification->setApp('user_ldap') |
|
| 783 | - ->setUser($uid) |
|
| 784 | - ->setDateTime($currentDateTime) |
|
| 785 | - ->setObject('pwd_exp_warn', $uid) |
|
| 786 | - ->setSubject('pwd_exp_warn_days', [(int) ceil($secondsToExpiry / 60 / 60 / 24)]) |
|
| 787 | - ; |
|
| 788 | - $this->notificationManager->notify($notification); |
|
| 789 | - } |
|
| 790 | - } |
|
| 791 | - } |
|
| 792 | - } |
|
| 793 | - } |
|
| 794 | - } |
|
| 54 | + /** |
|
| 55 | + * @var Access |
|
| 56 | + */ |
|
| 57 | + protected $access; |
|
| 58 | + /** |
|
| 59 | + * @var Connection |
|
| 60 | + */ |
|
| 61 | + protected $connection; |
|
| 62 | + /** |
|
| 63 | + * @var IConfig |
|
| 64 | + */ |
|
| 65 | + protected $config; |
|
| 66 | + /** |
|
| 67 | + * @var FilesystemHelper |
|
| 68 | + */ |
|
| 69 | + protected $fs; |
|
| 70 | + /** |
|
| 71 | + * @var Image |
|
| 72 | + */ |
|
| 73 | + protected $image; |
|
| 74 | + /** |
|
| 75 | + * @var LogWrapper |
|
| 76 | + */ |
|
| 77 | + protected $log; |
|
| 78 | + /** |
|
| 79 | + * @var IAvatarManager |
|
| 80 | + */ |
|
| 81 | + protected $avatarManager; |
|
| 82 | + /** |
|
| 83 | + * @var IUserManager |
|
| 84 | + */ |
|
| 85 | + protected $userManager; |
|
| 86 | + /** |
|
| 87 | + * @var INotificationManager |
|
| 88 | + */ |
|
| 89 | + protected $notificationManager; |
|
| 90 | + /** |
|
| 91 | + * @var string |
|
| 92 | + */ |
|
| 93 | + protected $dn; |
|
| 94 | + /** |
|
| 95 | + * @var string |
|
| 96 | + */ |
|
| 97 | + protected $uid; |
|
| 98 | + /** |
|
| 99 | + * @var string[] |
|
| 100 | + */ |
|
| 101 | + protected $refreshedFeatures = []; |
|
| 102 | + /** |
|
| 103 | + * @var string |
|
| 104 | + */ |
|
| 105 | + protected $avatarImage; |
|
| 106 | + |
|
| 107 | + /** |
|
| 108 | + * DB config keys for user preferences |
|
| 109 | + */ |
|
| 110 | + const USER_PREFKEY_FIRSTLOGIN = 'firstLoginAccomplished'; |
|
| 111 | + const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh'; |
|
| 112 | + |
|
| 113 | + /** |
|
| 114 | + * @brief constructor, make sure the subclasses call this one! |
|
| 115 | + * @param string $username the internal username |
|
| 116 | + * @param string $dn the LDAP DN |
|
| 117 | + * @param Access $access |
|
| 118 | + * @param IConfig $config |
|
| 119 | + * @param FilesystemHelper $fs |
|
| 120 | + * @param Image $image any empty instance |
|
| 121 | + * @param LogWrapper $log |
|
| 122 | + * @param IAvatarManager $avatarManager |
|
| 123 | + * @param IUserManager $userManager |
|
| 124 | + * @param INotificationManager $notificationManager |
|
| 125 | + */ |
|
| 126 | + public function __construct($username, $dn, Access $access, |
|
| 127 | + IConfig $config, FilesystemHelper $fs, Image $image, |
|
| 128 | + LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager, |
|
| 129 | + INotificationManager $notificationManager) { |
|
| 130 | + |
|
| 131 | + if ($username === null) { |
|
| 132 | + $log->log("uid for '$dn' must not be null!", ILogger::ERROR); |
|
| 133 | + throw new \InvalidArgumentException('uid must not be null!'); |
|
| 134 | + } else if ($username === '') { |
|
| 135 | + $log->log("uid for '$dn' must not be an empty string", ILogger::ERROR); |
|
| 136 | + throw new \InvalidArgumentException('uid must not be an empty string!'); |
|
| 137 | + } |
|
| 138 | + |
|
| 139 | + $this->access = $access; |
|
| 140 | + $this->connection = $access->getConnection(); |
|
| 141 | + $this->config = $config; |
|
| 142 | + $this->fs = $fs; |
|
| 143 | + $this->dn = $dn; |
|
| 144 | + $this->uid = $username; |
|
| 145 | + $this->image = $image; |
|
| 146 | + $this->log = $log; |
|
| 147 | + $this->avatarManager = $avatarManager; |
|
| 148 | + $this->userManager = $userManager; |
|
| 149 | + $this->notificationManager = $notificationManager; |
|
| 150 | + |
|
| 151 | + \OCP\Util::connectHook('OC_User', 'post_login', $this, 'handlePasswordExpiry'); |
|
| 152 | + } |
|
| 153 | + |
|
| 154 | + /** |
|
| 155 | + * @brief updates properties like email, quota or avatar provided by LDAP |
|
| 156 | + * @return null |
|
| 157 | + */ |
|
| 158 | + public function update() { |
|
| 159 | + if(is_null($this->dn)) { |
|
| 160 | + return null; |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap', |
|
| 164 | + self::USER_PREFKEY_FIRSTLOGIN, 0); |
|
| 165 | + |
|
| 166 | + if($this->needsRefresh()) { |
|
| 167 | + $this->updateEmail(); |
|
| 168 | + $this->updateQuota(); |
|
| 169 | + if($hasLoggedIn !== 0) { |
|
| 170 | + //we do not need to try it, when the user has not been logged in |
|
| 171 | + //before, because the file system will not be ready. |
|
| 172 | + $this->updateAvatar(); |
|
| 173 | + //in order to get an avatar as soon as possible, mark the user |
|
| 174 | + //as refreshed only when updating the avatar did happen |
|
| 175 | + $this->markRefreshTime(); |
|
| 176 | + } |
|
| 177 | + } |
|
| 178 | + } |
|
| 179 | + |
|
| 180 | + /** |
|
| 181 | + * marks a user as deleted |
|
| 182 | + * |
|
| 183 | + * @throws \OCP\PreConditionNotMetException |
|
| 184 | + */ |
|
| 185 | + public function markUser() { |
|
| 186 | + $curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0'); |
|
| 187 | + if($curValue === '1') { |
|
| 188 | + // the user is already marked, do not write to DB again |
|
| 189 | + return; |
|
| 190 | + } |
|
| 191 | + $this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1'); |
|
| 192 | + $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time()); |
|
| 193 | + } |
|
| 194 | + |
|
| 195 | + /** |
|
| 196 | + * processes results from LDAP for attributes as returned by getAttributesToRead() |
|
| 197 | + * @param array $ldapEntry the user entry as retrieved from LDAP |
|
| 198 | + */ |
|
| 199 | + public function processAttributes($ldapEntry) { |
|
| 200 | + $this->markRefreshTime(); |
|
| 201 | + //Quota |
|
| 202 | + $attr = strtolower($this->connection->ldapQuotaAttribute); |
|
| 203 | + if(isset($ldapEntry[$attr])) { |
|
| 204 | + $this->updateQuota($ldapEntry[$attr][0]); |
|
| 205 | + } else { |
|
| 206 | + if ($this->connection->ldapQuotaDefault !== '') { |
|
| 207 | + $this->updateQuota(); |
|
| 208 | + } |
|
| 209 | + } |
|
| 210 | + unset($attr); |
|
| 211 | + |
|
| 212 | + //displayName |
|
| 213 | + $displayName = $displayName2 = ''; |
|
| 214 | + $attr = strtolower($this->connection->ldapUserDisplayName); |
|
| 215 | + if(isset($ldapEntry[$attr])) { |
|
| 216 | + $displayName = (string)$ldapEntry[$attr][0]; |
|
| 217 | + } |
|
| 218 | + $attr = strtolower($this->connection->ldapUserDisplayName2); |
|
| 219 | + if(isset($ldapEntry[$attr])) { |
|
| 220 | + $displayName2 = (string)$ldapEntry[$attr][0]; |
|
| 221 | + } |
|
| 222 | + if ($displayName !== '') { |
|
| 223 | + $this->composeAndStoreDisplayName($displayName, $displayName2); |
|
| 224 | + $this->access->cacheUserDisplayName( |
|
| 225 | + $this->getUsername(), |
|
| 226 | + $displayName, |
|
| 227 | + $displayName2 |
|
| 228 | + ); |
|
| 229 | + } |
|
| 230 | + unset($attr); |
|
| 231 | + |
|
| 232 | ||
| 233 | + //email must be stored after displayname, because it would cause a user |
|
| 234 | + //change event that will trigger fetching the display name again |
|
| 235 | + $attr = strtolower($this->connection->ldapEmailAttribute); |
|
| 236 | + if(isset($ldapEntry[$attr])) { |
|
| 237 | + $this->updateEmail($ldapEntry[$attr][0]); |
|
| 238 | + } |
|
| 239 | + unset($attr); |
|
| 240 | + |
|
| 241 | + // LDAP Username, needed for s2s sharing |
|
| 242 | + if(isset($ldapEntry['uid'])) { |
|
| 243 | + $this->storeLDAPUserName($ldapEntry['uid'][0]); |
|
| 244 | + } else if(isset($ldapEntry['samaccountname'])) { |
|
| 245 | + $this->storeLDAPUserName($ldapEntry['samaccountname'][0]); |
|
| 246 | + } |
|
| 247 | + |
|
| 248 | + //homePath |
|
| 249 | + if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) { |
|
| 250 | + $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:'))); |
|
| 251 | + if(isset($ldapEntry[$attr])) { |
|
| 252 | + $this->access->cacheUserHome( |
|
| 253 | + $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0])); |
|
| 254 | + } |
|
| 255 | + } |
|
| 256 | + |
|
| 257 | + //memberOf groups |
|
| 258 | + $cacheKey = 'getMemberOf'.$this->getUsername(); |
|
| 259 | + $groups = false; |
|
| 260 | + if(isset($ldapEntry['memberof'])) { |
|
| 261 | + $groups = $ldapEntry['memberof']; |
|
| 262 | + } |
|
| 263 | + $this->connection->writeToCache($cacheKey, $groups); |
|
| 264 | + |
|
| 265 | + //external storage var |
|
| 266 | + $attr = strtolower($this->connection->ldapExtStorageHomeAttribute); |
|
| 267 | + if(isset($ldapEntry[$attr])) { |
|
| 268 | + $this->updateExtStorageHome($ldapEntry[$attr][0]); |
|
| 269 | + } |
|
| 270 | + unset($attr); |
|
| 271 | + |
|
| 272 | + //Avatar |
|
| 273 | + /** @var Connection $connection */ |
|
| 274 | + $connection = $this->access->getConnection(); |
|
| 275 | + $attributes = $connection->resolveRule('avatar'); |
|
| 276 | + foreach ($attributes as $attribute) { |
|
| 277 | + if(isset($ldapEntry[$attribute])) { |
|
| 278 | + $this->avatarImage = $ldapEntry[$attribute][0]; |
|
| 279 | + // the call to the method that saves the avatar in the file |
|
| 280 | + // system must be postponed after the login. It is to ensure |
|
| 281 | + // external mounts are mounted properly (e.g. with login |
|
| 282 | + // credentials from the session). |
|
| 283 | + \OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin'); |
|
| 284 | + break; |
|
| 285 | + } |
|
| 286 | + } |
|
| 287 | + } |
|
| 288 | + |
|
| 289 | + /** |
|
| 290 | + * @brief returns the LDAP DN of the user |
|
| 291 | + * @return string |
|
| 292 | + */ |
|
| 293 | + public function getDN() { |
|
| 294 | + return $this->dn; |
|
| 295 | + } |
|
| 296 | + |
|
| 297 | + /** |
|
| 298 | + * @brief returns the Nextcloud internal username of the user |
|
| 299 | + * @return string |
|
| 300 | + */ |
|
| 301 | + public function getUsername() { |
|
| 302 | + return $this->uid; |
|
| 303 | + } |
|
| 304 | + |
|
| 305 | + /** |
|
| 306 | + * returns the home directory of the user if specified by LDAP settings |
|
| 307 | + * @param string $valueFromLDAP |
|
| 308 | + * @return bool|string |
|
| 309 | + * @throws \Exception |
|
| 310 | + */ |
|
| 311 | + public function getHomePath($valueFromLDAP = null) { |
|
| 312 | + $path = (string)$valueFromLDAP; |
|
| 313 | + $attr = null; |
|
| 314 | + |
|
| 315 | + if (is_null($valueFromLDAP) |
|
| 316 | + && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0 |
|
| 317 | + && $this->access->connection->homeFolderNamingRule !== 'attr:') |
|
| 318 | + { |
|
| 319 | + $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:')); |
|
| 320 | + $homedir = $this->access->readAttribute( |
|
| 321 | + $this->access->username2dn($this->getUsername()), $attr); |
|
| 322 | + if ($homedir && isset($homedir[0])) { |
|
| 323 | + $path = $homedir[0]; |
|
| 324 | + } |
|
| 325 | + } |
|
| 326 | + |
|
| 327 | + if ($path !== '') { |
|
| 328 | + //if attribute's value is an absolute path take this, otherwise append it to data dir |
|
| 329 | + //check for / at the beginning or pattern c:\ resp. c:/ |
|
| 330 | + if('/' !== $path[0] |
|
| 331 | + && !(3 < strlen($path) && ctype_alpha($path[0]) |
|
| 332 | + && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2])) |
|
| 333 | + ) { |
|
| 334 | + $path = $this->config->getSystemValue('datadirectory', |
|
| 335 | + \OC::$SERVERROOT.'/data') . '/' . $path; |
|
| 336 | + } |
|
| 337 | + //we need it to store it in the DB as well in case a user gets |
|
| 338 | + //deleted so we can clean up afterwards |
|
| 339 | + $this->config->setUserValue( |
|
| 340 | + $this->getUsername(), 'user_ldap', 'homePath', $path |
|
| 341 | + ); |
|
| 342 | + return $path; |
|
| 343 | + } |
|
| 344 | + |
|
| 345 | + if(!is_null($attr) |
|
| 346 | + && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true) |
|
| 347 | + ) { |
|
| 348 | + // a naming rule attribute is defined, but it doesn't exist for that LDAP user |
|
| 349 | + throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername()); |
|
| 350 | + } |
|
| 351 | + |
|
| 352 | + //false will apply default behaviour as defined and done by OC_User |
|
| 353 | + $this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', ''); |
|
| 354 | + return false; |
|
| 355 | + } |
|
| 356 | + |
|
| 357 | + public function getMemberOfGroups() { |
|
| 358 | + $cacheKey = 'getMemberOf'.$this->getUsername(); |
|
| 359 | + $memberOfGroups = $this->connection->getFromCache($cacheKey); |
|
| 360 | + if(!is_null($memberOfGroups)) { |
|
| 361 | + return $memberOfGroups; |
|
| 362 | + } |
|
| 363 | + $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf'); |
|
| 364 | + $this->connection->writeToCache($cacheKey, $groupDNs); |
|
| 365 | + return $groupDNs; |
|
| 366 | + } |
|
| 367 | + |
|
| 368 | + /** |
|
| 369 | + * @brief reads the image from LDAP that shall be used as Avatar |
|
| 370 | + * @return string data (provided by LDAP) | false |
|
| 371 | + */ |
|
| 372 | + public function getAvatarImage() { |
|
| 373 | + if(!is_null($this->avatarImage)) { |
|
| 374 | + return $this->avatarImage; |
|
| 375 | + } |
|
| 376 | + |
|
| 377 | + $this->avatarImage = false; |
|
| 378 | + /** @var Connection $connection */ |
|
| 379 | + $connection = $this->access->getConnection(); |
|
| 380 | + $attributes = $connection->resolveRule('avatar'); |
|
| 381 | + foreach($attributes as $attribute) { |
|
| 382 | + $result = $this->access->readAttribute($this->dn, $attribute); |
|
| 383 | + if($result !== false && is_array($result) && isset($result[0])) { |
|
| 384 | + $this->avatarImage = $result[0]; |
|
| 385 | + break; |
|
| 386 | + } |
|
| 387 | + } |
|
| 388 | + |
|
| 389 | + return $this->avatarImage; |
|
| 390 | + } |
|
| 391 | + |
|
| 392 | + /** |
|
| 393 | + * @brief marks the user as having logged in at least once |
|
| 394 | + * @return null |
|
| 395 | + */ |
|
| 396 | + public function markLogin() { |
|
| 397 | + $this->config->setUserValue( |
|
| 398 | + $this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1); |
|
| 399 | + } |
|
| 400 | + |
|
| 401 | + /** |
|
| 402 | + * @brief marks the time when user features like email have been updated |
|
| 403 | + * @return null |
|
| 404 | + */ |
|
| 405 | + public function markRefreshTime() { |
|
| 406 | + $this->config->setUserValue( |
|
| 407 | + $this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time()); |
|
| 408 | + } |
|
| 409 | + |
|
| 410 | + /** |
|
| 411 | + * @brief checks whether user features needs to be updated again by |
|
| 412 | + * comparing the difference of time of the last refresh to now with the |
|
| 413 | + * desired interval |
|
| 414 | + * @return bool |
|
| 415 | + */ |
|
| 416 | + private function needsRefresh() { |
|
| 417 | + $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap', |
|
| 418 | + self::USER_PREFKEY_LASTREFRESH, 0); |
|
| 419 | + |
|
| 420 | + if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) { |
|
| 421 | + return false; |
|
| 422 | + } |
|
| 423 | + return true; |
|
| 424 | + } |
|
| 425 | + |
|
| 426 | + /** |
|
| 427 | + * Stores a key-value pair in relation to this user |
|
| 428 | + * |
|
| 429 | + * @param string $key |
|
| 430 | + * @param string $value |
|
| 431 | + */ |
|
| 432 | + private function store($key, $value) { |
|
| 433 | + $this->config->setUserValue($this->uid, 'user_ldap', $key, $value); |
|
| 434 | + } |
|
| 435 | + |
|
| 436 | + /** |
|
| 437 | + * Composes the display name and stores it in the database. The final |
|
| 438 | + * display name is returned. |
|
| 439 | + * |
|
| 440 | + * @param string $displayName |
|
| 441 | + * @param string $displayName2 |
|
| 442 | + * @return string the effective display name |
|
| 443 | + */ |
|
| 444 | + public function composeAndStoreDisplayName($displayName, $displayName2 = '') { |
|
| 445 | + $displayName2 = (string)$displayName2; |
|
| 446 | + if($displayName2 !== '') { |
|
| 447 | + $displayName .= ' (' . $displayName2 . ')'; |
|
| 448 | + } |
|
| 449 | + $oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null); |
|
| 450 | + if ($oldName !== $displayName) { |
|
| 451 | + $this->store('displayName', $displayName); |
|
| 452 | + $user = $this->userManager->get($this->getUsername()); |
|
| 453 | + if (!empty($oldName) && $user instanceof \OC\User\User) { |
|
| 454 | + // if it was empty, it would be a new record, not a change emitting the trigger could |
|
| 455 | + // potentially cause a UniqueConstraintViolationException, depending on some factors. |
|
| 456 | + $user->triggerChange('displayName', $displayName, $oldName); |
|
| 457 | + } |
|
| 458 | + } |
|
| 459 | + return $displayName; |
|
| 460 | + } |
|
| 461 | + |
|
| 462 | + /** |
|
| 463 | + * Stores the LDAP Username in the Database |
|
| 464 | + * @param string $userName |
|
| 465 | + */ |
|
| 466 | + public function storeLDAPUserName($userName) { |
|
| 467 | + $this->store('uid', $userName); |
|
| 468 | + } |
|
| 469 | + |
|
| 470 | + /** |
|
| 471 | + * @brief checks whether an update method specified by feature was run |
|
| 472 | + * already. If not, it will marked like this, because it is expected that |
|
| 473 | + * the method will be run, when false is returned. |
|
| 474 | + * @param string $feature email | quota | avatar (can be extended) |
|
| 475 | + * @return bool |
|
| 476 | + */ |
|
| 477 | + private function wasRefreshed($feature) { |
|
| 478 | + if(isset($this->refreshedFeatures[$feature])) { |
|
| 479 | + return true; |
|
| 480 | + } |
|
| 481 | + $this->refreshedFeatures[$feature] = 1; |
|
| 482 | + return false; |
|
| 483 | + } |
|
| 484 | + |
|
| 485 | + /** |
|
| 486 | + * fetches the email from LDAP and stores it as Nextcloud user value |
|
| 487 | + * @param string $valueFromLDAP if known, to save an LDAP read request |
|
| 488 | + * @return null |
|
| 489 | + */ |
|
| 490 | + public function updateEmail($valueFromLDAP = null) { |
|
| 491 | + if($this->wasRefreshed('email')) { |
|
| 492 | + return; |
|
| 493 | + } |
|
| 494 | + $email = (string)$valueFromLDAP; |
|
| 495 | + if(is_null($valueFromLDAP)) { |
|
| 496 | + $emailAttribute = $this->connection->ldapEmailAttribute; |
|
| 497 | + if ($emailAttribute !== '') { |
|
| 498 | + $aEmail = $this->access->readAttribute($this->dn, $emailAttribute); |
|
| 499 | + if(is_array($aEmail) && (count($aEmail) > 0)) { |
|
| 500 | + $email = (string)$aEmail[0]; |
|
| 501 | + } |
|
| 502 | + } |
|
| 503 | + } |
|
| 504 | + if ($email !== '') { |
|
| 505 | + $user = $this->userManager->get($this->uid); |
|
| 506 | + if (!is_null($user)) { |
|
| 507 | + $currentEmail = (string)$user->getEMailAddress(); |
|
| 508 | + if ($currentEmail !== $email) { |
|
| 509 | + $user->setEMailAddress($email); |
|
| 510 | + } |
|
| 511 | + } |
|
| 512 | + } |
|
| 513 | + } |
|
| 514 | + |
|
| 515 | + /** |
|
| 516 | + * Overall process goes as follow: |
|
| 517 | + * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function |
|
| 518 | + * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota |
|
| 519 | + * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default') |
|
| 520 | + * 4. check if the target user exists and set the quota for the user. |
|
| 521 | + * |
|
| 522 | + * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP |
|
| 523 | + * parameter can be passed with the value of the attribute. This value will be considered as the |
|
| 524 | + * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to |
|
| 525 | + * fetch all the user's attributes in one call and use the fetched values in this function. |
|
| 526 | + * The expected value for that parameter is a string describing the quota for the user. Valid |
|
| 527 | + * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in |
|
| 528 | + * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info) |
|
| 529 | + * |
|
| 530 | + * fetches the quota from LDAP and stores it as Nextcloud user value |
|
| 531 | + * @param string $valueFromLDAP the quota attribute's value can be passed, |
|
| 532 | + * to save the readAttribute request |
|
| 533 | + * @return null |
|
| 534 | + */ |
|
| 535 | + public function updateQuota($valueFromLDAP = null) { |
|
| 536 | + if($this->wasRefreshed('quota')) { |
|
| 537 | + return; |
|
| 538 | + } |
|
| 539 | + |
|
| 540 | + $quotaAttribute = $this->connection->ldapQuotaAttribute; |
|
| 541 | + $defaultQuota = $this->connection->ldapQuotaDefault; |
|
| 542 | + if($quotaAttribute === '' && $defaultQuota === '') { |
|
| 543 | + return; |
|
| 544 | + } |
|
| 545 | + |
|
| 546 | + $quota = false; |
|
| 547 | + if(is_null($valueFromLDAP) && $quotaAttribute !== '') { |
|
| 548 | + $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute); |
|
| 549 | + if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) { |
|
| 550 | + $quota = $aQuota[0]; |
|
| 551 | + } else if(is_array($aQuota) && isset($aQuota[0])) { |
|
| 552 | + $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG); |
|
| 553 | + } |
|
| 554 | + } else if ($this->verifyQuotaValue($valueFromLDAP)) { |
|
| 555 | + $quota = $valueFromLDAP; |
|
| 556 | + } else { |
|
| 557 | + $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG); |
|
| 558 | + } |
|
| 559 | + |
|
| 560 | + if ($quota === false && $this->verifyQuotaValue($defaultQuota)) { |
|
| 561 | + // quota not found using the LDAP attribute (or not parseable). Try the default quota |
|
| 562 | + $quota = $defaultQuota; |
|
| 563 | + } else if($quota === false) { |
|
| 564 | + $this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG); |
|
| 565 | + return; |
|
| 566 | + } |
|
| 567 | + |
|
| 568 | + $targetUser = $this->userManager->get($this->uid); |
|
| 569 | + if ($targetUser instanceof IUser) { |
|
| 570 | + $targetUser->setQuota($quota); |
|
| 571 | + } else { |
|
| 572 | + $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO); |
|
| 573 | + } |
|
| 574 | + } |
|
| 575 | + |
|
| 576 | + private function verifyQuotaValue($quotaValue) { |
|
| 577 | + return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false; |
|
| 578 | + } |
|
| 579 | + |
|
| 580 | + /** |
|
| 581 | + * called by a post_login hook to save the avatar picture |
|
| 582 | + * |
|
| 583 | + * @param array $params |
|
| 584 | + */ |
|
| 585 | + public function updateAvatarPostLogin($params) { |
|
| 586 | + if(isset($params['uid']) && $params['uid'] === $this->getUsername()) { |
|
| 587 | + $this->updateAvatar(); |
|
| 588 | + } |
|
| 589 | + } |
|
| 590 | + |
|
| 591 | + /** |
|
| 592 | + * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar |
|
| 593 | + * @return bool |
|
| 594 | + */ |
|
| 595 | + public function updateAvatar($force = false) { |
|
| 596 | + if(!$force && $this->wasRefreshed('avatar')) { |
|
| 597 | + return false; |
|
| 598 | + } |
|
| 599 | + $avatarImage = $this->getAvatarImage(); |
|
| 600 | + if($avatarImage === false) { |
|
| 601 | + //not set, nothing left to do; |
|
| 602 | + return false; |
|
| 603 | + } |
|
| 604 | + |
|
| 605 | + if(!$this->image->loadFromBase64(base64_encode($avatarImage))) { |
|
| 606 | + return false; |
|
| 607 | + } |
|
| 608 | + |
|
| 609 | + // use the checksum before modifications |
|
| 610 | + $checksum = md5($this->image->data()); |
|
| 611 | + |
|
| 612 | + if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) { |
|
| 613 | + return true; |
|
| 614 | + } |
|
| 615 | + |
|
| 616 | + $isSet = $this->setOwnCloudAvatar(); |
|
| 617 | + |
|
| 618 | + if($isSet) { |
|
| 619 | + // save checksum only after successful setting |
|
| 620 | + $this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum); |
|
| 621 | + } |
|
| 622 | + |
|
| 623 | + return $isSet; |
|
| 624 | + } |
|
| 625 | + |
|
| 626 | + /** |
|
| 627 | + * @brief sets an image as Nextcloud avatar |
|
| 628 | + * @return bool |
|
| 629 | + */ |
|
| 630 | + private function setOwnCloudAvatar() { |
|
| 631 | + if(!$this->image->valid()) { |
|
| 632 | + $this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR); |
|
| 633 | + return false; |
|
| 634 | + } |
|
| 635 | + |
|
| 636 | + |
|
| 637 | + //make sure it is a square and not bigger than 128x128 |
|
| 638 | + $size = min([$this->image->width(), $this->image->height(), 128]); |
|
| 639 | + if(!$this->image->centerCrop($size)) { |
|
| 640 | + $this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR); |
|
| 641 | + return false; |
|
| 642 | + } |
|
| 643 | + |
|
| 644 | + if(!$this->fs->isLoaded()) { |
|
| 645 | + $this->fs->setup($this->uid); |
|
| 646 | + } |
|
| 647 | + |
|
| 648 | + try { |
|
| 649 | + $avatar = $this->avatarManager->getAvatar($this->uid); |
|
| 650 | + $avatar->set($this->image); |
|
| 651 | + return true; |
|
| 652 | + } catch (\Exception $e) { |
|
| 653 | + \OC::$server->getLogger()->logException($e, [ |
|
| 654 | + 'message' => 'Could not set avatar for ' . $this->dn, |
|
| 655 | + 'level' => ILogger::INFO, |
|
| 656 | + 'app' => 'user_ldap', |
|
| 657 | + ]); |
|
| 658 | + } |
|
| 659 | + return false; |
|
| 660 | + } |
|
| 661 | + |
|
| 662 | + /** |
|
| 663 | + * @throws AttributeNotSet |
|
| 664 | + * @throws \OC\ServerNotAvailableException |
|
| 665 | + * @throws \OCP\PreConditionNotMetException |
|
| 666 | + */ |
|
| 667 | + public function getExtStorageHome():string { |
|
| 668 | + $value = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', ''); |
|
| 669 | + if ($value !== '') { |
|
| 670 | + return $value; |
|
| 671 | + } |
|
| 672 | + |
|
| 673 | + $value = $this->updateExtStorageHome(); |
|
| 674 | + if ($value !== '') { |
|
| 675 | + return $value; |
|
| 676 | + } |
|
| 677 | + |
|
| 678 | + throw new AttributeNotSet(sprintf( |
|
| 679 | + 'external home storage attribute yield no value for %s', $this->getUsername() |
|
| 680 | + )); |
|
| 681 | + } |
|
| 682 | + |
|
| 683 | + /** |
|
| 684 | + * @throws \OCP\PreConditionNotMetException |
|
| 685 | + * @throws \OC\ServerNotAvailableException |
|
| 686 | + */ |
|
| 687 | + public function updateExtStorageHome(string $valueFromLDAP = null):string { |
|
| 688 | + if ($valueFromLDAP === null) { |
|
| 689 | + $extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute); |
|
| 690 | + } else { |
|
| 691 | + $extHomeValues = [$valueFromLDAP]; |
|
| 692 | + } |
|
| 693 | + if ($extHomeValues && isset($extHomeValues[0])) { |
|
| 694 | + $extHome = $extHomeValues[0]; |
|
| 695 | + $this->config->setUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', $extHome); |
|
| 696 | + return $extHome; |
|
| 697 | + } else { |
|
| 698 | + $this->config->deleteUserValue($this->getUsername(), 'user_ldap', 'extStorageHome'); |
|
| 699 | + return ''; |
|
| 700 | + } |
|
| 701 | + } |
|
| 702 | + |
|
| 703 | + /** |
|
| 704 | + * called by a post_login hook to handle password expiry |
|
| 705 | + * |
|
| 706 | + * @param array $params |
|
| 707 | + */ |
|
| 708 | + public function handlePasswordExpiry($params) { |
|
| 709 | + $ppolicyDN = $this->connection->ldapDefaultPPolicyDN; |
|
| 710 | + if (empty($ppolicyDN) || ((int)$this->connection->turnOnPasswordChange !== 1)) { |
|
| 711 | + return;//password expiry handling disabled |
|
| 712 | + } |
|
| 713 | + $uid = $params['uid']; |
|
| 714 | + if (isset($uid) && $uid === $this->getUsername()) { |
|
| 715 | + //retrieve relevant user attributes |
|
| 716 | + $result = $this->access->search('objectclass=*', [$this->dn], ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']); |
|
| 717 | + |
|
| 718 | + if (array_key_exists('pwdpolicysubentry', $result[0])) { |
|
| 719 | + $pwdPolicySubentry = $result[0]['pwdpolicysubentry']; |
|
| 720 | + if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ |
|
| 721 | + $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN |
|
| 722 | + } |
|
| 723 | + } |
|
| 724 | + |
|
| 725 | + $pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : []; |
|
| 726 | + $pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : []; |
|
| 727 | + $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : []; |
|
| 728 | + |
|
| 729 | + //retrieve relevant password policy attributes |
|
| 730 | + $cacheKey = 'ppolicyAttributes' . $ppolicyDN; |
|
| 731 | + $result = $this->connection->getFromCache($cacheKey); |
|
| 732 | + if(is_null($result)) { |
|
| 733 | + $result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']); |
|
| 734 | + $this->connection->writeToCache($cacheKey, $result); |
|
| 735 | + } |
|
| 736 | + |
|
| 737 | + $pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : []; |
|
| 738 | + $pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : []; |
|
| 739 | + $pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : []; |
|
| 740 | + |
|
| 741 | + //handle grace login |
|
| 742 | + if (!empty($pwdGraceUseTime)) { //was this a grace login? |
|
| 743 | + if (!empty($pwdGraceAuthNLimit) |
|
| 744 | + && count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available? |
|
| 745 | + $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
|
| 746 | + header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
| 747 | + 'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid])); |
|
| 748 | + } else { //no more grace login available |
|
| 749 | + header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
| 750 | + 'user_ldap.renewPassword.showLoginFormInvalidPassword', ['user' => $uid])); |
|
| 751 | + } |
|
| 752 | + exit(); |
|
| 753 | + } |
|
| 754 | + //handle pwdReset attribute |
|
| 755 | + if (!empty($pwdReset) && $pwdReset[0] === 'TRUE') { //user must change his password |
|
| 756 | + $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
|
| 757 | + header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
| 758 | + 'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid])); |
|
| 759 | + exit(); |
|
| 760 | + } |
|
| 761 | + //handle password expiry warning |
|
| 762 | + if (!empty($pwdChangedTime)) { |
|
| 763 | + if (!empty($pwdMaxAge) |
|
| 764 | + && !empty($pwdExpireWarning)) { |
|
| 765 | + $pwdMaxAgeInt = (int)$pwdMaxAge[0]; |
|
| 766 | + $pwdExpireWarningInt = (int)$pwdExpireWarning[0]; |
|
| 767 | + if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){ |
|
| 768 | + $pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]); |
|
| 769 | + $pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S')); |
|
| 770 | + $currentDateTime = new \DateTime(); |
|
| 771 | + $secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp(); |
|
| 772 | + if ($secondsToExpiry <= $pwdExpireWarningInt) { |
|
| 773 | + //remove last password expiry warning if any |
|
| 774 | + $notification = $this->notificationManager->createNotification(); |
|
| 775 | + $notification->setApp('user_ldap') |
|
| 776 | + ->setUser($uid) |
|
| 777 | + ->setObject('pwd_exp_warn', $uid) |
|
| 778 | + ; |
|
| 779 | + $this->notificationManager->markProcessed($notification); |
|
| 780 | + //create new password expiry warning |
|
| 781 | + $notification = $this->notificationManager->createNotification(); |
|
| 782 | + $notification->setApp('user_ldap') |
|
| 783 | + ->setUser($uid) |
|
| 784 | + ->setDateTime($currentDateTime) |
|
| 785 | + ->setObject('pwd_exp_warn', $uid) |
|
| 786 | + ->setSubject('pwd_exp_warn_days', [(int) ceil($secondsToExpiry / 60 / 60 / 24)]) |
|
| 787 | + ; |
|
| 788 | + $this->notificationManager->notify($notification); |
|
| 789 | + } |
|
| 790 | + } |
|
| 791 | + } |
|
| 792 | + } |
|
| 793 | + } |
|
| 794 | + } |
|
| 795 | 795 | } |
@@ -156,17 +156,17 @@ discard block |
||
| 156 | 156 | * @return null |
| 157 | 157 | */ |
| 158 | 158 | public function update() { |
| 159 | - if(is_null($this->dn)) { |
|
| 159 | + if (is_null($this->dn)) { |
|
| 160 | 160 | return null; |
| 161 | 161 | } |
| 162 | 162 | |
| 163 | 163 | $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap', |
| 164 | 164 | self::USER_PREFKEY_FIRSTLOGIN, 0); |
| 165 | 165 | |
| 166 | - if($this->needsRefresh()) { |
|
| 166 | + if ($this->needsRefresh()) { |
|
| 167 | 167 | $this->updateEmail(); |
| 168 | 168 | $this->updateQuota(); |
| 169 | - if($hasLoggedIn !== 0) { |
|
| 169 | + if ($hasLoggedIn !== 0) { |
|
| 170 | 170 | //we do not need to try it, when the user has not been logged in |
| 171 | 171 | //before, because the file system will not be ready. |
| 172 | 172 | $this->updateAvatar(); |
@@ -184,12 +184,12 @@ discard block |
||
| 184 | 184 | */ |
| 185 | 185 | public function markUser() { |
| 186 | 186 | $curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0'); |
| 187 | - if($curValue === '1') { |
|
| 187 | + if ($curValue === '1') { |
|
| 188 | 188 | // the user is already marked, do not write to DB again |
| 189 | 189 | return; |
| 190 | 190 | } |
| 191 | 191 | $this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1'); |
| 192 | - $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time()); |
|
| 192 | + $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string) time()); |
|
| 193 | 193 | } |
| 194 | 194 | |
| 195 | 195 | /** |
@@ -200,7 +200,7 @@ discard block |
||
| 200 | 200 | $this->markRefreshTime(); |
| 201 | 201 | //Quota |
| 202 | 202 | $attr = strtolower($this->connection->ldapQuotaAttribute); |
| 203 | - if(isset($ldapEntry[$attr])) { |
|
| 203 | + if (isset($ldapEntry[$attr])) { |
|
| 204 | 204 | $this->updateQuota($ldapEntry[$attr][0]); |
| 205 | 205 | } else { |
| 206 | 206 | if ($this->connection->ldapQuotaDefault !== '') { |
@@ -212,12 +212,12 @@ discard block |
||
| 212 | 212 | //displayName |
| 213 | 213 | $displayName = $displayName2 = ''; |
| 214 | 214 | $attr = strtolower($this->connection->ldapUserDisplayName); |
| 215 | - if(isset($ldapEntry[$attr])) { |
|
| 216 | - $displayName = (string)$ldapEntry[$attr][0]; |
|
| 215 | + if (isset($ldapEntry[$attr])) { |
|
| 216 | + $displayName = (string) $ldapEntry[$attr][0]; |
|
| 217 | 217 | } |
| 218 | 218 | $attr = strtolower($this->connection->ldapUserDisplayName2); |
| 219 | - if(isset($ldapEntry[$attr])) { |
|
| 220 | - $displayName2 = (string)$ldapEntry[$attr][0]; |
|
| 219 | + if (isset($ldapEntry[$attr])) { |
|
| 220 | + $displayName2 = (string) $ldapEntry[$attr][0]; |
|
| 221 | 221 | } |
| 222 | 222 | if ($displayName !== '') { |
| 223 | 223 | $this->composeAndStoreDisplayName($displayName, $displayName2); |
@@ -233,22 +233,22 @@ discard block |
||
| 233 | 233 | //email must be stored after displayname, because it would cause a user |
| 234 | 234 | //change event that will trigger fetching the display name again |
| 235 | 235 | $attr = strtolower($this->connection->ldapEmailAttribute); |
| 236 | - if(isset($ldapEntry[$attr])) { |
|
| 236 | + if (isset($ldapEntry[$attr])) { |
|
| 237 | 237 | $this->updateEmail($ldapEntry[$attr][0]); |
| 238 | 238 | } |
| 239 | 239 | unset($attr); |
| 240 | 240 | |
| 241 | 241 | // LDAP Username, needed for s2s sharing |
| 242 | - if(isset($ldapEntry['uid'])) { |
|
| 242 | + if (isset($ldapEntry['uid'])) { |
|
| 243 | 243 | $this->storeLDAPUserName($ldapEntry['uid'][0]); |
| 244 | - } else if(isset($ldapEntry['samaccountname'])) { |
|
| 244 | + } else if (isset($ldapEntry['samaccountname'])) { |
|
| 245 | 245 | $this->storeLDAPUserName($ldapEntry['samaccountname'][0]); |
| 246 | 246 | } |
| 247 | 247 | |
| 248 | 248 | //homePath |
| 249 | - if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) { |
|
| 249 | + if (strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) { |
|
| 250 | 250 | $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:'))); |
| 251 | - if(isset($ldapEntry[$attr])) { |
|
| 251 | + if (isset($ldapEntry[$attr])) { |
|
| 252 | 252 | $this->access->cacheUserHome( |
| 253 | 253 | $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0])); |
| 254 | 254 | } |
@@ -257,14 +257,14 @@ discard block |
||
| 257 | 257 | //memberOf groups |
| 258 | 258 | $cacheKey = 'getMemberOf'.$this->getUsername(); |
| 259 | 259 | $groups = false; |
| 260 | - if(isset($ldapEntry['memberof'])) { |
|
| 260 | + if (isset($ldapEntry['memberof'])) { |
|
| 261 | 261 | $groups = $ldapEntry['memberof']; |
| 262 | 262 | } |
| 263 | 263 | $this->connection->writeToCache($cacheKey, $groups); |
| 264 | 264 | |
| 265 | 265 | //external storage var |
| 266 | 266 | $attr = strtolower($this->connection->ldapExtStorageHomeAttribute); |
| 267 | - if(isset($ldapEntry[$attr])) { |
|
| 267 | + if (isset($ldapEntry[$attr])) { |
|
| 268 | 268 | $this->updateExtStorageHome($ldapEntry[$attr][0]); |
| 269 | 269 | } |
| 270 | 270 | unset($attr); |
@@ -273,8 +273,8 @@ discard block |
||
| 273 | 273 | /** @var Connection $connection */ |
| 274 | 274 | $connection = $this->access->getConnection(); |
| 275 | 275 | $attributes = $connection->resolveRule('avatar'); |
| 276 | - foreach ($attributes as $attribute) { |
|
| 277 | - if(isset($ldapEntry[$attribute])) { |
|
| 276 | + foreach ($attributes as $attribute) { |
|
| 277 | + if (isset($ldapEntry[$attribute])) { |
|
| 278 | 278 | $this->avatarImage = $ldapEntry[$attribute][0]; |
| 279 | 279 | // the call to the method that saves the avatar in the file |
| 280 | 280 | // system must be postponed after the login. It is to ensure |
@@ -309,7 +309,7 @@ discard block |
||
| 309 | 309 | * @throws \Exception |
| 310 | 310 | */ |
| 311 | 311 | public function getHomePath($valueFromLDAP = null) { |
| 312 | - $path = (string)$valueFromLDAP; |
|
| 312 | + $path = (string) $valueFromLDAP; |
|
| 313 | 313 | $attr = null; |
| 314 | 314 | |
| 315 | 315 | if (is_null($valueFromLDAP) |
@@ -327,12 +327,12 @@ discard block |
||
| 327 | 327 | if ($path !== '') { |
| 328 | 328 | //if attribute's value is an absolute path take this, otherwise append it to data dir |
| 329 | 329 | //check for / at the beginning or pattern c:\ resp. c:/ |
| 330 | - if('/' !== $path[0] |
|
| 330 | + if ('/' !== $path[0] |
|
| 331 | 331 | && !(3 < strlen($path) && ctype_alpha($path[0]) |
| 332 | 332 | && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2])) |
| 333 | 333 | ) { |
| 334 | 334 | $path = $this->config->getSystemValue('datadirectory', |
| 335 | - \OC::$SERVERROOT.'/data') . '/' . $path; |
|
| 335 | + \OC::$SERVERROOT.'/data').'/'.$path; |
|
| 336 | 336 | } |
| 337 | 337 | //we need it to store it in the DB as well in case a user gets |
| 338 | 338 | //deleted so we can clean up afterwards |
@@ -342,11 +342,11 @@ discard block |
||
| 342 | 342 | return $path; |
| 343 | 343 | } |
| 344 | 344 | |
| 345 | - if(!is_null($attr) |
|
| 345 | + if (!is_null($attr) |
|
| 346 | 346 | && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true) |
| 347 | 347 | ) { |
| 348 | 348 | // a naming rule attribute is defined, but it doesn't exist for that LDAP user |
| 349 | - throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername()); |
|
| 349 | + throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: '.$this->getUsername()); |
|
| 350 | 350 | } |
| 351 | 351 | |
| 352 | 352 | //false will apply default behaviour as defined and done by OC_User |
@@ -357,7 +357,7 @@ discard block |
||
| 357 | 357 | public function getMemberOfGroups() { |
| 358 | 358 | $cacheKey = 'getMemberOf'.$this->getUsername(); |
| 359 | 359 | $memberOfGroups = $this->connection->getFromCache($cacheKey); |
| 360 | - if(!is_null($memberOfGroups)) { |
|
| 360 | + if (!is_null($memberOfGroups)) { |
|
| 361 | 361 | return $memberOfGroups; |
| 362 | 362 | } |
| 363 | 363 | $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf'); |
@@ -370,7 +370,7 @@ discard block |
||
| 370 | 370 | * @return string data (provided by LDAP) | false |
| 371 | 371 | */ |
| 372 | 372 | public function getAvatarImage() { |
| 373 | - if(!is_null($this->avatarImage)) { |
|
| 373 | + if (!is_null($this->avatarImage)) { |
|
| 374 | 374 | return $this->avatarImage; |
| 375 | 375 | } |
| 376 | 376 | |
@@ -378,9 +378,9 @@ discard block |
||
| 378 | 378 | /** @var Connection $connection */ |
| 379 | 379 | $connection = $this->access->getConnection(); |
| 380 | 380 | $attributes = $connection->resolveRule('avatar'); |
| 381 | - foreach($attributes as $attribute) { |
|
| 381 | + foreach ($attributes as $attribute) { |
|
| 382 | 382 | $result = $this->access->readAttribute($this->dn, $attribute); |
| 383 | - if($result !== false && is_array($result) && isset($result[0])) { |
|
| 383 | + if ($result !== false && is_array($result) && isset($result[0])) { |
|
| 384 | 384 | $this->avatarImage = $result[0]; |
| 385 | 385 | break; |
| 386 | 386 | } |
@@ -417,7 +417,7 @@ discard block |
||
| 417 | 417 | $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap', |
| 418 | 418 | self::USER_PREFKEY_LASTREFRESH, 0); |
| 419 | 419 | |
| 420 | - if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) { |
|
| 420 | + if ((time() - (int) $lastChecked) < (int) $this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) { |
|
| 421 | 421 | return false; |
| 422 | 422 | } |
| 423 | 423 | return true; |
@@ -442,12 +442,12 @@ discard block |
||
| 442 | 442 | * @return string the effective display name |
| 443 | 443 | */ |
| 444 | 444 | public function composeAndStoreDisplayName($displayName, $displayName2 = '') { |
| 445 | - $displayName2 = (string)$displayName2; |
|
| 446 | - if($displayName2 !== '') { |
|
| 447 | - $displayName .= ' (' . $displayName2 . ')'; |
|
| 445 | + $displayName2 = (string) $displayName2; |
|
| 446 | + if ($displayName2 !== '') { |
|
| 447 | + $displayName .= ' ('.$displayName2.')'; |
|
| 448 | 448 | } |
| 449 | 449 | $oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null); |
| 450 | - if ($oldName !== $displayName) { |
|
| 450 | + if ($oldName !== $displayName) { |
|
| 451 | 451 | $this->store('displayName', $displayName); |
| 452 | 452 | $user = $this->userManager->get($this->getUsername()); |
| 453 | 453 | if (!empty($oldName) && $user instanceof \OC\User\User) { |
@@ -475,7 +475,7 @@ discard block |
||
| 475 | 475 | * @return bool |
| 476 | 476 | */ |
| 477 | 477 | private function wasRefreshed($feature) { |
| 478 | - if(isset($this->refreshedFeatures[$feature])) { |
|
| 478 | + if (isset($this->refreshedFeatures[$feature])) { |
|
| 479 | 479 | return true; |
| 480 | 480 | } |
| 481 | 481 | $this->refreshedFeatures[$feature] = 1; |
@@ -488,23 +488,23 @@ discard block |
||
| 488 | 488 | * @return null |
| 489 | 489 | */ |
| 490 | 490 | public function updateEmail($valueFromLDAP = null) { |
| 491 | - if($this->wasRefreshed('email')) { |
|
| 491 | + if ($this->wasRefreshed('email')) { |
|
| 492 | 492 | return; |
| 493 | 493 | } |
| 494 | - $email = (string)$valueFromLDAP; |
|
| 495 | - if(is_null($valueFromLDAP)) { |
|
| 494 | + $email = (string) $valueFromLDAP; |
|
| 495 | + if (is_null($valueFromLDAP)) { |
|
| 496 | 496 | $emailAttribute = $this->connection->ldapEmailAttribute; |
| 497 | 497 | if ($emailAttribute !== '') { |
| 498 | 498 | $aEmail = $this->access->readAttribute($this->dn, $emailAttribute); |
| 499 | - if(is_array($aEmail) && (count($aEmail) > 0)) { |
|
| 500 | - $email = (string)$aEmail[0]; |
|
| 499 | + if (is_array($aEmail) && (count($aEmail) > 0)) { |
|
| 500 | + $email = (string) $aEmail[0]; |
|
| 501 | 501 | } |
| 502 | 502 | } |
| 503 | 503 | } |
| 504 | 504 | if ($email !== '') { |
| 505 | 505 | $user = $this->userManager->get($this->uid); |
| 506 | 506 | if (!is_null($user)) { |
| 507 | - $currentEmail = (string)$user->getEMailAddress(); |
|
| 507 | + $currentEmail = (string) $user->getEMailAddress(); |
|
| 508 | 508 | if ($currentEmail !== $email) { |
| 509 | 509 | $user->setEMailAddress($email); |
| 510 | 510 | } |
@@ -533,35 +533,35 @@ discard block |
||
| 533 | 533 | * @return null |
| 534 | 534 | */ |
| 535 | 535 | public function updateQuota($valueFromLDAP = null) { |
| 536 | - if($this->wasRefreshed('quota')) { |
|
| 536 | + if ($this->wasRefreshed('quota')) { |
|
| 537 | 537 | return; |
| 538 | 538 | } |
| 539 | 539 | |
| 540 | 540 | $quotaAttribute = $this->connection->ldapQuotaAttribute; |
| 541 | 541 | $defaultQuota = $this->connection->ldapQuotaDefault; |
| 542 | - if($quotaAttribute === '' && $defaultQuota === '') { |
|
| 542 | + if ($quotaAttribute === '' && $defaultQuota === '') { |
|
| 543 | 543 | return; |
| 544 | 544 | } |
| 545 | 545 | |
| 546 | 546 | $quota = false; |
| 547 | - if(is_null($valueFromLDAP) && $quotaAttribute !== '') { |
|
| 547 | + if (is_null($valueFromLDAP) && $quotaAttribute !== '') { |
|
| 548 | 548 | $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute); |
| 549 | - if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) { |
|
| 549 | + if ($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) { |
|
| 550 | 550 | $quota = $aQuota[0]; |
| 551 | - } else if(is_array($aQuota) && isset($aQuota[0])) { |
|
| 552 | - $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG); |
|
| 551 | + } else if (is_array($aQuota) && isset($aQuota[0])) { |
|
| 552 | + $this->log->log('no suitable LDAP quota found for user '.$this->uid.': ['.$aQuota[0].']', ILogger::DEBUG); |
|
| 553 | 553 | } |
| 554 | 554 | } else if ($this->verifyQuotaValue($valueFromLDAP)) { |
| 555 | 555 | $quota = $valueFromLDAP; |
| 556 | 556 | } else { |
| 557 | - $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG); |
|
| 557 | + $this->log->log('no suitable LDAP quota found for user '.$this->uid.': ['.$valueFromLDAP.']', ILogger::DEBUG); |
|
| 558 | 558 | } |
| 559 | 559 | |
| 560 | 560 | if ($quota === false && $this->verifyQuotaValue($defaultQuota)) { |
| 561 | 561 | // quota not found using the LDAP attribute (or not parseable). Try the default quota |
| 562 | 562 | $quota = $defaultQuota; |
| 563 | - } else if($quota === false) { |
|
| 564 | - $this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG); |
|
| 563 | + } else if ($quota === false) { |
|
| 564 | + $this->log->log('no suitable default quota found for user '.$this->uid.': ['.$defaultQuota.']', ILogger::DEBUG); |
|
| 565 | 565 | return; |
| 566 | 566 | } |
| 567 | 567 | |
@@ -569,7 +569,7 @@ discard block |
||
| 569 | 569 | if ($targetUser instanceof IUser) { |
| 570 | 570 | $targetUser->setQuota($quota); |
| 571 | 571 | } else { |
| 572 | - $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO); |
|
| 572 | + $this->log->log('trying to set a quota for user '.$this->uid.' but the user is missing', ILogger::INFO); |
|
| 573 | 573 | } |
| 574 | 574 | } |
| 575 | 575 | |
@@ -583,7 +583,7 @@ discard block |
||
| 583 | 583 | * @param array $params |
| 584 | 584 | */ |
| 585 | 585 | public function updateAvatarPostLogin($params) { |
| 586 | - if(isset($params['uid']) && $params['uid'] === $this->getUsername()) { |
|
| 586 | + if (isset($params['uid']) && $params['uid'] === $this->getUsername()) { |
|
| 587 | 587 | $this->updateAvatar(); |
| 588 | 588 | } |
| 589 | 589 | } |
@@ -593,29 +593,29 @@ discard block |
||
| 593 | 593 | * @return bool |
| 594 | 594 | */ |
| 595 | 595 | public function updateAvatar($force = false) { |
| 596 | - if(!$force && $this->wasRefreshed('avatar')) { |
|
| 596 | + if (!$force && $this->wasRefreshed('avatar')) { |
|
| 597 | 597 | return false; |
| 598 | 598 | } |
| 599 | 599 | $avatarImage = $this->getAvatarImage(); |
| 600 | - if($avatarImage === false) { |
|
| 600 | + if ($avatarImage === false) { |
|
| 601 | 601 | //not set, nothing left to do; |
| 602 | 602 | return false; |
| 603 | 603 | } |
| 604 | 604 | |
| 605 | - if(!$this->image->loadFromBase64(base64_encode($avatarImage))) { |
|
| 605 | + if (!$this->image->loadFromBase64(base64_encode($avatarImage))) { |
|
| 606 | 606 | return false; |
| 607 | 607 | } |
| 608 | 608 | |
| 609 | 609 | // use the checksum before modifications |
| 610 | 610 | $checksum = md5($this->image->data()); |
| 611 | 611 | |
| 612 | - if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) { |
|
| 612 | + if ($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) { |
|
| 613 | 613 | return true; |
| 614 | 614 | } |
| 615 | 615 | |
| 616 | 616 | $isSet = $this->setOwnCloudAvatar(); |
| 617 | 617 | |
| 618 | - if($isSet) { |
|
| 618 | + if ($isSet) { |
|
| 619 | 619 | // save checksum only after successful setting |
| 620 | 620 | $this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum); |
| 621 | 621 | } |
@@ -628,7 +628,7 @@ discard block |
||
| 628 | 628 | * @return bool |
| 629 | 629 | */ |
| 630 | 630 | private function setOwnCloudAvatar() { |
| 631 | - if(!$this->image->valid()) { |
|
| 631 | + if (!$this->image->valid()) { |
|
| 632 | 632 | $this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR); |
| 633 | 633 | return false; |
| 634 | 634 | } |
@@ -636,12 +636,12 @@ discard block |
||
| 636 | 636 | |
| 637 | 637 | //make sure it is a square and not bigger than 128x128 |
| 638 | 638 | $size = min([$this->image->width(), $this->image->height(), 128]); |
| 639 | - if(!$this->image->centerCrop($size)) { |
|
| 639 | + if (!$this->image->centerCrop($size)) { |
|
| 640 | 640 | $this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR); |
| 641 | 641 | return false; |
| 642 | 642 | } |
| 643 | 643 | |
| 644 | - if(!$this->fs->isLoaded()) { |
|
| 644 | + if (!$this->fs->isLoaded()) { |
|
| 645 | 645 | $this->fs->setup($this->uid); |
| 646 | 646 | } |
| 647 | 647 | |
@@ -651,7 +651,7 @@ discard block |
||
| 651 | 651 | return true; |
| 652 | 652 | } catch (\Exception $e) { |
| 653 | 653 | \OC::$server->getLogger()->logException($e, [ |
| 654 | - 'message' => 'Could not set avatar for ' . $this->dn, |
|
| 654 | + 'message' => 'Could not set avatar for '.$this->dn, |
|
| 655 | 655 | 'level' => ILogger::INFO, |
| 656 | 656 | 'app' => 'user_ldap', |
| 657 | 657 | ]); |
@@ -707,8 +707,8 @@ discard block |
||
| 707 | 707 | */ |
| 708 | 708 | public function handlePasswordExpiry($params) { |
| 709 | 709 | $ppolicyDN = $this->connection->ldapDefaultPPolicyDN; |
| 710 | - if (empty($ppolicyDN) || ((int)$this->connection->turnOnPasswordChange !== 1)) { |
|
| 711 | - return;//password expiry handling disabled |
|
| 710 | + if (empty($ppolicyDN) || ((int) $this->connection->turnOnPasswordChange !== 1)) { |
|
| 711 | + return; //password expiry handling disabled |
|
| 712 | 712 | } |
| 713 | 713 | $uid = $params['uid']; |
| 714 | 714 | if (isset($uid) && $uid === $this->getUsername()) { |
@@ -717,8 +717,8 @@ discard block |
||
| 717 | 717 | |
| 718 | 718 | if (array_key_exists('pwdpolicysubentry', $result[0])) { |
| 719 | 719 | $pwdPolicySubentry = $result[0]['pwdpolicysubentry']; |
| 720 | - if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ |
|
| 721 | - $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN |
|
| 720 | + if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)) { |
|
| 721 | + $ppolicyDN = $pwdPolicySubentry[0]; //custom ppolicy DN |
|
| 722 | 722 | } |
| 723 | 723 | } |
| 724 | 724 | |
@@ -727,9 +727,9 @@ discard block |
||
| 727 | 727 | $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : []; |
| 728 | 728 | |
| 729 | 729 | //retrieve relevant password policy attributes |
| 730 | - $cacheKey = 'ppolicyAttributes' . $ppolicyDN; |
|
| 730 | + $cacheKey = 'ppolicyAttributes'.$ppolicyDN; |
|
| 731 | 731 | $result = $this->connection->getFromCache($cacheKey); |
| 732 | - if(is_null($result)) { |
|
| 732 | + if (is_null($result)) { |
|
| 733 | 733 | $result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']); |
| 734 | 734 | $this->connection->writeToCache($cacheKey, $result); |
| 735 | 735 | } |
@@ -741,7 +741,7 @@ discard block |
||
| 741 | 741 | //handle grace login |
| 742 | 742 | if (!empty($pwdGraceUseTime)) { //was this a grace login? |
| 743 | 743 | if (!empty($pwdGraceAuthNLimit) |
| 744 | - && count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available? |
|
| 744 | + && count($pwdGraceUseTime) < (int) $pwdGraceAuthNLimit[0]) { //at least one more grace login available? |
|
| 745 | 745 | $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
| 746 | 746 | header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
| 747 | 747 | 'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid])); |
@@ -762,9 +762,9 @@ discard block |
||
| 762 | 762 | if (!empty($pwdChangedTime)) { |
| 763 | 763 | if (!empty($pwdMaxAge) |
| 764 | 764 | && !empty($pwdExpireWarning)) { |
| 765 | - $pwdMaxAgeInt = (int)$pwdMaxAge[0]; |
|
| 766 | - $pwdExpireWarningInt = (int)$pwdExpireWarning[0]; |
|
| 767 | - if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){ |
|
| 765 | + $pwdMaxAgeInt = (int) $pwdMaxAge[0]; |
|
| 766 | + $pwdExpireWarningInt = (int) $pwdExpireWarning[0]; |
|
| 767 | + if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0) { |
|
| 768 | 768 | $pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]); |
| 769 | 769 | $pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S')); |
| 770 | 770 | $currentDateTime = new \DateTime(); |
@@ -38,126 +38,126 @@ discard block |
||
| 38 | 38 | |
| 39 | 39 | class Helper { |
| 40 | 40 | |
| 41 | - /** @var IConfig */ |
|
| 42 | - private $config; |
|
| 43 | - |
|
| 44 | - /** |
|
| 45 | - * Helper constructor. |
|
| 46 | - * |
|
| 47 | - * @param IConfig $config |
|
| 48 | - */ |
|
| 49 | - public function __construct(IConfig $config) { |
|
| 50 | - $this->config = $config; |
|
| 51 | - } |
|
| 52 | - |
|
| 53 | - /** |
|
| 54 | - * returns prefixes for each saved LDAP/AD server configuration. |
|
| 55 | - * @param bool $activeConfigurations optional, whether only active configuration shall be |
|
| 56 | - * retrieved, defaults to false |
|
| 57 | - * @return array with a list of the available prefixes |
|
| 58 | - * |
|
| 59 | - * Configuration prefixes are used to set up configurations for n LDAP or |
|
| 60 | - * AD servers. Since configuration is stored in the database, table |
|
| 61 | - * appconfig under appid user_ldap, the common identifiers in column |
|
| 62 | - * 'configkey' have a prefix. The prefix for the very first server |
|
| 63 | - * configuration is empty. |
|
| 64 | - * Configkey Examples: |
|
| 65 | - * Server 1: ldap_login_filter |
|
| 66 | - * Server 2: s1_ldap_login_filter |
|
| 67 | - * Server 3: s2_ldap_login_filter |
|
| 68 | - * |
|
| 69 | - * The prefix needs to be passed to the constructor of Connection class, |
|
| 70 | - * except the default (first) server shall be connected to. |
|
| 71 | - * |
|
| 72 | - */ |
|
| 73 | - public function getServerConfigurationPrefixes($activeConfigurations = false) { |
|
| 74 | - $referenceConfigkey = 'ldap_configuration_active'; |
|
| 75 | - |
|
| 76 | - $keys = $this->getServersConfig($referenceConfigkey); |
|
| 77 | - |
|
| 78 | - $prefixes = []; |
|
| 79 | - foreach ($keys as $key) { |
|
| 80 | - if ($activeConfigurations && $this->config->getAppValue('user_ldap', $key, '0') !== '1') { |
|
| 81 | - continue; |
|
| 82 | - } |
|
| 83 | - |
|
| 84 | - $len = strlen($key) - strlen($referenceConfigkey); |
|
| 85 | - $prefixes[] = substr($key, 0, $len); |
|
| 86 | - } |
|
| 87 | - asort($prefixes); |
|
| 88 | - |
|
| 89 | - return $prefixes; |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * |
|
| 94 | - * determines the host for every configured connection |
|
| 95 | - * @return array an array with configprefix as keys |
|
| 96 | - * |
|
| 97 | - */ |
|
| 98 | - public function getServerConfigurationHosts() { |
|
| 99 | - $referenceConfigkey = 'ldap_host'; |
|
| 100 | - |
|
| 101 | - $keys = $this->getServersConfig($referenceConfigkey); |
|
| 102 | - |
|
| 103 | - $result = []; |
|
| 104 | - foreach($keys as $key) { |
|
| 105 | - $len = strlen($key) - strlen($referenceConfigkey); |
|
| 106 | - $prefix = substr($key, 0, $len); |
|
| 107 | - $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
|
| 108 | - } |
|
| 109 | - |
|
| 110 | - return $result; |
|
| 111 | - } |
|
| 112 | - |
|
| 113 | - /** |
|
| 114 | - * return the next available configuration prefix |
|
| 115 | - * |
|
| 116 | - * @return string |
|
| 117 | - */ |
|
| 118 | - public function getNextServerConfigurationPrefix() { |
|
| 119 | - $serverConnections = $this->getServerConfigurationPrefixes(); |
|
| 120 | - |
|
| 121 | - if(count($serverConnections) === 0) { |
|
| 122 | - return 's01'; |
|
| 123 | - } |
|
| 124 | - |
|
| 125 | - sort($serverConnections); |
|
| 126 | - $lastKey = array_pop($serverConnections); |
|
| 127 | - $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 128 | - return 's' . str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 129 | - } |
|
| 130 | - |
|
| 131 | - private function getServersConfig($value) { |
|
| 132 | - $regex = '/' . $value . '$/S'; |
|
| 133 | - |
|
| 134 | - $keys = $this->config->getAppKeys('user_ldap'); |
|
| 135 | - $result = []; |
|
| 136 | - foreach ($keys as $key) { |
|
| 137 | - if (preg_match($regex, $key) === 1) { |
|
| 138 | - $result[] = $key; |
|
| 139 | - } |
|
| 140 | - } |
|
| 141 | - |
|
| 142 | - return $result; |
|
| 143 | - } |
|
| 144 | - |
|
| 145 | - /** |
|
| 146 | - * deletes a given saved LDAP/AD server configuration. |
|
| 147 | - * @param string $prefix the configuration prefix of the config to delete |
|
| 148 | - * @return bool true on success, false otherwise |
|
| 149 | - */ |
|
| 150 | - public function deleteServerConfiguration($prefix) { |
|
| 151 | - if(!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 152 | - return false; |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - $saveOtherConfigurations = ''; |
|
| 156 | - if(empty($prefix)) { |
|
| 157 | - $saveOtherConfigurations = 'AND `configkey` NOT LIKE \'s%\''; |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - $query = \OC_DB::prepare(' |
|
| 41 | + /** @var IConfig */ |
|
| 42 | + private $config; |
|
| 43 | + |
|
| 44 | + /** |
|
| 45 | + * Helper constructor. |
|
| 46 | + * |
|
| 47 | + * @param IConfig $config |
|
| 48 | + */ |
|
| 49 | + public function __construct(IConfig $config) { |
|
| 50 | + $this->config = $config; |
|
| 51 | + } |
|
| 52 | + |
|
| 53 | + /** |
|
| 54 | + * returns prefixes for each saved LDAP/AD server configuration. |
|
| 55 | + * @param bool $activeConfigurations optional, whether only active configuration shall be |
|
| 56 | + * retrieved, defaults to false |
|
| 57 | + * @return array with a list of the available prefixes |
|
| 58 | + * |
|
| 59 | + * Configuration prefixes are used to set up configurations for n LDAP or |
|
| 60 | + * AD servers. Since configuration is stored in the database, table |
|
| 61 | + * appconfig under appid user_ldap, the common identifiers in column |
|
| 62 | + * 'configkey' have a prefix. The prefix for the very first server |
|
| 63 | + * configuration is empty. |
|
| 64 | + * Configkey Examples: |
|
| 65 | + * Server 1: ldap_login_filter |
|
| 66 | + * Server 2: s1_ldap_login_filter |
|
| 67 | + * Server 3: s2_ldap_login_filter |
|
| 68 | + * |
|
| 69 | + * The prefix needs to be passed to the constructor of Connection class, |
|
| 70 | + * except the default (first) server shall be connected to. |
|
| 71 | + * |
|
| 72 | + */ |
|
| 73 | + public function getServerConfigurationPrefixes($activeConfigurations = false) { |
|
| 74 | + $referenceConfigkey = 'ldap_configuration_active'; |
|
| 75 | + |
|
| 76 | + $keys = $this->getServersConfig($referenceConfigkey); |
|
| 77 | + |
|
| 78 | + $prefixes = []; |
|
| 79 | + foreach ($keys as $key) { |
|
| 80 | + if ($activeConfigurations && $this->config->getAppValue('user_ldap', $key, '0') !== '1') { |
|
| 81 | + continue; |
|
| 82 | + } |
|
| 83 | + |
|
| 84 | + $len = strlen($key) - strlen($referenceConfigkey); |
|
| 85 | + $prefixes[] = substr($key, 0, $len); |
|
| 86 | + } |
|
| 87 | + asort($prefixes); |
|
| 88 | + |
|
| 89 | + return $prefixes; |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * |
|
| 94 | + * determines the host for every configured connection |
|
| 95 | + * @return array an array with configprefix as keys |
|
| 96 | + * |
|
| 97 | + */ |
|
| 98 | + public function getServerConfigurationHosts() { |
|
| 99 | + $referenceConfigkey = 'ldap_host'; |
|
| 100 | + |
|
| 101 | + $keys = $this->getServersConfig($referenceConfigkey); |
|
| 102 | + |
|
| 103 | + $result = []; |
|
| 104 | + foreach($keys as $key) { |
|
| 105 | + $len = strlen($key) - strlen($referenceConfigkey); |
|
| 106 | + $prefix = substr($key, 0, $len); |
|
| 107 | + $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
|
| 108 | + } |
|
| 109 | + |
|
| 110 | + return $result; |
|
| 111 | + } |
|
| 112 | + |
|
| 113 | + /** |
|
| 114 | + * return the next available configuration prefix |
|
| 115 | + * |
|
| 116 | + * @return string |
|
| 117 | + */ |
|
| 118 | + public function getNextServerConfigurationPrefix() { |
|
| 119 | + $serverConnections = $this->getServerConfigurationPrefixes(); |
|
| 120 | + |
|
| 121 | + if(count($serverConnections) === 0) { |
|
| 122 | + return 's01'; |
|
| 123 | + } |
|
| 124 | + |
|
| 125 | + sort($serverConnections); |
|
| 126 | + $lastKey = array_pop($serverConnections); |
|
| 127 | + $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 128 | + return 's' . str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 129 | + } |
|
| 130 | + |
|
| 131 | + private function getServersConfig($value) { |
|
| 132 | + $regex = '/' . $value . '$/S'; |
|
| 133 | + |
|
| 134 | + $keys = $this->config->getAppKeys('user_ldap'); |
|
| 135 | + $result = []; |
|
| 136 | + foreach ($keys as $key) { |
|
| 137 | + if (preg_match($regex, $key) === 1) { |
|
| 138 | + $result[] = $key; |
|
| 139 | + } |
|
| 140 | + } |
|
| 141 | + |
|
| 142 | + return $result; |
|
| 143 | + } |
|
| 144 | + |
|
| 145 | + /** |
|
| 146 | + * deletes a given saved LDAP/AD server configuration. |
|
| 147 | + * @param string $prefix the configuration prefix of the config to delete |
|
| 148 | + * @return bool true on success, false otherwise |
|
| 149 | + */ |
|
| 150 | + public function deleteServerConfiguration($prefix) { |
|
| 151 | + if(!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 152 | + return false; |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + $saveOtherConfigurations = ''; |
|
| 156 | + if(empty($prefix)) { |
|
| 157 | + $saveOtherConfigurations = 'AND `configkey` NOT LIKE \'s%\''; |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + $query = \OC_DB::prepare(' |
|
| 161 | 161 | DELETE |
| 162 | 162 | FROM `*PREFIX*appconfig` |
| 163 | 163 | WHERE `configkey` LIKE ? |
@@ -165,149 +165,149 @@ discard block |
||
| 165 | 165 | AND `appid` = \'user_ldap\' |
| 166 | 166 | AND `configkey` NOT IN (\'enabled\', \'installed_version\', \'types\', \'bgjUpdateGroupsLastRun\') |
| 167 | 167 | '); |
| 168 | - $delRows = $query->execute([$prefix.'%']); |
|
| 169 | - |
|
| 170 | - if($delRows === null) { |
|
| 171 | - return false; |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - if($delRows === 0) { |
|
| 175 | - return false; |
|
| 176 | - } |
|
| 177 | - |
|
| 178 | - return true; |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - /** |
|
| 182 | - * checks whether there is one or more disabled LDAP configurations |
|
| 183 | - * @throws \Exception |
|
| 184 | - * @return bool |
|
| 185 | - */ |
|
| 186 | - public function haveDisabledConfigurations() { |
|
| 187 | - $all = $this->getServerConfigurationPrefixes(false); |
|
| 188 | - $active = $this->getServerConfigurationPrefixes(true); |
|
| 189 | - |
|
| 190 | - if(!is_array($all) || !is_array($active)) { |
|
| 191 | - throw new \Exception('Unexpected Return Value'); |
|
| 192 | - } |
|
| 193 | - |
|
| 194 | - return count($all) !== count($active) || count($all) === 0; |
|
| 195 | - } |
|
| 196 | - |
|
| 197 | - /** |
|
| 198 | - * extracts the domain from a given URL |
|
| 199 | - * @param string $url the URL |
|
| 200 | - * @return string|false domain as string on success, false otherwise |
|
| 201 | - */ |
|
| 202 | - public function getDomainFromURL($url) { |
|
| 203 | - $uinfo = parse_url($url); |
|
| 204 | - if(!is_array($uinfo)) { |
|
| 205 | - return false; |
|
| 206 | - } |
|
| 207 | - |
|
| 208 | - $domain = false; |
|
| 209 | - if(isset($uinfo['host'])) { |
|
| 210 | - $domain = $uinfo['host']; |
|
| 211 | - } else if(isset($uinfo['path'])) { |
|
| 212 | - $domain = $uinfo['path']; |
|
| 213 | - } |
|
| 214 | - |
|
| 215 | - return $domain; |
|
| 216 | - } |
|
| 217 | - |
|
| 218 | - /** |
|
| 219 | - * |
|
| 220 | - * Set the LDAPProvider in the config |
|
| 221 | - * |
|
| 222 | - */ |
|
| 223 | - public function setLDAPProvider() { |
|
| 224 | - $current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null); |
|
| 225 | - if(is_null($current)) { |
|
| 226 | - \OC::$server->getConfig()->setSystemValue('ldapProviderFactory', LDAPProviderFactory::class); |
|
| 227 | - } |
|
| 228 | - } |
|
| 229 | - |
|
| 230 | - /** |
|
| 231 | - * sanitizes a DN received from the LDAP server |
|
| 232 | - * @param array $dn the DN in question |
|
| 233 | - * @return array|string the sanitized DN |
|
| 234 | - */ |
|
| 235 | - public function sanitizeDN($dn) { |
|
| 236 | - //treating multiple base DNs |
|
| 237 | - if(is_array($dn)) { |
|
| 238 | - $result = []; |
|
| 239 | - foreach($dn as $singleDN) { |
|
| 240 | - $result[] = $this->sanitizeDN($singleDN); |
|
| 241 | - } |
|
| 242 | - return $result; |
|
| 243 | - } |
|
| 244 | - |
|
| 245 | - //OID sometimes gives back DNs with whitespace after the comma |
|
| 246 | - // a la "uid=foo, cn=bar, dn=..." We need to tackle this! |
|
| 247 | - $dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); |
|
| 248 | - |
|
| 249 | - //make comparisons and everything work |
|
| 250 | - $dn = mb_strtolower($dn, 'UTF-8'); |
|
| 251 | - |
|
| 252 | - //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn |
|
| 253 | - //to use the DN in search filters, \ needs to be escaped to \5c additionally |
|
| 254 | - //to use them in bases, we convert them back to simple backslashes in readAttribute() |
|
| 255 | - $replacements = [ |
|
| 256 | - '\,' => '\5c2C', |
|
| 257 | - '\=' => '\5c3D', |
|
| 258 | - '\+' => '\5c2B', |
|
| 259 | - '\<' => '\5c3C', |
|
| 260 | - '\>' => '\5c3E', |
|
| 261 | - '\;' => '\5c3B', |
|
| 262 | - '\"' => '\5c22', |
|
| 263 | - '\#' => '\5c23', |
|
| 264 | - '(' => '\28', |
|
| 265 | - ')' => '\29', |
|
| 266 | - '*' => '\2A', |
|
| 267 | - ]; |
|
| 268 | - $dn = str_replace(array_keys($replacements), array_values($replacements), $dn); |
|
| 269 | - |
|
| 270 | - return $dn; |
|
| 271 | - } |
|
| 272 | - |
|
| 273 | - /** |
|
| 274 | - * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters |
|
| 275 | - * @param string $dn the DN |
|
| 276 | - * @return string |
|
| 277 | - */ |
|
| 278 | - public function DNasBaseParameter($dn) { |
|
| 279 | - return str_ireplace('\\5c', '\\', $dn); |
|
| 280 | - } |
|
| 281 | - |
|
| 282 | - /** |
|
| 283 | - * listens to a hook thrown by server2server sharing and replaces the given |
|
| 284 | - * login name by a username, if it matches an LDAP user. |
|
| 285 | - * |
|
| 286 | - * @param array $param |
|
| 287 | - * @throws \Exception |
|
| 288 | - */ |
|
| 289 | - public static function loginName2UserName($param) { |
|
| 290 | - if(!isset($param['uid'])) { |
|
| 291 | - throw new \Exception('key uid is expected to be set in $param'); |
|
| 292 | - } |
|
| 293 | - |
|
| 294 | - //ain't it ironic? |
|
| 295 | - $helper = new Helper(\OC::$server->getConfig()); |
|
| 296 | - |
|
| 297 | - $configPrefixes = $helper->getServerConfigurationPrefixes(true); |
|
| 298 | - $ldapWrapper = new LDAP(); |
|
| 299 | - $ocConfig = \OC::$server->getConfig(); |
|
| 300 | - $notificationManager = \OC::$server->getNotificationManager(); |
|
| 301 | - |
|
| 302 | - $userSession = \OC::$server->getUserSession(); |
|
| 303 | - $userPluginManager = \OC::$server->query('LDAPUserPluginManager'); |
|
| 304 | - |
|
| 305 | - $userBackend = new User_Proxy( |
|
| 306 | - $configPrefixes, $ldapWrapper, $ocConfig, $notificationManager, $userSession, $userPluginManager |
|
| 307 | - ); |
|
| 308 | - $uid = $userBackend->loginName2UserName($param['uid']); |
|
| 309 | - if($uid !== false) { |
|
| 310 | - $param['uid'] = $uid; |
|
| 311 | - } |
|
| 312 | - } |
|
| 168 | + $delRows = $query->execute([$prefix.'%']); |
|
| 169 | + |
|
| 170 | + if($delRows === null) { |
|
| 171 | + return false; |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + if($delRows === 0) { |
|
| 175 | + return false; |
|
| 176 | + } |
|
| 177 | + |
|
| 178 | + return true; |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + /** |
|
| 182 | + * checks whether there is one or more disabled LDAP configurations |
|
| 183 | + * @throws \Exception |
|
| 184 | + * @return bool |
|
| 185 | + */ |
|
| 186 | + public function haveDisabledConfigurations() { |
|
| 187 | + $all = $this->getServerConfigurationPrefixes(false); |
|
| 188 | + $active = $this->getServerConfigurationPrefixes(true); |
|
| 189 | + |
|
| 190 | + if(!is_array($all) || !is_array($active)) { |
|
| 191 | + throw new \Exception('Unexpected Return Value'); |
|
| 192 | + } |
|
| 193 | + |
|
| 194 | + return count($all) !== count($active) || count($all) === 0; |
|
| 195 | + } |
|
| 196 | + |
|
| 197 | + /** |
|
| 198 | + * extracts the domain from a given URL |
|
| 199 | + * @param string $url the URL |
|
| 200 | + * @return string|false domain as string on success, false otherwise |
|
| 201 | + */ |
|
| 202 | + public function getDomainFromURL($url) { |
|
| 203 | + $uinfo = parse_url($url); |
|
| 204 | + if(!is_array($uinfo)) { |
|
| 205 | + return false; |
|
| 206 | + } |
|
| 207 | + |
|
| 208 | + $domain = false; |
|
| 209 | + if(isset($uinfo['host'])) { |
|
| 210 | + $domain = $uinfo['host']; |
|
| 211 | + } else if(isset($uinfo['path'])) { |
|
| 212 | + $domain = $uinfo['path']; |
|
| 213 | + } |
|
| 214 | + |
|
| 215 | + return $domain; |
|
| 216 | + } |
|
| 217 | + |
|
| 218 | + /** |
|
| 219 | + * |
|
| 220 | + * Set the LDAPProvider in the config |
|
| 221 | + * |
|
| 222 | + */ |
|
| 223 | + public function setLDAPProvider() { |
|
| 224 | + $current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null); |
|
| 225 | + if(is_null($current)) { |
|
| 226 | + \OC::$server->getConfig()->setSystemValue('ldapProviderFactory', LDAPProviderFactory::class); |
|
| 227 | + } |
|
| 228 | + } |
|
| 229 | + |
|
| 230 | + /** |
|
| 231 | + * sanitizes a DN received from the LDAP server |
|
| 232 | + * @param array $dn the DN in question |
|
| 233 | + * @return array|string the sanitized DN |
|
| 234 | + */ |
|
| 235 | + public function sanitizeDN($dn) { |
|
| 236 | + //treating multiple base DNs |
|
| 237 | + if(is_array($dn)) { |
|
| 238 | + $result = []; |
|
| 239 | + foreach($dn as $singleDN) { |
|
| 240 | + $result[] = $this->sanitizeDN($singleDN); |
|
| 241 | + } |
|
| 242 | + return $result; |
|
| 243 | + } |
|
| 244 | + |
|
| 245 | + //OID sometimes gives back DNs with whitespace after the comma |
|
| 246 | + // a la "uid=foo, cn=bar, dn=..." We need to tackle this! |
|
| 247 | + $dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); |
|
| 248 | + |
|
| 249 | + //make comparisons and everything work |
|
| 250 | + $dn = mb_strtolower($dn, 'UTF-8'); |
|
| 251 | + |
|
| 252 | + //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn |
|
| 253 | + //to use the DN in search filters, \ needs to be escaped to \5c additionally |
|
| 254 | + //to use them in bases, we convert them back to simple backslashes in readAttribute() |
|
| 255 | + $replacements = [ |
|
| 256 | + '\,' => '\5c2C', |
|
| 257 | + '\=' => '\5c3D', |
|
| 258 | + '\+' => '\5c2B', |
|
| 259 | + '\<' => '\5c3C', |
|
| 260 | + '\>' => '\5c3E', |
|
| 261 | + '\;' => '\5c3B', |
|
| 262 | + '\"' => '\5c22', |
|
| 263 | + '\#' => '\5c23', |
|
| 264 | + '(' => '\28', |
|
| 265 | + ')' => '\29', |
|
| 266 | + '*' => '\2A', |
|
| 267 | + ]; |
|
| 268 | + $dn = str_replace(array_keys($replacements), array_values($replacements), $dn); |
|
| 269 | + |
|
| 270 | + return $dn; |
|
| 271 | + } |
|
| 272 | + |
|
| 273 | + /** |
|
| 274 | + * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters |
|
| 275 | + * @param string $dn the DN |
|
| 276 | + * @return string |
|
| 277 | + */ |
|
| 278 | + public function DNasBaseParameter($dn) { |
|
| 279 | + return str_ireplace('\\5c', '\\', $dn); |
|
| 280 | + } |
|
| 281 | + |
|
| 282 | + /** |
|
| 283 | + * listens to a hook thrown by server2server sharing and replaces the given |
|
| 284 | + * login name by a username, if it matches an LDAP user. |
|
| 285 | + * |
|
| 286 | + * @param array $param |
|
| 287 | + * @throws \Exception |
|
| 288 | + */ |
|
| 289 | + public static function loginName2UserName($param) { |
|
| 290 | + if(!isset($param['uid'])) { |
|
| 291 | + throw new \Exception('key uid is expected to be set in $param'); |
|
| 292 | + } |
|
| 293 | + |
|
| 294 | + //ain't it ironic? |
|
| 295 | + $helper = new Helper(\OC::$server->getConfig()); |
|
| 296 | + |
|
| 297 | + $configPrefixes = $helper->getServerConfigurationPrefixes(true); |
|
| 298 | + $ldapWrapper = new LDAP(); |
|
| 299 | + $ocConfig = \OC::$server->getConfig(); |
|
| 300 | + $notificationManager = \OC::$server->getNotificationManager(); |
|
| 301 | + |
|
| 302 | + $userSession = \OC::$server->getUserSession(); |
|
| 303 | + $userPluginManager = \OC::$server->query('LDAPUserPluginManager'); |
|
| 304 | + |
|
| 305 | + $userBackend = new User_Proxy( |
|
| 306 | + $configPrefixes, $ldapWrapper, $ocConfig, $notificationManager, $userSession, $userPluginManager |
|
| 307 | + ); |
|
| 308 | + $uid = $userBackend->loginName2UserName($param['uid']); |
|
| 309 | + if($uid !== false) { |
|
| 310 | + $param['uid'] = $uid; |
|
| 311 | + } |
|
| 312 | + } |
|
| 313 | 313 | } |
@@ -101,7 +101,7 @@ discard block |
||
| 101 | 101 | $keys = $this->getServersConfig($referenceConfigkey); |
| 102 | 102 | |
| 103 | 103 | $result = []; |
| 104 | - foreach($keys as $key) { |
|
| 104 | + foreach ($keys as $key) { |
|
| 105 | 105 | $len = strlen($key) - strlen($referenceConfigkey); |
| 106 | 106 | $prefix = substr($key, 0, $len); |
| 107 | 107 | $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
@@ -118,18 +118,18 @@ discard block |
||
| 118 | 118 | public function getNextServerConfigurationPrefix() { |
| 119 | 119 | $serverConnections = $this->getServerConfigurationPrefixes(); |
| 120 | 120 | |
| 121 | - if(count($serverConnections) === 0) { |
|
| 121 | + if (count($serverConnections) === 0) { |
|
| 122 | 122 | return 's01'; |
| 123 | 123 | } |
| 124 | 124 | |
| 125 | 125 | sort($serverConnections); |
| 126 | 126 | $lastKey = array_pop($serverConnections); |
| 127 | - $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 128 | - return 's' . str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 127 | + $lastNumber = (int) str_replace('s', '', $lastKey); |
|
| 128 | + return 's'.str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 129 | 129 | } |
| 130 | 130 | |
| 131 | 131 | private function getServersConfig($value) { |
| 132 | - $regex = '/' . $value . '$/S'; |
|
| 132 | + $regex = '/'.$value.'$/S'; |
|
| 133 | 133 | |
| 134 | 134 | $keys = $this->config->getAppKeys('user_ldap'); |
| 135 | 135 | $result = []; |
@@ -148,12 +148,12 @@ discard block |
||
| 148 | 148 | * @return bool true on success, false otherwise |
| 149 | 149 | */ |
| 150 | 150 | public function deleteServerConfiguration($prefix) { |
| 151 | - if(!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 151 | + if (!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 152 | 152 | return false; |
| 153 | 153 | } |
| 154 | 154 | |
| 155 | 155 | $saveOtherConfigurations = ''; |
| 156 | - if(empty($prefix)) { |
|
| 156 | + if (empty($prefix)) { |
|
| 157 | 157 | $saveOtherConfigurations = 'AND `configkey` NOT LIKE \'s%\''; |
| 158 | 158 | } |
| 159 | 159 | |
@@ -167,11 +167,11 @@ discard block |
||
| 167 | 167 | '); |
| 168 | 168 | $delRows = $query->execute([$prefix.'%']); |
| 169 | 169 | |
| 170 | - if($delRows === null) { |
|
| 170 | + if ($delRows === null) { |
|
| 171 | 171 | return false; |
| 172 | 172 | } |
| 173 | 173 | |
| 174 | - if($delRows === 0) { |
|
| 174 | + if ($delRows === 0) { |
|
| 175 | 175 | return false; |
| 176 | 176 | } |
| 177 | 177 | |
@@ -187,7 +187,7 @@ discard block |
||
| 187 | 187 | $all = $this->getServerConfigurationPrefixes(false); |
| 188 | 188 | $active = $this->getServerConfigurationPrefixes(true); |
| 189 | 189 | |
| 190 | - if(!is_array($all) || !is_array($active)) { |
|
| 190 | + if (!is_array($all) || !is_array($active)) { |
|
| 191 | 191 | throw new \Exception('Unexpected Return Value'); |
| 192 | 192 | } |
| 193 | 193 | |
@@ -201,14 +201,14 @@ discard block |
||
| 201 | 201 | */ |
| 202 | 202 | public function getDomainFromURL($url) { |
| 203 | 203 | $uinfo = parse_url($url); |
| 204 | - if(!is_array($uinfo)) { |
|
| 204 | + if (!is_array($uinfo)) { |
|
| 205 | 205 | return false; |
| 206 | 206 | } |
| 207 | 207 | |
| 208 | 208 | $domain = false; |
| 209 | - if(isset($uinfo['host'])) { |
|
| 209 | + if (isset($uinfo['host'])) { |
|
| 210 | 210 | $domain = $uinfo['host']; |
| 211 | - } else if(isset($uinfo['path'])) { |
|
| 211 | + } else if (isset($uinfo['path'])) { |
|
| 212 | 212 | $domain = $uinfo['path']; |
| 213 | 213 | } |
| 214 | 214 | |
@@ -222,7 +222,7 @@ discard block |
||
| 222 | 222 | */ |
| 223 | 223 | public function setLDAPProvider() { |
| 224 | 224 | $current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null); |
| 225 | - if(is_null($current)) { |
|
| 225 | + if (is_null($current)) { |
|
| 226 | 226 | \OC::$server->getConfig()->setSystemValue('ldapProviderFactory', LDAPProviderFactory::class); |
| 227 | 227 | } |
| 228 | 228 | } |
@@ -234,9 +234,9 @@ discard block |
||
| 234 | 234 | */ |
| 235 | 235 | public function sanitizeDN($dn) { |
| 236 | 236 | //treating multiple base DNs |
| 237 | - if(is_array($dn)) { |
|
| 237 | + if (is_array($dn)) { |
|
| 238 | 238 | $result = []; |
| 239 | - foreach($dn as $singleDN) { |
|
| 239 | + foreach ($dn as $singleDN) { |
|
| 240 | 240 | $result[] = $this->sanitizeDN($singleDN); |
| 241 | 241 | } |
| 242 | 242 | return $result; |
@@ -287,7 +287,7 @@ discard block |
||
| 287 | 287 | * @throws \Exception |
| 288 | 288 | */ |
| 289 | 289 | public static function loginName2UserName($param) { |
| 290 | - if(!isset($param['uid'])) { |
|
| 290 | + if (!isset($param['uid'])) { |
|
| 291 | 291 | throw new \Exception('key uid is expected to be set in $param'); |
| 292 | 292 | } |
| 293 | 293 | |
@@ -302,11 +302,11 @@ discard block |
||
| 302 | 302 | $userSession = \OC::$server->getUserSession(); |
| 303 | 303 | $userPluginManager = \OC::$server->query('LDAPUserPluginManager'); |
| 304 | 304 | |
| 305 | - $userBackend = new User_Proxy( |
|
| 305 | + $userBackend = new User_Proxy( |
|
| 306 | 306 | $configPrefixes, $ldapWrapper, $ocConfig, $notificationManager, $userSession, $userPluginManager |
| 307 | 307 | ); |
| 308 | 308 | $uid = $userBackend->loginName2UserName($param['uid']); |
| 309 | - if($uid !== false) { |
|
| 309 | + if ($uid !== false) { |
|
| 310 | 310 | $param['uid'] = $uid; |
| 311 | 311 | } |
| 312 | 312 | } |
@@ -31,32 +31,32 @@ |
||
| 31 | 31 | use OCP\LDAP\ILDAPProviderFactory; |
| 32 | 32 | |
| 33 | 33 | class LDAPProviderFactory implements ILDAPProviderFactory { |
| 34 | - /** |
|
| 35 | - * Server container |
|
| 36 | - * |
|
| 37 | - * @var IServerContainer |
|
| 38 | - */ |
|
| 39 | - private $serverContainer; |
|
| 34 | + /** |
|
| 35 | + * Server container |
|
| 36 | + * |
|
| 37 | + * @var IServerContainer |
|
| 38 | + */ |
|
| 39 | + private $serverContainer; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * Constructor for the LDAP provider factory |
|
| 43 | - * |
|
| 44 | - * @param IServerContainer $serverContainer server container |
|
| 45 | - */ |
|
| 46 | - public function __construct(IServerContainer $serverContainer) { |
|
| 47 | - $this->serverContainer = $serverContainer; |
|
| 48 | - } |
|
| 41 | + /** |
|
| 42 | + * Constructor for the LDAP provider factory |
|
| 43 | + * |
|
| 44 | + * @param IServerContainer $serverContainer server container |
|
| 45 | + */ |
|
| 46 | + public function __construct(IServerContainer $serverContainer) { |
|
| 47 | + $this->serverContainer = $serverContainer; |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - /** |
|
| 51 | - * creates and returns an instance of the ILDAPProvider |
|
| 52 | - * |
|
| 53 | - * @return OCP\LDAP\ILDAPProvider |
|
| 54 | - */ |
|
| 55 | - public function getLDAPProvider() { |
|
| 56 | - $dbConnection = $this->serverContainer->getDatabaseConnection(); |
|
| 57 | - $userMapping = new UserMapping($dbConnection); |
|
| 58 | - return new LDAPProvider($this->serverContainer, new Helper($this->serverContainer->getConfig()), |
|
| 59 | - new DeletedUsersIndex($this->serverContainer->getConfig(), |
|
| 60 | - $dbConnection, $userMapping)); |
|
| 61 | - } |
|
| 50 | + /** |
|
| 51 | + * creates and returns an instance of the ILDAPProvider |
|
| 52 | + * |
|
| 53 | + * @return OCP\LDAP\ILDAPProvider |
|
| 54 | + */ |
|
| 55 | + public function getLDAPProvider() { |
|
| 56 | + $dbConnection = $this->serverContainer->getDatabaseConnection(); |
|
| 57 | + $userMapping = new UserMapping($dbConnection); |
|
| 58 | + return new LDAPProvider($this->serverContainer, new Helper($this->serverContainer->getConfig()), |
|
| 59 | + new DeletedUsersIndex($this->serverContainer->getConfig(), |
|
| 60 | + $dbConnection, $userMapping)); |
|
| 61 | + } |
|
| 62 | 62 | } |
@@ -38,274 +38,274 @@ |
||
| 38 | 38 | */ |
| 39 | 39 | class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport { |
| 40 | 40 | |
| 41 | - private $userBackend; |
|
| 42 | - private $groupBackend; |
|
| 43 | - private $logger; |
|
| 44 | - private $helper; |
|
| 45 | - private $deletedUsersIndex; |
|
| 41 | + private $userBackend; |
|
| 42 | + private $groupBackend; |
|
| 43 | + private $logger; |
|
| 44 | + private $helper; |
|
| 45 | + private $deletedUsersIndex; |
|
| 46 | 46 | |
| 47 | - /** |
|
| 48 | - * Create new LDAPProvider |
|
| 49 | - * @param \OCP\IServerContainer $serverContainer |
|
| 50 | - * @param Helper $helper |
|
| 51 | - * @param DeletedUsersIndex $deletedUsersIndex |
|
| 52 | - * @throws \Exception if user_ldap app was not enabled |
|
| 53 | - */ |
|
| 54 | - public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) { |
|
| 55 | - $this->logger = $serverContainer->getLogger(); |
|
| 56 | - $this->helper = $helper; |
|
| 57 | - $this->deletedUsersIndex = $deletedUsersIndex; |
|
| 58 | - $userBackendFound = false; |
|
| 59 | - $groupBackendFound = false; |
|
| 60 | - foreach ($serverContainer->getUserManager()->getBackends() as $backend){ |
|
| 61 | - $this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']); |
|
| 62 | - if ($backend instanceof IUserLDAP) { |
|
| 63 | - $this->userBackend = $backend; |
|
| 64 | - $userBackendFound = true; |
|
| 65 | - break; |
|
| 66 | - } |
|
| 67 | - } |
|
| 68 | - foreach ($serverContainer->getGroupManager()->getBackends() as $backend){ |
|
| 69 | - $this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']); |
|
| 70 | - if ($backend instanceof IGroupLDAP) { |
|
| 71 | - $this->groupBackend = $backend; |
|
| 72 | - $groupBackendFound = true; |
|
| 73 | - break; |
|
| 74 | - } |
|
| 75 | - } |
|
| 47 | + /** |
|
| 48 | + * Create new LDAPProvider |
|
| 49 | + * @param \OCP\IServerContainer $serverContainer |
|
| 50 | + * @param Helper $helper |
|
| 51 | + * @param DeletedUsersIndex $deletedUsersIndex |
|
| 52 | + * @throws \Exception if user_ldap app was not enabled |
|
| 53 | + */ |
|
| 54 | + public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) { |
|
| 55 | + $this->logger = $serverContainer->getLogger(); |
|
| 56 | + $this->helper = $helper; |
|
| 57 | + $this->deletedUsersIndex = $deletedUsersIndex; |
|
| 58 | + $userBackendFound = false; |
|
| 59 | + $groupBackendFound = false; |
|
| 60 | + foreach ($serverContainer->getUserManager()->getBackends() as $backend){ |
|
| 61 | + $this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']); |
|
| 62 | + if ($backend instanceof IUserLDAP) { |
|
| 63 | + $this->userBackend = $backend; |
|
| 64 | + $userBackendFound = true; |
|
| 65 | + break; |
|
| 66 | + } |
|
| 67 | + } |
|
| 68 | + foreach ($serverContainer->getGroupManager()->getBackends() as $backend){ |
|
| 69 | + $this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']); |
|
| 70 | + if ($backend instanceof IGroupLDAP) { |
|
| 71 | + $this->groupBackend = $backend; |
|
| 72 | + $groupBackendFound = true; |
|
| 73 | + break; |
|
| 74 | + } |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - if (!$userBackendFound or !$groupBackendFound) { |
|
| 78 | - throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); |
|
| 79 | - } |
|
| 80 | - } |
|
| 77 | + if (!$userBackendFound or !$groupBackendFound) { |
|
| 78 | + throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); |
|
| 79 | + } |
|
| 80 | + } |
|
| 81 | 81 | |
| 82 | - /** |
|
| 83 | - * Translate an user id to LDAP DN |
|
| 84 | - * @param string $uid user id |
|
| 85 | - * @return string with the LDAP DN |
|
| 86 | - * @throws \Exception if translation was unsuccessful |
|
| 87 | - */ |
|
| 88 | - public function getUserDN($uid) { |
|
| 89 | - if(!$this->userBackend->userExists($uid)){ |
|
| 90 | - throw new \Exception('User id not found in LDAP'); |
|
| 91 | - } |
|
| 92 | - $result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid); |
|
| 93 | - if(!$result){ |
|
| 94 | - throw new \Exception('Translation to LDAP DN unsuccessful'); |
|
| 95 | - } |
|
| 96 | - return $result; |
|
| 97 | - } |
|
| 82 | + /** |
|
| 83 | + * Translate an user id to LDAP DN |
|
| 84 | + * @param string $uid user id |
|
| 85 | + * @return string with the LDAP DN |
|
| 86 | + * @throws \Exception if translation was unsuccessful |
|
| 87 | + */ |
|
| 88 | + public function getUserDN($uid) { |
|
| 89 | + if(!$this->userBackend->userExists($uid)){ |
|
| 90 | + throw new \Exception('User id not found in LDAP'); |
|
| 91 | + } |
|
| 92 | + $result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid); |
|
| 93 | + if(!$result){ |
|
| 94 | + throw new \Exception('Translation to LDAP DN unsuccessful'); |
|
| 95 | + } |
|
| 96 | + return $result; |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | - /** |
|
| 100 | - * Translate a group id to LDAP DN. |
|
| 101 | - * @param string $gid group id |
|
| 102 | - * @return string |
|
| 103 | - * @throws \Exception |
|
| 104 | - */ |
|
| 105 | - public function getGroupDN($gid) { |
|
| 106 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 107 | - throw new \Exception('Group id not found in LDAP'); |
|
| 108 | - } |
|
| 109 | - $result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid); |
|
| 110 | - if(!$result){ |
|
| 111 | - throw new \Exception('Translation to LDAP DN unsuccessful'); |
|
| 112 | - } |
|
| 113 | - return $result; |
|
| 114 | - } |
|
| 99 | + /** |
|
| 100 | + * Translate a group id to LDAP DN. |
|
| 101 | + * @param string $gid group id |
|
| 102 | + * @return string |
|
| 103 | + * @throws \Exception |
|
| 104 | + */ |
|
| 105 | + public function getGroupDN($gid) { |
|
| 106 | + if(!$this->groupBackend->groupExists($gid)){ |
|
| 107 | + throw new \Exception('Group id not found in LDAP'); |
|
| 108 | + } |
|
| 109 | + $result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid); |
|
| 110 | + if(!$result){ |
|
| 111 | + throw new \Exception('Translation to LDAP DN unsuccessful'); |
|
| 112 | + } |
|
| 113 | + return $result; |
|
| 114 | + } |
|
| 115 | 115 | |
| 116 | - /** |
|
| 117 | - * Translate a LDAP DN to an internal user name. If there is no mapping between |
|
| 118 | - * the DN and the user name, a new one will be created. |
|
| 119 | - * @param string $dn LDAP DN |
|
| 120 | - * @return string with the internal user name |
|
| 121 | - * @throws \Exception if translation was unsuccessful |
|
| 122 | - */ |
|
| 123 | - public function getUserName($dn) { |
|
| 124 | - $result = $this->userBackend->dn2UserName($dn); |
|
| 125 | - if(!$result){ |
|
| 126 | - throw new \Exception('Translation to internal user name unsuccessful'); |
|
| 127 | - } |
|
| 128 | - return $result; |
|
| 129 | - } |
|
| 116 | + /** |
|
| 117 | + * Translate a LDAP DN to an internal user name. If there is no mapping between |
|
| 118 | + * the DN and the user name, a new one will be created. |
|
| 119 | + * @param string $dn LDAP DN |
|
| 120 | + * @return string with the internal user name |
|
| 121 | + * @throws \Exception if translation was unsuccessful |
|
| 122 | + */ |
|
| 123 | + public function getUserName($dn) { |
|
| 124 | + $result = $this->userBackend->dn2UserName($dn); |
|
| 125 | + if(!$result){ |
|
| 126 | + throw new \Exception('Translation to internal user name unsuccessful'); |
|
| 127 | + } |
|
| 128 | + return $result; |
|
| 129 | + } |
|
| 130 | 130 | |
| 131 | - /** |
|
| 132 | - * Convert a stored DN so it can be used as base parameter for LDAP queries. |
|
| 133 | - * @param string $dn the DN in question |
|
| 134 | - * @return string |
|
| 135 | - */ |
|
| 136 | - public function DNasBaseParameter($dn) { |
|
| 137 | - return $this->helper->DNasBaseParameter($dn); |
|
| 138 | - } |
|
| 131 | + /** |
|
| 132 | + * Convert a stored DN so it can be used as base parameter for LDAP queries. |
|
| 133 | + * @param string $dn the DN in question |
|
| 134 | + * @return string |
|
| 135 | + */ |
|
| 136 | + public function DNasBaseParameter($dn) { |
|
| 137 | + return $this->helper->DNasBaseParameter($dn); |
|
| 138 | + } |
|
| 139 | 139 | |
| 140 | - /** |
|
| 141 | - * Sanitize a DN received from the LDAP server. |
|
| 142 | - * @param array $dn the DN in question |
|
| 143 | - * @return array the sanitized DN |
|
| 144 | - */ |
|
| 145 | - public function sanitizeDN($dn) { |
|
| 146 | - return $this->helper->sanitizeDN($dn); |
|
| 147 | - } |
|
| 140 | + /** |
|
| 141 | + * Sanitize a DN received from the LDAP server. |
|
| 142 | + * @param array $dn the DN in question |
|
| 143 | + * @return array the sanitized DN |
|
| 144 | + */ |
|
| 145 | + public function sanitizeDN($dn) { |
|
| 146 | + return $this->helper->sanitizeDN($dn); |
|
| 147 | + } |
|
| 148 | 148 | |
| 149 | - /** |
|
| 150 | - * Return a new LDAP connection resource for the specified user. |
|
| 151 | - * The connection must be closed manually. |
|
| 152 | - * @param string $uid user id |
|
| 153 | - * @return resource of the LDAP connection |
|
| 154 | - * @throws \Exception if user id was not found in LDAP |
|
| 155 | - */ |
|
| 156 | - public function getLDAPConnection($uid) { |
|
| 157 | - if(!$this->userBackend->userExists($uid)){ |
|
| 158 | - throw new \Exception('User id not found in LDAP'); |
|
| 159 | - } |
|
| 160 | - return $this->userBackend->getNewLDAPConnection($uid); |
|
| 161 | - } |
|
| 149 | + /** |
|
| 150 | + * Return a new LDAP connection resource for the specified user. |
|
| 151 | + * The connection must be closed manually. |
|
| 152 | + * @param string $uid user id |
|
| 153 | + * @return resource of the LDAP connection |
|
| 154 | + * @throws \Exception if user id was not found in LDAP |
|
| 155 | + */ |
|
| 156 | + public function getLDAPConnection($uid) { |
|
| 157 | + if(!$this->userBackend->userExists($uid)){ |
|
| 158 | + throw new \Exception('User id not found in LDAP'); |
|
| 159 | + } |
|
| 160 | + return $this->userBackend->getNewLDAPConnection($uid); |
|
| 161 | + } |
|
| 162 | 162 | |
| 163 | - /** |
|
| 164 | - * Return a new LDAP connection resource for the specified user. |
|
| 165 | - * The connection must be closed manually. |
|
| 166 | - * @param string $gid group id |
|
| 167 | - * @return resource of the LDAP connection |
|
| 168 | - * @throws \Exception if group id was not found in LDAP |
|
| 169 | - */ |
|
| 170 | - public function getGroupLDAPConnection($gid) { |
|
| 171 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 172 | - throw new \Exception('Group id not found in LDAP'); |
|
| 173 | - } |
|
| 174 | - return $this->groupBackend->getNewLDAPConnection($gid); |
|
| 175 | - } |
|
| 163 | + /** |
|
| 164 | + * Return a new LDAP connection resource for the specified user. |
|
| 165 | + * The connection must be closed manually. |
|
| 166 | + * @param string $gid group id |
|
| 167 | + * @return resource of the LDAP connection |
|
| 168 | + * @throws \Exception if group id was not found in LDAP |
|
| 169 | + */ |
|
| 170 | + public function getGroupLDAPConnection($gid) { |
|
| 171 | + if(!$this->groupBackend->groupExists($gid)){ |
|
| 172 | + throw new \Exception('Group id not found in LDAP'); |
|
| 173 | + } |
|
| 174 | + return $this->groupBackend->getNewLDAPConnection($gid); |
|
| 175 | + } |
|
| 176 | 176 | |
| 177 | - /** |
|
| 178 | - * Get the LDAP base for users. |
|
| 179 | - * @param string $uid user id |
|
| 180 | - * @return string the base for users |
|
| 181 | - * @throws \Exception if user id was not found in LDAP |
|
| 182 | - */ |
|
| 183 | - public function getLDAPBaseUsers($uid) { |
|
| 184 | - if(!$this->userBackend->userExists($uid)){ |
|
| 185 | - throw new \Exception('User id not found in LDAP'); |
|
| 186 | - } |
|
| 187 | - $access = $this->userBackend->getLDAPAccess($uid); |
|
| 188 | - $bases = $access->getConnection()->ldapBaseUsers; |
|
| 189 | - $dn = $this->getUserDN($uid); |
|
| 190 | - foreach ($bases as $base) { |
|
| 191 | - if($access->isDNPartOfBase($dn, [$base])) { |
|
| 192 | - return $base; |
|
| 193 | - } |
|
| 194 | - } |
|
| 195 | - // should not occur, because the user does not qualify to use NC in this case |
|
| 196 | - $this->logger->info( |
|
| 197 | - 'No matching user base found for user {dn}, available: {bases}.', |
|
| 198 | - [ |
|
| 199 | - 'app' => 'user_ldap', |
|
| 200 | - 'dn' => $dn, |
|
| 201 | - 'bases' => $bases, |
|
| 202 | - ] |
|
| 203 | - ); |
|
| 204 | - return array_shift($bases); |
|
| 205 | - } |
|
| 177 | + /** |
|
| 178 | + * Get the LDAP base for users. |
|
| 179 | + * @param string $uid user id |
|
| 180 | + * @return string the base for users |
|
| 181 | + * @throws \Exception if user id was not found in LDAP |
|
| 182 | + */ |
|
| 183 | + public function getLDAPBaseUsers($uid) { |
|
| 184 | + if(!$this->userBackend->userExists($uid)){ |
|
| 185 | + throw new \Exception('User id not found in LDAP'); |
|
| 186 | + } |
|
| 187 | + $access = $this->userBackend->getLDAPAccess($uid); |
|
| 188 | + $bases = $access->getConnection()->ldapBaseUsers; |
|
| 189 | + $dn = $this->getUserDN($uid); |
|
| 190 | + foreach ($bases as $base) { |
|
| 191 | + if($access->isDNPartOfBase($dn, [$base])) { |
|
| 192 | + return $base; |
|
| 193 | + } |
|
| 194 | + } |
|
| 195 | + // should not occur, because the user does not qualify to use NC in this case |
|
| 196 | + $this->logger->info( |
|
| 197 | + 'No matching user base found for user {dn}, available: {bases}.', |
|
| 198 | + [ |
|
| 199 | + 'app' => 'user_ldap', |
|
| 200 | + 'dn' => $dn, |
|
| 201 | + 'bases' => $bases, |
|
| 202 | + ] |
|
| 203 | + ); |
|
| 204 | + return array_shift($bases); |
|
| 205 | + } |
|
| 206 | 206 | |
| 207 | - /** |
|
| 208 | - * Get the LDAP base for groups. |
|
| 209 | - * @param string $uid user id |
|
| 210 | - * @return string the base for groups |
|
| 211 | - * @throws \Exception if user id was not found in LDAP |
|
| 212 | - */ |
|
| 213 | - public function getLDAPBaseGroups($uid) { |
|
| 214 | - if(!$this->userBackend->userExists($uid)){ |
|
| 215 | - throw new \Exception('User id not found in LDAP'); |
|
| 216 | - } |
|
| 217 | - $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups; |
|
| 218 | - return array_shift($bases); |
|
| 219 | - } |
|
| 207 | + /** |
|
| 208 | + * Get the LDAP base for groups. |
|
| 209 | + * @param string $uid user id |
|
| 210 | + * @return string the base for groups |
|
| 211 | + * @throws \Exception if user id was not found in LDAP |
|
| 212 | + */ |
|
| 213 | + public function getLDAPBaseGroups($uid) { |
|
| 214 | + if(!$this->userBackend->userExists($uid)){ |
|
| 215 | + throw new \Exception('User id not found in LDAP'); |
|
| 216 | + } |
|
| 217 | + $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups; |
|
| 218 | + return array_shift($bases); |
|
| 219 | + } |
|
| 220 | 220 | |
| 221 | - /** |
|
| 222 | - * Clear the cache if a cache is used, otherwise do nothing. |
|
| 223 | - * @param string $uid user id |
|
| 224 | - * @throws \Exception if user id was not found in LDAP |
|
| 225 | - */ |
|
| 226 | - public function clearCache($uid) { |
|
| 227 | - if(!$this->userBackend->userExists($uid)){ |
|
| 228 | - throw new \Exception('User id not found in LDAP'); |
|
| 229 | - } |
|
| 230 | - $this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache(); |
|
| 231 | - } |
|
| 221 | + /** |
|
| 222 | + * Clear the cache if a cache is used, otherwise do nothing. |
|
| 223 | + * @param string $uid user id |
|
| 224 | + * @throws \Exception if user id was not found in LDAP |
|
| 225 | + */ |
|
| 226 | + public function clearCache($uid) { |
|
| 227 | + if(!$this->userBackend->userExists($uid)){ |
|
| 228 | + throw new \Exception('User id not found in LDAP'); |
|
| 229 | + } |
|
| 230 | + $this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache(); |
|
| 231 | + } |
|
| 232 | 232 | |
| 233 | - /** |
|
| 234 | - * Clear the cache if a cache is used, otherwise do nothing. |
|
| 235 | - * Acts on the LDAP connection of a group |
|
| 236 | - * @param string $gid group id |
|
| 237 | - * @throws \Exception if user id was not found in LDAP |
|
| 238 | - */ |
|
| 239 | - public function clearGroupCache($gid) { |
|
| 240 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 241 | - throw new \Exception('Group id not found in LDAP'); |
|
| 242 | - } |
|
| 243 | - $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); |
|
| 244 | - } |
|
| 233 | + /** |
|
| 234 | + * Clear the cache if a cache is used, otherwise do nothing. |
|
| 235 | + * Acts on the LDAP connection of a group |
|
| 236 | + * @param string $gid group id |
|
| 237 | + * @throws \Exception if user id was not found in LDAP |
|
| 238 | + */ |
|
| 239 | + public function clearGroupCache($gid) { |
|
| 240 | + if(!$this->groupBackend->groupExists($gid)){ |
|
| 241 | + throw new \Exception('Group id not found in LDAP'); |
|
| 242 | + } |
|
| 243 | + $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); |
|
| 244 | + } |
|
| 245 | 245 | |
| 246 | - /** |
|
| 247 | - * Check whether a LDAP DN exists |
|
| 248 | - * @param string $dn LDAP DN |
|
| 249 | - * @return bool whether the DN exists |
|
| 250 | - */ |
|
| 251 | - public function dnExists($dn) { |
|
| 252 | - $result = $this->userBackend->dn2UserName($dn); |
|
| 253 | - return !$result ? false : true; |
|
| 254 | - } |
|
| 246 | + /** |
|
| 247 | + * Check whether a LDAP DN exists |
|
| 248 | + * @param string $dn LDAP DN |
|
| 249 | + * @return bool whether the DN exists |
|
| 250 | + */ |
|
| 251 | + public function dnExists($dn) { |
|
| 252 | + $result = $this->userBackend->dn2UserName($dn); |
|
| 253 | + return !$result ? false : true; |
|
| 254 | + } |
|
| 255 | 255 | |
| 256 | - /** |
|
| 257 | - * Flag record for deletion. |
|
| 258 | - * @param string $uid user id |
|
| 259 | - */ |
|
| 260 | - public function flagRecord($uid) { |
|
| 261 | - $this->deletedUsersIndex->markUser($uid); |
|
| 262 | - } |
|
| 256 | + /** |
|
| 257 | + * Flag record for deletion. |
|
| 258 | + * @param string $uid user id |
|
| 259 | + */ |
|
| 260 | + public function flagRecord($uid) { |
|
| 261 | + $this->deletedUsersIndex->markUser($uid); |
|
| 262 | + } |
|
| 263 | 263 | |
| 264 | - /** |
|
| 265 | - * Unflag record for deletion. |
|
| 266 | - * @param string $uid user id |
|
| 267 | - */ |
|
| 268 | - public function unflagRecord($uid) { |
|
| 269 | - //do nothing |
|
| 270 | - } |
|
| 264 | + /** |
|
| 265 | + * Unflag record for deletion. |
|
| 266 | + * @param string $uid user id |
|
| 267 | + */ |
|
| 268 | + public function unflagRecord($uid) { |
|
| 269 | + //do nothing |
|
| 270 | + } |
|
| 271 | 271 | |
| 272 | - /** |
|
| 273 | - * Get the LDAP attribute name for the user's display name |
|
| 274 | - * @param string $uid user id |
|
| 275 | - * @return string the display name field |
|
| 276 | - * @throws \Exception if user id was not found in LDAP |
|
| 277 | - */ |
|
| 278 | - public function getLDAPDisplayNameField($uid) { |
|
| 279 | - if(!$this->userBackend->userExists($uid)){ |
|
| 280 | - throw new \Exception('User id not found in LDAP'); |
|
| 281 | - } |
|
| 282 | - return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name']; |
|
| 283 | - } |
|
| 272 | + /** |
|
| 273 | + * Get the LDAP attribute name for the user's display name |
|
| 274 | + * @param string $uid user id |
|
| 275 | + * @return string the display name field |
|
| 276 | + * @throws \Exception if user id was not found in LDAP |
|
| 277 | + */ |
|
| 278 | + public function getLDAPDisplayNameField($uid) { |
|
| 279 | + if(!$this->userBackend->userExists($uid)){ |
|
| 280 | + throw new \Exception('User id not found in LDAP'); |
|
| 281 | + } |
|
| 282 | + return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name']; |
|
| 283 | + } |
|
| 284 | 284 | |
| 285 | - /** |
|
| 286 | - * Get the LDAP attribute name for the email |
|
| 287 | - * @param string $uid user id |
|
| 288 | - * @return string the email field |
|
| 289 | - * @throws \Exception if user id was not found in LDAP |
|
| 290 | - */ |
|
| 291 | - public function getLDAPEmailField($uid) { |
|
| 292 | - if(!$this->userBackend->userExists($uid)){ |
|
| 293 | - throw new \Exception('User id not found in LDAP'); |
|
| 294 | - } |
|
| 295 | - return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr']; |
|
| 296 | - } |
|
| 285 | + /** |
|
| 286 | + * Get the LDAP attribute name for the email |
|
| 287 | + * @param string $uid user id |
|
| 288 | + * @return string the email field |
|
| 289 | + * @throws \Exception if user id was not found in LDAP |
|
| 290 | + */ |
|
| 291 | + public function getLDAPEmailField($uid) { |
|
| 292 | + if(!$this->userBackend->userExists($uid)){ |
|
| 293 | + throw new \Exception('User id not found in LDAP'); |
|
| 294 | + } |
|
| 295 | + return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr']; |
|
| 296 | + } |
|
| 297 | 297 | |
| 298 | - /** |
|
| 299 | - * Get the LDAP type of association between users and groups |
|
| 300 | - * @param string $gid group id |
|
| 301 | - * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', '' |
|
| 302 | - * @throws \Exception if group id was not found in LDAP |
|
| 303 | - */ |
|
| 304 | - public function getLDAPGroupMemberAssoc($gid) { |
|
| 305 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 306 | - throw new \Exception('Group id not found in LDAP'); |
|
| 307 | - } |
|
| 308 | - return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; |
|
| 309 | - } |
|
| 298 | + /** |
|
| 299 | + * Get the LDAP type of association between users and groups |
|
| 300 | + * @param string $gid group id |
|
| 301 | + * @return string the configuration, one of: 'memberUid', 'uniqueMember', 'member', 'gidNumber', '' |
|
| 302 | + * @throws \Exception if group id was not found in LDAP |
|
| 303 | + */ |
|
| 304 | + public function getLDAPGroupMemberAssoc($gid) { |
|
| 305 | + if(!$this->groupBackend->groupExists($gid)){ |
|
| 306 | + throw new \Exception('Group id not found in LDAP'); |
|
| 307 | + } |
|
| 308 | + return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; |
|
| 309 | + } |
|
| 310 | 310 | |
| 311 | 311 | } |
@@ -57,7 +57,7 @@ discard block |
||
| 57 | 57 | $this->deletedUsersIndex = $deletedUsersIndex; |
| 58 | 58 | $userBackendFound = false; |
| 59 | 59 | $groupBackendFound = false; |
| 60 | - foreach ($serverContainer->getUserManager()->getBackends() as $backend){ |
|
| 60 | + foreach ($serverContainer->getUserManager()->getBackends() as $backend) { |
|
| 61 | 61 | $this->logger->debug('instance '.get_class($backend).' user backend.', ['app' => 'user_ldap']); |
| 62 | 62 | if ($backend instanceof IUserLDAP) { |
| 63 | 63 | $this->userBackend = $backend; |
@@ -65,7 +65,7 @@ discard block |
||
| 65 | 65 | break; |
| 66 | 66 | } |
| 67 | 67 | } |
| 68 | - foreach ($serverContainer->getGroupManager()->getBackends() as $backend){ |
|
| 68 | + foreach ($serverContainer->getGroupManager()->getBackends() as $backend) { |
|
| 69 | 69 | $this->logger->debug('instance '.get_class($backend).' group backend.', ['app' => 'user_ldap']); |
| 70 | 70 | if ($backend instanceof IGroupLDAP) { |
| 71 | 71 | $this->groupBackend = $backend; |
@@ -86,11 +86,11 @@ discard block |
||
| 86 | 86 | * @throws \Exception if translation was unsuccessful |
| 87 | 87 | */ |
| 88 | 88 | public function getUserDN($uid) { |
| 89 | - if(!$this->userBackend->userExists($uid)){ |
|
| 89 | + if (!$this->userBackend->userExists($uid)) { |
|
| 90 | 90 | throw new \Exception('User id not found in LDAP'); |
| 91 | 91 | } |
| 92 | 92 | $result = $this->userBackend->getLDAPAccess($uid)->username2dn($uid); |
| 93 | - if(!$result){ |
|
| 93 | + if (!$result) { |
|
| 94 | 94 | throw new \Exception('Translation to LDAP DN unsuccessful'); |
| 95 | 95 | } |
| 96 | 96 | return $result; |
@@ -103,11 +103,11 @@ discard block |
||
| 103 | 103 | * @throws \Exception |
| 104 | 104 | */ |
| 105 | 105 | public function getGroupDN($gid) { |
| 106 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 106 | + if (!$this->groupBackend->groupExists($gid)) { |
|
| 107 | 107 | throw new \Exception('Group id not found in LDAP'); |
| 108 | 108 | } |
| 109 | 109 | $result = $this->groupBackend->getLDAPAccess($gid)->groupname2dn($gid); |
| 110 | - if(!$result){ |
|
| 110 | + if (!$result) { |
|
| 111 | 111 | throw new \Exception('Translation to LDAP DN unsuccessful'); |
| 112 | 112 | } |
| 113 | 113 | return $result; |
@@ -122,7 +122,7 @@ discard block |
||
| 122 | 122 | */ |
| 123 | 123 | public function getUserName($dn) { |
| 124 | 124 | $result = $this->userBackend->dn2UserName($dn); |
| 125 | - if(!$result){ |
|
| 125 | + if (!$result) { |
|
| 126 | 126 | throw new \Exception('Translation to internal user name unsuccessful'); |
| 127 | 127 | } |
| 128 | 128 | return $result; |
@@ -154,7 +154,7 @@ discard block |
||
| 154 | 154 | * @throws \Exception if user id was not found in LDAP |
| 155 | 155 | */ |
| 156 | 156 | public function getLDAPConnection($uid) { |
| 157 | - if(!$this->userBackend->userExists($uid)){ |
|
| 157 | + if (!$this->userBackend->userExists($uid)) { |
|
| 158 | 158 | throw new \Exception('User id not found in LDAP'); |
| 159 | 159 | } |
| 160 | 160 | return $this->userBackend->getNewLDAPConnection($uid); |
@@ -168,7 +168,7 @@ discard block |
||
| 168 | 168 | * @throws \Exception if group id was not found in LDAP |
| 169 | 169 | */ |
| 170 | 170 | public function getGroupLDAPConnection($gid) { |
| 171 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 171 | + if (!$this->groupBackend->groupExists($gid)) { |
|
| 172 | 172 | throw new \Exception('Group id not found in LDAP'); |
| 173 | 173 | } |
| 174 | 174 | return $this->groupBackend->getNewLDAPConnection($gid); |
@@ -181,14 +181,14 @@ discard block |
||
| 181 | 181 | * @throws \Exception if user id was not found in LDAP |
| 182 | 182 | */ |
| 183 | 183 | public function getLDAPBaseUsers($uid) { |
| 184 | - if(!$this->userBackend->userExists($uid)){ |
|
| 184 | + if (!$this->userBackend->userExists($uid)) { |
|
| 185 | 185 | throw new \Exception('User id not found in LDAP'); |
| 186 | 186 | } |
| 187 | 187 | $access = $this->userBackend->getLDAPAccess($uid); |
| 188 | 188 | $bases = $access->getConnection()->ldapBaseUsers; |
| 189 | 189 | $dn = $this->getUserDN($uid); |
| 190 | 190 | foreach ($bases as $base) { |
| 191 | - if($access->isDNPartOfBase($dn, [$base])) { |
|
| 191 | + if ($access->isDNPartOfBase($dn, [$base])) { |
|
| 192 | 192 | return $base; |
| 193 | 193 | } |
| 194 | 194 | } |
@@ -211,7 +211,7 @@ discard block |
||
| 211 | 211 | * @throws \Exception if user id was not found in LDAP |
| 212 | 212 | */ |
| 213 | 213 | public function getLDAPBaseGroups($uid) { |
| 214 | - if(!$this->userBackend->userExists($uid)){ |
|
| 214 | + if (!$this->userBackend->userExists($uid)) { |
|
| 215 | 215 | throw new \Exception('User id not found in LDAP'); |
| 216 | 216 | } |
| 217 | 217 | $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups; |
@@ -224,7 +224,7 @@ discard block |
||
| 224 | 224 | * @throws \Exception if user id was not found in LDAP |
| 225 | 225 | */ |
| 226 | 226 | public function clearCache($uid) { |
| 227 | - if(!$this->userBackend->userExists($uid)){ |
|
| 227 | + if (!$this->userBackend->userExists($uid)) { |
|
| 228 | 228 | throw new \Exception('User id not found in LDAP'); |
| 229 | 229 | } |
| 230 | 230 | $this->userBackend->getLDAPAccess($uid)->getConnection()->clearCache(); |
@@ -237,7 +237,7 @@ discard block |
||
| 237 | 237 | * @throws \Exception if user id was not found in LDAP |
| 238 | 238 | */ |
| 239 | 239 | public function clearGroupCache($gid) { |
| 240 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 240 | + if (!$this->groupBackend->groupExists($gid)) { |
|
| 241 | 241 | throw new \Exception('Group id not found in LDAP'); |
| 242 | 242 | } |
| 243 | 243 | $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); |
@@ -276,7 +276,7 @@ discard block |
||
| 276 | 276 | * @throws \Exception if user id was not found in LDAP |
| 277 | 277 | */ |
| 278 | 278 | public function getLDAPDisplayNameField($uid) { |
| 279 | - if(!$this->userBackend->userExists($uid)){ |
|
| 279 | + if (!$this->userBackend->userExists($uid)) { |
|
| 280 | 280 | throw new \Exception('User id not found in LDAP'); |
| 281 | 281 | } |
| 282 | 282 | return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_display_name']; |
@@ -289,7 +289,7 @@ discard block |
||
| 289 | 289 | * @throws \Exception if user id was not found in LDAP |
| 290 | 290 | */ |
| 291 | 291 | public function getLDAPEmailField($uid) { |
| 292 | - if(!$this->userBackend->userExists($uid)){ |
|
| 292 | + if (!$this->userBackend->userExists($uid)) { |
|
| 293 | 293 | throw new \Exception('User id not found in LDAP'); |
| 294 | 294 | } |
| 295 | 295 | return $this->userBackend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_email_attr']; |
@@ -302,7 +302,7 @@ discard block |
||
| 302 | 302 | * @throws \Exception if group id was not found in LDAP |
| 303 | 303 | */ |
| 304 | 304 | public function getLDAPGroupMemberAssoc($gid) { |
| 305 | - if(!$this->groupBackend->groupExists($gid)){ |
|
| 305 | + if (!$this->groupBackend->groupExists($gid)) { |
|
| 306 | 306 | throw new \Exception('Group id not found in LDAP'); |
| 307 | 307 | } |
| 308 | 308 | return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; |
@@ -36,144 +36,144 @@ |
||
| 36 | 36 | use OCP\IUserManager; |
| 37 | 37 | |
| 38 | 38 | class RenewPasswordController extends Controller { |
| 39 | - /** @var IUserManager */ |
|
| 40 | - private $userManager; |
|
| 41 | - /** @var IConfig */ |
|
| 42 | - private $config; |
|
| 43 | - /** @var IL10N */ |
|
| 44 | - protected $l10n; |
|
| 45 | - /** @var ISession */ |
|
| 46 | - private $session; |
|
| 47 | - /** @var IURLGenerator */ |
|
| 48 | - private $urlGenerator; |
|
| 39 | + /** @var IUserManager */ |
|
| 40 | + private $userManager; |
|
| 41 | + /** @var IConfig */ |
|
| 42 | + private $config; |
|
| 43 | + /** @var IL10N */ |
|
| 44 | + protected $l10n; |
|
| 45 | + /** @var ISession */ |
|
| 46 | + private $session; |
|
| 47 | + /** @var IURLGenerator */ |
|
| 48 | + private $urlGenerator; |
|
| 49 | 49 | |
| 50 | - /** |
|
| 51 | - * @param string $appName |
|
| 52 | - * @param IRequest $request |
|
| 53 | - * @param IUserManager $userManager |
|
| 54 | - * @param IConfig $config |
|
| 55 | - * @param IURLGenerator $urlGenerator |
|
| 56 | - */ |
|
| 57 | - function __construct($appName, IRequest $request, IUserManager $userManager, |
|
| 58 | - IConfig $config, IL10N $l10n, ISession $session, IURLGenerator $urlGenerator) { |
|
| 59 | - parent::__construct($appName, $request); |
|
| 60 | - $this->userManager = $userManager; |
|
| 61 | - $this->config = $config; |
|
| 62 | - $this->l10n = $l10n; |
|
| 63 | - $this->session = $session; |
|
| 64 | - $this->urlGenerator = $urlGenerator; |
|
| 65 | - } |
|
| 50 | + /** |
|
| 51 | + * @param string $appName |
|
| 52 | + * @param IRequest $request |
|
| 53 | + * @param IUserManager $userManager |
|
| 54 | + * @param IConfig $config |
|
| 55 | + * @param IURLGenerator $urlGenerator |
|
| 56 | + */ |
|
| 57 | + function __construct($appName, IRequest $request, IUserManager $userManager, |
|
| 58 | + IConfig $config, IL10N $l10n, ISession $session, IURLGenerator $urlGenerator) { |
|
| 59 | + parent::__construct($appName, $request); |
|
| 60 | + $this->userManager = $userManager; |
|
| 61 | + $this->config = $config; |
|
| 62 | + $this->l10n = $l10n; |
|
| 63 | + $this->session = $session; |
|
| 64 | + $this->urlGenerator = $urlGenerator; |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - /** |
|
| 68 | - * @PublicPage |
|
| 69 | - * @NoCSRFRequired |
|
| 70 | - * |
|
| 71 | - * @return RedirectResponse |
|
| 72 | - */ |
|
| 73 | - public function cancel() { |
|
| 74 | - return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); |
|
| 75 | - } |
|
| 67 | + /** |
|
| 68 | + * @PublicPage |
|
| 69 | + * @NoCSRFRequired |
|
| 70 | + * |
|
| 71 | + * @return RedirectResponse |
|
| 72 | + */ |
|
| 73 | + public function cancel() { |
|
| 74 | + return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - /** |
|
| 78 | - * @PublicPage |
|
| 79 | - * @NoCSRFRequired |
|
| 80 | - * @UseSession |
|
| 81 | - * |
|
| 82 | - * @param string $user |
|
| 83 | - * |
|
| 84 | - * @return TemplateResponse|RedirectResponse |
|
| 85 | - */ |
|
| 86 | - public function showRenewPasswordForm($user) { |
|
| 87 | - if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { |
|
| 88 | - return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); |
|
| 89 | - } |
|
| 90 | - $parameters = []; |
|
| 91 | - $renewPasswordMessages = $this->session->get('renewPasswordMessages'); |
|
| 92 | - $errors = []; |
|
| 93 | - $messages = []; |
|
| 94 | - if (is_array($renewPasswordMessages)) { |
|
| 95 | - list($errors, $messages) = $renewPasswordMessages; |
|
| 96 | - } |
|
| 97 | - $this->session->remove('renewPasswordMessages'); |
|
| 98 | - foreach ($errors as $value) { |
|
| 99 | - $parameters[$value] = true; |
|
| 100 | - } |
|
| 77 | + /** |
|
| 78 | + * @PublicPage |
|
| 79 | + * @NoCSRFRequired |
|
| 80 | + * @UseSession |
|
| 81 | + * |
|
| 82 | + * @param string $user |
|
| 83 | + * |
|
| 84 | + * @return TemplateResponse|RedirectResponse |
|
| 85 | + */ |
|
| 86 | + public function showRenewPasswordForm($user) { |
|
| 87 | + if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { |
|
| 88 | + return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); |
|
| 89 | + } |
|
| 90 | + $parameters = []; |
|
| 91 | + $renewPasswordMessages = $this->session->get('renewPasswordMessages'); |
|
| 92 | + $errors = []; |
|
| 93 | + $messages = []; |
|
| 94 | + if (is_array($renewPasswordMessages)) { |
|
| 95 | + list($errors, $messages) = $renewPasswordMessages; |
|
| 96 | + } |
|
| 97 | + $this->session->remove('renewPasswordMessages'); |
|
| 98 | + foreach ($errors as $value) { |
|
| 99 | + $parameters[$value] = true; |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - $parameters['messages'] = $messages; |
|
| 103 | - $parameters['user'] = $user; |
|
| 102 | + $parameters['messages'] = $messages; |
|
| 103 | + $parameters['user'] = $user; |
|
| 104 | 104 | |
| 105 | - $parameters['canResetPassword'] = true; |
|
| 106 | - $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', ''); |
|
| 107 | - if (!$parameters['resetPasswordLink']) { |
|
| 108 | - $userObj = $this->userManager->get($user); |
|
| 109 | - if ($userObj instanceof IUser) { |
|
| 110 | - $parameters['canResetPassword'] = $userObj->canChangePassword(); |
|
| 111 | - } |
|
| 112 | - } |
|
| 113 | - $parameters['cancelLink'] = $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'); |
|
| 105 | + $parameters['canResetPassword'] = true; |
|
| 106 | + $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', ''); |
|
| 107 | + if (!$parameters['resetPasswordLink']) { |
|
| 108 | + $userObj = $this->userManager->get($user); |
|
| 109 | + if ($userObj instanceof IUser) { |
|
| 110 | + $parameters['canResetPassword'] = $userObj->canChangePassword(); |
|
| 111 | + } |
|
| 112 | + } |
|
| 113 | + $parameters['cancelLink'] = $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'); |
|
| 114 | 114 | |
| 115 | - return new TemplateResponse( |
|
| 116 | - $this->appName, 'renewpassword', $parameters, 'guest' |
|
| 117 | - ); |
|
| 118 | - } |
|
| 115 | + return new TemplateResponse( |
|
| 116 | + $this->appName, 'renewpassword', $parameters, 'guest' |
|
| 117 | + ); |
|
| 118 | + } |
|
| 119 | 119 | |
| 120 | - /** |
|
| 121 | - * @PublicPage |
|
| 122 | - * @UseSession |
|
| 123 | - * |
|
| 124 | - * @param string $user |
|
| 125 | - * @param string $oldPassword |
|
| 126 | - * @param string $newPassword |
|
| 127 | - * |
|
| 128 | - * @return RedirectResponse |
|
| 129 | - */ |
|
| 130 | - public function tryRenewPassword($user, $oldPassword, $newPassword) { |
|
| 131 | - if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { |
|
| 132 | - return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); |
|
| 133 | - } |
|
| 134 | - $args = !is_null($user) ? ['user' => $user] : []; |
|
| 135 | - $loginResult = $this->userManager->checkPassword($user, $oldPassword); |
|
| 136 | - if ($loginResult === false) { |
|
| 137 | - $this->session->set('renewPasswordMessages', [ |
|
| 138 | - ['invalidpassword'], [] |
|
| 139 | - ]); |
|
| 140 | - return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args)); |
|
| 141 | - } |
|
| 120 | + /** |
|
| 121 | + * @PublicPage |
|
| 122 | + * @UseSession |
|
| 123 | + * |
|
| 124 | + * @param string $user |
|
| 125 | + * @param string $oldPassword |
|
| 126 | + * @param string $newPassword |
|
| 127 | + * |
|
| 128 | + * @return RedirectResponse |
|
| 129 | + */ |
|
| 130 | + public function tryRenewPassword($user, $oldPassword, $newPassword) { |
|
| 131 | + if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { |
|
| 132 | + return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); |
|
| 133 | + } |
|
| 134 | + $args = !is_null($user) ? ['user' => $user] : []; |
|
| 135 | + $loginResult = $this->userManager->checkPassword($user, $oldPassword); |
|
| 136 | + if ($loginResult === false) { |
|
| 137 | + $this->session->set('renewPasswordMessages', [ |
|
| 138 | + ['invalidpassword'], [] |
|
| 139 | + ]); |
|
| 140 | + return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args)); |
|
| 141 | + } |
|
| 142 | 142 | |
| 143 | - try { |
|
| 144 | - if (!is_null($newPassword) && \OC_User::setPassword($user, $newPassword)) { |
|
| 145 | - $this->session->set('loginMessages', [ |
|
| 146 | - [], [$this->l10n->t("Please login with the new password")] |
|
| 147 | - ]); |
|
| 148 | - $this->config->setUserValue($user, 'user_ldap', 'needsPasswordReset', 'false'); |
|
| 149 | - return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); |
|
| 150 | - } else { |
|
| 151 | - $this->session->set('renewPasswordMessages', [ |
|
| 152 | - ['internalexception'], [] |
|
| 153 | - ]); |
|
| 154 | - } |
|
| 155 | - } catch (HintException $e) { |
|
| 156 | - $this->session->set('renewPasswordMessages', [ |
|
| 157 | - [], [$e->getHint()] |
|
| 158 | - ]); |
|
| 159 | - } |
|
| 143 | + try { |
|
| 144 | + if (!is_null($newPassword) && \OC_User::setPassword($user, $newPassword)) { |
|
| 145 | + $this->session->set('loginMessages', [ |
|
| 146 | + [], [$this->l10n->t("Please login with the new password")] |
|
| 147 | + ]); |
|
| 148 | + $this->config->setUserValue($user, 'user_ldap', 'needsPasswordReset', 'false'); |
|
| 149 | + return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); |
|
| 150 | + } else { |
|
| 151 | + $this->session->set('renewPasswordMessages', [ |
|
| 152 | + ['internalexception'], [] |
|
| 153 | + ]); |
|
| 154 | + } |
|
| 155 | + } catch (HintException $e) { |
|
| 156 | + $this->session->set('renewPasswordMessages', [ |
|
| 157 | + [], [$e->getHint()] |
|
| 158 | + ]); |
|
| 159 | + } |
|
| 160 | 160 | |
| 161 | - return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args)); |
|
| 162 | - } |
|
| 161 | + return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args)); |
|
| 162 | + } |
|
| 163 | 163 | |
| 164 | - /** |
|
| 165 | - * @PublicPage |
|
| 166 | - * @NoCSRFRequired |
|
| 167 | - * @UseSession |
|
| 168 | - * |
|
| 169 | - * @return RedirectResponse |
|
| 170 | - */ |
|
| 171 | - public function showLoginFormInvalidPassword($user) { |
|
| 172 | - $args = !is_null($user) ? ['user' => $user] : []; |
|
| 173 | - $this->session->set('loginMessages', [ |
|
| 174 | - ['invalidpassword'], [] |
|
| 175 | - ]); |
|
| 176 | - return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); |
|
| 177 | - } |
|
| 164 | + /** |
|
| 165 | + * @PublicPage |
|
| 166 | + * @NoCSRFRequired |
|
| 167 | + * @UseSession |
|
| 168 | + * |
|
| 169 | + * @return RedirectResponse |
|
| 170 | + */ |
|
| 171 | + public function showLoginFormInvalidPassword($user) { |
|
| 172 | + $args = !is_null($user) ? ['user' => $user] : []; |
|
| 173 | + $this->session->set('loginMessages', [ |
|
| 174 | + ['invalidpassword'], [] |
|
| 175 | + ]); |
|
| 176 | + return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); |
|
| 177 | + } |
|
| 178 | 178 | |
| 179 | 179 | } |
@@ -41,543 +41,543 @@ |
||
| 41 | 41 | * @property string ldapUserAvatarRule |
| 42 | 42 | */ |
| 43 | 43 | class Configuration { |
| 44 | - const AVATAR_PREFIX_DEFAULT = 'default'; |
|
| 45 | - const AVATAR_PREFIX_NONE = 'none'; |
|
| 46 | - const AVATAR_PREFIX_DATA_ATTRIBUTE = 'data:'; |
|
| 44 | + const AVATAR_PREFIX_DEFAULT = 'default'; |
|
| 45 | + const AVATAR_PREFIX_NONE = 'none'; |
|
| 46 | + const AVATAR_PREFIX_DATA_ATTRIBUTE = 'data:'; |
|
| 47 | 47 | |
| 48 | - protected $configPrefix = null; |
|
| 49 | - protected $configRead = false; |
|
| 50 | - /** |
|
| 51 | - * @var string[] pre-filled with one reference key so that at least one entry is written on save request and |
|
| 52 | - * the config ID is registered |
|
| 53 | - */ |
|
| 54 | - protected $unsavedChanges = ['ldapConfigurationActive' => 'ldapConfigurationActive']; |
|
| 48 | + protected $configPrefix = null; |
|
| 49 | + protected $configRead = false; |
|
| 50 | + /** |
|
| 51 | + * @var string[] pre-filled with one reference key so that at least one entry is written on save request and |
|
| 52 | + * the config ID is registered |
|
| 53 | + */ |
|
| 54 | + protected $unsavedChanges = ['ldapConfigurationActive' => 'ldapConfigurationActive']; |
|
| 55 | 55 | |
| 56 | - //settings |
|
| 57 | - protected $config = [ |
|
| 58 | - 'ldapHost' => null, |
|
| 59 | - 'ldapPort' => null, |
|
| 60 | - 'ldapBackupHost' => null, |
|
| 61 | - 'ldapBackupPort' => null, |
|
| 62 | - 'ldapBase' => null, |
|
| 63 | - 'ldapBaseUsers' => null, |
|
| 64 | - 'ldapBaseGroups' => null, |
|
| 65 | - 'ldapAgentName' => null, |
|
| 66 | - 'ldapAgentPassword' => null, |
|
| 67 | - 'ldapTLS' => null, |
|
| 68 | - 'turnOffCertCheck' => null, |
|
| 69 | - 'ldapIgnoreNamingRules' => null, |
|
| 70 | - 'ldapUserDisplayName' => null, |
|
| 71 | - 'ldapUserDisplayName2' => null, |
|
| 72 | - 'ldapUserAvatarRule' => null, |
|
| 73 | - 'ldapGidNumber' => null, |
|
| 74 | - 'ldapUserFilterObjectclass' => null, |
|
| 75 | - 'ldapUserFilterGroups' => null, |
|
| 76 | - 'ldapUserFilter' => null, |
|
| 77 | - 'ldapUserFilterMode' => null, |
|
| 78 | - 'ldapGroupFilter' => null, |
|
| 79 | - 'ldapGroupFilterMode' => null, |
|
| 80 | - 'ldapGroupFilterObjectclass' => null, |
|
| 81 | - 'ldapGroupFilterGroups' => null, |
|
| 82 | - 'ldapGroupDisplayName' => null, |
|
| 83 | - 'ldapGroupMemberAssocAttr' => null, |
|
| 84 | - 'ldapLoginFilter' => null, |
|
| 85 | - 'ldapLoginFilterMode' => null, |
|
| 86 | - 'ldapLoginFilterEmail' => null, |
|
| 87 | - 'ldapLoginFilterUsername' => null, |
|
| 88 | - 'ldapLoginFilterAttributes' => null, |
|
| 89 | - 'ldapQuotaAttribute' => null, |
|
| 90 | - 'ldapQuotaDefault' => null, |
|
| 91 | - 'ldapEmailAttribute' => null, |
|
| 92 | - 'ldapCacheTTL' => null, |
|
| 93 | - 'ldapUuidUserAttribute' => 'auto', |
|
| 94 | - 'ldapUuidGroupAttribute' => 'auto', |
|
| 95 | - 'ldapOverrideMainServer' => false, |
|
| 96 | - 'ldapConfigurationActive' => false, |
|
| 97 | - 'ldapAttributesForUserSearch' => null, |
|
| 98 | - 'ldapAttributesForGroupSearch' => null, |
|
| 99 | - 'ldapExperiencedAdmin' => false, |
|
| 100 | - 'homeFolderNamingRule' => null, |
|
| 101 | - 'hasMemberOfFilterSupport' => false, |
|
| 102 | - 'useMemberOfToDetectMembership' => true, |
|
| 103 | - 'ldapExpertUsernameAttr' => null, |
|
| 104 | - 'ldapExpertUUIDUserAttr' => null, |
|
| 105 | - 'ldapExpertUUIDGroupAttr' => null, |
|
| 106 | - 'lastJpegPhotoLookup' => null, |
|
| 107 | - 'ldapNestedGroups' => false, |
|
| 108 | - 'ldapPagingSize' => null, |
|
| 109 | - 'turnOnPasswordChange' => false, |
|
| 110 | - 'ldapDynamicGroupMemberURL' => null, |
|
| 111 | - 'ldapDefaultPPolicyDN' => null, |
|
| 112 | - 'ldapExtStorageHomeAttribute' => null, |
|
| 113 | - ]; |
|
| 56 | + //settings |
|
| 57 | + protected $config = [ |
|
| 58 | + 'ldapHost' => null, |
|
| 59 | + 'ldapPort' => null, |
|
| 60 | + 'ldapBackupHost' => null, |
|
| 61 | + 'ldapBackupPort' => null, |
|
| 62 | + 'ldapBase' => null, |
|
| 63 | + 'ldapBaseUsers' => null, |
|
| 64 | + 'ldapBaseGroups' => null, |
|
| 65 | + 'ldapAgentName' => null, |
|
| 66 | + 'ldapAgentPassword' => null, |
|
| 67 | + 'ldapTLS' => null, |
|
| 68 | + 'turnOffCertCheck' => null, |
|
| 69 | + 'ldapIgnoreNamingRules' => null, |
|
| 70 | + 'ldapUserDisplayName' => null, |
|
| 71 | + 'ldapUserDisplayName2' => null, |
|
| 72 | + 'ldapUserAvatarRule' => null, |
|
| 73 | + 'ldapGidNumber' => null, |
|
| 74 | + 'ldapUserFilterObjectclass' => null, |
|
| 75 | + 'ldapUserFilterGroups' => null, |
|
| 76 | + 'ldapUserFilter' => null, |
|
| 77 | + 'ldapUserFilterMode' => null, |
|
| 78 | + 'ldapGroupFilter' => null, |
|
| 79 | + 'ldapGroupFilterMode' => null, |
|
| 80 | + 'ldapGroupFilterObjectclass' => null, |
|
| 81 | + 'ldapGroupFilterGroups' => null, |
|
| 82 | + 'ldapGroupDisplayName' => null, |
|
| 83 | + 'ldapGroupMemberAssocAttr' => null, |
|
| 84 | + 'ldapLoginFilter' => null, |
|
| 85 | + 'ldapLoginFilterMode' => null, |
|
| 86 | + 'ldapLoginFilterEmail' => null, |
|
| 87 | + 'ldapLoginFilterUsername' => null, |
|
| 88 | + 'ldapLoginFilterAttributes' => null, |
|
| 89 | + 'ldapQuotaAttribute' => null, |
|
| 90 | + 'ldapQuotaDefault' => null, |
|
| 91 | + 'ldapEmailAttribute' => null, |
|
| 92 | + 'ldapCacheTTL' => null, |
|
| 93 | + 'ldapUuidUserAttribute' => 'auto', |
|
| 94 | + 'ldapUuidGroupAttribute' => 'auto', |
|
| 95 | + 'ldapOverrideMainServer' => false, |
|
| 96 | + 'ldapConfigurationActive' => false, |
|
| 97 | + 'ldapAttributesForUserSearch' => null, |
|
| 98 | + 'ldapAttributesForGroupSearch' => null, |
|
| 99 | + 'ldapExperiencedAdmin' => false, |
|
| 100 | + 'homeFolderNamingRule' => null, |
|
| 101 | + 'hasMemberOfFilterSupport' => false, |
|
| 102 | + 'useMemberOfToDetectMembership' => true, |
|
| 103 | + 'ldapExpertUsernameAttr' => null, |
|
| 104 | + 'ldapExpertUUIDUserAttr' => null, |
|
| 105 | + 'ldapExpertUUIDGroupAttr' => null, |
|
| 106 | + 'lastJpegPhotoLookup' => null, |
|
| 107 | + 'ldapNestedGroups' => false, |
|
| 108 | + 'ldapPagingSize' => null, |
|
| 109 | + 'turnOnPasswordChange' => false, |
|
| 110 | + 'ldapDynamicGroupMemberURL' => null, |
|
| 111 | + 'ldapDefaultPPolicyDN' => null, |
|
| 112 | + 'ldapExtStorageHomeAttribute' => null, |
|
| 113 | + ]; |
|
| 114 | 114 | |
| 115 | - /** |
|
| 116 | - * @param string $configPrefix |
|
| 117 | - * @param bool $autoRead |
|
| 118 | - */ |
|
| 119 | - public function __construct($configPrefix, $autoRead = true) { |
|
| 120 | - $this->configPrefix = $configPrefix; |
|
| 121 | - if($autoRead) { |
|
| 122 | - $this->readConfiguration(); |
|
| 123 | - } |
|
| 124 | - } |
|
| 115 | + /** |
|
| 116 | + * @param string $configPrefix |
|
| 117 | + * @param bool $autoRead |
|
| 118 | + */ |
|
| 119 | + public function __construct($configPrefix, $autoRead = true) { |
|
| 120 | + $this->configPrefix = $configPrefix; |
|
| 121 | + if($autoRead) { |
|
| 122 | + $this->readConfiguration(); |
|
| 123 | + } |
|
| 124 | + } |
|
| 125 | 125 | |
| 126 | - /** |
|
| 127 | - * @param string $name |
|
| 128 | - * @return mixed|null |
|
| 129 | - */ |
|
| 130 | - public function __get($name) { |
|
| 131 | - if(isset($this->config[$name])) { |
|
| 132 | - return $this->config[$name]; |
|
| 133 | - } |
|
| 134 | - return null; |
|
| 135 | - } |
|
| 126 | + /** |
|
| 127 | + * @param string $name |
|
| 128 | + * @return mixed|null |
|
| 129 | + */ |
|
| 130 | + public function __get($name) { |
|
| 131 | + if(isset($this->config[$name])) { |
|
| 132 | + return $this->config[$name]; |
|
| 133 | + } |
|
| 134 | + return null; |
|
| 135 | + } |
|
| 136 | 136 | |
| 137 | - /** |
|
| 138 | - * @param string $name |
|
| 139 | - * @param mixed $value |
|
| 140 | - */ |
|
| 141 | - public function __set($name, $value) { |
|
| 142 | - $this->setConfiguration([$name => $value]); |
|
| 143 | - } |
|
| 137 | + /** |
|
| 138 | + * @param string $name |
|
| 139 | + * @param mixed $value |
|
| 140 | + */ |
|
| 141 | + public function __set($name, $value) { |
|
| 142 | + $this->setConfiguration([$name => $value]); |
|
| 143 | + } |
|
| 144 | 144 | |
| 145 | - /** |
|
| 146 | - * @return array |
|
| 147 | - */ |
|
| 148 | - public function getConfiguration() { |
|
| 149 | - return $this->config; |
|
| 150 | - } |
|
| 145 | + /** |
|
| 146 | + * @return array |
|
| 147 | + */ |
|
| 148 | + public function getConfiguration() { |
|
| 149 | + return $this->config; |
|
| 150 | + } |
|
| 151 | 151 | |
| 152 | - /** |
|
| 153 | - * set LDAP configuration with values delivered by an array, not read |
|
| 154 | - * from configuration. It does not save the configuration! To do so, you |
|
| 155 | - * must call saveConfiguration afterwards. |
|
| 156 | - * @param array $config array that holds the config parameters in an associated |
|
| 157 | - * array |
|
| 158 | - * @param array &$applied optional; array where the set fields will be given to |
|
| 159 | - * @return false|null |
|
| 160 | - */ |
|
| 161 | - public function setConfiguration($config, &$applied = null) { |
|
| 162 | - if(!is_array($config)) { |
|
| 163 | - return false; |
|
| 164 | - } |
|
| 152 | + /** |
|
| 153 | + * set LDAP configuration with values delivered by an array, not read |
|
| 154 | + * from configuration. It does not save the configuration! To do so, you |
|
| 155 | + * must call saveConfiguration afterwards. |
|
| 156 | + * @param array $config array that holds the config parameters in an associated |
|
| 157 | + * array |
|
| 158 | + * @param array &$applied optional; array where the set fields will be given to |
|
| 159 | + * @return false|null |
|
| 160 | + */ |
|
| 161 | + public function setConfiguration($config, &$applied = null) { |
|
| 162 | + if(!is_array($config)) { |
|
| 163 | + return false; |
|
| 164 | + } |
|
| 165 | 165 | |
| 166 | - $cta = $this->getConfigTranslationArray(); |
|
| 167 | - foreach($config as $inputKey => $val) { |
|
| 168 | - if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) { |
|
| 169 | - $key = $cta[$inputKey]; |
|
| 170 | - } elseif(array_key_exists($inputKey, $this->config)) { |
|
| 171 | - $key = $inputKey; |
|
| 172 | - } else { |
|
| 173 | - continue; |
|
| 174 | - } |
|
| 166 | + $cta = $this->getConfigTranslationArray(); |
|
| 167 | + foreach($config as $inputKey => $val) { |
|
| 168 | + if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) { |
|
| 169 | + $key = $cta[$inputKey]; |
|
| 170 | + } elseif(array_key_exists($inputKey, $this->config)) { |
|
| 171 | + $key = $inputKey; |
|
| 172 | + } else { |
|
| 173 | + continue; |
|
| 174 | + } |
|
| 175 | 175 | |
| 176 | - $setMethod = 'setValue'; |
|
| 177 | - switch($key) { |
|
| 178 | - case 'ldapAgentPassword': |
|
| 179 | - $setMethod = 'setRawValue'; |
|
| 180 | - break; |
|
| 181 | - case 'homeFolderNamingRule': |
|
| 182 | - $trimmedVal = trim($val); |
|
| 183 | - if ($trimmedVal !== '' && strpos($val, 'attr:') === false) { |
|
| 184 | - $val = 'attr:'.$trimmedVal; |
|
| 185 | - } |
|
| 186 | - break; |
|
| 187 | - case 'ldapBase': |
|
| 188 | - case 'ldapBaseUsers': |
|
| 189 | - case 'ldapBaseGroups': |
|
| 190 | - case 'ldapAttributesForUserSearch': |
|
| 191 | - case 'ldapAttributesForGroupSearch': |
|
| 192 | - case 'ldapUserFilterObjectclass': |
|
| 193 | - case 'ldapUserFilterGroups': |
|
| 194 | - case 'ldapGroupFilterObjectclass': |
|
| 195 | - case 'ldapGroupFilterGroups': |
|
| 196 | - case 'ldapLoginFilterAttributes': |
|
| 197 | - $setMethod = 'setMultiLine'; |
|
| 198 | - break; |
|
| 199 | - } |
|
| 200 | - $this->$setMethod($key, $val); |
|
| 201 | - if(is_array($applied)) { |
|
| 202 | - $applied[] = $inputKey; |
|
| 203 | - // storing key as index avoids duplication, and as value for simplicity |
|
| 204 | - } |
|
| 205 | - $this->unsavedChanges[$key] = $key; |
|
| 206 | - } |
|
| 207 | - return null; |
|
| 208 | - } |
|
| 176 | + $setMethod = 'setValue'; |
|
| 177 | + switch($key) { |
|
| 178 | + case 'ldapAgentPassword': |
|
| 179 | + $setMethod = 'setRawValue'; |
|
| 180 | + break; |
|
| 181 | + case 'homeFolderNamingRule': |
|
| 182 | + $trimmedVal = trim($val); |
|
| 183 | + if ($trimmedVal !== '' && strpos($val, 'attr:') === false) { |
|
| 184 | + $val = 'attr:'.$trimmedVal; |
|
| 185 | + } |
|
| 186 | + break; |
|
| 187 | + case 'ldapBase': |
|
| 188 | + case 'ldapBaseUsers': |
|
| 189 | + case 'ldapBaseGroups': |
|
| 190 | + case 'ldapAttributesForUserSearch': |
|
| 191 | + case 'ldapAttributesForGroupSearch': |
|
| 192 | + case 'ldapUserFilterObjectclass': |
|
| 193 | + case 'ldapUserFilterGroups': |
|
| 194 | + case 'ldapGroupFilterObjectclass': |
|
| 195 | + case 'ldapGroupFilterGroups': |
|
| 196 | + case 'ldapLoginFilterAttributes': |
|
| 197 | + $setMethod = 'setMultiLine'; |
|
| 198 | + break; |
|
| 199 | + } |
|
| 200 | + $this->$setMethod($key, $val); |
|
| 201 | + if(is_array($applied)) { |
|
| 202 | + $applied[] = $inputKey; |
|
| 203 | + // storing key as index avoids duplication, and as value for simplicity |
|
| 204 | + } |
|
| 205 | + $this->unsavedChanges[$key] = $key; |
|
| 206 | + } |
|
| 207 | + return null; |
|
| 208 | + } |
|
| 209 | 209 | |
| 210 | - public function readConfiguration() { |
|
| 211 | - if(!$this->configRead && !is_null($this->configPrefix)) { |
|
| 212 | - $cta = array_flip($this->getConfigTranslationArray()); |
|
| 213 | - foreach($this->config as $key => $val) { |
|
| 214 | - if(!isset($cta[$key])) { |
|
| 215 | - //some are determined |
|
| 216 | - continue; |
|
| 217 | - } |
|
| 218 | - $dbKey = $cta[$key]; |
|
| 219 | - switch($key) { |
|
| 220 | - case 'ldapBase': |
|
| 221 | - case 'ldapBaseUsers': |
|
| 222 | - case 'ldapBaseGroups': |
|
| 223 | - case 'ldapAttributesForUserSearch': |
|
| 224 | - case 'ldapAttributesForGroupSearch': |
|
| 225 | - case 'ldapUserFilterObjectclass': |
|
| 226 | - case 'ldapUserFilterGroups': |
|
| 227 | - case 'ldapGroupFilterObjectclass': |
|
| 228 | - case 'ldapGroupFilterGroups': |
|
| 229 | - case 'ldapLoginFilterAttributes': |
|
| 230 | - $readMethod = 'getMultiLine'; |
|
| 231 | - break; |
|
| 232 | - case 'ldapIgnoreNamingRules': |
|
| 233 | - $readMethod = 'getSystemValue'; |
|
| 234 | - $dbKey = $key; |
|
| 235 | - break; |
|
| 236 | - case 'ldapAgentPassword': |
|
| 237 | - $readMethod = 'getPwd'; |
|
| 238 | - break; |
|
| 239 | - case 'ldapUserDisplayName2': |
|
| 240 | - case 'ldapGroupDisplayName': |
|
| 241 | - $readMethod = 'getLcValue'; |
|
| 242 | - break; |
|
| 243 | - case 'ldapUserDisplayName': |
|
| 244 | - default: |
|
| 245 | - // user display name does not lower case because |
|
| 246 | - // we rely on an upper case N as indicator whether to |
|
| 247 | - // auto-detect it or not. FIXME |
|
| 248 | - $readMethod = 'getValue'; |
|
| 249 | - break; |
|
| 250 | - } |
|
| 251 | - $this->config[$key] = $this->$readMethod($dbKey); |
|
| 252 | - } |
|
| 253 | - $this->configRead = true; |
|
| 254 | - } |
|
| 255 | - } |
|
| 210 | + public function readConfiguration() { |
|
| 211 | + if(!$this->configRead && !is_null($this->configPrefix)) { |
|
| 212 | + $cta = array_flip($this->getConfigTranslationArray()); |
|
| 213 | + foreach($this->config as $key => $val) { |
|
| 214 | + if(!isset($cta[$key])) { |
|
| 215 | + //some are determined |
|
| 216 | + continue; |
|
| 217 | + } |
|
| 218 | + $dbKey = $cta[$key]; |
|
| 219 | + switch($key) { |
|
| 220 | + case 'ldapBase': |
|
| 221 | + case 'ldapBaseUsers': |
|
| 222 | + case 'ldapBaseGroups': |
|
| 223 | + case 'ldapAttributesForUserSearch': |
|
| 224 | + case 'ldapAttributesForGroupSearch': |
|
| 225 | + case 'ldapUserFilterObjectclass': |
|
| 226 | + case 'ldapUserFilterGroups': |
|
| 227 | + case 'ldapGroupFilterObjectclass': |
|
| 228 | + case 'ldapGroupFilterGroups': |
|
| 229 | + case 'ldapLoginFilterAttributes': |
|
| 230 | + $readMethod = 'getMultiLine'; |
|
| 231 | + break; |
|
| 232 | + case 'ldapIgnoreNamingRules': |
|
| 233 | + $readMethod = 'getSystemValue'; |
|
| 234 | + $dbKey = $key; |
|
| 235 | + break; |
|
| 236 | + case 'ldapAgentPassword': |
|
| 237 | + $readMethod = 'getPwd'; |
|
| 238 | + break; |
|
| 239 | + case 'ldapUserDisplayName2': |
|
| 240 | + case 'ldapGroupDisplayName': |
|
| 241 | + $readMethod = 'getLcValue'; |
|
| 242 | + break; |
|
| 243 | + case 'ldapUserDisplayName': |
|
| 244 | + default: |
|
| 245 | + // user display name does not lower case because |
|
| 246 | + // we rely on an upper case N as indicator whether to |
|
| 247 | + // auto-detect it or not. FIXME |
|
| 248 | + $readMethod = 'getValue'; |
|
| 249 | + break; |
|
| 250 | + } |
|
| 251 | + $this->config[$key] = $this->$readMethod($dbKey); |
|
| 252 | + } |
|
| 253 | + $this->configRead = true; |
|
| 254 | + } |
|
| 255 | + } |
|
| 256 | 256 | |
| 257 | - /** |
|
| 258 | - * saves the current config changes in the database |
|
| 259 | - */ |
|
| 260 | - public function saveConfiguration() { |
|
| 261 | - $cta = array_flip($this->getConfigTranslationArray()); |
|
| 262 | - foreach($this->unsavedChanges as $key) { |
|
| 263 | - $value = $this->config[$key]; |
|
| 264 | - switch ($key) { |
|
| 265 | - case 'ldapAgentPassword': |
|
| 266 | - $value = base64_encode($value); |
|
| 267 | - break; |
|
| 268 | - case 'ldapBase': |
|
| 269 | - case 'ldapBaseUsers': |
|
| 270 | - case 'ldapBaseGroups': |
|
| 271 | - case 'ldapAttributesForUserSearch': |
|
| 272 | - case 'ldapAttributesForGroupSearch': |
|
| 273 | - case 'ldapUserFilterObjectclass': |
|
| 274 | - case 'ldapUserFilterGroups': |
|
| 275 | - case 'ldapGroupFilterObjectclass': |
|
| 276 | - case 'ldapGroupFilterGroups': |
|
| 277 | - case 'ldapLoginFilterAttributes': |
|
| 278 | - if(is_array($value)) { |
|
| 279 | - $value = implode("\n", $value); |
|
| 280 | - } |
|
| 281 | - break; |
|
| 282 | - //following options are not stored but detected, skip them |
|
| 283 | - case 'ldapIgnoreNamingRules': |
|
| 284 | - case 'ldapUuidUserAttribute': |
|
| 285 | - case 'ldapUuidGroupAttribute': |
|
| 286 | - continue 2; |
|
| 287 | - } |
|
| 288 | - if(is_null($value)) { |
|
| 289 | - $value = ''; |
|
| 290 | - } |
|
| 291 | - $this->saveValue($cta[$key], $value); |
|
| 292 | - } |
|
| 293 | - $this->saveValue('_lastChange', time()); |
|
| 294 | - $this->unsavedChanges = []; |
|
| 295 | - } |
|
| 257 | + /** |
|
| 258 | + * saves the current config changes in the database |
|
| 259 | + */ |
|
| 260 | + public function saveConfiguration() { |
|
| 261 | + $cta = array_flip($this->getConfigTranslationArray()); |
|
| 262 | + foreach($this->unsavedChanges as $key) { |
|
| 263 | + $value = $this->config[$key]; |
|
| 264 | + switch ($key) { |
|
| 265 | + case 'ldapAgentPassword': |
|
| 266 | + $value = base64_encode($value); |
|
| 267 | + break; |
|
| 268 | + case 'ldapBase': |
|
| 269 | + case 'ldapBaseUsers': |
|
| 270 | + case 'ldapBaseGroups': |
|
| 271 | + case 'ldapAttributesForUserSearch': |
|
| 272 | + case 'ldapAttributesForGroupSearch': |
|
| 273 | + case 'ldapUserFilterObjectclass': |
|
| 274 | + case 'ldapUserFilterGroups': |
|
| 275 | + case 'ldapGroupFilterObjectclass': |
|
| 276 | + case 'ldapGroupFilterGroups': |
|
| 277 | + case 'ldapLoginFilterAttributes': |
|
| 278 | + if(is_array($value)) { |
|
| 279 | + $value = implode("\n", $value); |
|
| 280 | + } |
|
| 281 | + break; |
|
| 282 | + //following options are not stored but detected, skip them |
|
| 283 | + case 'ldapIgnoreNamingRules': |
|
| 284 | + case 'ldapUuidUserAttribute': |
|
| 285 | + case 'ldapUuidGroupAttribute': |
|
| 286 | + continue 2; |
|
| 287 | + } |
|
| 288 | + if(is_null($value)) { |
|
| 289 | + $value = ''; |
|
| 290 | + } |
|
| 291 | + $this->saveValue($cta[$key], $value); |
|
| 292 | + } |
|
| 293 | + $this->saveValue('_lastChange', time()); |
|
| 294 | + $this->unsavedChanges = []; |
|
| 295 | + } |
|
| 296 | 296 | |
| 297 | - /** |
|
| 298 | - * @param string $varName |
|
| 299 | - * @return array|string |
|
| 300 | - */ |
|
| 301 | - protected function getMultiLine($varName) { |
|
| 302 | - $value = $this->getValue($varName); |
|
| 303 | - if(empty($value)) { |
|
| 304 | - $value = ''; |
|
| 305 | - } else { |
|
| 306 | - $value = preg_split('/\r\n|\r|\n/', $value); |
|
| 307 | - } |
|
| 297 | + /** |
|
| 298 | + * @param string $varName |
|
| 299 | + * @return array|string |
|
| 300 | + */ |
|
| 301 | + protected function getMultiLine($varName) { |
|
| 302 | + $value = $this->getValue($varName); |
|
| 303 | + if(empty($value)) { |
|
| 304 | + $value = ''; |
|
| 305 | + } else { |
|
| 306 | + $value = preg_split('/\r\n|\r|\n/', $value); |
|
| 307 | + } |
|
| 308 | 308 | |
| 309 | - return $value; |
|
| 310 | - } |
|
| 309 | + return $value; |
|
| 310 | + } |
|
| 311 | 311 | |
| 312 | - /** |
|
| 313 | - * Sets multi-line values as arrays |
|
| 314 | - * |
|
| 315 | - * @param string $varName name of config-key |
|
| 316 | - * @param array|string $value to set |
|
| 317 | - */ |
|
| 318 | - protected function setMultiLine($varName, $value) { |
|
| 319 | - if(empty($value)) { |
|
| 320 | - $value = ''; |
|
| 321 | - } else if (!is_array($value)) { |
|
| 322 | - $value = preg_split('/\r\n|\r|\n|;/', $value); |
|
| 323 | - if($value === false) { |
|
| 324 | - $value = ''; |
|
| 325 | - } |
|
| 326 | - } |
|
| 312 | + /** |
|
| 313 | + * Sets multi-line values as arrays |
|
| 314 | + * |
|
| 315 | + * @param string $varName name of config-key |
|
| 316 | + * @param array|string $value to set |
|
| 317 | + */ |
|
| 318 | + protected function setMultiLine($varName, $value) { |
|
| 319 | + if(empty($value)) { |
|
| 320 | + $value = ''; |
|
| 321 | + } else if (!is_array($value)) { |
|
| 322 | + $value = preg_split('/\r\n|\r|\n|;/', $value); |
|
| 323 | + if($value === false) { |
|
| 324 | + $value = ''; |
|
| 325 | + } |
|
| 326 | + } |
|
| 327 | 327 | |
| 328 | - if(!is_array($value)) { |
|
| 329 | - $finalValue = trim($value); |
|
| 330 | - } else { |
|
| 331 | - $finalValue = []; |
|
| 332 | - foreach($value as $key => $val) { |
|
| 333 | - if(is_string($val)) { |
|
| 334 | - $val = trim($val); |
|
| 335 | - if ($val !== '') { |
|
| 336 | - //accidental line breaks are not wanted and can cause |
|
| 337 | - // odd behaviour. Thus, away with them. |
|
| 338 | - $finalValue[] = $val; |
|
| 339 | - } |
|
| 340 | - } else { |
|
| 341 | - $finalValue[] = $val; |
|
| 342 | - } |
|
| 343 | - } |
|
| 344 | - } |
|
| 328 | + if(!is_array($value)) { |
|
| 329 | + $finalValue = trim($value); |
|
| 330 | + } else { |
|
| 331 | + $finalValue = []; |
|
| 332 | + foreach($value as $key => $val) { |
|
| 333 | + if(is_string($val)) { |
|
| 334 | + $val = trim($val); |
|
| 335 | + if ($val !== '') { |
|
| 336 | + //accidental line breaks are not wanted and can cause |
|
| 337 | + // odd behaviour. Thus, away with them. |
|
| 338 | + $finalValue[] = $val; |
|
| 339 | + } |
|
| 340 | + } else { |
|
| 341 | + $finalValue[] = $val; |
|
| 342 | + } |
|
| 343 | + } |
|
| 344 | + } |
|
| 345 | 345 | |
| 346 | - $this->setRawValue($varName, $finalValue); |
|
| 347 | - } |
|
| 346 | + $this->setRawValue($varName, $finalValue); |
|
| 347 | + } |
|
| 348 | 348 | |
| 349 | - /** |
|
| 350 | - * @param string $varName |
|
| 351 | - * @return string |
|
| 352 | - */ |
|
| 353 | - protected function getPwd($varName) { |
|
| 354 | - return base64_decode($this->getValue($varName)); |
|
| 355 | - } |
|
| 349 | + /** |
|
| 350 | + * @param string $varName |
|
| 351 | + * @return string |
|
| 352 | + */ |
|
| 353 | + protected function getPwd($varName) { |
|
| 354 | + return base64_decode($this->getValue($varName)); |
|
| 355 | + } |
|
| 356 | 356 | |
| 357 | - /** |
|
| 358 | - * @param string $varName |
|
| 359 | - * @return string |
|
| 360 | - */ |
|
| 361 | - protected function getLcValue($varName) { |
|
| 362 | - return mb_strtolower($this->getValue($varName), 'UTF-8'); |
|
| 363 | - } |
|
| 357 | + /** |
|
| 358 | + * @param string $varName |
|
| 359 | + * @return string |
|
| 360 | + */ |
|
| 361 | + protected function getLcValue($varName) { |
|
| 362 | + return mb_strtolower($this->getValue($varName), 'UTF-8'); |
|
| 363 | + } |
|
| 364 | 364 | |
| 365 | - /** |
|
| 366 | - * @param string $varName |
|
| 367 | - * @return string |
|
| 368 | - */ |
|
| 369 | - protected function getSystemValue($varName) { |
|
| 370 | - //FIXME: if another system value is added, softcode the default value |
|
| 371 | - return \OC::$server->getConfig()->getSystemValue($varName, false); |
|
| 372 | - } |
|
| 365 | + /** |
|
| 366 | + * @param string $varName |
|
| 367 | + * @return string |
|
| 368 | + */ |
|
| 369 | + protected function getSystemValue($varName) { |
|
| 370 | + //FIXME: if another system value is added, softcode the default value |
|
| 371 | + return \OC::$server->getConfig()->getSystemValue($varName, false); |
|
| 372 | + } |
|
| 373 | 373 | |
| 374 | - /** |
|
| 375 | - * @param string $varName |
|
| 376 | - * @return string |
|
| 377 | - */ |
|
| 378 | - protected function getValue($varName) { |
|
| 379 | - static $defaults; |
|
| 380 | - if(is_null($defaults)) { |
|
| 381 | - $defaults = $this->getDefaults(); |
|
| 382 | - } |
|
| 383 | - return \OC::$server->getConfig()->getAppValue('user_ldap', |
|
| 384 | - $this->configPrefix.$varName, |
|
| 385 | - $defaults[$varName]); |
|
| 386 | - } |
|
| 374 | + /** |
|
| 375 | + * @param string $varName |
|
| 376 | + * @return string |
|
| 377 | + */ |
|
| 378 | + protected function getValue($varName) { |
|
| 379 | + static $defaults; |
|
| 380 | + if(is_null($defaults)) { |
|
| 381 | + $defaults = $this->getDefaults(); |
|
| 382 | + } |
|
| 383 | + return \OC::$server->getConfig()->getAppValue('user_ldap', |
|
| 384 | + $this->configPrefix.$varName, |
|
| 385 | + $defaults[$varName]); |
|
| 386 | + } |
|
| 387 | 387 | |
| 388 | - /** |
|
| 389 | - * Sets a scalar value. |
|
| 390 | - * |
|
| 391 | - * @param string $varName name of config key |
|
| 392 | - * @param mixed $value to set |
|
| 393 | - */ |
|
| 394 | - protected function setValue($varName, $value) { |
|
| 395 | - if(is_string($value)) { |
|
| 396 | - $value = trim($value); |
|
| 397 | - } |
|
| 398 | - $this->config[$varName] = $value; |
|
| 399 | - } |
|
| 388 | + /** |
|
| 389 | + * Sets a scalar value. |
|
| 390 | + * |
|
| 391 | + * @param string $varName name of config key |
|
| 392 | + * @param mixed $value to set |
|
| 393 | + */ |
|
| 394 | + protected function setValue($varName, $value) { |
|
| 395 | + if(is_string($value)) { |
|
| 396 | + $value = trim($value); |
|
| 397 | + } |
|
| 398 | + $this->config[$varName] = $value; |
|
| 399 | + } |
|
| 400 | 400 | |
| 401 | - /** |
|
| 402 | - * Sets a scalar value without trimming. |
|
| 403 | - * |
|
| 404 | - * @param string $varName name of config key |
|
| 405 | - * @param mixed $value to set |
|
| 406 | - */ |
|
| 407 | - protected function setRawValue($varName, $value) { |
|
| 408 | - $this->config[$varName] = $value; |
|
| 409 | - } |
|
| 401 | + /** |
|
| 402 | + * Sets a scalar value without trimming. |
|
| 403 | + * |
|
| 404 | + * @param string $varName name of config key |
|
| 405 | + * @param mixed $value to set |
|
| 406 | + */ |
|
| 407 | + protected function setRawValue($varName, $value) { |
|
| 408 | + $this->config[$varName] = $value; |
|
| 409 | + } |
|
| 410 | 410 | |
| 411 | - /** |
|
| 412 | - * @param string $varName |
|
| 413 | - * @param string $value |
|
| 414 | - * @return bool |
|
| 415 | - */ |
|
| 416 | - protected function saveValue($varName, $value) { |
|
| 417 | - \OC::$server->getConfig()->setAppValue( |
|
| 418 | - 'user_ldap', |
|
| 419 | - $this->configPrefix.$varName, |
|
| 420 | - $value |
|
| 421 | - ); |
|
| 422 | - return true; |
|
| 423 | - } |
|
| 411 | + /** |
|
| 412 | + * @param string $varName |
|
| 413 | + * @param string $value |
|
| 414 | + * @return bool |
|
| 415 | + */ |
|
| 416 | + protected function saveValue($varName, $value) { |
|
| 417 | + \OC::$server->getConfig()->setAppValue( |
|
| 418 | + 'user_ldap', |
|
| 419 | + $this->configPrefix.$varName, |
|
| 420 | + $value |
|
| 421 | + ); |
|
| 422 | + return true; |
|
| 423 | + } |
|
| 424 | 424 | |
| 425 | - /** |
|
| 426 | - * @return array an associative array with the default values. Keys are correspond |
|
| 427 | - * to config-value entries in the database table |
|
| 428 | - */ |
|
| 429 | - public function getDefaults() { |
|
| 430 | - return [ |
|
| 431 | - 'ldap_host' => '', |
|
| 432 | - 'ldap_port' => '', |
|
| 433 | - 'ldap_backup_host' => '', |
|
| 434 | - 'ldap_backup_port' => '', |
|
| 435 | - 'ldap_override_main_server' => '', |
|
| 436 | - 'ldap_dn' => '', |
|
| 437 | - 'ldap_agent_password' => '', |
|
| 438 | - 'ldap_base' => '', |
|
| 439 | - 'ldap_base_users' => '', |
|
| 440 | - 'ldap_base_groups' => '', |
|
| 441 | - 'ldap_userlist_filter' => '', |
|
| 442 | - 'ldap_user_filter_mode' => 0, |
|
| 443 | - 'ldap_userfilter_objectclass' => '', |
|
| 444 | - 'ldap_userfilter_groups' => '', |
|
| 445 | - 'ldap_login_filter' => '', |
|
| 446 | - 'ldap_login_filter_mode' => 0, |
|
| 447 | - 'ldap_loginfilter_email' => 0, |
|
| 448 | - 'ldap_loginfilter_username' => 1, |
|
| 449 | - 'ldap_loginfilter_attributes' => '', |
|
| 450 | - 'ldap_group_filter' => '', |
|
| 451 | - 'ldap_group_filter_mode' => 0, |
|
| 452 | - 'ldap_groupfilter_objectclass' => '', |
|
| 453 | - 'ldap_groupfilter_groups' => '', |
|
| 454 | - 'ldap_gid_number' => 'gidNumber', |
|
| 455 | - 'ldap_display_name' => 'displayName', |
|
| 456 | - 'ldap_user_display_name_2' => '', |
|
| 457 | - 'ldap_group_display_name' => 'cn', |
|
| 458 | - 'ldap_tls' => 0, |
|
| 459 | - 'ldap_quota_def' => '', |
|
| 460 | - 'ldap_quota_attr' => '', |
|
| 461 | - 'ldap_email_attr' => '', |
|
| 462 | - 'ldap_group_member_assoc_attribute' => '', |
|
| 463 | - 'ldap_cache_ttl' => 600, |
|
| 464 | - 'ldap_uuid_user_attribute' => 'auto', |
|
| 465 | - 'ldap_uuid_group_attribute' => 'auto', |
|
| 466 | - 'home_folder_naming_rule' => '', |
|
| 467 | - 'ldap_turn_off_cert_check' => 0, |
|
| 468 | - 'ldap_configuration_active' => 0, |
|
| 469 | - 'ldap_attributes_for_user_search' => '', |
|
| 470 | - 'ldap_attributes_for_group_search' => '', |
|
| 471 | - 'ldap_expert_username_attr' => '', |
|
| 472 | - 'ldap_expert_uuid_user_attr' => '', |
|
| 473 | - 'ldap_expert_uuid_group_attr' => '', |
|
| 474 | - 'has_memberof_filter_support' => 0, |
|
| 475 | - 'use_memberof_to_detect_membership' => 1, |
|
| 476 | - 'last_jpegPhoto_lookup' => 0, |
|
| 477 | - 'ldap_nested_groups' => 0, |
|
| 478 | - 'ldap_paging_size' => 500, |
|
| 479 | - 'ldap_turn_on_pwd_change' => 0, |
|
| 480 | - 'ldap_experienced_admin' => 0, |
|
| 481 | - 'ldap_dynamic_group_member_url' => '', |
|
| 482 | - 'ldap_default_ppolicy_dn' => '', |
|
| 483 | - 'ldap_user_avatar_rule' => 'default', |
|
| 484 | - 'ldap_ext_storage_home_attribute' => '', |
|
| 485 | - ]; |
|
| 486 | - } |
|
| 425 | + /** |
|
| 426 | + * @return array an associative array with the default values. Keys are correspond |
|
| 427 | + * to config-value entries in the database table |
|
| 428 | + */ |
|
| 429 | + public function getDefaults() { |
|
| 430 | + return [ |
|
| 431 | + 'ldap_host' => '', |
|
| 432 | + 'ldap_port' => '', |
|
| 433 | + 'ldap_backup_host' => '', |
|
| 434 | + 'ldap_backup_port' => '', |
|
| 435 | + 'ldap_override_main_server' => '', |
|
| 436 | + 'ldap_dn' => '', |
|
| 437 | + 'ldap_agent_password' => '', |
|
| 438 | + 'ldap_base' => '', |
|
| 439 | + 'ldap_base_users' => '', |
|
| 440 | + 'ldap_base_groups' => '', |
|
| 441 | + 'ldap_userlist_filter' => '', |
|
| 442 | + 'ldap_user_filter_mode' => 0, |
|
| 443 | + 'ldap_userfilter_objectclass' => '', |
|
| 444 | + 'ldap_userfilter_groups' => '', |
|
| 445 | + 'ldap_login_filter' => '', |
|
| 446 | + 'ldap_login_filter_mode' => 0, |
|
| 447 | + 'ldap_loginfilter_email' => 0, |
|
| 448 | + 'ldap_loginfilter_username' => 1, |
|
| 449 | + 'ldap_loginfilter_attributes' => '', |
|
| 450 | + 'ldap_group_filter' => '', |
|
| 451 | + 'ldap_group_filter_mode' => 0, |
|
| 452 | + 'ldap_groupfilter_objectclass' => '', |
|
| 453 | + 'ldap_groupfilter_groups' => '', |
|
| 454 | + 'ldap_gid_number' => 'gidNumber', |
|
| 455 | + 'ldap_display_name' => 'displayName', |
|
| 456 | + 'ldap_user_display_name_2' => '', |
|
| 457 | + 'ldap_group_display_name' => 'cn', |
|
| 458 | + 'ldap_tls' => 0, |
|
| 459 | + 'ldap_quota_def' => '', |
|
| 460 | + 'ldap_quota_attr' => '', |
|
| 461 | + 'ldap_email_attr' => '', |
|
| 462 | + 'ldap_group_member_assoc_attribute' => '', |
|
| 463 | + 'ldap_cache_ttl' => 600, |
|
| 464 | + 'ldap_uuid_user_attribute' => 'auto', |
|
| 465 | + 'ldap_uuid_group_attribute' => 'auto', |
|
| 466 | + 'home_folder_naming_rule' => '', |
|
| 467 | + 'ldap_turn_off_cert_check' => 0, |
|
| 468 | + 'ldap_configuration_active' => 0, |
|
| 469 | + 'ldap_attributes_for_user_search' => '', |
|
| 470 | + 'ldap_attributes_for_group_search' => '', |
|
| 471 | + 'ldap_expert_username_attr' => '', |
|
| 472 | + 'ldap_expert_uuid_user_attr' => '', |
|
| 473 | + 'ldap_expert_uuid_group_attr' => '', |
|
| 474 | + 'has_memberof_filter_support' => 0, |
|
| 475 | + 'use_memberof_to_detect_membership' => 1, |
|
| 476 | + 'last_jpegPhoto_lookup' => 0, |
|
| 477 | + 'ldap_nested_groups' => 0, |
|
| 478 | + 'ldap_paging_size' => 500, |
|
| 479 | + 'ldap_turn_on_pwd_change' => 0, |
|
| 480 | + 'ldap_experienced_admin' => 0, |
|
| 481 | + 'ldap_dynamic_group_member_url' => '', |
|
| 482 | + 'ldap_default_ppolicy_dn' => '', |
|
| 483 | + 'ldap_user_avatar_rule' => 'default', |
|
| 484 | + 'ldap_ext_storage_home_attribute' => '', |
|
| 485 | + ]; |
|
| 486 | + } |
|
| 487 | 487 | |
| 488 | - /** |
|
| 489 | - * @return array that maps internal variable names to database fields |
|
| 490 | - */ |
|
| 491 | - public function getConfigTranslationArray() { |
|
| 492 | - //TODO: merge them into one representation |
|
| 493 | - static $array = [ |
|
| 494 | - 'ldap_host' => 'ldapHost', |
|
| 495 | - 'ldap_port' => 'ldapPort', |
|
| 496 | - 'ldap_backup_host' => 'ldapBackupHost', |
|
| 497 | - 'ldap_backup_port' => 'ldapBackupPort', |
|
| 498 | - 'ldap_override_main_server' => 'ldapOverrideMainServer', |
|
| 499 | - 'ldap_dn' => 'ldapAgentName', |
|
| 500 | - 'ldap_agent_password' => 'ldapAgentPassword', |
|
| 501 | - 'ldap_base' => 'ldapBase', |
|
| 502 | - 'ldap_base_users' => 'ldapBaseUsers', |
|
| 503 | - 'ldap_base_groups' => 'ldapBaseGroups', |
|
| 504 | - 'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass', |
|
| 505 | - 'ldap_userfilter_groups' => 'ldapUserFilterGroups', |
|
| 506 | - 'ldap_userlist_filter' => 'ldapUserFilter', |
|
| 507 | - 'ldap_user_filter_mode' => 'ldapUserFilterMode', |
|
| 508 | - 'ldap_user_avatar_rule' => 'ldapUserAvatarRule', |
|
| 509 | - 'ldap_login_filter' => 'ldapLoginFilter', |
|
| 510 | - 'ldap_login_filter_mode' => 'ldapLoginFilterMode', |
|
| 511 | - 'ldap_loginfilter_email' => 'ldapLoginFilterEmail', |
|
| 512 | - 'ldap_loginfilter_username' => 'ldapLoginFilterUsername', |
|
| 513 | - 'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes', |
|
| 514 | - 'ldap_group_filter' => 'ldapGroupFilter', |
|
| 515 | - 'ldap_group_filter_mode' => 'ldapGroupFilterMode', |
|
| 516 | - 'ldap_groupfilter_objectclass' => 'ldapGroupFilterObjectclass', |
|
| 517 | - 'ldap_groupfilter_groups' => 'ldapGroupFilterGroups', |
|
| 518 | - 'ldap_gid_number' => 'ldapGidNumber', |
|
| 519 | - 'ldap_display_name' => 'ldapUserDisplayName', |
|
| 520 | - 'ldap_user_display_name_2' => 'ldapUserDisplayName2', |
|
| 521 | - 'ldap_group_display_name' => 'ldapGroupDisplayName', |
|
| 522 | - 'ldap_tls' => 'ldapTLS', |
|
| 523 | - 'ldap_quota_def' => 'ldapQuotaDefault', |
|
| 524 | - 'ldap_quota_attr' => 'ldapQuotaAttribute', |
|
| 525 | - 'ldap_email_attr' => 'ldapEmailAttribute', |
|
| 526 | - 'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr', |
|
| 527 | - 'ldap_cache_ttl' => 'ldapCacheTTL', |
|
| 528 | - 'home_folder_naming_rule' => 'homeFolderNamingRule', |
|
| 529 | - 'ldap_turn_off_cert_check' => 'turnOffCertCheck', |
|
| 530 | - 'ldap_configuration_active' => 'ldapConfigurationActive', |
|
| 531 | - 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', |
|
| 532 | - 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch', |
|
| 533 | - 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr', |
|
| 534 | - 'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr', |
|
| 535 | - 'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr', |
|
| 536 | - 'has_memberof_filter_support' => 'hasMemberOfFilterSupport', |
|
| 537 | - 'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership', |
|
| 538 | - 'last_jpegPhoto_lookup' => 'lastJpegPhotoLookup', |
|
| 539 | - 'ldap_nested_groups' => 'ldapNestedGroups', |
|
| 540 | - 'ldap_paging_size' => 'ldapPagingSize', |
|
| 541 | - 'ldap_turn_on_pwd_change' => 'turnOnPasswordChange', |
|
| 542 | - 'ldap_experienced_admin' => 'ldapExperiencedAdmin', |
|
| 543 | - 'ldap_dynamic_group_member_url' => 'ldapDynamicGroupMemberURL', |
|
| 544 | - 'ldap_default_ppolicy_dn' => 'ldapDefaultPPolicyDN', |
|
| 545 | - 'ldap_ext_storage_home_attribute' => 'ldapExtStorageHomeAttribute', |
|
| 546 | - 'ldapIgnoreNamingRules' => 'ldapIgnoreNamingRules', // sysconfig |
|
| 547 | - ]; |
|
| 548 | - return $array; |
|
| 549 | - } |
|
| 488 | + /** |
|
| 489 | + * @return array that maps internal variable names to database fields |
|
| 490 | + */ |
|
| 491 | + public function getConfigTranslationArray() { |
|
| 492 | + //TODO: merge them into one representation |
|
| 493 | + static $array = [ |
|
| 494 | + 'ldap_host' => 'ldapHost', |
|
| 495 | + 'ldap_port' => 'ldapPort', |
|
| 496 | + 'ldap_backup_host' => 'ldapBackupHost', |
|
| 497 | + 'ldap_backup_port' => 'ldapBackupPort', |
|
| 498 | + 'ldap_override_main_server' => 'ldapOverrideMainServer', |
|
| 499 | + 'ldap_dn' => 'ldapAgentName', |
|
| 500 | + 'ldap_agent_password' => 'ldapAgentPassword', |
|
| 501 | + 'ldap_base' => 'ldapBase', |
|
| 502 | + 'ldap_base_users' => 'ldapBaseUsers', |
|
| 503 | + 'ldap_base_groups' => 'ldapBaseGroups', |
|
| 504 | + 'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass', |
|
| 505 | + 'ldap_userfilter_groups' => 'ldapUserFilterGroups', |
|
| 506 | + 'ldap_userlist_filter' => 'ldapUserFilter', |
|
| 507 | + 'ldap_user_filter_mode' => 'ldapUserFilterMode', |
|
| 508 | + 'ldap_user_avatar_rule' => 'ldapUserAvatarRule', |
|
| 509 | + 'ldap_login_filter' => 'ldapLoginFilter', |
|
| 510 | + 'ldap_login_filter_mode' => 'ldapLoginFilterMode', |
|
| 511 | + 'ldap_loginfilter_email' => 'ldapLoginFilterEmail', |
|
| 512 | + 'ldap_loginfilter_username' => 'ldapLoginFilterUsername', |
|
| 513 | + 'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes', |
|
| 514 | + 'ldap_group_filter' => 'ldapGroupFilter', |
|
| 515 | + 'ldap_group_filter_mode' => 'ldapGroupFilterMode', |
|
| 516 | + 'ldap_groupfilter_objectclass' => 'ldapGroupFilterObjectclass', |
|
| 517 | + 'ldap_groupfilter_groups' => 'ldapGroupFilterGroups', |
|
| 518 | + 'ldap_gid_number' => 'ldapGidNumber', |
|
| 519 | + 'ldap_display_name' => 'ldapUserDisplayName', |
|
| 520 | + 'ldap_user_display_name_2' => 'ldapUserDisplayName2', |
|
| 521 | + 'ldap_group_display_name' => 'ldapGroupDisplayName', |
|
| 522 | + 'ldap_tls' => 'ldapTLS', |
|
| 523 | + 'ldap_quota_def' => 'ldapQuotaDefault', |
|
| 524 | + 'ldap_quota_attr' => 'ldapQuotaAttribute', |
|
| 525 | + 'ldap_email_attr' => 'ldapEmailAttribute', |
|
| 526 | + 'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr', |
|
| 527 | + 'ldap_cache_ttl' => 'ldapCacheTTL', |
|
| 528 | + 'home_folder_naming_rule' => 'homeFolderNamingRule', |
|
| 529 | + 'ldap_turn_off_cert_check' => 'turnOffCertCheck', |
|
| 530 | + 'ldap_configuration_active' => 'ldapConfigurationActive', |
|
| 531 | + 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', |
|
| 532 | + 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch', |
|
| 533 | + 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr', |
|
| 534 | + 'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr', |
|
| 535 | + 'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr', |
|
| 536 | + 'has_memberof_filter_support' => 'hasMemberOfFilterSupport', |
|
| 537 | + 'use_memberof_to_detect_membership' => 'useMemberOfToDetectMembership', |
|
| 538 | + 'last_jpegPhoto_lookup' => 'lastJpegPhotoLookup', |
|
| 539 | + 'ldap_nested_groups' => 'ldapNestedGroups', |
|
| 540 | + 'ldap_paging_size' => 'ldapPagingSize', |
|
| 541 | + 'ldap_turn_on_pwd_change' => 'turnOnPasswordChange', |
|
| 542 | + 'ldap_experienced_admin' => 'ldapExperiencedAdmin', |
|
| 543 | + 'ldap_dynamic_group_member_url' => 'ldapDynamicGroupMemberURL', |
|
| 544 | + 'ldap_default_ppolicy_dn' => 'ldapDefaultPPolicyDN', |
|
| 545 | + 'ldap_ext_storage_home_attribute' => 'ldapExtStorageHomeAttribute', |
|
| 546 | + 'ldapIgnoreNamingRules' => 'ldapIgnoreNamingRules', // sysconfig |
|
| 547 | + ]; |
|
| 548 | + return $array; |
|
| 549 | + } |
|
| 550 | 550 | |
| 551 | - /** |
|
| 552 | - * @param string $rule |
|
| 553 | - * @return array |
|
| 554 | - * @throws \RuntimeException |
|
| 555 | - */ |
|
| 556 | - public function resolveRule($rule) { |
|
| 557 | - if($rule === 'avatar') { |
|
| 558 | - return $this->getAvatarAttributes(); |
|
| 559 | - } |
|
| 560 | - throw new \RuntimeException('Invalid rule'); |
|
| 561 | - } |
|
| 551 | + /** |
|
| 552 | + * @param string $rule |
|
| 553 | + * @return array |
|
| 554 | + * @throws \RuntimeException |
|
| 555 | + */ |
|
| 556 | + public function resolveRule($rule) { |
|
| 557 | + if($rule === 'avatar') { |
|
| 558 | + return $this->getAvatarAttributes(); |
|
| 559 | + } |
|
| 560 | + throw new \RuntimeException('Invalid rule'); |
|
| 561 | + } |
|
| 562 | 562 | |
| 563 | - public function getAvatarAttributes() { |
|
| 564 | - $value = $this->ldapUserAvatarRule ?: self::AVATAR_PREFIX_DEFAULT; |
|
| 565 | - $defaultAttributes = ['jpegphoto', 'thumbnailphoto']; |
|
| 563 | + public function getAvatarAttributes() { |
|
| 564 | + $value = $this->ldapUserAvatarRule ?: self::AVATAR_PREFIX_DEFAULT; |
|
| 565 | + $defaultAttributes = ['jpegphoto', 'thumbnailphoto']; |
|
| 566 | 566 | |
| 567 | - if($value === self::AVATAR_PREFIX_NONE) { |
|
| 568 | - return []; |
|
| 569 | - } |
|
| 570 | - if(strpos($value, self::AVATAR_PREFIX_DATA_ATTRIBUTE) === 0) { |
|
| 571 | - $attribute = trim(substr($value, strlen(self::AVATAR_PREFIX_DATA_ATTRIBUTE))); |
|
| 572 | - if($attribute === '') { |
|
| 573 | - return $defaultAttributes; |
|
| 574 | - } |
|
| 575 | - return [strtolower($attribute)]; |
|
| 576 | - } |
|
| 577 | - if($value !== self::AVATAR_PREFIX_DEFAULT) { |
|
| 578 | - \OC::$server->getLogger()->warning('Invalid config value to ldapUserAvatarRule; falling back to default.'); |
|
| 579 | - } |
|
| 580 | - return $defaultAttributes; |
|
| 581 | - } |
|
| 567 | + if($value === self::AVATAR_PREFIX_NONE) { |
|
| 568 | + return []; |
|
| 569 | + } |
|
| 570 | + if(strpos($value, self::AVATAR_PREFIX_DATA_ATTRIBUTE) === 0) { |
|
| 571 | + $attribute = trim(substr($value, strlen(self::AVATAR_PREFIX_DATA_ATTRIBUTE))); |
|
| 572 | + if($attribute === '') { |
|
| 573 | + return $defaultAttributes; |
|
| 574 | + } |
|
| 575 | + return [strtolower($attribute)]; |
|
| 576 | + } |
|
| 577 | + if($value !== self::AVATAR_PREFIX_DEFAULT) { |
|
| 578 | + \OC::$server->getLogger()->warning('Invalid config value to ldapUserAvatarRule; falling back to default.'); |
|
| 579 | + } |
|
| 580 | + return $defaultAttributes; |
|
| 581 | + } |
|
| 582 | 582 | |
| 583 | 583 | } |
