nextcloud / server

resources/updater-fixes/sabre/dav/lib/DAV/CorePlugin.php

Doc Comments +3 added lines, -3 removed lines

@@ -71,7 +71,7 @@ 
      *
      * @param RequestInterface $request
      * @param ResponseInterface $response
-     * @return bool
+     * @return null|false
      */
     function httpGet(RequestInterface $request, ResponseInterface $response) {
 
@@ -275,7 +275,7 @@ 
      *
      * @param RequestInterface $request
      * @param ResponseInterface $response
-     * @return void
+     * @return boolean
      */
     function httpDelete(RequestInterface $request, ResponseInterface $response) {
 
@@ -308,7 +308,7 @@ 
      *
      * @param RequestInterface $request
      * @param ResponseInterface $response
-     * @return void
+     * @return boolean
      */
     function httpPropFind(RequestInterface $request, ResponseInterface $response) {
 

Spacing +23 added lines, -23 removed lines

@@ -32,23 +32,23 @@ 
     function initialize(Server $server) {
 
         $this->server = $server;
-        $server->on('method:GET',       [$this, 'httpGet']);
-        $server->on('method:OPTIONS',   [$this, 'httpOptions']);
-        $server->on('method:HEAD',      [$this, 'httpHead']);
-        $server->on('method:DELETE',    [$this, 'httpDelete']);
-        $server->on('method:PROPFIND',  [$this, 'httpPropFind']);
+        $server->on('method:GET', [$this, 'httpGet']);
+        $server->on('method:OPTIONS', [$this, 'httpOptions']);
+        $server->on('method:HEAD', [$this, 'httpHead']);
+        $server->on('method:DELETE', [$this, 'httpDelete']);
+        $server->on('method:PROPFIND', [$this, 'httpPropFind']);
         $server->on('method:PROPPATCH', [$this, 'httpPropPatch']);
-        $server->on('method:PUT',       [$this, 'httpPut']);
-        $server->on('method:MKCOL',     [$this, 'httpMkcol']);
-        $server->on('method:MOVE',      [$this, 'httpMove']);
-        $server->on('method:COPY',      [$this, 'httpCopy']);
-        $server->on('method:REPORT',    [$this, 'httpReport']);
-
-        $server->on('propPatch',        [$this, 'propPatchProtectedPropertyCheck'], 90);
-        $server->on('propPatch',        [$this, 'propPatchNodeUpdate'], 200);
-        $server->on('propFind',         [$this, 'propFind']);
-        $server->on('propFind',         [$this, 'propFindNode'], 120);
-        $server->on('propFind',         [$this, 'propFindLate'], 200);
+        $server->on('method:PUT', [$this, 'httpPut']);
+        $server->on('method:MKCOL', [$this, 'httpMkcol']);
+        $server->on('method:MOVE', [$this, 'httpMove']);
+        $server->on('method:COPY', [$this, 'httpCopy']);
+        $server->on('method:REPORT', [$this, 'httpReport']);
+
+        $server->on('propPatch', [$this, 'propPatchProtectedPropertyCheck'], 90);
+        $server->on('propPatch', [$this, 'propPatchNodeUpdate'], 200);
+        $server->on('propFind', [$this, 'propFind']);
+        $server->on('propFind', [$this, 'propFindNode'], 120);
+        $server->on('propFind', [$this, 'propFindLate'], 200);
 
     }
 
@@ -155,15 +155,15 @@ 
                 $start = $range[0];
                 $end = $range[1] ? $range[1] : $nodeSize - 1;
                 if ($start >= $nodeSize)
-                    throw new Exception\RequestedRangeNotSatisfiable('The start offset (' . $range[0] . ') exceeded the size of the entity (' . $nodeSize . ')');
+                    throw new Exception\RequestedRangeNotSatisfiable('The start offset ('.$range[0].') exceeded the size of the entity ('.$nodeSize.')');
 
-                if ($end < $start) throw new Exception\RequestedRangeNotSatisfiable('The end offset (' . $range[1] . ') is lower than the start offset (' . $range[0] . ')');
+                if ($end < $start) throw new Exception\RequestedRangeNotSatisfiable('The end offset ('.$range[1].') is lower than the start offset ('.$range[0].')');
                 if ($end >= $nodeSize) $end = $nodeSize - 1;
 
             } else {
 
                 $start = $nodeSize - $range[1];
-                $end  = $nodeSize - 1;
+                $end = $nodeSize - 1;
 
                 if ($start < 0) $start = 0;
 
@@ -174,14 +174,14 @@ 
             // if fseek failed.
             if (!stream_get_meta_data($body)['seekable'] || fseek($body, $start, SEEK_SET) === -1) {
                 $consumeBlock = 8192;
-                for ($consumed = 0; $start - $consumed > 0;){
-                    if (feof($body)) throw new Exception\RequestedRangeNotSatisfiable('The start offset (' . $start . ') exceeded the size of the entity (' . $consumed . ')');
+                for ($consumed = 0; $start - $consumed > 0;) {
+                    if (feof($body)) throw new Exception\RequestedRangeNotSatisfiable('The start offset ('.$start.') exceeded the size of the entity ('.$consumed.')');
                     $consumed += strlen(fread($body, min($start - $consumed, $consumeBlock)));
                 }
             }
 
             $response->setHeader('Content-Length', $end - $start + 1);
-            $response->setHeader('Content-Range', 'bytes ' . $start . '-' . $end . '/' . $nodeSize);
+            $response->setHeader('Content-Range', 'bytes '.$start.'-'.$end.'/'.$nodeSize);
             $response->setStatus(206);
             $response->setBody($body);
 
@@ -392,7 +392,7 @@ 
             // multi-status.
             $ok = true;
             foreach ($result as $prop => $code) {
-                if ((int)$code > 299) {
+                if ((int) $code > 299) {
                     $ok = false;
                 }
             }

Braces +71 added lines, -27 removed lines

@@ -78,7 +78,9 @@ 
         $path = $request->getPath();
         $node = $this->server->tree->getNodeForPath($path, 0);
 
-        if (!$node instanceof IFile) return;
+        if (!$node instanceof IFile) {
+            return;
+        }
 
         $body = $node->get();
 
@@ -132,17 +134,23 @@ 
 
                 // It's a date. We must check if the entity is modified since
                 // the specified date.
-                if (!isset($httpHeaders['Last-Modified'])) $ignoreRangeHeader = true;
-                else {
+                if (!isset($httpHeaders['Last-Modified'])) {
+                    $ignoreRangeHeader = true;
+                } else {
                     $modified = new \DateTime($httpHeaders['Last-Modified']);
-                    if ($modified > $ifRangeDate) $ignoreRangeHeader = true;
+                    if ($modified > $ifRangeDate) {
+                        $ignoreRangeHeader = true;
+                    }
                 }
 
             } catch (\Exception $e) {
 
                 // It's an entity. We can do a simple comparison.
-                if (!isset($httpHeaders['ETag'])) $ignoreRangeHeader = true;
-                elseif ($httpHeaders['ETag'] !== $ifRange) $ignoreRangeHeader = true;
+                if (!isset($httpHeaders['ETag'])) {
+                    $ignoreRangeHeader = true;
+                } elseif ($httpHeaders['ETag'] !== $ifRange) {
+                    $ignoreRangeHeader = true;
+                }
             }
         }
 
@@ -154,18 +162,25 @@ 
 
                 $start = $range[0];
                 $end = $range[1] ? $range[1] : $nodeSize - 1;
-                if ($start >= $nodeSize)
-                    throw new Exception\RequestedRangeNotSatisfiable('The start offset (' . $range[0] . ') exceeded the size of the entity (' . $nodeSize . ')');
+                if ($start >= $nodeSize) {
+                                    throw new Exception\RequestedRangeNotSatisfiable('The start offset (' . $range[0] . ') exceeded the size of the entity (' . $nodeSize . ')');
+                }
 
-                if ($end < $start) throw new Exception\RequestedRangeNotSatisfiable('The end offset (' . $range[1] . ') is lower than the start offset (' . $range[0] . ')');
-                if ($end >= $nodeSize) $end = $nodeSize - 1;
+                if ($end < $start) {
+                    throw new Exception\RequestedRangeNotSatisfiable('The end offset (' . $range[1] . ') is lower than the start offset (' . $range[0] . ')');
+                }
+                if ($end >= $nodeSize) {
+                    $end = $nodeSize - 1;
+                }
 
             } else {
 
                 $start = $nodeSize - $range[1];
                 $end  = $nodeSize - 1;
 
-                if ($start < 0) $start = 0;
+                if ($start < 0) {
+                    $start = 0;
+                }
 
             }
 
@@ -175,7 +190,9 @@ 
             if (!stream_get_meta_data($body)['seekable'] || fseek($body, $start, SEEK_SET) === -1) {
                 $consumeBlock = 8192;
                 for ($consumed = 0; $start - $consumed > 0;){
-                    if (feof($body)) throw new Exception\RequestedRangeNotSatisfiable('The start offset (' . $start . ') exceeded the size of the entity (' . $consumed . ')');
+                    if (feof($body)) {
+                        throw new Exception\RequestedRangeNotSatisfiable('The start offset (' . $start . ') exceeded the size of the entity (' . $consumed . ')');
+                    }
                     $consumed += strlen(fread($body, min($start - $consumed, $consumeBlock)));
                 }
             }
@@ -187,7 +204,9 @@ 
 
         } else {
 
-            if ($nodeSize) $response->setHeader('Content-Length', $nodeSize);
+            if ($nodeSize) {
+                $response->setHeader('Content-Length', $nodeSize);
+            }
             $response->setStatus(200);
             $response->setBody($body);
 
@@ -281,7 +300,9 @@ 
 
         $path = $request->getPath();
 
-        if (!$this->server->emit('beforeUnbind', [$path])) return false;
+        if (!$this->server->emit('beforeUnbind', [$path])) {
+            return false;
+        }
         $this->server->tree->delete($path);
         $this->server->emit('afterUnbind', [$path]);
 
@@ -329,7 +350,9 @@ 
 
         $depth = $this->server->getHTTPDepth(1);
         // The only two options for the depth of a propfind is 0 or 1 - as long as depth infinity is not enabled
-        if (!$this->server->enablePropfindDepthInfinity && $depth != 0) $depth = 1;
+        if (!$this->server->enablePropfindDepthInfinity && $depth != 0) {
+            $depth = 1;
+        }
 
         $newProperties = $this->server->getPropertiesForPath($path, $propFindXml->properties, $depth);
 
@@ -506,14 +529,18 @@ 
             $node = $this->server->tree->getNodeForPath($path);
 
             // If the node is a collection, we'll deny it
-            if (!($node instanceof IFile)) throw new Exception\Conflict('PUT is not allowed on non-files.');
+            if (!($node instanceof IFile)) {
+                throw new Exception\Conflict('PUT is not allowed on non-files.');
+            }
 
             if (!$this->server->updateFile($path, $body, $etag)) {
                 return false;
             }
 
             $response->setHeader('Content-Length', '0');
-            if ($etag) $response->setHeader('ETag', $etag);
+            if ($etag) {
+                $response->setHeader('ETag', $etag);
+            }
             $response->setStatus(204);
 
         } else {
@@ -526,7 +553,9 @@ 
             }
 
             $response->setHeader('Content-Length', '0');
-            if ($etag) $response->setHeader('ETag', $etag);
+            if ($etag) {
+                $response->setHeader('ETag', $etag);
+            }
             $response->setStatus(201);
 
         }
@@ -570,8 +599,9 @@ 
 
             $properties = $mkcol->getProperties();
 
-            if (!isset($properties['{DAV:}resourcetype']))
-                throw new Exception\BadRequest('The mkcol request must include a {DAV:}resourcetype property');
+            if (!isset($properties['{DAV:}resourcetype'])) {
+                            throw new Exception\BadRequest('The mkcol request must include a {DAV:}resourcetype property');
+            }
 
             $resourceType = $properties['{DAV:}resourcetype']->getValue();
             unset($properties['{DAV:}resourcetype']);
@@ -623,12 +653,20 @@ 
 
         if ($moveInfo['destinationExists']) {
 
-            if (!$this->server->emit('beforeUnbind', [$moveInfo['destination']])) return false;
+            if (!$this->server->emit('beforeUnbind', [$moveInfo['destination']])) {
+                return false;
+            }
 
         }
-        if (!$this->server->emit('beforeUnbind', [$path])) return false;
-        if (!$this->server->emit('beforeBind', [$moveInfo['destination']])) return false;
-        if (!$this->server->emit('beforeMove', [$path, $moveInfo['destination']])) return false;
+        if (!$this->server->emit('beforeUnbind', [$path])) {
+            return false;
+        }
+        if (!$this->server->emit('beforeBind', [$moveInfo['destination']])) {
+            return false;
+        }
+        if (!$this->server->emit('beforeMove', [$path, $moveInfo['destination']])) {
+            return false;
+        }
 
         if ($moveInfo['destinationExists']) {
 
@@ -674,11 +712,15 @@ 
         $copyInfo = $this->server->getCopyAndMoveInfo($request);
 
         if ($copyInfo['destinationExists']) {
-            if (!$this->server->emit('beforeUnbind', [$copyInfo['destination']])) return false;
+            if (!$this->server->emit('beforeUnbind', [$copyInfo['destination']])) {
+                return false;
+            }
             $this->server->tree->delete($copyInfo['destination']);
 
         }
-        if (!$this->server->emit('beforeBind', [$copyInfo['destination']])) return false;
+        if (!$this->server->emit('beforeBind', [$copyInfo['destination']])) {
+            return false;
+        }
         $this->server->tree->copy($path, $copyInfo['destination']);
         $this->server->emit('afterBind', [$copyInfo['destination']]);
 
@@ -871,7 +913,9 @@ 
             // If we already have a sync-token from the current propFind
             // request, we can re-use that.
             $val = $propFind->get('{http://sabredav.org/ns}sync-token');
-            if ($val) return $val;
+            if ($val) {
+                return $val;
+            }
 
             $val = $propFind->get('{DAV:}sync-token');
             if ($val && is_scalar($val)) {

settings/controller/appsettingscontroller.php

Doc Comments +1 added lines, -1 removed lines

@@ -98,7 +98,7 @@
 	}
 
 	/**
-	 * @param string|int $category
+	 * @param string $category
 	 * @return int
 	 */
 	protected function getCategory($category) {

Indentation +277 added lines, -277 removed lines

@@ -43,281 +43,281 @@
  * @package OC\Settings\Controller
  */
 class AppSettingsController extends Controller {
-	const CAT_ENABLED = 0;
-	const CAT_DISABLED = 1;
-
-	/** @var \OCP\IL10N */
-	private $l10n;
-	/** @var IConfig */
-	private $config;
-	/** @var \OCP\ICache */
-	private $cache;
-	/** @var INavigationManager */
-	private $navigationManager;
-	/** @var IAppManager */
-	private $appManager;
-	/** @var OCSClient */
-	private $ocsClient;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IL10N $l10n
-	 * @param IConfig $config
-	 * @param ICacheFactory $cache
-	 * @param INavigationManager $navigationManager
-	 * @param IAppManager $appManager
-	 * @param OCSClient $ocsClient
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IL10N $l10n,
-								IConfig $config,
-								ICacheFactory $cache,
-								INavigationManager $navigationManager,
-								IAppManager $appManager,
-								OCSClient $ocsClient) {
-		parent::__construct($appName, $request);
-		$this->l10n = $l10n;
-		$this->config = $config;
-		$this->cache = $cache->create($appName);
-		$this->navigationManager = $navigationManager;
-		$this->appManager = $appManager;
-		$this->ocsClient = $ocsClient;
-	}
-
-	/**
-	 * Enables or disables the display of experimental apps
-	 * @param bool $state
-	 * @return DataResponse
-	 */
-	public function changeExperimentalConfigState($state) {
-		$this->config->setSystemValue('appstore.experimental.enabled', $state);
-		$this->appManager->clearAppsCache();
-		return new DataResponse();
-	}
-
-	/**
-	 * @param string|int $category
-	 * @return int
-	 */
-	protected function getCategory($category) {
-		if (is_string($category)) {
-			foreach ($this->listCategories() as $cat) {
-				if (isset($cat['ident']) && $cat['ident'] === $category) {
-					$category = (int) $cat['id'];
-					break;
-				}
-			}
-
-			// Didn't find the category, falling back to enabled
-			if (is_string($category)) {
-				$category = self::CAT_ENABLED;
-			}
-		}
-		return (int) $category;
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @param string $category
-	 * @return TemplateResponse
-	 */
-	public function viewApps($category = '') {
-		$categoryId = $this->getCategory($category);
-		if ($categoryId === self::CAT_ENABLED) {
-			// Do not use an arbitrary input string, because we put the category in html
-			$category = 'enabled';
-		}
-
-		$params = [];
-		$params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false);
-		$params['category'] = $category;
-		$params['appstoreEnabled'] = $this->config->getSystemValue('appstoreenabled', true) === true;
-		$this->navigationManager->setActiveEntry('core_apps');
-
-		$templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user');
-		$policy = new ContentSecurityPolicy();
-		$policy->addAllowedImageDomain('https://apps.owncloud.com');
-		$templateResponse->setContentSecurityPolicy($policy);
-
-		return $templateResponse;
-	}
-
-	/**
-	 * Get all available categories
-	 * @return array
-	 */
-	public function listCategories() {
-
-		if(!is_null($this->cache->get('listCategories'))) {
-			return $this->cache->get('listCategories');
-		}
-		$categories = [
-			['id' => self::CAT_ENABLED, 'ident' => 'enabled', 'displayName' => (string)$this->l10n->t('Enabled')],
-			['id' => self::CAT_DISABLED, 'ident' => 'disabled', 'displayName' => (string)$this->l10n->t('Not enabled')],
-		];
-
-		if($this->ocsClient->isAppStoreEnabled()) {
-			// apps from external repo via OCS
-			$ocs = $this->ocsClient->getCategories(\OCP\Util::getVersion());
-			if ($ocs) {
-				foreach($ocs as $k => $v) {
-					$name = str_replace('ownCloud ', '', $v);
-					$ident = str_replace(' ', '-', urlencode(strtolower($name)));
-					$categories[] = [
-						'id' => $k,
-						'ident' => $ident,
-						'displayName' => $name,
-					];
-				}
-			}
-		}
-
-		$this->cache->set('listCategories', $categories, 3600);
-
-		return $categories;
-	}
-
-	/**
-	 * Get all available apps in a category
-	 *
-	 * @param string $category
-	 * @param bool $includeUpdateInfo Should we check whether there is an update
-	 *                                in the app store?
-	 * @return array
-	 */
-	public function listApps($category = '', $includeUpdateInfo = true) {
-		$category = $this->getCategory($category);
-		$cacheName = 'listApps-' . $category . '-' . (int) $includeUpdateInfo;
-
-		if(!is_null($this->cache->get($cacheName))) {
-			$apps = $this->cache->get($cacheName);
-		} else {
-			switch ($category) {
-				// installed apps
-				case 0:
-					$apps = $this->getInstalledApps($includeUpdateInfo);
-					usort($apps, function ($a, $b) {
-						$a = (string)$a['name'];
-						$b = (string)$b['name'];
-						if ($a === $b) {
-							return 0;
-						}
-						return ($a < $b) ? -1 : 1;
-					});
-					$version = \OCP\Util::getVersion();
-					foreach($apps as $key => $app) {
-						if(!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
-							$remoteAppEntry = $this->ocsClient->getApplication($app['ocsid'], $version);
-
-							if(is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
-								$apps[$key]['level'] = $remoteAppEntry['level'];
-							}
-						}
-					}
-					break;
-				// not-installed apps
-				case 1:
-					$apps = \OC_App::listAllApps(true, $includeUpdateInfo, $this->ocsClient);
-					$apps = array_filter($apps, function ($app) {
-						return !$app['active'];
-					});
-					$version = \OCP\Util::getVersion();
-					foreach($apps as $key => $app) {
-						if(!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
-							$remoteAppEntry = $this->ocsClient->getApplication($app['ocsid'], $version);
-
-							if(is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
-								$apps[$key]['level'] = $remoteAppEntry['level'];
-							}
-						}
-					}
-					usort($apps, function ($a, $b) {
-						$a = (string)$a['name'];
-						$b = (string)$b['name'];
-						if ($a === $b) {
-							return 0;
-						}
-						return ($a < $b) ? -1 : 1;
-					});
-					break;
-				default:
-					$filter = $this->config->getSystemValue('appstore.experimental.enabled', false) ? 'all' : 'approved';
-
-					$apps = \OC_App::getAppstoreApps($filter, $category, $this->ocsClient);
-					if (!$apps) {
-						$apps = array();
-					} else {
-						// don't list installed apps
-						$installedApps = $this->getInstalledApps(false);
-						$installedApps = array_map(function ($app) {
-							if (isset($app['ocsid'])) {
-								return $app['ocsid'];
-							}
-							return $app['id'];
-						}, $installedApps);
-						$apps = array_filter($apps, function ($app) use ($installedApps) {
-							return !in_array($app['id'], $installedApps);
-						});
-					}
-
-					// sort by score
-					usort($apps, function ($a, $b) {
-						$a = (int)$a['score'];
-						$b = (int)$b['score'];
-						if ($a === $b) {
-							return 0;
-						}
-						return ($a > $b) ? -1 : 1;
-					});
-					break;
-			}
-		}
-
-		// fix groups to be an array
-		$dependencyAnalyzer = new DependencyAnalyzer(new Platform($this->config), $this->l10n);
-		$apps = array_map(function($app) use ($dependencyAnalyzer) {
-
-			// fix groups
-			$groups = array();
-			if (is_string($app['groups'])) {
-				$groups = json_decode($app['groups']);
-			}
-			$app['groups'] = $groups;
-			$app['canUnInstall'] = !$app['active'] && $app['removable'];
-
-			// fix licence vs license
-			if (isset($app['license']) && !isset($app['licence'])) {
-				$app['licence'] = $app['license'];
-			}
-
-			// analyse dependencies
-			$missing = $dependencyAnalyzer->analyze($app);
-			$app['canInstall'] = empty($missing);
-			$app['missingDependencies'] = $missing;
-
-			$app['missingMinOwnCloudVersion'] = !isset($app['dependencies']['owncloud']['@attributes']['min-version']);
-			$app['missingMaxOwnCloudVersion'] = !isset($app['dependencies']['owncloud']['@attributes']['max-version']);
-
-			return $app;
-		}, $apps);
-
-		$this->cache->set($cacheName, $apps, 300);
-
-		return ['apps' => $apps, 'status' => 'success'];
-	}
-
-	/**
-	 * @param bool $includeUpdateInfo Should we check whether there is an update
-	 *                                in the app store?
-	 * @return array
-	 */
-	private function getInstalledApps($includeUpdateInfo = true) {
-		$apps = \OC_App::listAllApps(true, $includeUpdateInfo, $this->ocsClient);
-		$apps = array_filter($apps, function ($app) {
-			return $app['active'];
-		});
-		return $apps;
-	}
+    const CAT_ENABLED = 0;
+    const CAT_DISABLED = 1;
+
+    /** @var \OCP\IL10N */
+    private $l10n;
+    /** @var IConfig */
+    private $config;
+    /** @var \OCP\ICache */
+    private $cache;
+    /** @var INavigationManager */
+    private $navigationManager;
+    /** @var IAppManager */
+    private $appManager;
+    /** @var OCSClient */
+    private $ocsClient;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IL10N $l10n
+     * @param IConfig $config
+     * @param ICacheFactory $cache
+     * @param INavigationManager $navigationManager
+     * @param IAppManager $appManager
+     * @param OCSClient $ocsClient
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IL10N $l10n,
+                                IConfig $config,
+                                ICacheFactory $cache,
+                                INavigationManager $navigationManager,
+                                IAppManager $appManager,
+                                OCSClient $ocsClient) {
+        parent::__construct($appName, $request);
+        $this->l10n = $l10n;
+        $this->config = $config;
+        $this->cache = $cache->create($appName);
+        $this->navigationManager = $navigationManager;
+        $this->appManager = $appManager;
+        $this->ocsClient = $ocsClient;
+    }
+
+    /**
+     * Enables or disables the display of experimental apps
+     * @param bool $state
+     * @return DataResponse
+     */
+    public function changeExperimentalConfigState($state) {
+        $this->config->setSystemValue('appstore.experimental.enabled', $state);
+        $this->appManager->clearAppsCache();
+        return new DataResponse();
+    }
+
+    /**
+     * @param string|int $category
+     * @return int
+     */
+    protected function getCategory($category) {
+        if (is_string($category)) {
+            foreach ($this->listCategories() as $cat) {
+                if (isset($cat['ident']) && $cat['ident'] === $category) {
+                    $category = (int) $cat['id'];
+                    break;
+                }
+            }
+
+            // Didn't find the category, falling back to enabled
+            if (is_string($category)) {
+                $category = self::CAT_ENABLED;
+            }
+        }
+        return (int) $category;
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @param string $category
+     * @return TemplateResponse
+     */
+    public function viewApps($category = '') {
+        $categoryId = $this->getCategory($category);
+        if ($categoryId === self::CAT_ENABLED) {
+            // Do not use an arbitrary input string, because we put the category in html
+            $category = 'enabled';
+        }
+
+        $params = [];
+        $params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false);
+        $params['category'] = $category;
+        $params['appstoreEnabled'] = $this->config->getSystemValue('appstoreenabled', true) === true;
+        $this->navigationManager->setActiveEntry('core_apps');
+
+        $templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user');
+        $policy = new ContentSecurityPolicy();
+        $policy->addAllowedImageDomain('https://apps.owncloud.com');
+        $templateResponse->setContentSecurityPolicy($policy);
+
+        return $templateResponse;
+    }
+
+    /**
+     * Get all available categories
+     * @return array
+     */
+    public function listCategories() {
+
+        if(!is_null($this->cache->get('listCategories'))) {
+            return $this->cache->get('listCategories');
+        }
+        $categories = [
+            ['id' => self::CAT_ENABLED, 'ident' => 'enabled', 'displayName' => (string)$this->l10n->t('Enabled')],
+            ['id' => self::CAT_DISABLED, 'ident' => 'disabled', 'displayName' => (string)$this->l10n->t('Not enabled')],
+        ];
+
+        if($this->ocsClient->isAppStoreEnabled()) {
+            // apps from external repo via OCS
+            $ocs = $this->ocsClient->getCategories(\OCP\Util::getVersion());
+            if ($ocs) {
+                foreach($ocs as $k => $v) {
+                    $name = str_replace('ownCloud ', '', $v);
+                    $ident = str_replace(' ', '-', urlencode(strtolower($name)));
+                    $categories[] = [
+                        'id' => $k,
+                        'ident' => $ident,
+                        'displayName' => $name,
+                    ];
+                }
+            }
+        }
+
+        $this->cache->set('listCategories', $categories, 3600);
+
+        return $categories;
+    }
+
+    /**
+     * Get all available apps in a category
+     *
+     * @param string $category
+     * @param bool $includeUpdateInfo Should we check whether there is an update
+     *                                in the app store?
+     * @return array
+     */
+    public function listApps($category = '', $includeUpdateInfo = true) {
+        $category = $this->getCategory($category);
+        $cacheName = 'listApps-' . $category . '-' . (int) $includeUpdateInfo;
+
+        if(!is_null($this->cache->get($cacheName))) {
+            $apps = $this->cache->get($cacheName);
+        } else {
+            switch ($category) {
+                // installed apps
+                case 0:
+                    $apps = $this->getInstalledApps($includeUpdateInfo);
+                    usort($apps, function ($a, $b) {
+                        $a = (string)$a['name'];
+                        $b = (string)$b['name'];
+                        if ($a === $b) {
+                            return 0;
+                        }
+                        return ($a < $b) ? -1 : 1;
+                    });
+                    $version = \OCP\Util::getVersion();
+                    foreach($apps as $key => $app) {
+                        if(!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
+                            $remoteAppEntry = $this->ocsClient->getApplication($app['ocsid'], $version);
+
+                            if(is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
+                                $apps[$key]['level'] = $remoteAppEntry['level'];
+                            }
+                        }
+                    }
+                    break;
+                // not-installed apps
+                case 1:
+                    $apps = \OC_App::listAllApps(true, $includeUpdateInfo, $this->ocsClient);
+                    $apps = array_filter($apps, function ($app) {
+                        return !$app['active'];
+                    });
+                    $version = \OCP\Util::getVersion();
+                    foreach($apps as $key => $app) {
+                        if(!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
+                            $remoteAppEntry = $this->ocsClient->getApplication($app['ocsid'], $version);
+
+                            if(is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
+                                $apps[$key]['level'] = $remoteAppEntry['level'];
+                            }
+                        }
+                    }
+                    usort($apps, function ($a, $b) {
+                        $a = (string)$a['name'];
+                        $b = (string)$b['name'];
+                        if ($a === $b) {
+                            return 0;
+                        }
+                        return ($a < $b) ? -1 : 1;
+                    });
+                    break;
+                default:
+                    $filter = $this->config->getSystemValue('appstore.experimental.enabled', false) ? 'all' : 'approved';
+
+                    $apps = \OC_App::getAppstoreApps($filter, $category, $this->ocsClient);
+                    if (!$apps) {
+                        $apps = array();
+                    } else {
+                        // don't list installed apps
+                        $installedApps = $this->getInstalledApps(false);
+                        $installedApps = array_map(function ($app) {
+                            if (isset($app['ocsid'])) {
+                                return $app['ocsid'];
+                            }
+                            return $app['id'];
+                        }, $installedApps);
+                        $apps = array_filter($apps, function ($app) use ($installedApps) {
+                            return !in_array($app['id'], $installedApps);
+                        });
+                    }
+
+                    // sort by score
+                    usort($apps, function ($a, $b) {
+                        $a = (int)$a['score'];
+                        $b = (int)$b['score'];
+                        if ($a === $b) {
+                            return 0;
+                        }
+                        return ($a > $b) ? -1 : 1;
+                    });
+                    break;
+            }
+        }
+
+        // fix groups to be an array
+        $dependencyAnalyzer = new DependencyAnalyzer(new Platform($this->config), $this->l10n);
+        $apps = array_map(function($app) use ($dependencyAnalyzer) {
+
+            // fix groups
+            $groups = array();
+            if (is_string($app['groups'])) {
+                $groups = json_decode($app['groups']);
+            }
+            $app['groups'] = $groups;
+            $app['canUnInstall'] = !$app['active'] && $app['removable'];
+
+            // fix licence vs license
+            if (isset($app['license']) && !isset($app['licence'])) {
+                $app['licence'] = $app['license'];
+            }
+
+            // analyse dependencies
+            $missing = $dependencyAnalyzer->analyze($app);
+            $app['canInstall'] = empty($missing);
+            $app['missingDependencies'] = $missing;
+
+            $app['missingMinOwnCloudVersion'] = !isset($app['dependencies']['owncloud']['@attributes']['min-version']);
+            $app['missingMaxOwnCloudVersion'] = !isset($app['dependencies']['owncloud']['@attributes']['max-version']);
+
+            return $app;
+        }, $apps);
+
+        $this->cache->set($cacheName, $apps, 300);
+
+        return ['apps' => $apps, 'status' => 'success'];
+    }
+
+    /**
+     * @param bool $includeUpdateInfo Should we check whether there is an update
+     *                                in the app store?
+     * @return array
+     */
+    private function getInstalledApps($includeUpdateInfo = true) {
+        $apps = \OC_App::listAllApps(true, $includeUpdateInfo, $this->ocsClient);
+        $apps = array_filter($apps, function ($app) {
+            return $app['active'];
+        });
+        return $apps;
+    }
 }

Spacing +26 added lines, -26 removed lines

@@ -150,19 +150,19 @@ 
 	 */
 	public function listCategories() {
 
-		if(!is_null($this->cache->get('listCategories'))) {
+		if (!is_null($this->cache->get('listCategories'))) {
 			return $this->cache->get('listCategories');
 		}
 		$categories = [
-			['id' => self::CAT_ENABLED, 'ident' => 'enabled', 'displayName' => (string)$this->l10n->t('Enabled')],
-			['id' => self::CAT_DISABLED, 'ident' => 'disabled', 'displayName' => (string)$this->l10n->t('Not enabled')],
+			['id' => self::CAT_ENABLED, 'ident' => 'enabled', 'displayName' => (string) $this->l10n->t('Enabled')],
+			['id' => self::CAT_DISABLED, 'ident' => 'disabled', 'displayName' => (string) $this->l10n->t('Not enabled')],
 		];
 
-		if($this->ocsClient->isAppStoreEnabled()) {
+		if ($this->ocsClient->isAppStoreEnabled()) {
 			// apps from external repo via OCS
 			$ocs = $this->ocsClient->getCategories(\OCP\Util::getVersion());
 			if ($ocs) {
-				foreach($ocs as $k => $v) {
+				foreach ($ocs as $k => $v) {
 					$name = str_replace('ownCloud ', '', $v);
 					$ident = str_replace(' ', '-', urlencode(strtolower($name)));
 					$categories[] = [
@@ -189,29 +189,29 @@ 
 	 */
 	public function listApps($category = '', $includeUpdateInfo = true) {
 		$category = $this->getCategory($category);
-		$cacheName = 'listApps-' . $category . '-' . (int) $includeUpdateInfo;
+		$cacheName = 'listApps-'.$category.'-'.(int) $includeUpdateInfo;
 
-		if(!is_null($this->cache->get($cacheName))) {
+		if (!is_null($this->cache->get($cacheName))) {
 			$apps = $this->cache->get($cacheName);
 		} else {
 			switch ($category) {
 				// installed apps
 				case 0:
 					$apps = $this->getInstalledApps($includeUpdateInfo);
-					usort($apps, function ($a, $b) {
-						$a = (string)$a['name'];
-						$b = (string)$b['name'];
+					usort($apps, function($a, $b) {
+						$a = (string) $a['name'];
+						$b = (string) $b['name'];
 						if ($a === $b) {
 							return 0;
 						}
 						return ($a < $b) ? -1 : 1;
 					});
 					$version = \OCP\Util::getVersion();
-					foreach($apps as $key => $app) {
-						if(!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
+					foreach ($apps as $key => $app) {
+						if (!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
 							$remoteAppEntry = $this->ocsClient->getApplication($app['ocsid'], $version);
 
-							if(is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
+							if (is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
 								$apps[$key]['level'] = $remoteAppEntry['level'];
 							}
 						}
@@ -220,22 +220,22 @@ 
 				// not-installed apps
 				case 1:
 					$apps = \OC_App::listAllApps(true, $includeUpdateInfo, $this->ocsClient);
-					$apps = array_filter($apps, function ($app) {
+					$apps = array_filter($apps, function($app) {
 						return !$app['active'];
 					});
 					$version = \OCP\Util::getVersion();
-					foreach($apps as $key => $app) {
-						if(!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
+					foreach ($apps as $key => $app) {
+						if (!array_key_exists('level', $app) && array_key_exists('ocsid', $app)) {
 							$remoteAppEntry = $this->ocsClient->getApplication($app['ocsid'], $version);
 
-							if(is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
+							if (is_array($remoteAppEntry) && array_key_exists('level', $remoteAppEntry)) {
 								$apps[$key]['level'] = $remoteAppEntry['level'];
 							}
 						}
 					}
-					usort($apps, function ($a, $b) {
-						$a = (string)$a['name'];
-						$b = (string)$b['name'];
+					usort($apps, function($a, $b) {
+						$a = (string) $a['name'];
+						$b = (string) $b['name'];
 						if ($a === $b) {
 							return 0;
 						}
@@ -251,21 +251,21 @@ 
 					} else {
 						// don't list installed apps
 						$installedApps = $this->getInstalledApps(false);
-						$installedApps = array_map(function ($app) {
+						$installedApps = array_map(function($app) {
 							if (isset($app['ocsid'])) {
 								return $app['ocsid'];
 							}
 							return $app['id'];
 						}, $installedApps);
-						$apps = array_filter($apps, function ($app) use ($installedApps) {
+						$apps = array_filter($apps, function($app) use ($installedApps) {
 							return !in_array($app['id'], $installedApps);
 						});
 					}
 
 					// sort by score
-					usort($apps, function ($a, $b) {
-						$a = (int)$a['score'];
-						$b = (int)$b['score'];
+					usort($apps, function($a, $b) {
+						$a = (int) $a['score'];
+						$b = (int) $b['score'];
 						if ($a === $b) {
 							return 0;
 						}
@@ -315,7 +315,7 @@ 
 	 */
 	private function getInstalledApps($includeUpdateInfo = true) {
 		$apps = \OC_App::listAllApps(true, $includeUpdateInfo, $this->ocsClient);
-		$apps = array_filter($apps, function ($app) {
+		$apps = array_filter($apps, function($app) {
 			return $app['active'];
 		});
 		return $apps;

settings/controller/certificatecontroller.php

Doc Comments +3 added lines, -3 removed lines

@@ -71,7 +71,7 @@ 
 	 *
 	 * @NoAdminRequired
 	 * @NoSubadminRequired
-	 * @return array
+	 * @return DataResponse
 	 */
 	public function addPersonalRootCertificate() {
 		return $this->addCertificate($this->userCertificateManager);
@@ -81,7 +81,7 @@ 
 	 * Add a new root certificate to a trust store
 	 *
 	 * @param ICertificateManager $certificateManager
-	 * @return array
+	 * @return DataResponse
 	 */
 	private function addCertificate(ICertificateManager $certificateManager) {
 		$headers = [];
@@ -159,7 +159,7 @@ 
 	/**
 	 * Add a new personal root certificate to the system's trust store
 	 *
-	 * @return array
+	 * @return DataResponse
 	 */
 	public function addSystemRootCertificate() {
 		return $this->addCertificate($this->systemCertificateManager);

Indentation +144 added lines, -144 removed lines

@@ -37,148 +37,148 @@
  * @package OC\Settings\Controller
  */
 class CertificateController extends Controller {
-	/** @var ICertificateManager */
-	private $userCertificateManager;
-	/** @var ICertificateManager  */
-	private $systemCertificateManager;
-	/** @var IL10N */
-	private $l10n;
-	/** @var IAppManager */
-	private $appManager;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param ICertificateManager $userCertificateManager
-	 * @param ICertificateManager $systemCertificateManager
-	 * @param IL10N $l10n
-	 * @param IAppManager $appManager
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								ICertificateManager $userCertificateManager,
-								ICertificateManager $systemCertificateManager,
-								IL10N $l10n,
-								IAppManager $appManager) {
-		parent::__construct($appName, $request);
-		$this->userCertificateManager = $userCertificateManager;
-		$this->systemCertificateManager = $systemCertificateManager;
-		$this->l10n = $l10n;
-		$this->appManager = $appManager;
-	}
-
-	/**
-	 * Add a new personal root certificate to the users' trust store
-	 *
-	 * @NoAdminRequired
-	 * @NoSubadminRequired
-	 * @return array
-	 */
-	public function addPersonalRootCertificate() {
-		return $this->addCertificate($this->userCertificateManager);
-	}
-
-	/**
-	 * Add a new root certificate to a trust store
-	 *
-	 * @param ICertificateManager $certificateManager
-	 * @return array
-	 */
-	private function addCertificate(ICertificateManager $certificateManager) {
-		$headers = [];
-		if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) {
-			// due to upload iframe workaround, need to set content-type to text/plain
-			$headers['Content-Type'] = 'text/plain';
-		}
-
-		if ($this->isCertificateImportAllowed() === false) {
-			return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers);
-		}
-
-		$file = $this->request->getUploadedFile('rootcert_import');
-		if (empty($file)) {
-			return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
-		}
-
-		try {
-			$certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);
-			return new DataResponse(
-				[
-					'name' => $certificate->getName(),
-					'commonName' => $certificate->getCommonName(),
-					'organization' => $certificate->getOrganization(),
-					'validFrom' => $certificate->getIssueDate()->getTimestamp(),
-					'validTill' => $certificate->getExpireDate()->getTimestamp(),
-					'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),
-					'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),
-					'issuer' => $certificate->getIssuerName(),
-					'issuerOrganization' => $certificate->getIssuerOrganization(),
-				],
-				Http::STATUS_OK,
-				$headers
-			);
-		} catch (\Exception $e) {
-			return new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
-		}
-	}
-
-	/**
-	 * Removes a personal root certificate from the users' trust store
-	 *
-	 * @NoAdminRequired
-	 * @NoSubadminRequired
-	 * @param string $certificateIdentifier
-	 * @return DataResponse
-	 */
-	public function removePersonalRootCertificate($certificateIdentifier) {
-
-		if ($this->isCertificateImportAllowed() === false) {
-			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
-		}
-
-		$this->userCertificateManager->removeCertificate($certificateIdentifier);
-		return new DataResponse();
-	}
-
-	/**
-	 * check if certificate import is allowed
-	 *
-	 * @return bool
-	 */
-	protected function isCertificateImportAllowed() {
-		$externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');
-		if ($externalStorageEnabled) {
-			/** @var \OCA\Files_External\Service\BackendService $backendService */
-			$backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService');
-			if ($backendService->isUserMountingAllowed()) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * Add a new personal root certificate to the system's trust store
-	 *
-	 * @return array
-	 */
-	public function addSystemRootCertificate() {
-		return $this->addCertificate($this->systemCertificateManager);
-	}
-
-	/**
-	 * Removes a personal root certificate from the users' trust store
-	 *
-	 * @param string $certificateIdentifier
-	 * @return DataResponse
-	 */
-	public function removeSystemRootCertificate($certificateIdentifier) {
-
-		if ($this->isCertificateImportAllowed() === false) {
-			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
-		}
-
-		$this->systemCertificateManager->removeCertificate($certificateIdentifier);
-		return new DataResponse();
-	}
+    /** @var ICertificateManager */
+    private $userCertificateManager;
+    /** @var ICertificateManager  */
+    private $systemCertificateManager;
+    /** @var IL10N */
+    private $l10n;
+    /** @var IAppManager */
+    private $appManager;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param ICertificateManager $userCertificateManager
+     * @param ICertificateManager $systemCertificateManager
+     * @param IL10N $l10n
+     * @param IAppManager $appManager
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                ICertificateManager $userCertificateManager,
+                                ICertificateManager $systemCertificateManager,
+                                IL10N $l10n,
+                                IAppManager $appManager) {
+        parent::__construct($appName, $request);
+        $this->userCertificateManager = $userCertificateManager;
+        $this->systemCertificateManager = $systemCertificateManager;
+        $this->l10n = $l10n;
+        $this->appManager = $appManager;
+    }
+
+    /**
+     * Add a new personal root certificate to the users' trust store
+     *
+     * @NoAdminRequired
+     * @NoSubadminRequired
+     * @return array
+     */
+    public function addPersonalRootCertificate() {
+        return $this->addCertificate($this->userCertificateManager);
+    }
+
+    /**
+     * Add a new root certificate to a trust store
+     *
+     * @param ICertificateManager $certificateManager
+     * @return array
+     */
+    private function addCertificate(ICertificateManager $certificateManager) {
+        $headers = [];
+        if ($this->request->isUserAgent([\OC\AppFramework\Http\Request::USER_AGENT_IE_8])) {
+            // due to upload iframe workaround, need to set content-type to text/plain
+            $headers['Content-Type'] = 'text/plain';
+        }
+
+        if ($this->isCertificateImportAllowed() === false) {
+            return new DataResponse(['message' => 'Individual certificate management disabled'], Http::STATUS_FORBIDDEN, $headers);
+        }
+
+        $file = $this->request->getUploadedFile('rootcert_import');
+        if (empty($file)) {
+            return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
+        }
+
+        try {
+            $certificate = $certificateManager->addCertificate(file_get_contents($file['tmp_name']), $file['name']);
+            return new DataResponse(
+                [
+                    'name' => $certificate->getName(),
+                    'commonName' => $certificate->getCommonName(),
+                    'organization' => $certificate->getOrganization(),
+                    'validFrom' => $certificate->getIssueDate()->getTimestamp(),
+                    'validTill' => $certificate->getExpireDate()->getTimestamp(),
+                    'validFromString' => $this->l10n->l('date', $certificate->getIssueDate()),
+                    'validTillString' => $this->l10n->l('date', $certificate->getExpireDate()),
+                    'issuer' => $certificate->getIssuerName(),
+                    'issuerOrganization' => $certificate->getIssuerOrganization(),
+                ],
+                Http::STATUS_OK,
+                $headers
+            );
+        } catch (\Exception $e) {
+            return new DataResponse('An error occurred.', Http::STATUS_UNPROCESSABLE_ENTITY, $headers);
+        }
+    }
+
+    /**
+     * Removes a personal root certificate from the users' trust store
+     *
+     * @NoAdminRequired
+     * @NoSubadminRequired
+     * @param string $certificateIdentifier
+     * @return DataResponse
+     */
+    public function removePersonalRootCertificate($certificateIdentifier) {
+
+        if ($this->isCertificateImportAllowed() === false) {
+            return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+        }
+
+        $this->userCertificateManager->removeCertificate($certificateIdentifier);
+        return new DataResponse();
+    }
+
+    /**
+     * check if certificate import is allowed
+     *
+     * @return bool
+     */
+    protected function isCertificateImportAllowed() {
+        $externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');
+        if ($externalStorageEnabled) {
+            /** @var \OCA\Files_External\Service\BackendService $backendService */
+            $backendService = \OC_Mount_Config::$app->getContainer()->query('\OCA\Files_External\Service\BackendService');
+            if ($backendService->isUserMountingAllowed()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Add a new personal root certificate to the system's trust store
+     *
+     * @return array
+     */
+    public function addSystemRootCertificate() {
+        return $this->addCertificate($this->systemCertificateManager);
+    }
+
+    /**
+     * Removes a personal root certificate from the users' trust store
+     *
+     * @param string $certificateIdentifier
+     * @return DataResponse
+     */
+    public function removeSystemRootCertificate($certificateIdentifier) {
+
+        if ($this->isCertificateImportAllowed() === false) {
+            return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+        }
+
+        $this->systemCertificateManager->removeCertificate($certificateIdentifier);
+        return new DataResponse();
+    }
 }

settings/controller/checksetupcontroller.php

Doc Comments +1 added lines, -1 removed lines

@@ -268,7 +268,7 @@
 
 	/**
 	 * @NoCSRFRequired
-	 * @return DataResponse
+	 * @return DataDisplayResponse
 	 */
 	public function getFailedIntegrityCheckFiles() {
 		if(!$this->checker->isCodeCheckEnforced()) {

Indentation +293 added lines, -293 removed lines

@@ -44,242 +44,242 @@ 
  * @package OC\Settings\Controller
  */
 class CheckSetupController extends Controller {
-	/** @var IConfig */
-	private $config;
-	/** @var IClientService */
-	private $clientService;
-	/** @var \OC_Util */
-	private $util;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var IL10N */
-	private $l10n;
-	/** @var Checker */
-	private $checker;
-
-	/**
-	 * @param string $AppName
-	 * @param IRequest $request
-	 * @param IConfig $config
-	 * @param IClientService $clientService
-	 * @param IURLGenerator $urlGenerator
-	 * @param \OC_Util $util
-	 * @param IL10N $l10n
-	 * @param Checker $checker
-	 */
-	public function __construct($AppName,
-								IRequest $request,
-								IConfig $config,
-								IClientService $clientService,
-								IURLGenerator $urlGenerator,
-								\OC_Util $util,
-								IL10N $l10n,
-								Checker $checker) {
-		parent::__construct($AppName, $request);
-		$this->config = $config;
-		$this->clientService = $clientService;
-		$this->util = $util;
-		$this->urlGenerator = $urlGenerator;
-		$this->l10n = $l10n;
-		$this->checker = $checker;
-	}
-
-	/**
-	 * Checks if the ownCloud server can connect to the internet using HTTPS and HTTP
-	 * @return bool
-	 */
-	private function isInternetConnectionWorking() {
-		if ($this->config->getSystemValue('has_internet_connection', true) === false) {
-			return false;
-		}
-
-		try {
-			$client = $this->clientService->newClient();
-			$client->get('https://www.owncloud.org/');
-			$client->get('http://www.owncloud.org/');
-			return true;
-		} catch (\Exception $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * Checks whether a local memcache is installed or not
-	 * @return bool
-	 */
-	private function isMemcacheConfigured() {
-		return $this->config->getSystemValue('memcache.local', null) !== null;
-	}
-
-	/**
-	 * Whether /dev/urandom is available to the PHP controller
-	 *
-	 * @return bool
-	 */
-	private function isUrandomAvailable() {
-		if(@file_exists('/dev/urandom')) {
-			$file = fopen('/dev/urandom', 'rb');
-			if($file) {
-				fclose($file);
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Public for the sake of unit-testing
-	 *
-	 * @return array
-	 */
-	protected function getCurlVersion() {
-		return curl_version();
-	}
-
-	/**
-	 * Check if the used  SSL lib is outdated. Older OpenSSL and NSS versions do
-	 * have multiple bugs which likely lead to problems in combination with
-	 * functionality required by ownCloud such as SNI.
-	 *
-	 * @link https://github.com/owncloud/core/issues/17446#issuecomment-122877546
-	 * @link https://bugzilla.redhat.com/show_bug.cgi?id=1241172
-	 * @return string
-	 */
-	private function isUsedTlsLibOutdated() {
-		// Appstore is disabled by default in EE
-		$appStoreDefault = false;
-		if (\OC_Util::getEditionString() === '') {
-			$appStoreDefault = true;
-		}
-
-		// Don't run check when:
-		// 1. Server has `has_internet_connection` set to false
-		// 2. AppStore AND S2S is disabled
-		if(!$this->config->getSystemValue('has_internet_connection', true)) {
-			return '';
-		}
-		if(!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)
-			&& $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'
-			&& $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {
-			return '';
-		}
-
-		$versionString = $this->getCurlVersion();
-		if(isset($versionString['ssl_version'])) {
-			$versionString = $versionString['ssl_version'];
-		} else {
-			return '';
-		}
-
-		$features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
-		if(!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)) {
-			$features = (string)$this->l10n->t('Federated Cloud Sharing');
-		}
-
-		// Check if at least OpenSSL after 1.01d or 1.0.2b
-		if(strpos($versionString, 'OpenSSL/') === 0) {
-			$majorVersion = substr($versionString, 8, 5);
-			$patchRelease = substr($versionString, 13, 6);
-
-			if(($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
-				($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {
-				return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['OpenSSL', $versionString, $features]);
-			}
-		}
-
-		// Check if NSS and perform heuristic check
-		if(strpos($versionString, 'NSS/') === 0) {
-			try {
-				$firstClient = $this->clientService->newClient();
-				$firstClient->get('https://www.owncloud.org/');
-
-				$secondClient = $this->clientService->newClient();
-				$secondClient->get('https://owncloud.org/');
-			} catch (ClientException $e) {
-				if($e->getResponse()->getStatusCode() === 400) {
-					return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['NSS', $versionString, $features]);
-				}
-			}
-		}
-
-		return '';
-	}
-
-	/**
-	 * Whether the php version is still supported (at time of release)
-	 * according to: https://secure.php.net/supported-versions.php
-	 *
-	 * @return array
-	 */
-	private function isPhpSupported() {
-		$eol = false;
-
-		//PHP 5.4 is EOL on 14 Sep 2015
-		if (version_compare(PHP_VERSION, '5.5.0') === -1) {
-			$eol = true;
-		}
-
-		return ['eol' => $eol, 'version' => PHP_VERSION];
-	}
-
-	/**
-	 * Check if the reverse proxy configuration is working as expected
-	 *
-	 * @return bool
-	 */
-	private function forwardedForHeadersWorking() {
-		$trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
-		$remoteAddress = $this->request->getRemoteAddress();
-
-		if (is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {
-			return false;
-		}
-
-		// either not enabled or working correctly
-		return true;
-	}
-
-	/**
-	 * Checks if the correct memcache module for PHP is installed. Only
-	 * fails if memcached is configured and the working module is not installed.
-	 *
-	 * @return bool
-	 */
-	private function isCorrectMemcachedPHPModuleInstalled() {
-		if ($this->config->getSystemValue('memcache.distributed', null) !== '\OC\Memcache\Memcached') {
-			return true;
-		}
-
-		// there are two different memcached modules for PHP
-		// we only support memcached and not memcache
-		// https://code.google.com/p/memcached/wiki/PHPClientComparison
-		return !(!extension_loaded('memcached') && extension_loaded('memcache'));
-	}
-
-	/**
-	 * @return RedirectResponse
-	 */
-	public function rescanFailedIntegrityCheck() {
-		$this->checker->runInstanceVerification();
-		return new RedirectResponse(
-			$this->urlGenerator->linkToRoute('settings_admin')
-		);
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @return DataResponse
-	 */
-	public function getFailedIntegrityCheckFiles() {
-		if(!$this->checker->isCodeCheckEnforced()) {
-			return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
-		}
-
-		$completeResults = $this->checker->getResults();
-
-		if(!empty($completeResults)) {
-			$formattedTextResponse = 'Technical information
+    /** @var IConfig */
+    private $config;
+    /** @var IClientService */
+    private $clientService;
+    /** @var \OC_Util */
+    private $util;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var IL10N */
+    private $l10n;
+    /** @var Checker */
+    private $checker;
+
+    /**
+     * @param string $AppName
+     * @param IRequest $request
+     * @param IConfig $config
+     * @param IClientService $clientService
+     * @param IURLGenerator $urlGenerator
+     * @param \OC_Util $util
+     * @param IL10N $l10n
+     * @param Checker $checker
+     */
+    public function __construct($AppName,
+                                IRequest $request,
+                                IConfig $config,
+                                IClientService $clientService,
+                                IURLGenerator $urlGenerator,
+                                \OC_Util $util,
+                                IL10N $l10n,
+                                Checker $checker) {
+        parent::__construct($AppName, $request);
+        $this->config = $config;
+        $this->clientService = $clientService;
+        $this->util = $util;
+        $this->urlGenerator = $urlGenerator;
+        $this->l10n = $l10n;
+        $this->checker = $checker;
+    }
+
+    /**
+     * Checks if the ownCloud server can connect to the internet using HTTPS and HTTP
+     * @return bool
+     */
+    private function isInternetConnectionWorking() {
+        if ($this->config->getSystemValue('has_internet_connection', true) === false) {
+            return false;
+        }
+
+        try {
+            $client = $this->clientService->newClient();
+            $client->get('https://www.owncloud.org/');
+            $client->get('http://www.owncloud.org/');
+            return true;
+        } catch (\Exception $e) {
+            return false;
+        }
+    }
+
+    /**
+     * Checks whether a local memcache is installed or not
+     * @return bool
+     */
+    private function isMemcacheConfigured() {
+        return $this->config->getSystemValue('memcache.local', null) !== null;
+    }
+
+    /**
+     * Whether /dev/urandom is available to the PHP controller
+     *
+     * @return bool
+     */
+    private function isUrandomAvailable() {
+        if(@file_exists('/dev/urandom')) {
+            $file = fopen('/dev/urandom', 'rb');
+            if($file) {
+                fclose($file);
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Public for the sake of unit-testing
+     *
+     * @return array
+     */
+    protected function getCurlVersion() {
+        return curl_version();
+    }
+
+    /**
+     * Check if the used  SSL lib is outdated. Older OpenSSL and NSS versions do
+     * have multiple bugs which likely lead to problems in combination with
+     * functionality required by ownCloud such as SNI.
+     *
+     * @link https://github.com/owncloud/core/issues/17446#issuecomment-122877546
+     * @link https://bugzilla.redhat.com/show_bug.cgi?id=1241172
+     * @return string
+     */
+    private function isUsedTlsLibOutdated() {
+        // Appstore is disabled by default in EE
+        $appStoreDefault = false;
+        if (\OC_Util::getEditionString() === '') {
+            $appStoreDefault = true;
+        }
+
+        // Don't run check when:
+        // 1. Server has `has_internet_connection` set to false
+        // 2. AppStore AND S2S is disabled
+        if(!$this->config->getSystemValue('has_internet_connection', true)) {
+            return '';
+        }
+        if(!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)
+            && $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'
+            && $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {
+            return '';
+        }
+
+        $versionString = $this->getCurlVersion();
+        if(isset($versionString['ssl_version'])) {
+            $versionString = $versionString['ssl_version'];
+        } else {
+            return '';
+        }
+
+        $features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
+        if(!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)) {
+            $features = (string)$this->l10n->t('Federated Cloud Sharing');
+        }
+
+        // Check if at least OpenSSL after 1.01d or 1.0.2b
+        if(strpos($versionString, 'OpenSSL/') === 0) {
+            $majorVersion = substr($versionString, 8, 5);
+            $patchRelease = substr($versionString, 13, 6);
+
+            if(($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
+                ($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {
+                return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['OpenSSL', $versionString, $features]);
+            }
+        }
+
+        // Check if NSS and perform heuristic check
+        if(strpos($versionString, 'NSS/') === 0) {
+            try {
+                $firstClient = $this->clientService->newClient();
+                $firstClient->get('https://www.owncloud.org/');
+
+                $secondClient = $this->clientService->newClient();
+                $secondClient->get('https://owncloud.org/');
+            } catch (ClientException $e) {
+                if($e->getResponse()->getStatusCode() === 400) {
+                    return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['NSS', $versionString, $features]);
+                }
+            }
+        }
+
+        return '';
+    }
+
+    /**
+     * Whether the php version is still supported (at time of release)
+     * according to: https://secure.php.net/supported-versions.php
+     *
+     * @return array
+     */
+    private function isPhpSupported() {
+        $eol = false;
+
+        //PHP 5.4 is EOL on 14 Sep 2015
+        if (version_compare(PHP_VERSION, '5.5.0') === -1) {
+            $eol = true;
+        }
+
+        return ['eol' => $eol, 'version' => PHP_VERSION];
+    }
+
+    /**
+     * Check if the reverse proxy configuration is working as expected
+     *
+     * @return bool
+     */
+    private function forwardedForHeadersWorking() {
+        $trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
+        $remoteAddress = $this->request->getRemoteAddress();
+
+        if (is_array($trustedProxies) && in_array($remoteAddress, $trustedProxies)) {
+            return false;
+        }
+
+        // either not enabled or working correctly
+        return true;
+    }
+
+    /**
+     * Checks if the correct memcache module for PHP is installed. Only
+     * fails if memcached is configured and the working module is not installed.
+     *
+     * @return bool
+     */
+    private function isCorrectMemcachedPHPModuleInstalled() {
+        if ($this->config->getSystemValue('memcache.distributed', null) !== '\OC\Memcache\Memcached') {
+            return true;
+        }
+
+        // there are two different memcached modules for PHP
+        // we only support memcached and not memcache
+        // https://code.google.com/p/memcached/wiki/PHPClientComparison
+        return !(!extension_loaded('memcached') && extension_loaded('memcache'));
+    }
+
+    /**
+     * @return RedirectResponse
+     */
+    public function rescanFailedIntegrityCheck() {
+        $this->checker->runInstanceVerification();
+        return new RedirectResponse(
+            $this->urlGenerator->linkToRoute('settings_admin')
+        );
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @return DataResponse
+     */
+    public function getFailedIntegrityCheckFiles() {
+        if(!$this->checker->isCodeCheckEnforced()) {
+            return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
+        }
+
+        $completeResults = $this->checker->getResults();
+
+        if(!empty($completeResults)) {
+            $formattedTextResponse = 'Technical information
 =====================
 The following list covers which files have failed the integrity check. Please read
 the previous linked documentation to learn more about the errors and how to fix
@@ -288,64 +288,64 @@ 
 Results
 =======
 ';
-			foreach($completeResults as $context => $contextResult) {
-				$formattedTextResponse .= "- $context\n";
-
-				foreach($contextResult as $category => $result) {
-					$formattedTextResponse .= "\t- $category\n";
-					if($category !== 'EXCEPTION') {
-						foreach ($result as $key => $results) {
-							$formattedTextResponse .= "\t\t- $key\n";
-						}
-					} else {
-						foreach ($result as $key => $results) {
-							$formattedTextResponse .= "\t\t- $results\n";
-						}
-					}
-
-				}
-			}
-
-			$formattedTextResponse .= '
+            foreach($completeResults as $context => $contextResult) {
+                $formattedTextResponse .= "- $context\n";
+
+                foreach($contextResult as $category => $result) {
+                    $formattedTextResponse .= "\t- $category\n";
+                    if($category !== 'EXCEPTION') {
+                        foreach ($result as $key => $results) {
+                            $formattedTextResponse .= "\t\t- $key\n";
+                        }
+                    } else {
+                        foreach ($result as $key => $results) {
+                            $formattedTextResponse .= "\t\t- $results\n";
+                        }
+                    }
+
+                }
+            }
+
+            $formattedTextResponse .= '
 Raw output
 ==========
 ';
-			$formattedTextResponse .= print_r($completeResults, true);
-		} else {
-			$formattedTextResponse = 'No errors have been found.';
-		}
-
-
-		$response = new DataDisplayResponse(
-			$formattedTextResponse,
-			Http::STATUS_OK,
-			[
-				'Content-Type' => 'text/plain',
-			]
-		);
-
-		return $response;
-	}
-
-	/**
-	 * @return DataResponse
-	 */
-	public function check() {
-		return new DataResponse(
-			[
-				'serverHasInternetConnection' => $this->isInternetConnectionWorking(),
-				'isMemcacheConfigured' => $this->isMemcacheConfigured(),
-				'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
-				'isUrandomAvailable' => $this->isUrandomAvailable(),
-				'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),
-				'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),
-				'phpSupported' => $this->isPhpSupported(),
-				'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(),
-				'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),
-				'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),
-				'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),
-				'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),
-			]
-		);
-	}
+            $formattedTextResponse .= print_r($completeResults, true);
+        } else {
+            $formattedTextResponse = 'No errors have been found.';
+        }
+
+
+        $response = new DataDisplayResponse(
+            $formattedTextResponse,
+            Http::STATUS_OK,
+            [
+                'Content-Type' => 'text/plain',
+            ]
+        );
+
+        return $response;
+    }
+
+    /**
+     * @return DataResponse
+     */
+    public function check() {
+        return new DataResponse(
+            [
+                'serverHasInternetConnection' => $this->isInternetConnectionWorking(),
+                'isMemcacheConfigured' => $this->isMemcacheConfigured(),
+                'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
+                'isUrandomAvailable' => $this->isUrandomAvailable(),
+                'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),
+                'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(),
+                'phpSupported' => $this->isPhpSupported(),
+                'forwardedForHeadersWorking' => $this->forwardedForHeadersWorking(),
+                'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'),
+                'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(),
+                'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(),
+                'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'),
+            ]
+        );
+    }
 }

Spacing +17 added lines, -17 removed lines

@@ -117,9 +117,9 @@ 
 	 * @return bool
 	 */
 	private function isUrandomAvailable() {
-		if(@file_exists('/dev/urandom')) {
+		if (@file_exists('/dev/urandom')) {
 			$file = fopen('/dev/urandom', 'rb');
-			if($file) {
+			if ($file) {
 				fclose($file);
 				return true;
 			}
@@ -156,40 +156,40 @@ 
 		// Don't run check when:
 		// 1. Server has `has_internet_connection` set to false
 		// 2. AppStore AND S2S is disabled
-		if(!$this->config->getSystemValue('has_internet_connection', true)) {
+		if (!$this->config->getSystemValue('has_internet_connection', true)) {
 			return '';
 		}
-		if(!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)
+		if (!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)
 			&& $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'no'
 			&& $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'no') {
 			return '';
 		}
 
 		$versionString = $this->getCurlVersion();
-		if(isset($versionString['ssl_version'])) {
+		if (isset($versionString['ssl_version'])) {
 			$versionString = $versionString['ssl_version'];
 		} else {
 			return '';
 		}
 
-		$features = (string)$this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
-		if(!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)) {
-			$features = (string)$this->l10n->t('Federated Cloud Sharing');
+		$features = (string) $this->l10n->t('installing and updating apps via the app store or Federated Cloud Sharing');
+		if (!$this->config->getSystemValue('appstoreenabled', $appStoreDefault)) {
+			$features = (string) $this->l10n->t('Federated Cloud Sharing');
 		}
 
 		// Check if at least OpenSSL after 1.01d or 1.0.2b
-		if(strpos($versionString, 'OpenSSL/') === 0) {
+		if (strpos($versionString, 'OpenSSL/') === 0) {
 			$majorVersion = substr($versionString, 8, 5);
 			$patchRelease = substr($versionString, 13, 6);
 
-			if(($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
+			if (($majorVersion === '1.0.1' && ord($patchRelease) < ord('d')) ||
 				($majorVersion === '1.0.2' && ord($patchRelease) < ord('b'))) {
 				return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['OpenSSL', $versionString, $features]);
 			}
 		}
 
 		// Check if NSS and perform heuristic check
-		if(strpos($versionString, 'NSS/') === 0) {
+		if (strpos($versionString, 'NSS/') === 0) {
 			try {
 				$firstClient = $this->clientService->newClient();
 				$firstClient->get('https://www.owncloud.org/');
@@ -197,7 +197,7 @@ 
 				$secondClient = $this->clientService->newClient();
 				$secondClient->get('https://owncloud.org/');
 			} catch (ClientException $e) {
-				if($e->getResponse()->getStatusCode() === 400) {
+				if ($e->getResponse()->getStatusCode() === 400) {
 					return (string) $this->l10n->t('cURL is using an outdated %s version (%s). Please update your operating system or features such as %s will not work reliably.', ['NSS', $versionString, $features]);
 				}
 			}
@@ -277,13 +277,13 @@ 
 	 * @return DataResponse
 	 */
 	public function getFailedIntegrityCheckFiles() {
-		if(!$this->checker->isCodeCheckEnforced()) {
+		if (!$this->checker->isCodeCheckEnforced()) {
 			return new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
 		}
 
 		$completeResults = $this->checker->getResults();
 
-		if(!empty($completeResults)) {
+		if (!empty($completeResults)) {
 			$formattedTextResponse = 'Technical information
 =====================
 The following list covers which files have failed the integrity check. Please read
@@ -293,12 +293,12 @@ 
 Results
 =======
 ';
-			foreach($completeResults as $context => $contextResult) {
+			foreach ($completeResults as $context => $contextResult) {
 				$formattedTextResponse .= "- $context\n";
 
-				foreach($contextResult as $category => $result) {
+				foreach ($contextResult as $category => $result) {
 					$formattedTextResponse .= "\t- $category\n";
-					if($category !== 'EXCEPTION') {
+					if ($category !== 'EXCEPTION') {
 						foreach ($result as $key => $results) {
 							$formattedTextResponse .= "\t\t- $key\n";
 						}

apps/files_sharing/lib/helper.php

Doc Comments +1 added lines

@@ -303,6 +303,7 @@
 	 * get default share folder
 	 *
 	 * @param \OC\Files\View
+	 * @param View $view
 	 * @return string
 	 */
 	public static function getShareFolder($view = null) {

Indentation +300 added lines, -300 removed lines

@@ -36,305 +36,305 @@
 
 class Helper {
 
-	public static function registerHooks() {
-		\OCP\Util::connectHook('OC_Filesystem', 'delete', '\OC\Files\Cache\Shared_Updater', 'deleteHook');
-		\OCP\Util::connectHook('OC_Filesystem', 'post_rename', '\OC\Files\Cache\Shared_Updater', 'renameHook');
-		\OCP\Util::connectHook('OC_Filesystem', 'post_delete', '\OCA\Files_Sharing\Hooks', 'unshareChildren');
-		\OCP\Util::connectHook('OC_Appconfig', 'post_set_value', '\OCA\Files\Share\Maintainer', 'configChangeHook');
-
-		\OCP\Util::connectHook('OCP\Share', 'post_shared', '\OC\Files\Cache\Shared_Updater', 'postShareHook');
-		\OCP\Util::connectHook('OCP\Share', 'post_unshare', '\OC\Files\Cache\Shared_Updater', 'postUnshareHook');
-		\OCP\Util::connectHook('OCP\Share', 'post_unshareFromSelf', '\OC\Files\Cache\Shared_Updater', 'postUnshareFromSelfHook');
-
-		\OCP\Util::connectHook('OC_User', 'post_deleteUser', '\OCA\Files_Sharing\Hooks', 'deleteUser');
-	}
-
-	/**
-	 * Sets up the filesystem and user for public sharing
-	 * @param string $token string share token
-	 * @param string $relativePath optional path relative to the share
-	 * @param string $password optional password
-	 * @return array
-	 */
-	public static function setupFromToken($token, $relativePath = null, $password = null) {
-		\OC_User::setIncognitoMode(true);
-
-		$linkItem = \OCP\Share::getShareByToken($token, !$password);
-		if($linkItem === false || ($linkItem['item_type'] !== 'file' && $linkItem['item_type'] !== 'folder')) {
-			\OC_Response::setStatus(404);
-			\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
-			exit;
-		}
-
-		if(!isset($linkItem['uid_owner']) || !isset($linkItem['file_source'])) {
-			\OC_Response::setStatus(500);
-			\OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OCP\Util::WARN);
-			exit;
-		}
-
-		$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
-		$path = null;
-		if (isset($rootLinkItem['uid_owner'])) {
-			\OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
-			\OC_Util::tearDownFS();
-			\OC_Util::setupFS($rootLinkItem['uid_owner']);
-		}
-
-		try {
-			$path = Filesystem::getPath($linkItem['file_source']);
-		} catch (NotFoundException $e) {
-			\OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);
-			\OC_Response::setStatus(404);
-			\OCP\JSON::error(array('success' => false));
-			exit();
-		}
-
-		if (!isset($linkItem['item_type'])) {
-			\OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
-			\OC_Response::setStatus(404);
-			\OCP\JSON::error(array('success' => false));
-			exit();
-		}
-
-		if (isset($linkItem['share_with']) && (int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK) {
-			if (!self::authenticate($linkItem, $password)) {
-				\OC_Response::setStatus(403);
-				\OCP\JSON::error(array('success' => false));
-				exit();
-			}
-		}
-
-		$basePath = $path;
-
-		if ($relativePath !== null && Filesystem::isReadable($basePath . $relativePath)) {
-			$path .= Filesystem::normalizePath($relativePath);
-		}
-
-		return array(
-			'linkItem' => $linkItem,
-			'basePath' => $basePath,
-			'realPath' => $path
-		);
-	}
-
-	/**
-	 * Authenticate link item with the given password
-	 * or with the session if no password was given.
-	 * @param array $linkItem link item array
-	 * @param string $password optional password
-	 *
-	 * @return boolean true if authorized, false otherwise
-	 */
-	public static function authenticate($linkItem, $password = null) {
-		if ($password !== null) {
-			if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
-				// Check Password
-				$newHash = '';
-				if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
-					// Save item id in session for future requests
-					\OC::$server->getSession()->set('public_link_authenticated', (string) $linkItem['id']);
-
-					/**
-					 * FIXME: Migrate old hashes to new hash format
-					 * Due to the fact that there is no reasonable functionality to update the password
-					 * of an existing share no migration is yet performed there.
-					 * The only possibility is to update the existing share which will result in a new
-					 * share ID and is a major hack.
-					 *
-					 * In the future the migration should be performed once there is a proper method
-					 * to update the share's password. (for example `$share->updatePassword($password)`
-					 *
-					 * @link https://github.com/owncloud/core/issues/10671
-					 */
-					if(!empty($newHash)) {
-
-					}
-				} else {
-					return false;
-				}
-			} else {
-				\OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
-					.' for share id '.$linkItem['id'], \OCP\Util::ERROR);
-				return false;
-			}
-
-		}
-		else {
-			// not authenticated ?
-			if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
-				|| \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	public static function getSharesFromItem($target) {
-		$result = array();
-		$owner = Filesystem::getOwner($target);
-		Filesystem::initMountPoints($owner);
-		$info = Filesystem::getFileInfo($target);
-		$ownerView = new View('/'.$owner.'/files');
-		if ( $owner != User::getUser() ) {
-			$path = $ownerView->getPath($info['fileid']);
-		} else {
-			$path = $target;
-		}
-
-
-		$ids = array();
-		while ($path !== dirname($path)) {
-			$info = $ownerView->getFileInfo($path);
-			if ($info instanceof \OC\Files\FileInfo) {
-				$ids[] = $info['fileid'];
-			} else {
-				\OCP\Util::writeLog('sharing', 'No fileinfo available for: ' . $path, \OCP\Util::WARN);
-			}
-			$path = dirname($path);
-		}
-
-		if (!empty($ids)) {
-
-			$idList = array_chunk($ids, 99, true);
-
-			foreach ($idList as $subList) {
-				$statement = "SELECT `share_with`, `share_type`, `file_target` FROM `*PREFIX*share` WHERE `file_source` IN (" . implode(',', $subList) . ") AND `share_type` IN (0, 1, 2)";
-				$query = \OCP\DB::prepare($statement);
-				$r = $query->execute();
-				$result = array_merge($result, $r->fetchAll());
-			}
-		}
-
-		return $result;
-	}
-
-	/**
-	 * get the UID of the owner of the file and the path to the file relative to
-	 * owners files folder
-	 *
-	 * @param $filename
-	 * @return array
-	 * @throws \OC\User\NoUserException
-	 */
-	public static function getUidAndFilename($filename) {
-		$uid = Filesystem::getOwner($filename);
-		$userManager = \OC::$server->getUserManager();
-		// if the user with the UID doesn't exists, e.g. because the UID points
-		// to a remote user with a federated cloud ID we use the current logged-in
-		// user. We need a valid local user to create the share
-		if (!$userManager->userExists($uid)) {
-			$uid = User::getUser();
-		}
-		Filesystem::initMountPoints($uid);
-		if ( $uid != User::getUser() ) {
-			$info = Filesystem::getFileInfo($filename);
-			$ownerView = new View('/'.$uid.'/files');
-			try {
-				$filename = $ownerView->getPath($info['fileid']);
-			} catch (NotFoundException $e) {
-				$filename = null;
-			}
-		}
-		return [$uid, $filename];
-	}
-
-	/**
-	 * Format a path to be relative to the /user/files/ directory
-	 * @param string $path the absolute path
-	 * @return string e.g. turns '/admin/files/test.txt' into 'test.txt'
-	 */
-	public static function stripUserFilesPath($path) {
-		$trimmed = ltrim($path, '/');
-		$split = explode('/', $trimmed);
-
-		// it is not a file relative to data/user/files
-		if (count($split) < 3 || $split[1] !== 'files') {
-			return false;
-		}
-
-		$sliced = array_slice($split, 2);
-		$relPath = implode('/', $sliced);
-
-		return $relPath;
-	}
-
-	/**
-	 * check if file name already exists and generate unique target
-	 *
-	 * @param string $path
-	 * @param array $excludeList
-	 * @param View $view
-	 * @return string $path
-	 */
-	public static function generateUniqueTarget($path, $excludeList, $view) {
-		$pathinfo = pathinfo($path);
-		$ext = (isset($pathinfo['extension'])) ? '.'.$pathinfo['extension'] : '';
-		$name = $pathinfo['filename'];
-		$dir = $pathinfo['dirname'];
-		$i = 2;
-		while ($view->file_exists($path) || in_array($path, $excludeList)) {
-			$path = Filesystem::normalizePath($dir . '/' . $name . ' ('.$i.')' . $ext);
-			$i++;
-		}
-
-		return $path;
-	}
-
-	/**
-	 * allow users from other ownCloud instances to mount public links share by this instance
-	 * @return bool
-	 */
-	public static function isOutgoingServer2serverShareEnabled() {
-		$appConfig = \OC::$server->getAppConfig();
-		$result = $appConfig->getValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
-		return ($result === 'yes') ? true : false;
-	}
-
-	/**
-	 * allow user to mount public links from onther ownClouds
-	 * @return bool
-	 */
-	public static function isIncomingServer2serverShareEnabled() {
-		$appConfig = \OC::$server->getAppConfig();
-		$result = $appConfig->getValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
-		return ($result === 'yes') ? true : false;
-	}
-
-	/**
-	 * get default share folder
-	 *
-	 * @param \OC\Files\View
-	 * @return string
-	 */
-	public static function getShareFolder($view = null) {
-		if ($view === null) {
-			$view = Filesystem::getView();
-		}
-		$shareFolder = \OC::$server->getConfig()->getSystemValue('share_folder', '/');
-		$shareFolder = Filesystem::normalizePath($shareFolder);
-
-		if (!$view->file_exists($shareFolder)) {
-			$dir = '';
-			$subdirs = explode('/', $shareFolder);
-			foreach ($subdirs as $subdir) {
-				$dir = $dir . '/' . $subdir;
-				if (!$view->is_dir($dir)) {
-					$view->mkdir($dir);
-				}
-			}
-		}
-
-		return $shareFolder;
-
-	}
-
-	/**
-	 * set default share folder
-	 *
-	 * @param string $shareFolder
-	 */
-	public static function setShareFolder($shareFolder) {
-		\OC::$server->getConfig()->setSystemValue('share_folder', $shareFolder);
-	}
+    public static function registerHooks() {
+        \OCP\Util::connectHook('OC_Filesystem', 'delete', '\OC\Files\Cache\Shared_Updater', 'deleteHook');
+        \OCP\Util::connectHook('OC_Filesystem', 'post_rename', '\OC\Files\Cache\Shared_Updater', 'renameHook');
+        \OCP\Util::connectHook('OC_Filesystem', 'post_delete', '\OCA\Files_Sharing\Hooks', 'unshareChildren');
+        \OCP\Util::connectHook('OC_Appconfig', 'post_set_value', '\OCA\Files\Share\Maintainer', 'configChangeHook');
+
+        \OCP\Util::connectHook('OCP\Share', 'post_shared', '\OC\Files\Cache\Shared_Updater', 'postShareHook');
+        \OCP\Util::connectHook('OCP\Share', 'post_unshare', '\OC\Files\Cache\Shared_Updater', 'postUnshareHook');
+        \OCP\Util::connectHook('OCP\Share', 'post_unshareFromSelf', '\OC\Files\Cache\Shared_Updater', 'postUnshareFromSelfHook');
+
+        \OCP\Util::connectHook('OC_User', 'post_deleteUser', '\OCA\Files_Sharing\Hooks', 'deleteUser');
+    }
+
+    /**
+     * Sets up the filesystem and user for public sharing
+     * @param string $token string share token
+     * @param string $relativePath optional path relative to the share
+     * @param string $password optional password
+     * @return array
+     */
+    public static function setupFromToken($token, $relativePath = null, $password = null) {
+        \OC_User::setIncognitoMode(true);
+
+        $linkItem = \OCP\Share::getShareByToken($token, !$password);
+        if($linkItem === false || ($linkItem['item_type'] !== 'file' && $linkItem['item_type'] !== 'folder')) {
+            \OC_Response::setStatus(404);
+            \OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
+            exit;
+        }
+
+        if(!isset($linkItem['uid_owner']) || !isset($linkItem['file_source'])) {
+            \OC_Response::setStatus(500);
+            \OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OCP\Util::WARN);
+            exit;
+        }
+
+        $rootLinkItem = \OCP\Share::resolveReShare($linkItem);
+        $path = null;
+        if (isset($rootLinkItem['uid_owner'])) {
+            \OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
+            \OC_Util::tearDownFS();
+            \OC_Util::setupFS($rootLinkItem['uid_owner']);
+        }
+
+        try {
+            $path = Filesystem::getPath($linkItem['file_source']);
+        } catch (NotFoundException $e) {
+            \OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);
+            \OC_Response::setStatus(404);
+            \OCP\JSON::error(array('success' => false));
+            exit();
+        }
+
+        if (!isset($linkItem['item_type'])) {
+            \OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
+            \OC_Response::setStatus(404);
+            \OCP\JSON::error(array('success' => false));
+            exit();
+        }
+
+        if (isset($linkItem['share_with']) && (int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK) {
+            if (!self::authenticate($linkItem, $password)) {
+                \OC_Response::setStatus(403);
+                \OCP\JSON::error(array('success' => false));
+                exit();
+            }
+        }
+
+        $basePath = $path;
+
+        if ($relativePath !== null && Filesystem::isReadable($basePath . $relativePath)) {
+            $path .= Filesystem::normalizePath($relativePath);
+        }
+
+        return array(
+            'linkItem' => $linkItem,
+            'basePath' => $basePath,
+            'realPath' => $path
+        );
+    }
+
+    /**
+     * Authenticate link item with the given password
+     * or with the session if no password was given.
+     * @param array $linkItem link item array
+     * @param string $password optional password
+     *
+     * @return boolean true if authorized, false otherwise
+     */
+    public static function authenticate($linkItem, $password = null) {
+        if ($password !== null) {
+            if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
+                // Check Password
+                $newHash = '';
+                if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
+                    // Save item id in session for future requests
+                    \OC::$server->getSession()->set('public_link_authenticated', (string) $linkItem['id']);
+
+                    /**
+                     * FIXME: Migrate old hashes to new hash format
+                     * Due to the fact that there is no reasonable functionality to update the password
+                     * of an existing share no migration is yet performed there.
+                     * The only possibility is to update the existing share which will result in a new
+                     * share ID and is a major hack.
+                     *
+                     * In the future the migration should be performed once there is a proper method
+                     * to update the share's password. (for example `$share->updatePassword($password)`
+                     *
+                     * @link https://github.com/owncloud/core/issues/10671
+                     */
+                    if(!empty($newHash)) {
+
+                    }
+                } else {
+                    return false;
+                }
+            } else {
+                \OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
+                    .' for share id '.$linkItem['id'], \OCP\Util::ERROR);
+                return false;
+            }
+
+        }
+        else {
+            // not authenticated ?
+            if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
+                || \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static function getSharesFromItem($target) {
+        $result = array();
+        $owner = Filesystem::getOwner($target);
+        Filesystem::initMountPoints($owner);
+        $info = Filesystem::getFileInfo($target);
+        $ownerView = new View('/'.$owner.'/files');
+        if ( $owner != User::getUser() ) {
+            $path = $ownerView->getPath($info['fileid']);
+        } else {
+            $path = $target;
+        }
+
+
+        $ids = array();
+        while ($path !== dirname($path)) {
+            $info = $ownerView->getFileInfo($path);
+            if ($info instanceof \OC\Files\FileInfo) {
+                $ids[] = $info['fileid'];
+            } else {
+                \OCP\Util::writeLog('sharing', 'No fileinfo available for: ' . $path, \OCP\Util::WARN);
+            }
+            $path = dirname($path);
+        }
+
+        if (!empty($ids)) {
+
+            $idList = array_chunk($ids, 99, true);
+
+            foreach ($idList as $subList) {
+                $statement = "SELECT `share_with`, `share_type`, `file_target` FROM `*PREFIX*share` WHERE `file_source` IN (" . implode(',', $subList) . ") AND `share_type` IN (0, 1, 2)";
+                $query = \OCP\DB::prepare($statement);
+                $r = $query->execute();
+                $result = array_merge($result, $r->fetchAll());
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * get the UID of the owner of the file and the path to the file relative to
+     * owners files folder
+     *
+     * @param $filename
+     * @return array
+     * @throws \OC\User\NoUserException
+     */
+    public static function getUidAndFilename($filename) {
+        $uid = Filesystem::getOwner($filename);
+        $userManager = \OC::$server->getUserManager();
+        // if the user with the UID doesn't exists, e.g. because the UID points
+        // to a remote user with a federated cloud ID we use the current logged-in
+        // user. We need a valid local user to create the share
+        if (!$userManager->userExists($uid)) {
+            $uid = User::getUser();
+        }
+        Filesystem::initMountPoints($uid);
+        if ( $uid != User::getUser() ) {
+            $info = Filesystem::getFileInfo($filename);
+            $ownerView = new View('/'.$uid.'/files');
+            try {
+                $filename = $ownerView->getPath($info['fileid']);
+            } catch (NotFoundException $e) {
+                $filename = null;
+            }
+        }
+        return [$uid, $filename];
+    }
+
+    /**
+     * Format a path to be relative to the /user/files/ directory
+     * @param string $path the absolute path
+     * @return string e.g. turns '/admin/files/test.txt' into 'test.txt'
+     */
+    public static function stripUserFilesPath($path) {
+        $trimmed = ltrim($path, '/');
+        $split = explode('/', $trimmed);
+
+        // it is not a file relative to data/user/files
+        if (count($split) < 3 || $split[1] !== 'files') {
+            return false;
+        }
+
+        $sliced = array_slice($split, 2);
+        $relPath = implode('/', $sliced);
+
+        return $relPath;
+    }
+
+    /**
+     * check if file name already exists and generate unique target
+     *
+     * @param string $path
+     * @param array $excludeList
+     * @param View $view
+     * @return string $path
+     */
+    public static function generateUniqueTarget($path, $excludeList, $view) {
+        $pathinfo = pathinfo($path);
+        $ext = (isset($pathinfo['extension'])) ? '.'.$pathinfo['extension'] : '';
+        $name = $pathinfo['filename'];
+        $dir = $pathinfo['dirname'];
+        $i = 2;
+        while ($view->file_exists($path) || in_array($path, $excludeList)) {
+            $path = Filesystem::normalizePath($dir . '/' . $name . ' ('.$i.')' . $ext);
+            $i++;
+        }
+
+        return $path;
+    }
+
+    /**
+     * allow users from other ownCloud instances to mount public links share by this instance
+     * @return bool
+     */
+    public static function isOutgoingServer2serverShareEnabled() {
+        $appConfig = \OC::$server->getAppConfig();
+        $result = $appConfig->getValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
+        return ($result === 'yes') ? true : false;
+    }
+
+    /**
+     * allow user to mount public links from onther ownClouds
+     * @return bool
+     */
+    public static function isIncomingServer2serverShareEnabled() {
+        $appConfig = \OC::$server->getAppConfig();
+        $result = $appConfig->getValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
+        return ($result === 'yes') ? true : false;
+    }
+
+    /**
+     * get default share folder
+     *
+     * @param \OC\Files\View
+     * @return string
+     */
+    public static function getShareFolder($view = null) {
+        if ($view === null) {
+            $view = Filesystem::getView();
+        }
+        $shareFolder = \OC::$server->getConfig()->getSystemValue('share_folder', '/');
+        $shareFolder = Filesystem::normalizePath($shareFolder);
+
+        if (!$view->file_exists($shareFolder)) {
+            $dir = '';
+            $subdirs = explode('/', $shareFolder);
+            foreach ($subdirs as $subdir) {
+                $dir = $dir . '/' . $subdir;
+                if (!$view->is_dir($dir)) {
+                    $view->mkdir($dir);
+                }
+            }
+        }
+
+        return $shareFolder;
+
+    }
+
+    /**
+     * set default share folder
+     *
+     * @param string $shareFolder
+     */
+    public static function setShareFolder($shareFolder) {
+        \OC::$server->getConfig()->setSystemValue('share_folder', $shareFolder);
+    }
 
 }

Spacing +16 added lines, -16 removed lines

@@ -60,15 +60,15 @@ 
 		\OC_User::setIncognitoMode(true);
 
 		$linkItem = \OCP\Share::getShareByToken($token, !$password);
-		if($linkItem === false || ($linkItem['item_type'] !== 'file' && $linkItem['item_type'] !== 'folder')) {
+		if ($linkItem === false || ($linkItem['item_type'] !== 'file' && $linkItem['item_type'] !== 'folder')) {
 			\OC_Response::setStatus(404);
 			\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
 			exit;
 		}
 
-		if(!isset($linkItem['uid_owner']) || !isset($linkItem['file_source'])) {
+		if (!isset($linkItem['uid_owner']) || !isset($linkItem['file_source'])) {
 			\OC_Response::setStatus(500);
-			\OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OCP\Util::WARN);
+			\OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("'.$token.'")', \OCP\Util::WARN);
 			exit;
 		}
 
@@ -90,13 +90,13 @@ 
 		}
 
 		if (!isset($linkItem['item_type'])) {
-			\OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
+			\OCP\Util::writeLog('share', 'No item type set for share id: '.$linkItem['id'], \OCP\Util::ERROR);
 			\OC_Response::setStatus(404);
 			\OCP\JSON::error(array('success' => false));
 			exit();
 		}
 
-		if (isset($linkItem['share_with']) && (int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK) {
+		if (isset($linkItem['share_with']) && (int) $linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK) {
 			if (!self::authenticate($linkItem, $password)) {
 				\OC_Response::setStatus(403);
 				\OCP\JSON::error(array('success' => false));
@@ -106,7 +106,7 @@ 
 
 		$basePath = $path;
 
-		if ($relativePath !== null && Filesystem::isReadable($basePath . $relativePath)) {
+		if ($relativePath !== null && Filesystem::isReadable($basePath.$relativePath)) {
 			$path .= Filesystem::normalizePath($relativePath);
 		}
 
@@ -130,7 +130,7 @@ 
 			if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
 				// Check Password
 				$newHash = '';
-				if(\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
+				if (\OC::$server->getHasher()->verify($password, $linkItem['share_with'], $newHash)) {
 					// Save item id in session for future requests
 					\OC::$server->getSession()->set('public_link_authenticated', (string) $linkItem['id']);
 
@@ -146,7 +146,7 @@ 
 					 *
 					 * @link https://github.com/owncloud/core/issues/10671
 					 */
-					if(!empty($newHash)) {
+					if (!empty($newHash)) {
 
 					}
 				} else {
@@ -161,8 +161,8 @@ 
 		}
 		else {
 			// not authenticated ?
-			if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
-				|| \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) {
+			if (!\OC::$server->getSession()->exists('public_link_authenticated')
+				|| \OC::$server->getSession()->get('public_link_authenticated') !== (string) $linkItem['id']) {
 				return false;
 			}
 		}
@@ -175,7 +175,7 @@ 
 		Filesystem::initMountPoints($owner);
 		$info = Filesystem::getFileInfo($target);
 		$ownerView = new View('/'.$owner.'/files');
-		if ( $owner != User::getUser() ) {
+		if ($owner != User::getUser()) {
 			$path = $ownerView->getPath($info['fileid']);
 		} else {
 			$path = $target;
@@ -188,7 +188,7 @@ 
 			if ($info instanceof \OC\Files\FileInfo) {
 				$ids[] = $info['fileid'];
 			} else {
-				\OCP\Util::writeLog('sharing', 'No fileinfo available for: ' . $path, \OCP\Util::WARN);
+				\OCP\Util::writeLog('sharing', 'No fileinfo available for: '.$path, \OCP\Util::WARN);
 			}
 			$path = dirname($path);
 		}
@@ -198,7 +198,7 @@ 
 			$idList = array_chunk($ids, 99, true);
 
 			foreach ($idList as $subList) {
-				$statement = "SELECT `share_with`, `share_type`, `file_target` FROM `*PREFIX*share` WHERE `file_source` IN (" . implode(',', $subList) . ") AND `share_type` IN (0, 1, 2)";
+				$statement = "SELECT `share_with`, `share_type`, `file_target` FROM `*PREFIX*share` WHERE `file_source` IN (".implode(',', $subList).") AND `share_type` IN (0, 1, 2)";
 				$query = \OCP\DB::prepare($statement);
 				$r = $query->execute();
 				$result = array_merge($result, $r->fetchAll());
@@ -226,7 +226,7 @@ 
 			$uid = User::getUser();
 		}
 		Filesystem::initMountPoints($uid);
-		if ( $uid != User::getUser() ) {
+		if ($uid != User::getUser()) {
 			$info = Filesystem::getFileInfo($filename);
 			$ownerView = new View('/'.$uid.'/files');
 			try {
@@ -273,7 +273,7 @@ 
 		$dir = $pathinfo['dirname'];
 		$i = 2;
 		while ($view->file_exists($path) || in_array($path, $excludeList)) {
-			$path = Filesystem::normalizePath($dir . '/' . $name . ' ('.$i.')' . $ext);
+			$path = Filesystem::normalizePath($dir.'/'.$name.' ('.$i.')'.$ext);
 			$i++;
 		}
 
@@ -317,7 +317,7 @@ 
 			$dir = '';
 			$subdirs = explode('/', $shareFolder);
 			foreach ($subdirs as $subdir) {
-				$dir = $dir . '/' . $subdir;
+				$dir = $dir.'/'.$subdir;
 				if (!$view->is_dir($dir)) {
 					$view->mkdir($dir);
 				}

Braces +1 added lines, -2 removed lines

@@ -158,8 +158,7 @@
 				return false;
 			}
 
-		}
-		else {
+		} else {
 			// not authenticated ?
 			if ( ! \OC::$server->getSession()->exists('public_link_authenticated')
 				|| \OC::$server->getSession()->get('public_link_authenticated') !== (string)$linkItem['id']) {

apps/files_sharing/lib/sharedmount.php

Doc Comments +1 added lines, -1 removed lines

@@ -99,7 +99,7 @@
 	 * @param string $path
 	 * @param View $view
 	 * @param SharedMount[] $mountpoints
-	 * @return mixed
+	 * @return string
 	 */
 	private function generateUniqueTarget($path, $view, array $mountpoints) {
 		$pathinfo = pathinfo($path);

Indentation +206 added lines, -206 removed lines

@@ -36,212 +36,212 @@
  * Shared mount points can be moved by the user
  */
 class SharedMount extends MountPoint implements MoveableMount {
-	/**
-	 * @var \OC\Files\Storage\Shared $storage
-	 */
-	protected $storage = null;
-
-	/**
-	 * @var \OC\Files\View
-	 */
-	private $recipientView;
-
-	/**
-	 * @var string
-	 */
-	private $user;
-
-	/**
-	 * @param string $storage
-	 * @param SharedMount[] $mountpoints
-	 * @param array|null $arguments
-	 * @param \OCP\Files\Storage\IStorageFactory $loader
-	 */
-	public function __construct($storage, array $mountpoints, $arguments = null, $loader = null) {
-		$this->user = $arguments['user'];
-		$this->recipientView = new View('/' . $this->user . '/files');
-		$newMountPoint = $this->verifyMountPoint($arguments['share'], $mountpoints);
-		$absMountPoint = '/' . $this->user . '/files' . $newMountPoint;
-		$arguments['ownerView'] = new View('/' . $arguments['share']['uid_owner'] . '/files');
-		parent::__construct($storage, $absMountPoint, $arguments, $loader);
-	}
-
-	/**
-	 * check if the parent folder exists otherwise move the mount point up
-	 *
-	 * @param array $share
-	 * @param SharedMount[] $mountpoints
-	 * @return string
-	 */
-	private function verifyMountPoint(&$share, array $mountpoints) {
-
-		$mountPoint = basename($share['file_target']);
-		$parent = dirname($share['file_target']);
-
-		if (!$this->recipientView->is_dir($parent)) {
-			$parent = Helper::getShareFolder($this->recipientView);
-		}
-
-		$newMountPoint = $this->generateUniqueTarget(
-			\OC\Files\Filesystem::normalizePath($parent . '/' . $mountPoint),
-			$this->recipientView,
-			$mountpoints
-		);
-
-		if ($newMountPoint !== $share['file_target']) {
-			$this->updateFileTarget($newMountPoint, $share);
-			$share['file_target'] = $newMountPoint;
-			$share['unique_name'] = true;
-		}
-
-		return $newMountPoint;
-	}
-
-	/**
-	 * @param string $path
-	 * @param View $view
-	 * @param SharedMount[] $mountpoints
-	 * @return mixed
-	 */
-	private function generateUniqueTarget($path, $view, array $mountpoints) {
-		$pathinfo = pathinfo($path);
-		$ext = (isset($pathinfo['extension'])) ? '.'.$pathinfo['extension'] : '';
-		$name = $pathinfo['filename'];
-		$dir = $pathinfo['dirname'];
-
-		// Helper function to find existing mount points
-		$mountpointExists = function($path) use ($mountpoints) {
-			foreach ($mountpoints as $mountpoint) {
-				if ($mountpoint->getShare()['file_target'] === $path) {
-					return true;
-				}
-			}
-			return false;
-		};
-
-		$i = 2;
-		while ($view->file_exists($path) || $mountpointExists($path)) {
-			$path = Filesystem::normalizePath($dir . '/' . $name . ' ('.$i.')' . $ext);
-			$i++;
-		}
-
-		return $path;
-	}
-
-	/**
-	 * update fileTarget in the database if the mount point changed
-	 *
-	 * @param string $newPath
-	 * @param array $share reference to the share which should be modified
-	 * @return bool
-	 */
-	private function updateFileTarget($newPath, &$share) {
-		// if the user renames a mount point from a group share we need to create a new db entry
-		// for the unique name
-		if ($share['share_type'] === \OCP\Share::SHARE_TYPE_GROUP && empty($share['unique_name'])) {
-			$query = \OCP\DB::prepare('INSERT INTO `*PREFIX*share` (`item_type`, `item_source`, `item_target`,'
-			.' `share_type`, `share_with`, `uid_owner`, `permissions`, `stime`, `file_source`,'
-			.' `file_target`, `token`, `parent`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)');
-			$arguments = array($share['item_type'], $share['item_source'], $share['item_target'],
-				2, $this->user, $share['uid_owner'], $share['permissions'], $share['stime'], $share['file_source'],
-				$newPath, $share['token'], $share['id']);
-		} else {
-			// rename mount point
-			$query = \OCP\DB::prepare(
-					'Update `*PREFIX*share`
+    /**
+     * @var \OC\Files\Storage\Shared $storage
+     */
+    protected $storage = null;
+
+    /**
+     * @var \OC\Files\View
+     */
+    private $recipientView;
+
+    /**
+     * @var string
+     */
+    private $user;
+
+    /**
+     * @param string $storage
+     * @param SharedMount[] $mountpoints
+     * @param array|null $arguments
+     * @param \OCP\Files\Storage\IStorageFactory $loader
+     */
+    public function __construct($storage, array $mountpoints, $arguments = null, $loader = null) {
+        $this->user = $arguments['user'];
+        $this->recipientView = new View('/' . $this->user . '/files');
+        $newMountPoint = $this->verifyMountPoint($arguments['share'], $mountpoints);
+        $absMountPoint = '/' . $this->user . '/files' . $newMountPoint;
+        $arguments['ownerView'] = new View('/' . $arguments['share']['uid_owner'] . '/files');
+        parent::__construct($storage, $absMountPoint, $arguments, $loader);
+    }
+
+    /**
+     * check if the parent folder exists otherwise move the mount point up
+     *
+     * @param array $share
+     * @param SharedMount[] $mountpoints
+     * @return string
+     */
+    private function verifyMountPoint(&$share, array $mountpoints) {
+
+        $mountPoint = basename($share['file_target']);
+        $parent = dirname($share['file_target']);
+
+        if (!$this->recipientView->is_dir($parent)) {
+            $parent = Helper::getShareFolder($this->recipientView);
+        }
+
+        $newMountPoint = $this->generateUniqueTarget(
+            \OC\Files\Filesystem::normalizePath($parent . '/' . $mountPoint),
+            $this->recipientView,
+            $mountpoints
+        );
+
+        if ($newMountPoint !== $share['file_target']) {
+            $this->updateFileTarget($newMountPoint, $share);
+            $share['file_target'] = $newMountPoint;
+            $share['unique_name'] = true;
+        }
+
+        return $newMountPoint;
+    }
+
+    /**
+     * @param string $path
+     * @param View $view
+     * @param SharedMount[] $mountpoints
+     * @return mixed
+     */
+    private function generateUniqueTarget($path, $view, array $mountpoints) {
+        $pathinfo = pathinfo($path);
+        $ext = (isset($pathinfo['extension'])) ? '.'.$pathinfo['extension'] : '';
+        $name = $pathinfo['filename'];
+        $dir = $pathinfo['dirname'];
+
+        // Helper function to find existing mount points
+        $mountpointExists = function($path) use ($mountpoints) {
+            foreach ($mountpoints as $mountpoint) {
+                if ($mountpoint->getShare()['file_target'] === $path) {
+                    return true;
+                }
+            }
+            return false;
+        };
+
+        $i = 2;
+        while ($view->file_exists($path) || $mountpointExists($path)) {
+            $path = Filesystem::normalizePath($dir . '/' . $name . ' ('.$i.')' . $ext);
+            $i++;
+        }
+
+        return $path;
+    }
+
+    /**
+     * update fileTarget in the database if the mount point changed
+     *
+     * @param string $newPath
+     * @param array $share reference to the share which should be modified
+     * @return bool
+     */
+    private function updateFileTarget($newPath, &$share) {
+        // if the user renames a mount point from a group share we need to create a new db entry
+        // for the unique name
+        if ($share['share_type'] === \OCP\Share::SHARE_TYPE_GROUP && empty($share['unique_name'])) {
+            $query = \OCP\DB::prepare('INSERT INTO `*PREFIX*share` (`item_type`, `item_source`, `item_target`,'
+            .' `share_type`, `share_with`, `uid_owner`, `permissions`, `stime`, `file_source`,'
+            .' `file_target`, `token`, `parent`) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)');
+            $arguments = array($share['item_type'], $share['item_source'], $share['item_target'],
+                2, $this->user, $share['uid_owner'], $share['permissions'], $share['stime'], $share['file_source'],
+                $newPath, $share['token'], $share['id']);
+        } else {
+            // rename mount point
+            $query = \OCP\DB::prepare(
+                    'Update `*PREFIX*share`
 						SET `file_target` = ?
 						WHERE `id` = ?'
-			);
-			$arguments = array($newPath, $share['id']);
-		}
-
-		$result = $query->execute($arguments);
-
-		return $result === 1 ? true : false;
-	}
-
-	/**
-	 * Format a path to be relative to the /user/files/ directory
-	 *
-	 * @param string $path the absolute path
-	 * @return string e.g. turns '/admin/files/test.txt' into '/test.txt'
-	 * @throws \OCA\Files_Sharing\Exceptions\BrokenPath
-	 */
-	protected function stripUserFilesPath($path) {
-		$trimmed = ltrim($path, '/');
-		$split = explode('/', $trimmed);
-
-		// it is not a file relative to data/user/files
-		if (count($split) < 3 || $split[1] !== 'files') {
-			\OCP\Util::writeLog('file sharing',
-				'Can not strip userid and "files/" from path: ' . $path,
-				\OCP\Util::ERROR);
-			throw new \OCA\Files_Sharing\Exceptions\BrokenPath('Path does not start with /user/files', 10);
-		}
-
-		// skip 'user' and 'files'
-		$sliced = array_slice($split, 2);
-		$relPath = implode('/', $sliced);
-
-		return '/' . $relPath;
-	}
-
-	/**
-	 * Move the mount point to $target
-	 *
-	 * @param string $target the target mount point
-	 * @return bool
-	 */
-	public function moveMount($target) {
-
-		$relTargetPath = $this->stripUserFilesPath($target);
-		$share = $this->storage->getShare();
-
-		$result = true;
-
-		if (!empty($share['grouped'])) {
-			foreach ($share['grouped'] as $s) {
-				$result = $this->updateFileTarget($relTargetPath, $s) && $result;
-			}
-		} else {
-			$result = $this->updateFileTarget($relTargetPath, $share) && $result;
-		}
-
-		if ($result) {
-			$this->setMountPoint($target);
-			$this->storage->setUniqueName();
-			$this->storage->setMountPoint($relTargetPath);
-
-		} else {
-			\OCP\Util::writeLog('file sharing',
-				'Could not rename mount point for shared folder "' . $this->getMountPoint() . '" to "' . $target . '"',
-				\OCP\Util::ERROR);
-		}
-
-		return $result;
-	}
-
-	/**
-	 * Remove the mount points
-	 *
-	 * @return bool
-	 */
-	public function removeMount() {
-		$mountManager = \OC\Files\Filesystem::getMountManager();
-		/** @var $storage \OC\Files\Storage\Shared */
-		$storage = $this->getStorage();
-		$result = $storage->unshareStorage();
-		$mountManager->removeMount($this->mountPoint);
-
-		return $result;
-	}
-
-	/**
-	 * @return array
-	 */
-	public function getShare() {
-		/** @var $storage \OC\Files\Storage\Shared */
-		$storage = $this->getStorage();
-		return $storage->getShare();
-	}
+            );
+            $arguments = array($newPath, $share['id']);
+        }
+
+        $result = $query->execute($arguments);
+
+        return $result === 1 ? true : false;
+    }
+
+    /**
+     * Format a path to be relative to the /user/files/ directory
+     *
+     * @param string $path the absolute path
+     * @return string e.g. turns '/admin/files/test.txt' into '/test.txt'
+     * @throws \OCA\Files_Sharing\Exceptions\BrokenPath
+     */
+    protected function stripUserFilesPath($path) {
+        $trimmed = ltrim($path, '/');
+        $split = explode('/', $trimmed);
+
+        // it is not a file relative to data/user/files
+        if (count($split) < 3 || $split[1] !== 'files') {
+            \OCP\Util::writeLog('file sharing',
+                'Can not strip userid and "files/" from path: ' . $path,
+                \OCP\Util::ERROR);
+            throw new \OCA\Files_Sharing\Exceptions\BrokenPath('Path does not start with /user/files', 10);
+        }
+
+        // skip 'user' and 'files'
+        $sliced = array_slice($split, 2);
+        $relPath = implode('/', $sliced);
+
+        return '/' . $relPath;
+    }
+
+    /**
+     * Move the mount point to $target
+     *
+     * @param string $target the target mount point
+     * @return bool
+     */
+    public function moveMount($target) {
+
+        $relTargetPath = $this->stripUserFilesPath($target);
+        $share = $this->storage->getShare();
+
+        $result = true;
+
+        if (!empty($share['grouped'])) {
+            foreach ($share['grouped'] as $s) {
+                $result = $this->updateFileTarget($relTargetPath, $s) && $result;
+            }
+        } else {
+            $result = $this->updateFileTarget($relTargetPath, $share) && $result;
+        }
+
+        if ($result) {
+            $this->setMountPoint($target);
+            $this->storage->setUniqueName();
+            $this->storage->setMountPoint($relTargetPath);
+
+        } else {
+            \OCP\Util::writeLog('file sharing',
+                'Could not rename mount point for shared folder "' . $this->getMountPoint() . '" to "' . $target . '"',
+                \OCP\Util::ERROR);
+        }
+
+        return $result;
+    }
+
+    /**
+     * Remove the mount points
+     *
+     * @return bool
+     */
+    public function removeMount() {
+        $mountManager = \OC\Files\Filesystem::getMountManager();
+        /** @var $storage \OC\Files\Storage\Shared */
+        $storage = $this->getStorage();
+        $result = $storage->unshareStorage();
+        $mountManager->removeMount($this->mountPoint);
+
+        return $result;
+    }
+
+    /**
+     * @return array
+     */
+    public function getShare() {
+        /** @var $storage \OC\Files\Storage\Shared */
+        $storage = $this->getStorage();
+        return $storage->getShare();
+    }
 }

Spacing +8 added lines, -8 removed lines

@@ -59,10 +59,10 @@ 
 	 */
 	public function __construct($storage, array $mountpoints, $arguments = null, $loader = null) {
 		$this->user = $arguments['user'];
-		$this->recipientView = new View('/' . $this->user . '/files');
+		$this->recipientView = new View('/'.$this->user.'/files');
 		$newMountPoint = $this->verifyMountPoint($arguments['share'], $mountpoints);
-		$absMountPoint = '/' . $this->user . '/files' . $newMountPoint;
-		$arguments['ownerView'] = new View('/' . $arguments['share']['uid_owner'] . '/files');
+		$absMountPoint = '/'.$this->user.'/files'.$newMountPoint;
+		$arguments['ownerView'] = new View('/'.$arguments['share']['uid_owner'].'/files');
 		parent::__construct($storage, $absMountPoint, $arguments, $loader);
 	}
 
@@ -83,7 +83,7 @@ 
 		}
 
 		$newMountPoint = $this->generateUniqueTarget(
-			\OC\Files\Filesystem::normalizePath($parent . '/' . $mountPoint),
+			\OC\Files\Filesystem::normalizePath($parent.'/'.$mountPoint),
 			$this->recipientView,
 			$mountpoints
 		);
@@ -121,7 +121,7 @@ 
 
 		$i = 2;
 		while ($view->file_exists($path) || $mountpointExists($path)) {
-			$path = Filesystem::normalizePath($dir . '/' . $name . ' ('.$i.')' . $ext);
+			$path = Filesystem::normalizePath($dir.'/'.$name.' ('.$i.')'.$ext);
 			$i++;
 		}
 
@@ -174,7 +174,7 @@ 
 		// it is not a file relative to data/user/files
 		if (count($split) < 3 || $split[1] !== 'files') {
 			\OCP\Util::writeLog('file sharing',
-				'Can not strip userid and "files/" from path: ' . $path,
+				'Can not strip userid and "files/" from path: '.$path,
 				\OCP\Util::ERROR);
 			throw new \OCA\Files_Sharing\Exceptions\BrokenPath('Path does not start with /user/files', 10);
 		}
@@ -183,7 +183,7 @@ 
 		$sliced = array_slice($split, 2);
 		$relPath = implode('/', $sliced);
 
-		return '/' . $relPath;
+		return '/'.$relPath;
 	}
 
 	/**
@@ -214,7 +214,7 @@ 
 
 		} else {
 			\OCP\Util::writeLog('file sharing',
-				'Could not rename mount point for shared folder "' . $this->getMountPoint() . '" to "' . $target . '"',
+				'Could not rename mount point for shared folder "'.$this->getMountPoint().'" to "'.$target.'"',
 				\OCP\Util::ERROR);
 		}
 

lib/private/console/application.php

Unused Use Statements -1 removed lines

@@ -26,7 +26,6 @@
 namespace OC\Console;
 
 use OC_App;
-use OC_Defaults;
 use OCP\Console\ConsoleEvent;
 use OCP\IConfig;
 use OCP\IRequest;

Indentation +102 added lines, -102 removed lines

@@ -39,110 +39,110 @@
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 class Application {
-	/** @var IConfig */
-	private $config;
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-	/** @var IRequest */
-	private $request;
+    /** @var IConfig */
+    private $config;
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+    /** @var IRequest */
+    private $request;
 
-	/**
-	 * @param IConfig $config
-	 * @param EventDispatcherInterface $dispatcher
-	 * @param IRequest $request
-	 */
-	public function __construct(IConfig $config, EventDispatcherInterface $dispatcher, IRequest $request) {
-		$defaults = \OC::$server->getThemingDefaults();
-		$this->config = $config;
-		$this->application = new SymfonyApplication($defaults->getName(), \OC_Util::getVersionString());
-		$this->dispatcher = $dispatcher;
-		$this->request = $request;
-	}
+    /**
+     * @param IConfig $config
+     * @param EventDispatcherInterface $dispatcher
+     * @param IRequest $request
+     */
+    public function __construct(IConfig $config, EventDispatcherInterface $dispatcher, IRequest $request) {
+        $defaults = \OC::$server->getThemingDefaults();
+        $this->config = $config;
+        $this->application = new SymfonyApplication($defaults->getName(), \OC_Util::getVersionString());
+        $this->dispatcher = $dispatcher;
+        $this->request = $request;
+    }
 
-	/**
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @throws \Exception
-	 */
-	public function loadCommands(InputInterface $input, OutputInterface $output) {
-		// $application is required to be defined in the register_command scripts
-		$application = $this->application;
-		$inputDefinition = $application->getDefinition();
-		$inputDefinition->addOption(
-			new InputOption(
-				'no-warnings', 
-				null, 
-				InputOption::VALUE_NONE, 
-				'Skip global warnings, show command output only', 
-				null
-			)
-		);
-		try {
-			$input->bind($inputDefinition);
-		} catch (\RuntimeException $e) {
-			//expected if there are extra options
-		}
-		if ($input->getOption('no-warnings')) {
-			$output->setVerbosity(OutputInterface::VERBOSITY_QUIET);
-		}
-		require_once __DIR__ . '/../../../core/register_command.php';
-		if ($this->config->getSystemValue('installed', false)) {
-			if (\OCP\Util::needUpgrade()) {
-				$output->writeln("Nextcloud or one of the apps require upgrade - only a limited number of commands are available");
-				$output->writeln("You may use your browser or the occ upgrade command to do the upgrade");
-			} elseif ($this->config->getSystemValue('maintenance', false)) {
-				$output->writeln("Nextcloud is in maintenance mode - no app have been loaded");
-			} else {
-				OC_App::loadApps();
-				foreach (\OC::$server->getAppManager()->getInstalledApps() as $app) {
-					$appPath = \OC_App::getAppPath($app);
-					if($appPath === false) {
-						continue;
-					}
-					\OC::$loader->addValidRoot($appPath);
-					$file = $appPath . '/appinfo/register_command.php';
-					if (file_exists($file)) {
-						require $file;
-					}
-				}
-			}
-		} else {
-			$output->writeln("Nextcloud is not installed - only a limited number of commands are available");
-		}
-		$input = new ArgvInput();
-		if ($input->getFirstArgument() !== 'check') {
-			$errors = \OC_Util::checkServer(\OC::$server->getConfig());
-			if (!empty($errors)) {
-				foreach ($errors as $error) {
-					$output->writeln((string)$error['error']);
-					$output->writeln((string)$error['hint']);
-					$output->writeln('');
-				}
-				throw new \Exception("Environment not properly prepared.");
-			}
-		}
-	}
+    /**
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @throws \Exception
+     */
+    public function loadCommands(InputInterface $input, OutputInterface $output) {
+        // $application is required to be defined in the register_command scripts
+        $application = $this->application;
+        $inputDefinition = $application->getDefinition();
+        $inputDefinition->addOption(
+            new InputOption(
+                'no-warnings', 
+                null, 
+                InputOption::VALUE_NONE, 
+                'Skip global warnings, show command output only', 
+                null
+            )
+        );
+        try {
+            $input->bind($inputDefinition);
+        } catch (\RuntimeException $e) {
+            //expected if there are extra options
+        }
+        if ($input->getOption('no-warnings')) {
+            $output->setVerbosity(OutputInterface::VERBOSITY_QUIET);
+        }
+        require_once __DIR__ . '/../../../core/register_command.php';
+        if ($this->config->getSystemValue('installed', false)) {
+            if (\OCP\Util::needUpgrade()) {
+                $output->writeln("Nextcloud or one of the apps require upgrade - only a limited number of commands are available");
+                $output->writeln("You may use your browser or the occ upgrade command to do the upgrade");
+            } elseif ($this->config->getSystemValue('maintenance', false)) {
+                $output->writeln("Nextcloud is in maintenance mode - no app have been loaded");
+            } else {
+                OC_App::loadApps();
+                foreach (\OC::$server->getAppManager()->getInstalledApps() as $app) {
+                    $appPath = \OC_App::getAppPath($app);
+                    if($appPath === false) {
+                        continue;
+                    }
+                    \OC::$loader->addValidRoot($appPath);
+                    $file = $appPath . '/appinfo/register_command.php';
+                    if (file_exists($file)) {
+                        require $file;
+                    }
+                }
+            }
+        } else {
+            $output->writeln("Nextcloud is not installed - only a limited number of commands are available");
+        }
+        $input = new ArgvInput();
+        if ($input->getFirstArgument() !== 'check') {
+            $errors = \OC_Util::checkServer(\OC::$server->getConfig());
+            if (!empty($errors)) {
+                foreach ($errors as $error) {
+                    $output->writeln((string)$error['error']);
+                    $output->writeln((string)$error['hint']);
+                    $output->writeln('');
+                }
+                throw new \Exception("Environment not properly prepared.");
+            }
+        }
+    }
 
-	/**
-	 * Sets whether to automatically exit after a command execution or not.
-	 *
-	 * @param bool $boolean Whether to automatically exit after a command execution or not
-	 */
-	public function setAutoExit($boolean) {
-		$this->application->setAutoExit($boolean);
-	}
+    /**
+     * Sets whether to automatically exit after a command execution or not.
+     *
+     * @param bool $boolean Whether to automatically exit after a command execution or not
+     */
+    public function setAutoExit($boolean) {
+        $this->application->setAutoExit($boolean);
+    }
 
-	/**
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @return int
-	 * @throws \Exception
-	 */
-	public function run(InputInterface $input = null, OutputInterface $output = null) {
-		$this->dispatcher->dispatch(ConsoleEvent::EVENT_RUN, new ConsoleEvent(
-			ConsoleEvent::EVENT_RUN,
-			$this->request->server['argv']
-		));
-		return $this->application->run($input, $output);
-	}
+    /**
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @return int
+     * @throws \Exception
+     */
+    public function run(InputInterface $input = null, OutputInterface $output = null) {
+        $this->dispatcher->dispatch(ConsoleEvent::EVENT_RUN, new ConsoleEvent(
+            ConsoleEvent::EVENT_RUN,
+            $this->request->server['argv']
+        ));
+        return $this->application->run($input, $output);
+    }
 }

Spacing +5 added lines, -5 removed lines

@@ -85,7 +85,7 @@ 
 		if ($input->getOption('no-warnings')) {
 			$output->setVerbosity(OutputInterface::VERBOSITY_QUIET);
 		}
-		require_once __DIR__ . '/../../../core/register_command.php';
+		require_once __DIR__.'/../../../core/register_command.php';
 		if ($this->config->getSystemValue('installed', false)) {
 			if (\OCP\Util::needUpgrade()) {
 				$output->writeln("Nextcloud or one of the apps require upgrade - only a limited number of commands are available");
@@ -96,11 +96,11 @@ 
 				OC_App::loadApps();
 				foreach (\OC::$server->getAppManager()->getInstalledApps() as $app) {
 					$appPath = \OC_App::getAppPath($app);
-					if($appPath === false) {
+					if ($appPath === false) {
 						continue;
 					}
 					\OC::$loader->addValidRoot($appPath);
-					$file = $appPath . '/appinfo/register_command.php';
+					$file = $appPath.'/appinfo/register_command.php';
 					if (file_exists($file)) {
 						require $file;
 					}
@@ -114,8 +114,8 @@ 
 			$errors = \OC_Util::checkServer(\OC::$server->getConfig());
 			if (!empty($errors)) {
 				foreach ($errors as $error) {
-					$output->writeln((string)$error['error']);
-					$output->writeln((string)$error['hint']);
+					$output->writeln((string) $error['error']);
+					$output->writeln((string) $error['hint']);
 					$output->writeln('');
 				}
 				throw new \Exception("Environment not properly prepared.");

apps/user_ldap/lib/access.php

Doc Comments +9 added lines, -7 removed lines

@@ -397,7 +397,7 @@ 
 
 	/**
 	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
-	 * @param string $dn the dn of the user object
+	 * @param string $fdn the dn of the user object
 	 * @param string $ldapName optional, the display name of the object
 	 * @return string|false with with the name to use in ownCloud
 	 */
@@ -414,7 +414,7 @@ 
 
 	/**
 	 * returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
-	 * @param string $dn the dn of the user object
+	 * @param string $fdn the dn of the user object
 	 * @param string $ldapName optional, the display name of the object
 	 * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
 	 * @return string|false with with the name to use in ownCloud
@@ -674,7 +674,7 @@ 
 	 * the login filter.
 	 *
 	 * @param string $loginName
-	 * @param array $attributes optional, list of attributes to read
+	 * @param string[] $attributes optional, list of attributes to read
 	 * @return array
 	 */
 	public function fetchUsersByLoginName($loginName, $attributes = array('dn')) {
@@ -747,7 +747,7 @@ 
 
 	/**
 	 * @param string $filter
-	 * @param string|string[] $attr
+	 * @param string[] $attr
 	 * @param int $limit
 	 * @param int $offset
 	 * @return array
@@ -795,7 +795,7 @@ 
 
 	/**
 	 * @param string $filter
-	 * @param string|string[] $attr
+	 * @param string[] $attr
 	 * @param int $limit
 	 * @param int $offset
 	 * @return false|int
@@ -845,6 +845,7 @@ 
 	 * retrieved. Results will according to the order in the array.
 	 * @param int $limit optional, maximum results to be counted
 	 * @param int $offset optional, a starting point
+	 * @param string $filter
 	 * @return array|false array with the search result as first value and pagedSearchOK as
 	 * second | false if not successful
 	 */
@@ -891,7 +892,7 @@ 
 	 * @param bool $pagedSearchOK whether a paged search has been executed
 	 * @param bool $skipHandling required for paged search when cookies to
 	 * prior results need to be gained
-	 * @return bool cookie validity, true if we have more pages, false otherwise.
+	 * @return null|boolean cookie validity, true if we have more pages, false otherwise.
 	 */
 	private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
 		$cookie = null;
@@ -1100,7 +1101,7 @@ 
 
 	/**
 	 * @param string $name
-	 * @return bool|mixed|string
+	 * @return string
 	 */
 	public function sanitizeUsername($name) {
 		if($this->connection->ldapIgnoreNamingRules) {
@@ -1124,6 +1125,7 @@ 
 	* escapes (user provided) parts for LDAP filter
 	* @param string $input, the provided value
 	* @param bool $allowAsterisk whether in * at the beginning should be preserved
+	* @param string $input
 	* @return string the escaped string
 	*/
 	public function escapeFilterPart($input, $allowAsterisk = false) {

Indentation +1687 added lines, -1687 removed lines

@@ -45,1435 +45,1435 @@ 
  * @package OCA\user_ldap\lib
  */
 class Access extends LDAPUtility implements user\IUserTools {
-	/**
-	 * @var \OCA\user_ldap\lib\Connection
-	 */
-	public $connection;
-	public $userManager;
-	//never ever check this var directly, always use getPagedSearchResultState
-	protected $pagedSearchedSuccessful;
-
-	/**
-	 * @var string[] $cookies an array of returned Paged Result cookies
-	 */
-	protected $cookies = array();
-
-	/**
-	 * @var string $lastCookie the last cookie returned from a Paged Results
-	 * operation, defaults to an empty string
-	 */
-	protected $lastCookie = '';
-
-	/**
-	 * @var AbstractMapping $userMapper
-	 */
-	protected $userMapper;
-
-	/**
-	* @var AbstractMapping $userMapper
-	*/
-	protected $groupMapper;
-
-	public function __construct(Connection $connection, ILDAPWrapper $ldap,
-		user\Manager $userManager) {
-		parent::__construct($ldap);
-		$this->connection = $connection;
-		$this->userManager = $userManager;
-		$this->userManager->setLdapAccess($this);
-	}
-
-	/**
-	 * sets the User Mapper
-	 * @param AbstractMapping $mapper
-	 */
-	public function setUserMapper(AbstractMapping $mapper) {
-		$this->userMapper = $mapper;
-	}
-
-	/**
-	 * returns the User Mapper
-	 * @throws \Exception
-	 * @return AbstractMapping
-	 */
-	public function getUserMapper() {
-		if(is_null($this->userMapper)) {
-			throw new \Exception('UserMapper was not assigned to this Access instance.');
-		}
-		return $this->userMapper;
-	}
-
-	/**
-	 * sets the Group Mapper
-	 * @param AbstractMapping $mapper
-	 */
-	public function setGroupMapper(AbstractMapping $mapper) {
-		$this->groupMapper = $mapper;
-	}
-
-	/**
-	 * returns the Group Mapper
-	 * @throws \Exception
-	 * @return AbstractMapping
-	 */
-	public function getGroupMapper() {
-		if(is_null($this->groupMapper)) {
-			throw new \Exception('GroupMapper was not assigned to this Access instance.');
-		}
-		return $this->groupMapper;
-	}
-
-	/**
-	 * @return bool
-	 */
-	private function checkConnection() {
-		return ($this->connection instanceof Connection);
-	}
-
-	/**
-	 * returns the Connection instance
-	 * @return \OCA\user_ldap\lib\Connection
-	 */
-	public function getConnection() {
-		return $this->connection;
-	}
-
-	/**
-	 * reads a given attribute for an LDAP record identified by a DN
-	 * @param string $dn the record in question
-	 * @param string $attr the attribute that shall be retrieved
-	 *        if empty, just check the record's existence
-	 * @param string $filter
-	 * @return array|false an array of values on success or an empty
-	 *          array if $attr is empty, false otherwise
-	 */
-	public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
-		if(!$this->checkConnection()) {
-			\OCP\Util::writeLog('user_ldap',
-				'No LDAP Connector assigned, access impossible for readAttribute.',
-				\OCP\Util::WARN);
-			return false;
-		}
-		$cr = $this->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
-			//LDAP not available
-			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
-			return false;
-		}
-		//Cancel possibly running Paged Results operation, otherwise we run in
-		//LDAP protocol errors
-		$this->abandonPagedSearch();
-		// openLDAP requires that we init a new Paged Search. Not needed by AD,
-		// but does not hurt either.
-		$pagingSize = intval($this->connection->ldapPagingSize);
-		// 0 won't result in replies, small numbers may leave out groups
-		// (cf. #12306), 500 is default for paging and should work everywhere.
-		$maxResults = $pagingSize > 20 ? $pagingSize : 500;
-		$this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
-		$dn = $this->DNasBaseParameter($dn);
-		$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
-		if(!$this->ldap->isResource($rr)) {
-			if(!empty($attr)) {
-				//do not throw this message on userExists check, irritates
-				\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
-			}
-			//in case an error occurs , e.g. object does not exist
-			return false;
-		}
-		if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) {
-			\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
-			return array();
-		}
-		$er = $this->ldap->firstEntry($cr, $rr);
-		if(!$this->ldap->isResource($er)) {
-			//did not match the filter, return false
-			return false;
-		}
-		//LDAP attributes are not case sensitive
-		$result = \OCP\Util::mb_array_change_key_case(
-				$this->ldap->getAttributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
-		$attr = mb_strtolower($attr, 'UTF-8');
-
-		if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
-			$values = array();
-			for($i=0;$i<$result[$attr]['count'];$i++) {
-				if($this->resemblesDN($attr)) {
-					$values[] = $this->sanitizeDN($result[$attr][$i]);
-				} elseif(strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
-					$values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
-				} else {
-					$values[] = $result[$attr][$i];
-				}
-			}
-			return $values;
-		}
-		\OCP\Util::writeLog('user_ldap', 'Requested attribute '.$attr.' not found for '.$dn, \OCP\Util::DEBUG);
-		return false;
-	}
-
-	/**
-	 * checks whether the given attributes value is probably a DN
-	 * @param string $attr the attribute in question
-	 * @return boolean if so true, otherwise false
-	 */
-	private function resemblesDN($attr) {
-		$resemblingAttributes = array(
-			'dn',
-			'uniquemember',
-			'member',
-			// memberOf is an "operational" attribute, without a definition in any RFC
-			'memberof'
-		);
-		return in_array($attr, $resemblingAttributes);
-	}
-
-	/**
-	 * checks whether the given string is probably a DN
-	 * @param string $string
-	 * @return boolean
-	 */
-	public function stringResemblesDN($string) {
-		$r = $this->ldap->explodeDN($string, 0);
-		// if exploding a DN succeeds and does not end up in
-		// an empty array except for $r[count] being 0.
-		return (is_array($r) && count($r) > 1);
-	}
-
-	/**
-	 * sanitizes a DN received from the LDAP server
-	 * @param array $dn the DN in question
-	 * @return array the sanitized DN
-	 */
-	private function sanitizeDN($dn) {
-		//treating multiple base DNs
-		if(is_array($dn)) {
-			$result = array();
-			foreach($dn as $singleDN) {
-				$result[] = $this->sanitizeDN($singleDN);
-			}
-			return $result;
-		}
-
-		//OID sometimes gives back DNs with whitespace after the comma
-		// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
-		$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
-
-		//make comparisons and everything work
-		$dn = mb_strtolower($dn, 'UTF-8');
-
-		//escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
-		//to use the DN in search filters, \ needs to be escaped to \5c additionally
-		//to use them in bases, we convert them back to simple backslashes in readAttribute()
-		$replacements = array(
-			'\,' => '\5c2C',
-			'\=' => '\5c3D',
-			'\+' => '\5c2B',
-			'\<' => '\5c3C',
-			'\>' => '\5c3E',
-			'\;' => '\5c3B',
-			'\"' => '\5c22',
-			'\#' => '\5c23',
-			'('  => '\28',
-			')'  => '\29',
-			'*'  => '\2A',
-		);
-		$dn = str_replace(array_keys($replacements), array_values($replacements), $dn);
-
-		return $dn;
-	}
-
-	/**
-	 * returns a DN-string that is cleaned from not domain parts, e.g.
-	 * cn=foo,cn=bar,dc=foobar,dc=server,dc=org
-	 * becomes dc=foobar,dc=server,dc=org
-	 * @param string $dn
-	 * @return string
-	 */
-	public function getDomainDNFromDN($dn) {
-		$allParts = $this->ldap->explodeDN($dn, 0);
-		if($allParts === false) {
-			//not a valid DN
-			return '';
-		}
-		$domainParts = array();
-		$dcFound = false;
-		foreach($allParts as $part) {
-			if(!$dcFound && strpos($part, 'dc=') === 0) {
-				$dcFound = true;
-			}
-			if($dcFound) {
-				$domainParts[] = $part;
-			}
-		}
-		$domainDN = implode(',', $domainParts);
-		return $domainDN;
-	}
-
-	/**
-	 * returns the LDAP DN for the given internal ownCloud name of the group
-	 * @param string $name the ownCloud name in question
-	 * @return string|false LDAP DN on success, otherwise false
-	 */
-	public function groupname2dn($name) {
-		return $this->groupMapper->getDNbyName($name);
-	}
-
-	/**
-	 * returns the LDAP DN for the given internal ownCloud name of the user
-	 * @param string $name the ownCloud name in question
-	 * @return string|false with the LDAP DN on success, otherwise false
-	 */
-	public function username2dn($name) {
-		$fdn = $this->userMapper->getDNbyName($name);
-
-		//Check whether the DN belongs to the Base, to avoid issues on multi-
-		//server setups
-		if(is_string($fdn) && $this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
-			return $fdn;
-		}
-
-		return false;
-	}
-
-	/**
+    /**
+     * @var \OCA\user_ldap\lib\Connection
+     */
+    public $connection;
+    public $userManager;
+    //never ever check this var directly, always use getPagedSearchResultState
+    protected $pagedSearchedSuccessful;
+
+    /**
+     * @var string[] $cookies an array of returned Paged Result cookies
+     */
+    protected $cookies = array();
+
+    /**
+     * @var string $lastCookie the last cookie returned from a Paged Results
+     * operation, defaults to an empty string
+     */
+    protected $lastCookie = '';
+
+    /**
+     * @var AbstractMapping $userMapper
+     */
+    protected $userMapper;
+
+    /**
+     * @var AbstractMapping $userMapper
+     */
+    protected $groupMapper;
+
+    public function __construct(Connection $connection, ILDAPWrapper $ldap,
+        user\Manager $userManager) {
+        parent::__construct($ldap);
+        $this->connection = $connection;
+        $this->userManager = $userManager;
+        $this->userManager->setLdapAccess($this);
+    }
+
+    /**
+     * sets the User Mapper
+     * @param AbstractMapping $mapper
+     */
+    public function setUserMapper(AbstractMapping $mapper) {
+        $this->userMapper = $mapper;
+    }
+
+    /**
+     * returns the User Mapper
+     * @throws \Exception
+     * @return AbstractMapping
+     */
+    public function getUserMapper() {
+        if(is_null($this->userMapper)) {
+            throw new \Exception('UserMapper was not assigned to this Access instance.');
+        }
+        return $this->userMapper;
+    }
+
+    /**
+     * sets the Group Mapper
+     * @param AbstractMapping $mapper
+     */
+    public function setGroupMapper(AbstractMapping $mapper) {
+        $this->groupMapper = $mapper;
+    }
+
+    /**
+     * returns the Group Mapper
+     * @throws \Exception
+     * @return AbstractMapping
+     */
+    public function getGroupMapper() {
+        if(is_null($this->groupMapper)) {
+            throw new \Exception('GroupMapper was not assigned to this Access instance.');
+        }
+        return $this->groupMapper;
+    }
+
+    /**
+     * @return bool
+     */
+    private function checkConnection() {
+        return ($this->connection instanceof Connection);
+    }
+
+    /**
+     * returns the Connection instance
+     * @return \OCA\user_ldap\lib\Connection
+     */
+    public function getConnection() {
+        return $this->connection;
+    }
+
+    /**
+     * reads a given attribute for an LDAP record identified by a DN
+     * @param string $dn the record in question
+     * @param string $attr the attribute that shall be retrieved
+     *        if empty, just check the record's existence
+     * @param string $filter
+     * @return array|false an array of values on success or an empty
+     *          array if $attr is empty, false otherwise
+     */
+    public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
+        if(!$this->checkConnection()) {
+            \OCP\Util::writeLog('user_ldap',
+                'No LDAP Connector assigned, access impossible for readAttribute.',
+                \OCP\Util::WARN);
+            return false;
+        }
+        $cr = $this->connection->getConnectionResource();
+        if(!$this->ldap->isResource($cr)) {
+            //LDAP not available
+            \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
+            return false;
+        }
+        //Cancel possibly running Paged Results operation, otherwise we run in
+        //LDAP protocol errors
+        $this->abandonPagedSearch();
+        // openLDAP requires that we init a new Paged Search. Not needed by AD,
+        // but does not hurt either.
+        $pagingSize = intval($this->connection->ldapPagingSize);
+        // 0 won't result in replies, small numbers may leave out groups
+        // (cf. #12306), 500 is default for paging and should work everywhere.
+        $maxResults = $pagingSize > 20 ? $pagingSize : 500;
+        $this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
+        $dn = $this->DNasBaseParameter($dn);
+        $rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
+        if(!$this->ldap->isResource($rr)) {
+            if(!empty($attr)) {
+                //do not throw this message on userExists check, irritates
+                \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
+            }
+            //in case an error occurs , e.g. object does not exist
+            return false;
+        }
+        if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) {
+            \OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
+            return array();
+        }
+        $er = $this->ldap->firstEntry($cr, $rr);
+        if(!$this->ldap->isResource($er)) {
+            //did not match the filter, return false
+            return false;
+        }
+        //LDAP attributes are not case sensitive
+        $result = \OCP\Util::mb_array_change_key_case(
+                $this->ldap->getAttributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
+        $attr = mb_strtolower($attr, 'UTF-8');
+
+        if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
+            $values = array();
+            for($i=0;$i<$result[$attr]['count'];$i++) {
+                if($this->resemblesDN($attr)) {
+                    $values[] = $this->sanitizeDN($result[$attr][$i]);
+                } elseif(strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
+                    $values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
+                } else {
+                    $values[] = $result[$attr][$i];
+                }
+            }
+            return $values;
+        }
+        \OCP\Util::writeLog('user_ldap', 'Requested attribute '.$attr.' not found for '.$dn, \OCP\Util::DEBUG);
+        return false;
+    }
+
+    /**
+     * checks whether the given attributes value is probably a DN
+     * @param string $attr the attribute in question
+     * @return boolean if so true, otherwise false
+     */
+    private function resemblesDN($attr) {
+        $resemblingAttributes = array(
+            'dn',
+            'uniquemember',
+            'member',
+            // memberOf is an "operational" attribute, without a definition in any RFC
+            'memberof'
+        );
+        return in_array($attr, $resemblingAttributes);
+    }
+
+    /**
+     * checks whether the given string is probably a DN
+     * @param string $string
+     * @return boolean
+     */
+    public function stringResemblesDN($string) {
+        $r = $this->ldap->explodeDN($string, 0);
+        // if exploding a DN succeeds and does not end up in
+        // an empty array except for $r[count] being 0.
+        return (is_array($r) && count($r) > 1);
+    }
+
+    /**
+     * sanitizes a DN received from the LDAP server
+     * @param array $dn the DN in question
+     * @return array the sanitized DN
+     */
+    private function sanitizeDN($dn) {
+        //treating multiple base DNs
+        if(is_array($dn)) {
+            $result = array();
+            foreach($dn as $singleDN) {
+                $result[] = $this->sanitizeDN($singleDN);
+            }
+            return $result;
+        }
+
+        //OID sometimes gives back DNs with whitespace after the comma
+        // a la "uid=foo, cn=bar, dn=..." We need to tackle this!
+        $dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
+
+        //make comparisons and everything work
+        $dn = mb_strtolower($dn, 'UTF-8');
+
+        //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
+        //to use the DN in search filters, \ needs to be escaped to \5c additionally
+        //to use them in bases, we convert them back to simple backslashes in readAttribute()
+        $replacements = array(
+            '\,' => '\5c2C',
+            '\=' => '\5c3D',
+            '\+' => '\5c2B',
+            '\<' => '\5c3C',
+            '\>' => '\5c3E',
+            '\;' => '\5c3B',
+            '\"' => '\5c22',
+            '\#' => '\5c23',
+            '('  => '\28',
+            ')'  => '\29',
+            '*'  => '\2A',
+        );
+        $dn = str_replace(array_keys($replacements), array_values($replacements), $dn);
+
+        return $dn;
+    }
+
+    /**
+     * returns a DN-string that is cleaned from not domain parts, e.g.
+     * cn=foo,cn=bar,dc=foobar,dc=server,dc=org
+     * becomes dc=foobar,dc=server,dc=org
+     * @param string $dn
+     * @return string
+     */
+    public function getDomainDNFromDN($dn) {
+        $allParts = $this->ldap->explodeDN($dn, 0);
+        if($allParts === false) {
+            //not a valid DN
+            return '';
+        }
+        $domainParts = array();
+        $dcFound = false;
+        foreach($allParts as $part) {
+            if(!$dcFound && strpos($part, 'dc=') === 0) {
+                $dcFound = true;
+            }
+            if($dcFound) {
+                $domainParts[] = $part;
+            }
+        }
+        $domainDN = implode(',', $domainParts);
+        return $domainDN;
+    }
+
+    /**
+     * returns the LDAP DN for the given internal ownCloud name of the group
+     * @param string $name the ownCloud name in question
+     * @return string|false LDAP DN on success, otherwise false
+     */
+    public function groupname2dn($name) {
+        return $this->groupMapper->getDNbyName($name);
+    }
+
+    /**
+     * returns the LDAP DN for the given internal ownCloud name of the user
+     * @param string $name the ownCloud name in question
+     * @return string|false with the LDAP DN on success, otherwise false
+     */
+    public function username2dn($name) {
+        $fdn = $this->userMapper->getDNbyName($name);
+
+        //Check whether the DN belongs to the Base, to avoid issues on multi-
+        //server setups
+        if(is_string($fdn) && $this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
+            return $fdn;
+        }
+
+        return false;
+    }
+
+    /**
 	public function ocname2dn($name, $isUser) {
-	 * returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
-	 * @param string $fdn the dn of the group object
-	 * @param string $ldapName optional, the display name of the object
-	 * @return string|false with the name to use in ownCloud, false on DN outside of search DN
-	 */
-	public function dn2groupname($fdn, $ldapName = null) {
-		//To avoid bypassing the base DN settings under certain circumstances
-		//with the group support, check whether the provided DN matches one of
-		//the given Bases
-		if(!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
-			return false;
-		}
-
-		return $this->dn2ocname($fdn, $ldapName, false);
-	}
-
-	/**
-	 * accepts an array of group DNs and tests whether they match the user
-	 * filter by doing read operations against the group entries. Returns an
-	 * array of DNs that match the filter.
-	 *
-	 * @param string[] $groupDNs
-	 * @return string[]
-	 */
-	public function groupsMatchFilter($groupDNs) {
-		$validGroupDNs = [];
-		foreach($groupDNs as $dn) {
-			$cacheKey = 'groupsMatchFilter-'.$dn;
-			$groupMatchFilter = $this->connection->getFromCache($cacheKey);
-			if(!is_null($groupMatchFilter)) {
-				if($groupMatchFilter) {
-					$validGroupDNs[] = $dn;
-				}
-				continue;
-			}
-
-			// Check the base DN first. If this is not met already, we don't
-			// need to ask the server at all.
-			if(!$this->isDNPartOfBase($dn, $this->connection->ldapBaseGroups)) {
-				$this->connection->writeToCache($cacheKey, false);
-				continue;
-			}
-
-			$result = $this->readAttribute($dn, 'cn', $this->connection->ldapGroupFilter);
-			if(is_array($result)) {
-				$this->connection->writeToCache($cacheKey, true);
-				$validGroupDNs[] = $dn;
-			} else {
-				$this->connection->writeToCache($cacheKey, false);
-			}
-
-		}
-		return $validGroupDNs;
-	}
-
-	/**
-	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
-	 * @param string $dn the dn of the user object
-	 * @param string $ldapName optional, the display name of the object
-	 * @return string|false with with the name to use in ownCloud
-	 */
-	public function dn2username($fdn, $ldapName = null) {
-		//To avoid bypassing the base DN settings under certain circumstances
-		//with the group support, check whether the provided DN matches one of
-		//the given Bases
-		if(!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
-			return false;
-		}
-
-		return $this->dn2ocname($fdn, $ldapName, true);
-	}
-
-	/**
-	 * returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
-	 * @param string $dn the dn of the user object
-	 * @param string $ldapName optional, the display name of the object
-	 * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
-	 * @return string|false with with the name to use in ownCloud
-	 */
-	public function dn2ocname($fdn, $ldapName = null, $isUser = true) {
-		if($isUser) {
-			$mapper = $this->getUserMapper();
-			$nameAttribute = $this->connection->ldapUserDisplayName;
-		} else {
-			$mapper = $this->getGroupMapper();
-			$nameAttribute = $this->connection->ldapGroupDisplayName;
-		}
-
-		//let's try to retrieve the ownCloud name from the mappings table
-		$ocName = $mapper->getNameByDN($fdn);
-		if(is_string($ocName)) {
-			return $ocName;
-		}
-
-		//second try: get the UUID and check if it is known. Then, update the DN and return the name.
-		$uuid = $this->getUUID($fdn, $isUser);
-		if(is_string($uuid)) {
-			$ocName = $mapper->getNameByUUID($uuid);
-			if(is_string($ocName)) {
-				$mapper->setDNbyUUID($fdn, $uuid);
-				return $ocName;
-			}
-		} else {
-			//If the UUID can't be detected something is foul.
-			\OCP\Util::writeLog('user_ldap', 'Cannot determine UUID for '.$fdn.'. Skipping.', \OCP\Util::INFO);
-			return false;
-		}
-
-		if(is_null($ldapName)) {
-			$ldapName = $this->readAttribute($fdn, $nameAttribute);
-			if(!isset($ldapName[0]) && empty($ldapName[0])) {
-				\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$fdn.'.', \OCP\Util::INFO);
-				return false;
-			}
-			$ldapName = $ldapName[0];
-		}
-
-		if($isUser) {
-			$usernameAttribute = $this->connection->ldapExpertUsernameAttr;
-			if(!empty($usernameAttribute)) {
-				$username = $this->readAttribute($fdn, $usernameAttribute);
-				$username = $username[0];
-			} else {
-				$username = $uuid;
-			}
-			$intName = $this->sanitizeUsername($username);
-		} else {
-			$intName = $ldapName;
-		}
-
-		//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
-		//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
-		//NOTE: mind, disabling cache affects only this instance! Using it
-		// outside of core user management will still cache the user as non-existing.
-		$originalTTL = $this->connection->ldapCacheTTL;
-		$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
-		if(($isUser && !\OCP\User::userExists($intName))
-			|| (!$isUser && !\OC_Group::groupExists($intName))) {
-			if($mapper->map($fdn, $intName, $uuid)) {
-				$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
-				return $intName;
-			}
-		}
-		$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
-
-		$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
-		if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
-			return $altName;
-		}
-
-		//if everything else did not help..
-		\OCP\Util::writeLog('user_ldap', 'Could not create unique name for '.$fdn.'.', \OCP\Util::INFO);
-		return false;
-	}
-
-	/**
-	 * gives back the user names as they are used ownClod internally
-	 * @param array $ldapUsers as returned by fetchList()
-	 * @return array an array with the user names to use in ownCloud
-	 *
-	 * gives back the user names as they are used ownClod internally
-	 */
-	public function ownCloudUserNames($ldapUsers) {
-		return $this->ldap2ownCloudNames($ldapUsers, true);
-	}
-
-	/**
-	 * gives back the group names as they are used ownClod internally
-	 * @param array $ldapGroups as returned by fetchList()
-	 * @return array an array with the group names to use in ownCloud
-	 *
-	 * gives back the group names as they are used ownClod internally
-	 */
-	public function ownCloudGroupNames($ldapGroups) {
-		return $this->ldap2ownCloudNames($ldapGroups, false);
-	}
-
-	/**
-	 * @param array $ldapObjects as returned by fetchList()
-	 * @param bool $isUsers
-	 * @return array
-	 */
-	private function ldap2ownCloudNames($ldapObjects, $isUsers) {
-		if($isUsers) {
-			$nameAttribute = $this->connection->ldapUserDisplayName;
-			$sndAttribute  = $this->connection->ldapUserDisplayName2;
-		} else {
-			$nameAttribute = $this->connection->ldapGroupDisplayName;
-		}
-		$ownCloudNames = array();
-
-		foreach($ldapObjects as $ldapObject) {
-			$nameByLDAP = null;
-			if(    isset($ldapObject[$nameAttribute])
-				&& is_array($ldapObject[$nameAttribute])
-				&& isset($ldapObject[$nameAttribute][0])
-			) {
-				// might be set, but not necessarily. if so, we use it.
-				$nameByLDAP = $ldapObject[$nameAttribute][0];
-			}
-
-			$ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
-			if($ocName) {
-				$ownCloudNames[] = $ocName;
-				if($isUsers) {
-					//cache the user names so it does not need to be retrieved
-					//again later (e.g. sharing dialogue).
-					if(is_null($nameByLDAP)) {
-						continue;
-					}
-					$sndName = isset($ldapObject[$sndAttribute][0])
-						? $ldapObject[$sndAttribute][0] : '';
-					$this->cacheUserDisplayName($ocName, $nameByLDAP, $sndName);
-				}
-			}
-		}
-		return $ownCloudNames;
-	}
-
-	/**
-	 * caches the user display name
-	 * @param string $ocName the internal ownCloud username
-	 * @param string|false $home the home directory path
-	 */
-	public function cacheUserHome($ocName, $home) {
-		$cacheKey = 'getHome'.$ocName;
-		$this->connection->writeToCache($cacheKey, $home);
-	}
-
-	/**
-	 * caches a user as existing
-	 * @param string $ocName the internal ownCloud username
-	 */
-	public function cacheUserExists($ocName) {
-		$this->connection->writeToCache('userExists'.$ocName, true);
-	}
-
-	/**
-	 * caches the user display name
-	 * @param string $ocName the internal ownCloud username
-	 * @param string $displayName the display name
-	 * @param string $displayName2 the second display name
-	 */
-	public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
-		$user = $this->userManager->get($ocName);
-		$displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
-		$cacheKeyTrunk = 'getDisplayName';
-		$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
-	}
-
-	/**
-	 * creates a unique name for internal ownCloud use for users. Don't call it directly.
-	 * @param string $name the display name of the object
-	 * @return string|false with with the name to use in ownCloud or false if unsuccessful
-	 *
-	 * Instead of using this method directly, call
-	 * createAltInternalOwnCloudName($name, true)
-	 */
-	private function _createAltInternalOwnCloudNameForUsers($name) {
-		$attempts = 0;
-		//while loop is just a precaution. If a name is not generated within
-		//20 attempts, something else is very wrong. Avoids infinite loop.
-		while($attempts < 20){
-			$altName = $name . '_' . rand(1000,9999);
-			if(!\OCP\User::userExists($altName)) {
-				return $altName;
-			}
-			$attempts++;
-		}
-		return false;
-	}
-
-	/**
-	 * creates a unique name for internal ownCloud use for groups. Don't call it directly.
-	 * @param string $name the display name of the object
-	 * @return string|false with with the name to use in ownCloud or false if unsuccessful.
-	 *
-	 * Instead of using this method directly, call
-	 * createAltInternalOwnCloudName($name, false)
-	 *
-	 * Group names are also used as display names, so we do a sequential
-	 * numbering, e.g. Developers_42 when there are 41 other groups called
-	 * "Developers"
-	 */
-	private function _createAltInternalOwnCloudNameForGroups($name) {
-		$usedNames = $this->groupMapper->getNamesBySearch($name.'_%');
-		if(!($usedNames) || count($usedNames) === 0) {
-			$lastNo = 1; //will become name_2
-		} else {
-			natsort($usedNames);
-			$lastName = array_pop($usedNames);
-			$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
-		}
-		$altName = $name.'_'.strval($lastNo+1);
-		unset($usedNames);
-
-		$attempts = 1;
-		while($attempts < 21){
-			// Check to be really sure it is unique
-			// while loop is just a precaution. If a name is not generated within
-			// 20 attempts, something else is very wrong. Avoids infinite loop.
-			if(!\OC_Group::groupExists($altName)) {
-				return $altName;
-			}
-			$altName = $name . '_' . ($lastNo + $attempts);
-			$attempts++;
-		}
-		return false;
-	}
-
-	/**
-	 * creates a unique name for internal ownCloud use.
-	 * @param string $name the display name of the object
-	 * @param boolean $isUser whether name should be created for a user (true) or a group (false)
-	 * @return string|false with with the name to use in ownCloud or false if unsuccessful
-	 */
-	private function createAltInternalOwnCloudName($name, $isUser) {
-		$originalTTL = $this->connection->ldapCacheTTL;
-		$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
-		if($isUser) {
-			$altName = $this->_createAltInternalOwnCloudNameForUsers($name);
-		} else {
-			$altName = $this->_createAltInternalOwnCloudNameForGroups($name);
-		}
-		$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
-
-		return $altName;
-	}
-
-	/**
-	 * fetches a list of users according to a provided loginName and utilizing
-	 * the login filter.
-	 *
-	 * @param string $loginName
-	 * @param array $attributes optional, list of attributes to read
-	 * @return array
-	 */
-	public function fetchUsersByLoginName($loginName, $attributes = array('dn')) {
-		$loginName = $this->escapeFilterPart($loginName);
-		$filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
-		$users = $this->fetchListOfUsers($filter, $attributes);
-		return $users;
-	}
-
-	/**
-	 * counts the number of users according to a provided loginName and
-	 * utilizing the login filter.
-	 *
-	 * @param string $loginName
-	 * @return array
-	 */
-	public function countUsersByLoginName($loginName) {
-		$loginName = $this->escapeFilterPart($loginName);
-		$filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
-		$users = $this->countUsers($filter);
-		return $users;
-	}
-
-	/**
-	 * @param string $filter
-	 * @param string|string[] $attr
-	 * @param int $limit
-	 * @param int $offset
-	 * @return array
-	 */
-	public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) {
-		$ldapRecords = $this->searchUsers($filter, $attr, $limit, $offset);
-		$this->batchApplyUserAttributes($ldapRecords);
-		return $this->fetchList($ldapRecords, (count($attr) > 1));
-	}
-
-	/**
-	 * provided with an array of LDAP user records the method will fetch the
-	 * user object and requests it to process the freshly fetched attributes and
-	 * and their values
-	 * @param array $ldapRecords
-	 */
-	public function batchApplyUserAttributes(array $ldapRecords){
-		$displayNameAttribute = strtolower($this->connection->ldapUserDisplayName);
-		foreach($ldapRecords as $userRecord) {
-			if(!isset($userRecord[$displayNameAttribute])) {
-				// displayName is obligatory
-				continue;
-			}
-			$ocName  = $this->dn2ocname($userRecord['dn'][0]);
-			if($ocName === false) {
-				continue;
-			}
-			$this->cacheUserExists($ocName);
-			$user = $this->userManager->get($ocName);
-			if($user instanceof OfflineUser) {
-				$user->unmark();
-				$user = $this->userManager->get($ocName);
-			}
-			if ($user !== null) {
-				$user->processAttributes($userRecord);
-			} else {
-				\OC::$server->getLogger()->debug(
-					"The ldap user manager returned null for $ocName",
-					['app'=>'user_ldap']
-				);
-			}
-		}
-	}
-
-	/**
-	 * @param string $filter
-	 * @param string|string[] $attr
-	 * @param int $limit
-	 * @param int $offset
-	 * @return array
-	 */
-	public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
-		return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1));
-	}
-
-	/**
-	 * @param array $list
-	 * @param bool $manyAttributes
-	 * @return array
-	 */
-	private function fetchList($list, $manyAttributes) {
-		if(is_array($list)) {
-			if($manyAttributes) {
-				return $list;
-			} else {
-				$list = array_reduce($list, function($carry, $item) {
-					$attribute = array_keys($item)[0];
-					$carry[] = $item[$attribute][0];
-					return $carry;
-				}, array());
-				return array_unique($list, SORT_LOCALE_STRING);
-			}
-		}
-
-		//error cause actually, maybe throw an exception in future.
-		return array();
-	}
-
-	/**
-	 * executes an LDAP search, optimized for Users
-	 * @param string $filter the LDAP filter for the search
-	 * @param string|string[] $attr optional, when a certain attribute shall be filtered out
-	 * @param integer $limit
-	 * @param integer $offset
-	 * @return array with the search result
-	 *
-	 * Executes an LDAP search
-	 */
-	public function searchUsers($filter, $attr = null, $limit = null, $offset = null) {
-		return $this->search($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
-	}
-
-	/**
-	 * @param string $filter
-	 * @param string|string[] $attr
-	 * @param int $limit
-	 * @param int $offset
-	 * @return false|int
-	 */
-	public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
-		return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
-	}
-
-	/**
-	 * executes an LDAP search, optimized for Groups
-	 * @param string $filter the LDAP filter for the search
-	 * @param string|string[] $attr optional, when a certain attribute shall be filtered out
-	 * @param integer $limit
-	 * @param integer $offset
-	 * @return array with the search result
-	 *
-	 * Executes an LDAP search
-	 */
-	public function searchGroups($filter, $attr = null, $limit = null, $offset = null) {
-		return $this->search($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
-	}
-
-	/**
-	 * returns the number of available groups
-	 * @param string $filter the LDAP search filter
-	 * @param string[] $attr optional
-	 * @param int|null $limit
-	 * @param int|null $offset
-	 * @return int|bool
-	 */
-	public function countGroups($filter, $attr = array('dn'), $limit = null, $offset = null) {
-		return $this->count($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
-	}
-
-	/**
-	 * returns the number of available objects on the base DN
-	 *
-	 * @param int|null $limit
-	 * @param int|null $offset
-	 * @return int|bool
-	 */
-	public function countObjects($limit = null, $offset = null) {
-		return $this->count('objectclass=*', $this->connection->ldapBase, array('dn'), $limit, $offset);
-	}
-
-	/**
-	 * retrieved. Results will according to the order in the array.
-	 * @param int $limit optional, maximum results to be counted
-	 * @param int $offset optional, a starting point
-	 * @return array|false array with the search result as first value and pagedSearchOK as
-	 * second | false if not successful
-	 */
-	private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
-		if(!is_null($attr) && !is_array($attr)) {
-			$attr = array(mb_strtolower($attr, 'UTF-8'));
-		}
-
-		// See if we have a resource, in case not cancel with message
-		$cr = $this->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
-			// Seems like we didn't find any resource.
-			// Return an empty array just like before.
-			\OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', \OCP\Util::DEBUG);
-			return false;
-		}
-
-		//check whether paged search should be attempted
-		$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, intval($limit), $offset);
-
-		$linkResources = array_pad(array(), count($base), $cr);
-		$sr = $this->ldap->search($linkResources, $base, $filter, $attr);
-		$error = $this->ldap->errno($cr);
-		if(!is_array($sr) || $error !== 0) {
-			\OCP\Util::writeLog('user_ldap',
-				'Error when searching: '.$this->ldap->error($cr).
-					' code '.$this->ldap->errno($cr),
-				\OCP\Util::ERROR);
-			\OCP\Util::writeLog('user_ldap', 'Attempt for Paging?  '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
-			return false;
-		}
-
-		return array($sr, $pagedSearchOK);
-	}
-
-	/**
-	 * processes an LDAP paged search operation
-	 * @param array $sr the array containing the LDAP search resources
-	 * @param string $filter the LDAP filter for the search
-	 * @param array $base an array containing the LDAP subtree(s) that shall be searched
-	 * @param int $iFoundItems number of results in the search operation
-	 * @param int $limit maximum results to be counted
-	 * @param int $offset a starting point
-	 * @param bool $pagedSearchOK whether a paged search has been executed
-	 * @param bool $skipHandling required for paged search when cookies to
-	 * prior results need to be gained
-	 * @return bool cookie validity, true if we have more pages, false otherwise.
-	 */
-	private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
-		$cookie = null;
-		if($pagedSearchOK) {
-			$cr = $this->connection->getConnectionResource();
-			foreach($sr as $key => $res) {
-				if($this->ldap->controlPagedResultResponse($cr, $res, $cookie)) {
-					$this->setPagedResultCookie($base[$key], $filter, $limit, $offset, $cookie);
-				}
-			}
-
-			//browsing through prior pages to get the cookie for the new one
-			if($skipHandling) {
-				return;
-			}
-			// if count is bigger, then the server does not support
-			// paged search. Instead, he did a normal search. We set a
-			// flag here, so the callee knows how to deal with it.
-			if($iFoundItems <= $limit) {
-				$this->pagedSearchedSuccessful = true;
-			}
-		} else {
-			if(!is_null($limit)) {
-				\OCP\Util::writeLog('user_ldap', 'Paged search was not available', \OCP\Util::INFO);
-			}
-		}
-		/* ++ Fixing RHDS searches with pages with zero results ++
+     * returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
+     * @param string $fdn the dn of the group object
+     * @param string $ldapName optional, the display name of the object
+     * @return string|false with the name to use in ownCloud, false on DN outside of search DN
+     */
+    public function dn2groupname($fdn, $ldapName = null) {
+        //To avoid bypassing the base DN settings under certain circumstances
+        //with the group support, check whether the provided DN matches one of
+        //the given Bases
+        if(!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
+            return false;
+        }
+
+        return $this->dn2ocname($fdn, $ldapName, false);
+    }
+
+    /**
+     * accepts an array of group DNs and tests whether they match the user
+     * filter by doing read operations against the group entries. Returns an
+     * array of DNs that match the filter.
+     *
+     * @param string[] $groupDNs
+     * @return string[]
+     */
+    public function groupsMatchFilter($groupDNs) {
+        $validGroupDNs = [];
+        foreach($groupDNs as $dn) {
+            $cacheKey = 'groupsMatchFilter-'.$dn;
+            $groupMatchFilter = $this->connection->getFromCache($cacheKey);
+            if(!is_null($groupMatchFilter)) {
+                if($groupMatchFilter) {
+                    $validGroupDNs[] = $dn;
+                }
+                continue;
+            }
+
+            // Check the base DN first. If this is not met already, we don't
+            // need to ask the server at all.
+            if(!$this->isDNPartOfBase($dn, $this->connection->ldapBaseGroups)) {
+                $this->connection->writeToCache($cacheKey, false);
+                continue;
+            }
+
+            $result = $this->readAttribute($dn, 'cn', $this->connection->ldapGroupFilter);
+            if(is_array($result)) {
+                $this->connection->writeToCache($cacheKey, true);
+                $validGroupDNs[] = $dn;
+            } else {
+                $this->connection->writeToCache($cacheKey, false);
+            }
+
+        }
+        return $validGroupDNs;
+    }
+
+    /**
+     * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
+     * @param string $dn the dn of the user object
+     * @param string $ldapName optional, the display name of the object
+     * @return string|false with with the name to use in ownCloud
+     */
+    public function dn2username($fdn, $ldapName = null) {
+        //To avoid bypassing the base DN settings under certain circumstances
+        //with the group support, check whether the provided DN matches one of
+        //the given Bases
+        if(!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
+            return false;
+        }
+
+        return $this->dn2ocname($fdn, $ldapName, true);
+    }
+
+    /**
+     * returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
+     * @param string $dn the dn of the user object
+     * @param string $ldapName optional, the display name of the object
+     * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
+     * @return string|false with with the name to use in ownCloud
+     */
+    public function dn2ocname($fdn, $ldapName = null, $isUser = true) {
+        if($isUser) {
+            $mapper = $this->getUserMapper();
+            $nameAttribute = $this->connection->ldapUserDisplayName;
+        } else {
+            $mapper = $this->getGroupMapper();
+            $nameAttribute = $this->connection->ldapGroupDisplayName;
+        }
+
+        //let's try to retrieve the ownCloud name from the mappings table
+        $ocName = $mapper->getNameByDN($fdn);
+        if(is_string($ocName)) {
+            return $ocName;
+        }
+
+        //second try: get the UUID and check if it is known. Then, update the DN and return the name.
+        $uuid = $this->getUUID($fdn, $isUser);
+        if(is_string($uuid)) {
+            $ocName = $mapper->getNameByUUID($uuid);
+            if(is_string($ocName)) {
+                $mapper->setDNbyUUID($fdn, $uuid);
+                return $ocName;
+            }
+        } else {
+            //If the UUID can't be detected something is foul.
+            \OCP\Util::writeLog('user_ldap', 'Cannot determine UUID for '.$fdn.'. Skipping.', \OCP\Util::INFO);
+            return false;
+        }
+
+        if(is_null($ldapName)) {
+            $ldapName = $this->readAttribute($fdn, $nameAttribute);
+            if(!isset($ldapName[0]) && empty($ldapName[0])) {
+                \OCP\Util::writeLog('user_ldap', 'No or empty name for '.$fdn.'.', \OCP\Util::INFO);
+                return false;
+            }
+            $ldapName = $ldapName[0];
+        }
+
+        if($isUser) {
+            $usernameAttribute = $this->connection->ldapExpertUsernameAttr;
+            if(!empty($usernameAttribute)) {
+                $username = $this->readAttribute($fdn, $usernameAttribute);
+                $username = $username[0];
+            } else {
+                $username = $uuid;
+            }
+            $intName = $this->sanitizeUsername($username);
+        } else {
+            $intName = $ldapName;
+        }
+
+        //a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
+        //disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
+        //NOTE: mind, disabling cache affects only this instance! Using it
+        // outside of core user management will still cache the user as non-existing.
+        $originalTTL = $this->connection->ldapCacheTTL;
+        $this->connection->setConfiguration(array('ldapCacheTTL' => 0));
+        if(($isUser && !\OCP\User::userExists($intName))
+            || (!$isUser && !\OC_Group::groupExists($intName))) {
+            if($mapper->map($fdn, $intName, $uuid)) {
+                $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
+                return $intName;
+            }
+        }
+        $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
+
+        $altName = $this->createAltInternalOwnCloudName($intName, $isUser);
+        if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
+            return $altName;
+        }
+
+        //if everything else did not help..
+        \OCP\Util::writeLog('user_ldap', 'Could not create unique name for '.$fdn.'.', \OCP\Util::INFO);
+        return false;
+    }
+
+    /**
+     * gives back the user names as they are used ownClod internally
+     * @param array $ldapUsers as returned by fetchList()
+     * @return array an array with the user names to use in ownCloud
+     *
+     * gives back the user names as they are used ownClod internally
+     */
+    public function ownCloudUserNames($ldapUsers) {
+        return $this->ldap2ownCloudNames($ldapUsers, true);
+    }
+
+    /**
+     * gives back the group names as they are used ownClod internally
+     * @param array $ldapGroups as returned by fetchList()
+     * @return array an array with the group names to use in ownCloud
+     *
+     * gives back the group names as they are used ownClod internally
+     */
+    public function ownCloudGroupNames($ldapGroups) {
+        return $this->ldap2ownCloudNames($ldapGroups, false);
+    }
+
+    /**
+     * @param array $ldapObjects as returned by fetchList()
+     * @param bool $isUsers
+     * @return array
+     */
+    private function ldap2ownCloudNames($ldapObjects, $isUsers) {
+        if($isUsers) {
+            $nameAttribute = $this->connection->ldapUserDisplayName;
+            $sndAttribute  = $this->connection->ldapUserDisplayName2;
+        } else {
+            $nameAttribute = $this->connection->ldapGroupDisplayName;
+        }
+        $ownCloudNames = array();
+
+        foreach($ldapObjects as $ldapObject) {
+            $nameByLDAP = null;
+            if(    isset($ldapObject[$nameAttribute])
+                && is_array($ldapObject[$nameAttribute])
+                && isset($ldapObject[$nameAttribute][0])
+            ) {
+                // might be set, but not necessarily. if so, we use it.
+                $nameByLDAP = $ldapObject[$nameAttribute][0];
+            }
+
+            $ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
+            if($ocName) {
+                $ownCloudNames[] = $ocName;
+                if($isUsers) {
+                    //cache the user names so it does not need to be retrieved
+                    //again later (e.g. sharing dialogue).
+                    if(is_null($nameByLDAP)) {
+                        continue;
+                    }
+                    $sndName = isset($ldapObject[$sndAttribute][0])
+                        ? $ldapObject[$sndAttribute][0] : '';
+                    $this->cacheUserDisplayName($ocName, $nameByLDAP, $sndName);
+                }
+            }
+        }
+        return $ownCloudNames;
+    }
+
+    /**
+     * caches the user display name
+     * @param string $ocName the internal ownCloud username
+     * @param string|false $home the home directory path
+     */
+    public function cacheUserHome($ocName, $home) {
+        $cacheKey = 'getHome'.$ocName;
+        $this->connection->writeToCache($cacheKey, $home);
+    }
+
+    /**
+     * caches a user as existing
+     * @param string $ocName the internal ownCloud username
+     */
+    public function cacheUserExists($ocName) {
+        $this->connection->writeToCache('userExists'.$ocName, true);
+    }
+
+    /**
+     * caches the user display name
+     * @param string $ocName the internal ownCloud username
+     * @param string $displayName the display name
+     * @param string $displayName2 the second display name
+     */
+    public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
+        $user = $this->userManager->get($ocName);
+        $displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
+        $cacheKeyTrunk = 'getDisplayName';
+        $this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
+    }
+
+    /**
+     * creates a unique name for internal ownCloud use for users. Don't call it directly.
+     * @param string $name the display name of the object
+     * @return string|false with with the name to use in ownCloud or false if unsuccessful
+     *
+     * Instead of using this method directly, call
+     * createAltInternalOwnCloudName($name, true)
+     */
+    private function _createAltInternalOwnCloudNameForUsers($name) {
+        $attempts = 0;
+        //while loop is just a precaution. If a name is not generated within
+        //20 attempts, something else is very wrong. Avoids infinite loop.
+        while($attempts < 20){
+            $altName = $name . '_' . rand(1000,9999);
+            if(!\OCP\User::userExists($altName)) {
+                return $altName;
+            }
+            $attempts++;
+        }
+        return false;
+    }
+
+    /**
+     * creates a unique name for internal ownCloud use for groups. Don't call it directly.
+     * @param string $name the display name of the object
+     * @return string|false with with the name to use in ownCloud or false if unsuccessful.
+     *
+     * Instead of using this method directly, call
+     * createAltInternalOwnCloudName($name, false)
+     *
+     * Group names are also used as display names, so we do a sequential
+     * numbering, e.g. Developers_42 when there are 41 other groups called
+     * "Developers"
+     */
+    private function _createAltInternalOwnCloudNameForGroups($name) {
+        $usedNames = $this->groupMapper->getNamesBySearch($name.'_%');
+        if(!($usedNames) || count($usedNames) === 0) {
+            $lastNo = 1; //will become name_2
+        } else {
+            natsort($usedNames);
+            $lastName = array_pop($usedNames);
+            $lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
+        }
+        $altName = $name.'_'.strval($lastNo+1);
+        unset($usedNames);
+
+        $attempts = 1;
+        while($attempts < 21){
+            // Check to be really sure it is unique
+            // while loop is just a precaution. If a name is not generated within
+            // 20 attempts, something else is very wrong. Avoids infinite loop.
+            if(!\OC_Group::groupExists($altName)) {
+                return $altName;
+            }
+            $altName = $name . '_' . ($lastNo + $attempts);
+            $attempts++;
+        }
+        return false;
+    }
+
+    /**
+     * creates a unique name for internal ownCloud use.
+     * @param string $name the display name of the object
+     * @param boolean $isUser whether name should be created for a user (true) or a group (false)
+     * @return string|false with with the name to use in ownCloud or false if unsuccessful
+     */
+    private function createAltInternalOwnCloudName($name, $isUser) {
+        $originalTTL = $this->connection->ldapCacheTTL;
+        $this->connection->setConfiguration(array('ldapCacheTTL' => 0));
+        if($isUser) {
+            $altName = $this->_createAltInternalOwnCloudNameForUsers($name);
+        } else {
+            $altName = $this->_createAltInternalOwnCloudNameForGroups($name);
+        }
+        $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
+
+        return $altName;
+    }
+
+    /**
+     * fetches a list of users according to a provided loginName and utilizing
+     * the login filter.
+     *
+     * @param string $loginName
+     * @param array $attributes optional, list of attributes to read
+     * @return array
+     */
+    public function fetchUsersByLoginName($loginName, $attributes = array('dn')) {
+        $loginName = $this->escapeFilterPart($loginName);
+        $filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
+        $users = $this->fetchListOfUsers($filter, $attributes);
+        return $users;
+    }
+
+    /**
+     * counts the number of users according to a provided loginName and
+     * utilizing the login filter.
+     *
+     * @param string $loginName
+     * @return array
+     */
+    public function countUsersByLoginName($loginName) {
+        $loginName = $this->escapeFilterPart($loginName);
+        $filter = str_replace('%uid', $loginName, $this->connection->ldapLoginFilter);
+        $users = $this->countUsers($filter);
+        return $users;
+    }
+
+    /**
+     * @param string $filter
+     * @param string|string[] $attr
+     * @param int $limit
+     * @param int $offset
+     * @return array
+     */
+    public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) {
+        $ldapRecords = $this->searchUsers($filter, $attr, $limit, $offset);
+        $this->batchApplyUserAttributes($ldapRecords);
+        return $this->fetchList($ldapRecords, (count($attr) > 1));
+    }
+
+    /**
+     * provided with an array of LDAP user records the method will fetch the
+     * user object and requests it to process the freshly fetched attributes and
+     * and their values
+     * @param array $ldapRecords
+     */
+    public function batchApplyUserAttributes(array $ldapRecords){
+        $displayNameAttribute = strtolower($this->connection->ldapUserDisplayName);
+        foreach($ldapRecords as $userRecord) {
+            if(!isset($userRecord[$displayNameAttribute])) {
+                // displayName is obligatory
+                continue;
+            }
+            $ocName  = $this->dn2ocname($userRecord['dn'][0]);
+            if($ocName === false) {
+                continue;
+            }
+            $this->cacheUserExists($ocName);
+            $user = $this->userManager->get($ocName);
+            if($user instanceof OfflineUser) {
+                $user->unmark();
+                $user = $this->userManager->get($ocName);
+            }
+            if ($user !== null) {
+                $user->processAttributes($userRecord);
+            } else {
+                \OC::$server->getLogger()->debug(
+                    "The ldap user manager returned null for $ocName",
+                    ['app'=>'user_ldap']
+                );
+            }
+        }
+    }
+
+    /**
+     * @param string $filter
+     * @param string|string[] $attr
+     * @param int $limit
+     * @param int $offset
+     * @return array
+     */
+    public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
+        return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1));
+    }
+
+    /**
+     * @param array $list
+     * @param bool $manyAttributes
+     * @return array
+     */
+    private function fetchList($list, $manyAttributes) {
+        if(is_array($list)) {
+            if($manyAttributes) {
+                return $list;
+            } else {
+                $list = array_reduce($list, function($carry, $item) {
+                    $attribute = array_keys($item)[0];
+                    $carry[] = $item[$attribute][0];
+                    return $carry;
+                }, array());
+                return array_unique($list, SORT_LOCALE_STRING);
+            }
+        }
+
+        //error cause actually, maybe throw an exception in future.
+        return array();
+    }
+
+    /**
+     * executes an LDAP search, optimized for Users
+     * @param string $filter the LDAP filter for the search
+     * @param string|string[] $attr optional, when a certain attribute shall be filtered out
+     * @param integer $limit
+     * @param integer $offset
+     * @return array with the search result
+     *
+     * Executes an LDAP search
+     */
+    public function searchUsers($filter, $attr = null, $limit = null, $offset = null) {
+        return $this->search($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
+    }
+
+    /**
+     * @param string $filter
+     * @param string|string[] $attr
+     * @param int $limit
+     * @param int $offset
+     * @return false|int
+     */
+    public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
+        return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
+    }
+
+    /**
+     * executes an LDAP search, optimized for Groups
+     * @param string $filter the LDAP filter for the search
+     * @param string|string[] $attr optional, when a certain attribute shall be filtered out
+     * @param integer $limit
+     * @param integer $offset
+     * @return array with the search result
+     *
+     * Executes an LDAP search
+     */
+    public function searchGroups($filter, $attr = null, $limit = null, $offset = null) {
+        return $this->search($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
+    }
+
+    /**
+     * returns the number of available groups
+     * @param string $filter the LDAP search filter
+     * @param string[] $attr optional
+     * @param int|null $limit
+     * @param int|null $offset
+     * @return int|bool
+     */
+    public function countGroups($filter, $attr = array('dn'), $limit = null, $offset = null) {
+        return $this->count($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
+    }
+
+    /**
+     * returns the number of available objects on the base DN
+     *
+     * @param int|null $limit
+     * @param int|null $offset
+     * @return int|bool
+     */
+    public function countObjects($limit = null, $offset = null) {
+        return $this->count('objectclass=*', $this->connection->ldapBase, array('dn'), $limit, $offset);
+    }
+
+    /**
+     * retrieved. Results will according to the order in the array.
+     * @param int $limit optional, maximum results to be counted
+     * @param int $offset optional, a starting point
+     * @return array|false array with the search result as first value and pagedSearchOK as
+     * second | false if not successful
+     */
+    private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
+        if(!is_null($attr) && !is_array($attr)) {
+            $attr = array(mb_strtolower($attr, 'UTF-8'));
+        }
+
+        // See if we have a resource, in case not cancel with message
+        $cr = $this->connection->getConnectionResource();
+        if(!$this->ldap->isResource($cr)) {
+            // Seems like we didn't find any resource.
+            // Return an empty array just like before.
+            \OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', \OCP\Util::DEBUG);
+            return false;
+        }
+
+        //check whether paged search should be attempted
+        $pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, intval($limit), $offset);
+
+        $linkResources = array_pad(array(), count($base), $cr);
+        $sr = $this->ldap->search($linkResources, $base, $filter, $attr);
+        $error = $this->ldap->errno($cr);
+        if(!is_array($sr) || $error !== 0) {
+            \OCP\Util::writeLog('user_ldap',
+                'Error when searching: '.$this->ldap->error($cr).
+                    ' code '.$this->ldap->errno($cr),
+                \OCP\Util::ERROR);
+            \OCP\Util::writeLog('user_ldap', 'Attempt for Paging?  '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
+            return false;
+        }
+
+        return array($sr, $pagedSearchOK);
+    }
+
+    /**
+     * processes an LDAP paged search operation
+     * @param array $sr the array containing the LDAP search resources
+     * @param string $filter the LDAP filter for the search
+     * @param array $base an array containing the LDAP subtree(s) that shall be searched
+     * @param int $iFoundItems number of results in the search operation
+     * @param int $limit maximum results to be counted
+     * @param int $offset a starting point
+     * @param bool $pagedSearchOK whether a paged search has been executed
+     * @param bool $skipHandling required for paged search when cookies to
+     * prior results need to be gained
+     * @return bool cookie validity, true if we have more pages, false otherwise.
+     */
+    private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
+        $cookie = null;
+        if($pagedSearchOK) {
+            $cr = $this->connection->getConnectionResource();
+            foreach($sr as $key => $res) {
+                if($this->ldap->controlPagedResultResponse($cr, $res, $cookie)) {
+                    $this->setPagedResultCookie($base[$key], $filter, $limit, $offset, $cookie);
+                }
+            }
+
+            //browsing through prior pages to get the cookie for the new one
+            if($skipHandling) {
+                return;
+            }
+            // if count is bigger, then the server does not support
+            // paged search. Instead, he did a normal search. We set a
+            // flag here, so the callee knows how to deal with it.
+            if($iFoundItems <= $limit) {
+                $this->pagedSearchedSuccessful = true;
+            }
+        } else {
+            if(!is_null($limit)) {
+                \OCP\Util::writeLog('user_ldap', 'Paged search was not available', \OCP\Util::INFO);
+            }
+        }
+        /* ++ Fixing RHDS searches with pages with zero results ++
 		 * Return cookie status. If we don't have more pages, with RHDS
 		 * cookie is null, with openldap cookie is an empty string and
 		 * to 386ds '0' is a valid cookie. Even if $iFoundItems == 0
 		 */
-		return !empty($cookie) || $cookie === '0';
-	}
-
-	/**
-	 * executes an LDAP search, but counts the results only
-	 * @param string $filter the LDAP filter for the search
-	 * @param array $base an array containing the LDAP subtree(s) that shall be searched
-	 * @param string|string[] $attr optional, array, one or more attributes that shall be
-	 * retrieved. Results will according to the order in the array.
-	 * @param int $limit optional, maximum results to be counted
-	 * @param int $offset optional, a starting point
-	 * @param bool $skipHandling indicates whether the pages search operation is
-	 * completed
-	 * @return int|false Integer or false if the search could not be initialized
-	 *
-	 */
-	private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
-		\OCP\Util::writeLog('user_ldap', 'Count filter:  '.print_r($filter, true), \OCP\Util::DEBUG);
-
-		$limitPerPage = intval($this->connection->ldapPagingSize);
-		if(!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
-			$limitPerPage = $limit;
-		}
-
-		$counter = 0;
-		$count = null;
-		$this->connection->getConnectionResource();
-
-		do {
-			$search = $this->executeSearch($filter, $base, $attr,
-										   $limitPerPage, $offset);
-			if($search === false) {
-				return $counter > 0 ? $counter : false;
-			}
-			list($sr, $pagedSearchOK) = $search;
-
-			/* ++ Fixing RHDS searches with pages with zero results ++
+        return !empty($cookie) || $cookie === '0';
+    }
+
+    /**
+     * executes an LDAP search, but counts the results only
+     * @param string $filter the LDAP filter for the search
+     * @param array $base an array containing the LDAP subtree(s) that shall be searched
+     * @param string|string[] $attr optional, array, one or more attributes that shall be
+     * retrieved. Results will according to the order in the array.
+     * @param int $limit optional, maximum results to be counted
+     * @param int $offset optional, a starting point
+     * @param bool $skipHandling indicates whether the pages search operation is
+     * completed
+     * @return int|false Integer or false if the search could not be initialized
+     *
+     */
+    private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
+        \OCP\Util::writeLog('user_ldap', 'Count filter:  '.print_r($filter, true), \OCP\Util::DEBUG);
+
+        $limitPerPage = intval($this->connection->ldapPagingSize);
+        if(!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
+            $limitPerPage = $limit;
+        }
+
+        $counter = 0;
+        $count = null;
+        $this->connection->getConnectionResource();
+
+        do {
+            $search = $this->executeSearch($filter, $base, $attr,
+                                            $limitPerPage, $offset);
+            if($search === false) {
+                return $counter > 0 ? $counter : false;
+            }
+            list($sr, $pagedSearchOK) = $search;
+
+            /* ++ Fixing RHDS searches with pages with zero results ++
 			 * countEntriesInSearchResults() method signature changed
 			 * by removing $limit and &$hasHitLimit parameters
 			 */
-			$count = $this->countEntriesInSearchResults($sr);
-			$counter += $count;
+            $count = $this->countEntriesInSearchResults($sr);
+            $counter += $count;
 
-			$hasMorePages = $this->processPagedSearchStatus($sr, $filter, $base, $count, $limitPerPage,
-										$offset, $pagedSearchOK, $skipHandling);
-			$offset += $limitPerPage;
-			/* ++ Fixing RHDS searches with pages with zero results ++
+            $hasMorePages = $this->processPagedSearchStatus($sr, $filter, $base, $count, $limitPerPage,
+                                        $offset, $pagedSearchOK, $skipHandling);
+            $offset += $limitPerPage;
+            /* ++ Fixing RHDS searches with pages with zero results ++
 			 * Continue now depends on $hasMorePages value
 			 */
-			$continue = $pagedSearchOK && $hasMorePages;
-		} while($continue && (is_null($limit) || $limit <= 0 || $limit > $counter));
-
-		return $counter;
-	}
-
-	/**
-	 * @param array $searchResults
-	 * @return int
-	 */
-	private function countEntriesInSearchResults($searchResults) {
-		$cr = $this->connection->getConnectionResource();
-		$counter = 0;
-
-		foreach($searchResults as $res) {
-			$count = intval($this->ldap->countEntries($cr, $res));
-			$counter += $count;
-		}
-
-		return $counter;
-	}
-
-	/**
-	 * Executes an LDAP search
-	 * @param string $filter the LDAP filter for the search
-	 * @param array $base an array containing the LDAP subtree(s) that shall be searched
-	 * @param string|string[] $attr optional, array, one or more attributes that shall be
-	 * @param int $limit
-	 * @param int $offset
-	 * @param bool $skipHandling
-	 * @return array with the search result
-	 */
-	private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
-		if($limit <= 0) {
-			//otherwise search will fail
-			$limit = null;
-		}
-
-		/* ++ Fixing RHDS searches with pages with zero results ++
+            $continue = $pagedSearchOK && $hasMorePages;
+        } while($continue && (is_null($limit) || $limit <= 0 || $limit > $counter));
+
+        return $counter;
+    }
+
+    /**
+     * @param array $searchResults
+     * @return int
+     */
+    private function countEntriesInSearchResults($searchResults) {
+        $cr = $this->connection->getConnectionResource();
+        $counter = 0;
+
+        foreach($searchResults as $res) {
+            $count = intval($this->ldap->countEntries($cr, $res));
+            $counter += $count;
+        }
+
+        return $counter;
+    }
+
+    /**
+     * Executes an LDAP search
+     * @param string $filter the LDAP filter for the search
+     * @param array $base an array containing the LDAP subtree(s) that shall be searched
+     * @param string|string[] $attr optional, array, one or more attributes that shall be
+     * @param int $limit
+     * @param int $offset
+     * @param bool $skipHandling
+     * @return array with the search result
+     */
+    private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
+        if($limit <= 0) {
+            //otherwise search will fail
+            $limit = null;
+        }
+
+        /* ++ Fixing RHDS searches with pages with zero results ++
 		 * As we can have pages with zero results and/or pages with less
 		 * than $limit results but with a still valid server 'cookie',
 		 * loops through until we get $continue equals true and
 		 * $findings['count'] < $limit
 		 */
-		$findings = array();
-		$savedoffset = $offset;
-		do {
-			$continue = false;
-			$search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
-			if($search === false) {
-				return array();
-			}
-			list($sr, $pagedSearchOK) = $search;
-			$cr = $this->connection->getConnectionResource();
-
-			if($skipHandling) {
-				//i.e. result do not need to be fetched, we just need the cookie
-				//thus pass 1 or any other value as $iFoundItems because it is not
-				//used
-				$this->processPagedSearchStatus($sr, $filter, $base, 1, $limit,
-								$offset, $pagedSearchOK,
-								$skipHandling);
-				return array();
-			}
-
-			foreach($sr as $res) {
-				$findings = array_merge($findings, $this->ldap->getEntries($cr	, $res ));
-			}
-
-			$continue = $this->processPagedSearchStatus($sr, $filter, $base, $findings['count'],
-								$limit, $offset, $pagedSearchOK,
-										$skipHandling);
-			$offset += $limit;
-		} while ($continue && $pagedSearchOK && $findings['count'] < $limit);
-		// reseting offset
-		$offset = $savedoffset;
-
-		// if we're here, probably no connection resource is returned.
-		// to make ownCloud behave nicely, we simply give back an empty array.
-		if(is_null($findings)) {
-			return array();
-		}
-
-		if(!is_null($attr)) {
-			$selection = array();
-			$i = 0;
-			foreach($findings as $item) {
-				if(!is_array($item)) {
-					continue;
-				}
-				$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
-				foreach($attr as $key) {
-					$key = mb_strtolower($key, 'UTF-8');
-					if(isset($item[$key])) {
-						if(is_array($item[$key]) && isset($item[$key]['count'])) {
-							unset($item[$key]['count']);
-						}
-						if($key !== 'dn') {
-							$selection[$i][$key] = $this->resemblesDN($key) ?
-								$this->sanitizeDN($item[$key])
-								: $item[$key];
-						} else {
-							$selection[$i][$key] = [$this->sanitizeDN($item[$key])];
-						}
-					}
-
-				}
-				$i++;
-			}
-			$findings = $selection;
-		}
-		//we slice the findings, when
-		//a) paged search unsuccessful, though attempted
-		//b) no paged search, but limit set
-		if((!$this->getPagedSearchResultState()
-			&& $pagedSearchOK)
-			|| (
-				!$pagedSearchOK
-				&& !is_null($limit)
-			)
-		) {
-			$findings = array_slice($findings, intval($offset), $limit);
-		}
-		return $findings;
-	}
-
-	/**
-	 * @param string $name
-	 * @return bool|mixed|string
-	 */
-	public function sanitizeUsername($name) {
-		if($this->connection->ldapIgnoreNamingRules) {
-			return $name;
-		}
-
-		// Transliteration
-		// latin characters to ASCII
-		$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
-
-		// Replacements
-		$name = str_replace(' ', '_', $name);
-
-		// Every remaining disallowed characters will be removed
-		$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
-
-		return $name;
-	}
-
-	/**
-	* escapes (user provided) parts for LDAP filter
-	* @param string $input, the provided value
-	* @param bool $allowAsterisk whether in * at the beginning should be preserved
-	* @return string the escaped string
-	*/
-	public function escapeFilterPart($input, $allowAsterisk = false) {
-		$asterisk = '';
-		if($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
-			$asterisk = '*';
-			$input = mb_substr($input, 1, null, 'UTF-8');
-		}
-		$search  = array('*', '\\', '(', ')');
-		$replace = array('\\*', '\\\\', '\\(', '\\)');
-		return $asterisk . str_replace($search, $replace, $input);
-	}
-
-	/**
-	 * combines the input filters with AND
-	 * @param string[] $filters the filters to connect
-	 * @return string the combined filter
-	 */
-	public function combineFilterWithAnd($filters) {
-		return $this->combineFilter($filters, '&');
-	}
-
-	/**
-	 * combines the input filters with OR
-	 * @param string[] $filters the filters to connect
-	 * @return string the combined filter
-	 * Combines Filter arguments with OR
-	 */
-	public function combineFilterWithOr($filters) {
-		return $this->combineFilter($filters, '|');
-	}
-
-	/**
-	 * combines the input filters with given operator
-	 * @param string[] $filters the filters to connect
-	 * @param string $operator either & or |
-	 * @return string the combined filter
-	 */
-	private function combineFilter($filters, $operator) {
-		$combinedFilter = '('.$operator;
-		foreach($filters as $filter) {
-			if(!empty($filter) && $filter[0] !== '(') {
-				$filter = '('.$filter.')';
-			}
-			$combinedFilter.=$filter;
-		}
-		$combinedFilter.=')';
-		return $combinedFilter;
-	}
-
-	/**
-	 * creates a filter part for to perform search for users
-	 * @param string $search the search term
-	 * @return string the final filter part to use in LDAP searches
-	 */
-	public function getFilterPartForUserSearch($search) {
-		return $this->getFilterPartForSearch($search,
-			$this->connection->ldapAttributesForUserSearch,
-			$this->connection->ldapUserDisplayName);
-	}
-
-	/**
-	 * creates a filter part for to perform search for groups
-	 * @param string $search the search term
-	 * @return string the final filter part to use in LDAP searches
-	 */
-	public function getFilterPartForGroupSearch($search) {
-		return $this->getFilterPartForSearch($search,
-			$this->connection->ldapAttributesForGroupSearch,
-			$this->connection->ldapGroupDisplayName);
-	}
-
-	/**
-	 * creates a filter part for searches by splitting up the given search
-	 * string into single words
-	 * @param string $search the search term
-	 * @param string[] $searchAttributes needs to have at least two attributes,
-	 * otherwise it does not make sense :)
-	 * @return string the final filter part to use in LDAP searches
-	 * @throws \Exception
-	 */
-	private function getAdvancedFilterPartForSearch($search, $searchAttributes) {
-		if(!is_array($searchAttributes) || count($searchAttributes) < 2) {
-			throw new \Exception('searchAttributes must be an array with at least two string');
-		}
-		$searchWords = explode(' ', trim($search));
-		$wordFilters = array();
-		foreach($searchWords as $word) {
-			$word = $this->prepareSearchTerm($word);
-			//every word needs to appear at least once
-			$wordMatchOneAttrFilters = array();
-			foreach($searchAttributes as $attr) {
-				$wordMatchOneAttrFilters[] = $attr . '=' . $word;
-			}
-			$wordFilters[] = $this->combineFilterWithOr($wordMatchOneAttrFilters);
-		}
-		return $this->combineFilterWithAnd($wordFilters);
-	}
-
-	/**
-	 * creates a filter part for searches
-	 * @param string $search the search term
-	 * @param string[]|null $searchAttributes
-	 * @param string $fallbackAttribute a fallback attribute in case the user
-	 * did not define search attributes. Typically the display name attribute.
-	 * @return string the final filter part to use in LDAP searches
-	 */
-	private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
-		$filter = array();
-		$haveMultiSearchAttributes = (is_array($searchAttributes) && count($searchAttributes) > 0);
-		if($haveMultiSearchAttributes && strpos(trim($search), ' ') !== false) {
-			try {
-				return $this->getAdvancedFilterPartForSearch($search, $searchAttributes);
-			} catch(\Exception $e) {
-				\OCP\Util::writeLog(
-					'user_ldap',
-					'Creating advanced filter for search failed, falling back to simple method.',
-					\OCP\Util::INFO
-				);
-			}
-		}
-
-		$search = $this->prepareSearchTerm($search);
-		if(!is_array($searchAttributes) || count($searchAttributes) === 0) {
-			if(empty($fallbackAttribute)) {
-				return '';
-			}
-			$filter[] = $fallbackAttribute . '=' . $search;
-		} else {
-			foreach($searchAttributes as $attribute) {
-				$filter[] = $attribute . '=' . $search;
-			}
-		}
-		if(count($filter) === 1) {
-			return '('.$filter[0].')';
-		}
-		return $this->combineFilterWithOr($filter);
-	}
-
-	/**
-	 * returns the search term depending on whether we are allowed
-	 * list users found by ldap with the current input appended by
-	 * a *
-	 * @return string
-	 */
-	private function prepareSearchTerm($term) {
-		$config = \OC::$server->getConfig();
-
-		$allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
-
-		$result = empty($term) ? '*' :
-			$allowEnum !== 'no' ? $term . '*' : $term;
-		return $result;
-	}
-
-	/**
-	 * returns the filter used for counting users
-	 * @return string
-	 */
-	public function getFilterForUserCount() {
-		$filter = $this->combineFilterWithAnd(array(
-			$this->connection->ldapUserFilter,
-			$this->connection->ldapUserDisplayName . '=*'
-		));
-
-		return $filter;
-	}
-
-	/**
-	 * @param string $name
-	 * @param string $password
-	 * @return bool
-	 */
-	public function areCredentialsValid($name, $password) {
-		$name = $this->DNasBaseParameter($name);
-		$testConnection = clone $this->connection;
-		$credentials = array(
-			'ldapAgentName' => $name,
-			'ldapAgentPassword' => $password
-		);
-		if(!$testConnection->setConfiguration($credentials)) {
-			return false;
-		}
-		return $testConnection->bind();
-	}
-
-	/**
-	 * reverse lookup of a DN given a known UUID
-	 *
-	 * @param string $uuid
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function getUserDnByUuid($uuid) {
-		$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
-		$filter       = $this->connection->ldapUserFilter;
-		$base         = $this->connection->ldapBaseUsers;
-
-		if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) {
-			// Sacrebleu! The UUID attribute is unknown :( We need first an
-			// existing DN to be able to reliably detect it.
-			$result = $this->search($filter, $base, ['dn'], 1);
-			if(!isset($result[0]) || !isset($result[0]['dn'])) {
-				throw new \Exception('Cannot determine UUID attribute');
-			}
-			$dn = $result[0]['dn'][0];
-			if(!$this->detectUuidAttribute($dn, true)) {
-				throw new \Exception('Cannot determine UUID attribute');
-			}
-		} else {
-			// The UUID attribute is either known or an override is given.
-			// By calling this method we ensure that $this->connection->$uuidAttr
-			// is definitely set
-			if(!$this->detectUuidAttribute('', true)) {
-				throw new \Exception('Cannot determine UUID attribute');
-			}
-		}
-
-		$uuidAttr = $this->connection->ldapUuidUserAttribute;
-		if($uuidAttr === 'guid' || $uuidAttr === 'objectguid') {
-			$uuid = $this->formatGuid2ForFilterUser($uuid);
-		}
-
-		$filter = $uuidAttr . '=' . $uuid;
-		$result = $this->searchUsers($filter, ['dn'], 2);
-		if(is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) {
-			// we put the count into account to make sure that this is
-			// really unique
-			return $result[0]['dn'][0];
-		}
-
-		throw new \Exception('Cannot determine UUID attribute');
-	}
-
-	/**
-	 * auto-detects the directory's UUID attribute
-	 * @param string $dn a known DN used to check against
-	 * @param bool $isUser
-	 * @param bool $force the detection should be run, even if it is not set to auto
-	 * @return bool true on success, false otherwise
-	 */
-	private function detectUuidAttribute($dn, $isUser = true, $force = false) {
-		if($isUser) {
-			$uuidAttr     = 'ldapUuidUserAttribute';
-			$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
-		} else {
-			$uuidAttr     = 'ldapUuidGroupAttribute';
-			$uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
-		}
-
-		if(($this->connection->$uuidAttr !== 'auto') && !$force) {
-			return true;
-		}
-
-		if(!empty($uuidOverride) && !$force) {
-			$this->connection->$uuidAttr = $uuidOverride;
-			return true;
-		}
-
-		// for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
-		$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
-
-		foreach($testAttributes as $attribute) {
-			$value = $this->readAttribute($dn, $attribute);
-			if(is_array($value) && isset($value[0]) && !empty($value[0])) {
-				\OCP\Util::writeLog('user_ldap',
-									'Setting '.$attribute.' as '.$uuidAttr,
-									\OCP\Util::DEBUG);
-				$this->connection->$uuidAttr = $attribute;
-				return true;
-			}
-		}
-		\OCP\Util::writeLog('user_ldap',
-							'Could not autodetect the UUID attribute',
-							\OCP\Util::ERROR);
-
-		return false;
-	}
-
-	/**
-	 * @param string $dn
-	 * @param bool $isUser
-	 * @return string|bool
-	 */
-	public function getUUID($dn, $isUser = true) {
-		if($isUser) {
-			$uuidAttr     = 'ldapUuidUserAttribute';
-			$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
-		} else {
-			$uuidAttr     = 'ldapUuidGroupAttribute';
-			$uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
-		}
-
-		$uuid = false;
-		if($this->detectUuidAttribute($dn, $isUser)) {
-			$uuid = $this->readAttribute($dn, $this->connection->$uuidAttr);
-			if( !is_array($uuid)
-				&& !empty($uuidOverride)
-				&& $this->detectUuidAttribute($dn, $isUser, true)) {
-					$uuid = $this->readAttribute($dn,
-												 $this->connection->$uuidAttr);
-			}
-			if(is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) {
-				$uuid = $uuid[0];
-			}
-		}
-
-		return $uuid;
-	}
-
-	/**
-	 * converts a binary ObjectGUID into a string representation
-	 * @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
-	 * @return string
-	 * @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
-	 */
-	private function convertObjectGUID2Str($oguid) {
-		$hex_guid = bin2hex($oguid);
-		$hex_guid_to_guid_str = '';
-		for($k = 1; $k <= 4; ++$k) {
-			$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
-		}
-		$hex_guid_to_guid_str .= '-';
-		for($k = 1; $k <= 2; ++$k) {
-			$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
-		}
-		$hex_guid_to_guid_str .= '-';
-		for($k = 1; $k <= 2; ++$k) {
-			$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
-		}
-		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
-		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
-
-		return strtoupper($hex_guid_to_guid_str);
-	}
-
-	/**
-	 * the first three blocks of the string-converted GUID happen to be in
-	 * reverse order. In order to use it in a filter, this needs to be
-	 * corrected. Furthermore the dashes need to be replaced and \\ preprended
-	 * to every two hax figures.
-	 *
-	 * If an invalid string is passed, it will be returned without change.
-	 *
-	 * @param string $guid
-	 * @return string
-	 */
-	public function formatGuid2ForFilterUser($guid) {
-		if(!is_string($guid)) {
-			throw new \InvalidArgumentException('String expected');
-		}
-		$blocks = explode('-', $guid);
-		if(count($blocks) !== 5) {
-			/*
+        $findings = array();
+        $savedoffset = $offset;
+        do {
+            $continue = false;
+            $search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
+            if($search === false) {
+                return array();
+            }
+            list($sr, $pagedSearchOK) = $search;
+            $cr = $this->connection->getConnectionResource();
+
+            if($skipHandling) {
+                //i.e. result do not need to be fetched, we just need the cookie
+                //thus pass 1 or any other value as $iFoundItems because it is not
+                //used
+                $this->processPagedSearchStatus($sr, $filter, $base, 1, $limit,
+                                $offset, $pagedSearchOK,
+                                $skipHandling);
+                return array();
+            }
+
+            foreach($sr as $res) {
+                $findings = array_merge($findings, $this->ldap->getEntries($cr	, $res ));
+            }
+
+            $continue = $this->processPagedSearchStatus($sr, $filter, $base, $findings['count'],
+                                $limit, $offset, $pagedSearchOK,
+                                        $skipHandling);
+            $offset += $limit;
+        } while ($continue && $pagedSearchOK && $findings['count'] < $limit);
+        // reseting offset
+        $offset = $savedoffset;
+
+        // if we're here, probably no connection resource is returned.
+        // to make ownCloud behave nicely, we simply give back an empty array.
+        if(is_null($findings)) {
+            return array();
+        }
+
+        if(!is_null($attr)) {
+            $selection = array();
+            $i = 0;
+            foreach($findings as $item) {
+                if(!is_array($item)) {
+                    continue;
+                }
+                $item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
+                foreach($attr as $key) {
+                    $key = mb_strtolower($key, 'UTF-8');
+                    if(isset($item[$key])) {
+                        if(is_array($item[$key]) && isset($item[$key]['count'])) {
+                            unset($item[$key]['count']);
+                        }
+                        if($key !== 'dn') {
+                            $selection[$i][$key] = $this->resemblesDN($key) ?
+                                $this->sanitizeDN($item[$key])
+                                : $item[$key];
+                        } else {
+                            $selection[$i][$key] = [$this->sanitizeDN($item[$key])];
+                        }
+                    }
+
+                }
+                $i++;
+            }
+            $findings = $selection;
+        }
+        //we slice the findings, when
+        //a) paged search unsuccessful, though attempted
+        //b) no paged search, but limit set
+        if((!$this->getPagedSearchResultState()
+            && $pagedSearchOK)
+            || (
+                !$pagedSearchOK
+                && !is_null($limit)
+            )
+        ) {
+            $findings = array_slice($findings, intval($offset), $limit);
+        }
+        return $findings;
+    }
+
+    /**
+     * @param string $name
+     * @return bool|mixed|string
+     */
+    public function sanitizeUsername($name) {
+        if($this->connection->ldapIgnoreNamingRules) {
+            return $name;
+        }
+
+        // Transliteration
+        // latin characters to ASCII
+        $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
+
+        // Replacements
+        $name = str_replace(' ', '_', $name);
+
+        // Every remaining disallowed characters will be removed
+        $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
+
+        return $name;
+    }
+
+    /**
+     * escapes (user provided) parts for LDAP filter
+     * @param string $input, the provided value
+     * @param bool $allowAsterisk whether in * at the beginning should be preserved
+     * @return string the escaped string
+     */
+    public function escapeFilterPart($input, $allowAsterisk = false) {
+        $asterisk = '';
+        if($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
+            $asterisk = '*';
+            $input = mb_substr($input, 1, null, 'UTF-8');
+        }
+        $search  = array('*', '\\', '(', ')');
+        $replace = array('\\*', '\\\\', '\\(', '\\)');
+        return $asterisk . str_replace($search, $replace, $input);
+    }
+
+    /**
+     * combines the input filters with AND
+     * @param string[] $filters the filters to connect
+     * @return string the combined filter
+     */
+    public function combineFilterWithAnd($filters) {
+        return $this->combineFilter($filters, '&');
+    }
+
+    /**
+     * combines the input filters with OR
+     * @param string[] $filters the filters to connect
+     * @return string the combined filter
+     * Combines Filter arguments with OR
+     */
+    public function combineFilterWithOr($filters) {
+        return $this->combineFilter($filters, '|');
+    }
+
+    /**
+     * combines the input filters with given operator
+     * @param string[] $filters the filters to connect
+     * @param string $operator either & or |
+     * @return string the combined filter
+     */
+    private function combineFilter($filters, $operator) {
+        $combinedFilter = '('.$operator;
+        foreach($filters as $filter) {
+            if(!empty($filter) && $filter[0] !== '(') {
+                $filter = '('.$filter.')';
+            }
+            $combinedFilter.=$filter;
+        }
+        $combinedFilter.=')';
+        return $combinedFilter;
+    }
+
+    /**
+     * creates a filter part for to perform search for users
+     * @param string $search the search term
+     * @return string the final filter part to use in LDAP searches
+     */
+    public function getFilterPartForUserSearch($search) {
+        return $this->getFilterPartForSearch($search,
+            $this->connection->ldapAttributesForUserSearch,
+            $this->connection->ldapUserDisplayName);
+    }
+
+    /**
+     * creates a filter part for to perform search for groups
+     * @param string $search the search term
+     * @return string the final filter part to use in LDAP searches
+     */
+    public function getFilterPartForGroupSearch($search) {
+        return $this->getFilterPartForSearch($search,
+            $this->connection->ldapAttributesForGroupSearch,
+            $this->connection->ldapGroupDisplayName);
+    }
+
+    /**
+     * creates a filter part for searches by splitting up the given search
+     * string into single words
+     * @param string $search the search term
+     * @param string[] $searchAttributes needs to have at least two attributes,
+     * otherwise it does not make sense :)
+     * @return string the final filter part to use in LDAP searches
+     * @throws \Exception
+     */
+    private function getAdvancedFilterPartForSearch($search, $searchAttributes) {
+        if(!is_array($searchAttributes) || count($searchAttributes) < 2) {
+            throw new \Exception('searchAttributes must be an array with at least two string');
+        }
+        $searchWords = explode(' ', trim($search));
+        $wordFilters = array();
+        foreach($searchWords as $word) {
+            $word = $this->prepareSearchTerm($word);
+            //every word needs to appear at least once
+            $wordMatchOneAttrFilters = array();
+            foreach($searchAttributes as $attr) {
+                $wordMatchOneAttrFilters[] = $attr . '=' . $word;
+            }
+            $wordFilters[] = $this->combineFilterWithOr($wordMatchOneAttrFilters);
+        }
+        return $this->combineFilterWithAnd($wordFilters);
+    }
+
+    /**
+     * creates a filter part for searches
+     * @param string $search the search term
+     * @param string[]|null $searchAttributes
+     * @param string $fallbackAttribute a fallback attribute in case the user
+     * did not define search attributes. Typically the display name attribute.
+     * @return string the final filter part to use in LDAP searches
+     */
+    private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
+        $filter = array();
+        $haveMultiSearchAttributes = (is_array($searchAttributes) && count($searchAttributes) > 0);
+        if($haveMultiSearchAttributes && strpos(trim($search), ' ') !== false) {
+            try {
+                return $this->getAdvancedFilterPartForSearch($search, $searchAttributes);
+            } catch(\Exception $e) {
+                \OCP\Util::writeLog(
+                    'user_ldap',
+                    'Creating advanced filter for search failed, falling back to simple method.',
+                    \OCP\Util::INFO
+                );
+            }
+        }
+
+        $search = $this->prepareSearchTerm($search);
+        if(!is_array($searchAttributes) || count($searchAttributes) === 0) {
+            if(empty($fallbackAttribute)) {
+                return '';
+            }
+            $filter[] = $fallbackAttribute . '=' . $search;
+        } else {
+            foreach($searchAttributes as $attribute) {
+                $filter[] = $attribute . '=' . $search;
+            }
+        }
+        if(count($filter) === 1) {
+            return '('.$filter[0].')';
+        }
+        return $this->combineFilterWithOr($filter);
+    }
+
+    /**
+     * returns the search term depending on whether we are allowed
+     * list users found by ldap with the current input appended by
+     * a *
+     * @return string
+     */
+    private function prepareSearchTerm($term) {
+        $config = \OC::$server->getConfig();
+
+        $allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
+
+        $result = empty($term) ? '*' :
+            $allowEnum !== 'no' ? $term . '*' : $term;
+        return $result;
+    }
+
+    /**
+     * returns the filter used for counting users
+     * @return string
+     */
+    public function getFilterForUserCount() {
+        $filter = $this->combineFilterWithAnd(array(
+            $this->connection->ldapUserFilter,
+            $this->connection->ldapUserDisplayName . '=*'
+        ));
+
+        return $filter;
+    }
+
+    /**
+     * @param string $name
+     * @param string $password
+     * @return bool
+     */
+    public function areCredentialsValid($name, $password) {
+        $name = $this->DNasBaseParameter($name);
+        $testConnection = clone $this->connection;
+        $credentials = array(
+            'ldapAgentName' => $name,
+            'ldapAgentPassword' => $password
+        );
+        if(!$testConnection->setConfiguration($credentials)) {
+            return false;
+        }
+        return $testConnection->bind();
+    }
+
+    /**
+     * reverse lookup of a DN given a known UUID
+     *
+     * @param string $uuid
+     * @return string
+     * @throws \Exception
+     */
+    public function getUserDnByUuid($uuid) {
+        $uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
+        $filter       = $this->connection->ldapUserFilter;
+        $base         = $this->connection->ldapBaseUsers;
+
+        if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) {
+            // Sacrebleu! The UUID attribute is unknown :( We need first an
+            // existing DN to be able to reliably detect it.
+            $result = $this->search($filter, $base, ['dn'], 1);
+            if(!isset($result[0]) || !isset($result[0]['dn'])) {
+                throw new \Exception('Cannot determine UUID attribute');
+            }
+            $dn = $result[0]['dn'][0];
+            if(!$this->detectUuidAttribute($dn, true)) {
+                throw new \Exception('Cannot determine UUID attribute');
+            }
+        } else {
+            // The UUID attribute is either known or an override is given.
+            // By calling this method we ensure that $this->connection->$uuidAttr
+            // is definitely set
+            if(!$this->detectUuidAttribute('', true)) {
+                throw new \Exception('Cannot determine UUID attribute');
+            }
+        }
+
+        $uuidAttr = $this->connection->ldapUuidUserAttribute;
+        if($uuidAttr === 'guid' || $uuidAttr === 'objectguid') {
+            $uuid = $this->formatGuid2ForFilterUser($uuid);
+        }
+
+        $filter = $uuidAttr . '=' . $uuid;
+        $result = $this->searchUsers($filter, ['dn'], 2);
+        if(is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) {
+            // we put the count into account to make sure that this is
+            // really unique
+            return $result[0]['dn'][0];
+        }
+
+        throw new \Exception('Cannot determine UUID attribute');
+    }
+
+    /**
+     * auto-detects the directory's UUID attribute
+     * @param string $dn a known DN used to check against
+     * @param bool $isUser
+     * @param bool $force the detection should be run, even if it is not set to auto
+     * @return bool true on success, false otherwise
+     */
+    private function detectUuidAttribute($dn, $isUser = true, $force = false) {
+        if($isUser) {
+            $uuidAttr     = 'ldapUuidUserAttribute';
+            $uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
+        } else {
+            $uuidAttr     = 'ldapUuidGroupAttribute';
+            $uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
+        }
+
+        if(($this->connection->$uuidAttr !== 'auto') && !$force) {
+            return true;
+        }
+
+        if(!empty($uuidOverride) && !$force) {
+            $this->connection->$uuidAttr = $uuidOverride;
+            return true;
+        }
+
+        // for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
+        $testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
+
+        foreach($testAttributes as $attribute) {
+            $value = $this->readAttribute($dn, $attribute);
+            if(is_array($value) && isset($value[0]) && !empty($value[0])) {
+                \OCP\Util::writeLog('user_ldap',
+                                    'Setting '.$attribute.' as '.$uuidAttr,
+                                    \OCP\Util::DEBUG);
+                $this->connection->$uuidAttr = $attribute;
+                return true;
+            }
+        }
+        \OCP\Util::writeLog('user_ldap',
+                            'Could not autodetect the UUID attribute',
+                            \OCP\Util::ERROR);
+
+        return false;
+    }
+
+    /**
+     * @param string $dn
+     * @param bool $isUser
+     * @return string|bool
+     */
+    public function getUUID($dn, $isUser = true) {
+        if($isUser) {
+            $uuidAttr     = 'ldapUuidUserAttribute';
+            $uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
+        } else {
+            $uuidAttr     = 'ldapUuidGroupAttribute';
+            $uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
+        }
+
+        $uuid = false;
+        if($this->detectUuidAttribute($dn, $isUser)) {
+            $uuid = $this->readAttribute($dn, $this->connection->$uuidAttr);
+            if( !is_array($uuid)
+                && !empty($uuidOverride)
+                && $this->detectUuidAttribute($dn, $isUser, true)) {
+                    $uuid = $this->readAttribute($dn,
+                                                    $this->connection->$uuidAttr);
+            }
+            if(is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) {
+                $uuid = $uuid[0];
+            }
+        }
+
+        return $uuid;
+    }
+
+    /**
+     * converts a binary ObjectGUID into a string representation
+     * @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
+     * @return string
+     * @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
+     */
+    private function convertObjectGUID2Str($oguid) {
+        $hex_guid = bin2hex($oguid);
+        $hex_guid_to_guid_str = '';
+        for($k = 1; $k <= 4; ++$k) {
+            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
+        }
+        $hex_guid_to_guid_str .= '-';
+        for($k = 1; $k <= 2; ++$k) {
+            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
+        }
+        $hex_guid_to_guid_str .= '-';
+        for($k = 1; $k <= 2; ++$k) {
+            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
+        }
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+
+        return strtoupper($hex_guid_to_guid_str);
+    }
+
+    /**
+     * the first three blocks of the string-converted GUID happen to be in
+     * reverse order. In order to use it in a filter, this needs to be
+     * corrected. Furthermore the dashes need to be replaced and \\ preprended
+     * to every two hax figures.
+     *
+     * If an invalid string is passed, it will be returned without change.
+     *
+     * @param string $guid
+     * @return string
+     */
+    public function formatGuid2ForFilterUser($guid) {
+        if(!is_string($guid)) {
+            throw new \InvalidArgumentException('String expected');
+        }
+        $blocks = explode('-', $guid);
+        if(count($blocks) !== 5) {
+            /*
 			 * Why not throw an Exception instead? This method is a utility
 			 * called only when trying to figure out whether a "missing" known
 			 * LDAP user was or was not renamed on the LDAP server. And this
@@ -1484,284 +1484,284 @@ 
 			 * an exception here would kill the experience for a valid, acting
 			 * user. Instead we write a log message.
 			 */
-			\OC::$server->getLogger()->info(
-				'Passed string does not resemble a valid GUID. Known UUID ' .
-				'({uuid}) probably does not match UUID configuration.',
-				[ 'app' => 'user_ldap', 'uuid' => $guid ]
-			);
-			return $guid;
-		}
-		for($i=0; $i < 3; $i++) {
-			$pairs = str_split($blocks[$i], 2);
-			$pairs = array_reverse($pairs);
-			$blocks[$i] = implode('', $pairs);
-		}
-		for($i=0; $i < 5; $i++) {
-			$pairs = str_split($blocks[$i], 2);
-			$blocks[$i] = '\\' . implode('\\', $pairs);
-		}
-		return implode('', $blocks);
-	}
-
-	/**
-	 * gets a SID of the domain of the given dn
-	 * @param string $dn
-	 * @return string|bool
-	 */
-	public function getSID($dn) {
-		$domainDN = $this->getDomainDNFromDN($dn);
-		$cacheKey = 'getSID-'.$domainDN;
-		$sid = $this->connection->getFromCache($cacheKey);
-		if(!is_null($sid)) {
-			return $sid;
-		}
-
-		$objectSid = $this->readAttribute($domainDN, 'objectsid');
-		if(!is_array($objectSid) || empty($objectSid)) {
-			$this->connection->writeToCache($cacheKey, false);
-			return false;
-		}
-		$domainObjectSid = $this->convertSID2Str($objectSid[0]);
-		$this->connection->writeToCache($cacheKey, $domainObjectSid);
-
-		return $domainObjectSid;
-	}
-
-	/**
-	 * converts a binary SID into a string representation
-	 * @param string $sid
-	 * @return string
-	 */
-	public function convertSID2Str($sid) {
-		// The format of a SID binary string is as follows:
-		// 1 byte for the revision level
-		// 1 byte for the number n of variable sub-ids
-		// 6 bytes for identifier authority value
-		// n*4 bytes for n sub-ids
-		//
-		// Example: 010400000000000515000000a681e50e4d6c6c2bca32055f
-		//  Legend: RRNNAAAAAAAAAAAA11111111222222223333333344444444
-		$revision = ord($sid[0]);
-		$numberSubID = ord($sid[1]);
-
-		$subIdStart = 8; // 1 + 1 + 6
-		$subIdLength = 4;
-		if (strlen($sid) !== $subIdStart + $subIdLength * $numberSubID) {
-			// Incorrect number of bytes present.
-			return '';
-		}
-
-		// 6 bytes = 48 bits can be represented using floats without loss of
-		// precision (see https://gist.github.com/bantu/886ac680b0aef5812f71)
-		$iav = number_format(hexdec(bin2hex(substr($sid, 2, 6))), 0, '', '');
-
-		$subIDs = array();
-		for ($i = 0; $i < $numberSubID; $i++) {
-			$subID = unpack('V', substr($sid, $subIdStart + $subIdLength * $i, $subIdLength));
-			$subIDs[] = sprintf('%u', $subID[1]);
-		}
-
-		// Result for example above: S-1-5-21-249921958-728525901-1594176202
-		return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
-	}
-
-	/**
-	 * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
-	 * @param string $dn the DN
-	 * @return string
-	 */
-	private function DNasBaseParameter($dn) {
-		return str_ireplace('\\5c', '\\', $dn);
-	}
-
-	/**
-	 * checks if the given DN is part of the given base DN(s)
-	 * @param string $dn the DN
-	 * @param string[] $bases array containing the allowed base DN or DNs
-	 * @return bool
-	 */
-	public function isDNPartOfBase($dn, $bases) {
-		$belongsToBase = false;
-		$bases = $this->sanitizeDN($bases);
-
-		foreach($bases as $base) {
-			$belongsToBase = true;
-			if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
-				$belongsToBase = false;
-			}
-			if($belongsToBase) {
-				break;
-			}
-		}
-		return $belongsToBase;
-	}
-
-	/**
-	 * resets a running Paged Search operation
-	 */
-	private function abandonPagedSearch() {
-		if($this->connection->hasPagedResultSupport) {
-			$cr = $this->connection->getConnectionResource();
-			$this->ldap->controlPagedResult($cr, 0, false, $this->lastCookie);
-			$this->getPagedSearchResultState();
-			$this->lastCookie = '';
-			$this->cookies = array();
-		}
-	}
-
-	/**
-	 * get a cookie for the next LDAP paged search
-	 * @param string $base a string with the base DN for the search
-	 * @param string $filter the search filter to identify the correct search
-	 * @param int $limit the limit (or 'pageSize'), to identify the correct search well
-	 * @param int $offset the offset for the new search to identify the correct search really good
-	 * @return string containing the key or empty if none is cached
-	 */
-	private function getPagedResultCookie($base, $filter, $limit, $offset) {
-		if($offset === 0) {
-			return '';
-		}
-		$offset -= $limit;
-		//we work with cache here
-		$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
-		$cookie = '';
-		if(isset($this->cookies[$cacheKey])) {
-			$cookie = $this->cookies[$cacheKey];
-			if(is_null($cookie)) {
-				$cookie = '';
-			}
-		}
-		return $cookie;
-	}
-
-	/**
-	 * checks whether an LDAP paged search operation has more pages that can be
-	 * retrieved, typically when offset and limit are provided.
-	 *
-	 * Be very careful to use it: the last cookie value, which is inspected, can
-	 * be reset by other operations. Best, call it immediately after a search(),
-	 * searchUsers() or searchGroups() call. count-methods are probably safe as
-	 * well. Don't rely on it with any fetchList-method.
-	 * @return bool
-	 */
-	public function hasMoreResults() {
-		if(!$this->connection->hasPagedResultSupport) {
-			return false;
-		}
-
-		if(empty($this->lastCookie) && $this->lastCookie !== '0') {
-			// as in RFC 2696, when all results are returned, the cookie will
-			// be empty.
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * set a cookie for LDAP paged search run
-	 * @param string $base a string with the base DN for the search
-	 * @param string $filter the search filter to identify the correct search
-	 * @param int $limit the limit (or 'pageSize'), to identify the correct search well
-	 * @param int $offset the offset for the run search to identify the correct search really good
-	 * @param string $cookie string containing the cookie returned by ldap_control_paged_result_response
-	 * @return void
-	 */
-	private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
-		// allow '0' for 389ds
-		if(!empty($cookie) || $cookie === '0') {
-			$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
-			$this->cookies[$cacheKey] = $cookie;
-			$this->lastCookie = $cookie;
-		}
-	}
-
-	/**
-	 * Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
-	 * @return boolean|null true on success, null or false otherwise
-	 */
-	public function getPagedSearchResultState() {
-		$result = $this->pagedSearchedSuccessful;
-		$this->pagedSearchedSuccessful = null;
-		return $result;
-	}
-
-	/**
-	 * Prepares a paged search, if possible
-	 * @param string $filter the LDAP filter for the search
-	 * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched
-	 * @param string[] $attr optional, when a certain attribute shall be filtered outside
-	 * @param int $limit
-	 * @param int $offset
-	 * @return bool|true
-	 */
-	private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
-		$pagedSearchOK = false;
-		if($this->connection->hasPagedResultSupport && ($limit !== 0)) {
-			$offset = intval($offset); //can be null
-			\OCP\Util::writeLog('user_ldap',
-				'initializing paged search for  Filter '.$filter.' base '.print_r($bases, true)
-				.' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
-				\OCP\Util::DEBUG);
-			//get the cookie from the search for the previous search, required by LDAP
-			foreach($bases as $base) {
-
-				$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
-				if(empty($cookie) && $cookie !== "0" && ($offset > 0)) {
-					// no cookie known, although the offset is not 0. Maybe cache run out. We need
-					// to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
-					// searching was designed by MSFT?)
-					// 		Lukas: No, but thanks to reading that source I finally know!
-					// '0' is valid, because 389ds
-					$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
-					//a bit recursive, $offset of 0 is the exit
-					\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
-					$this->search($filter, array($base), $attr, $limit, $reOffset, true);
-					$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
-					//still no cookie? obviously, the server does not like us. Let's skip paging efforts.
-					//TODO: remember this, probably does not change in the next request...
-					if(empty($cookie) && $cookie !== '0') {
-						// '0' is valid, because 389ds
-						$cookie = null;
-					}
-				}
-				if(!is_null($cookie)) {
-					//since offset = 0, this is a new search. We abandon other searches that might be ongoing.
-					$this->abandonPagedSearch();
-					$pagedSearchOK = $this->ldap->controlPagedResult(
-						$this->connection->getConnectionResource(), $limit,
-						false, $cookie);
-					if(!$pagedSearchOK) {
-						return false;
-					}
-					\OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::DEBUG);
-				} else {
-					\OCP\Util::writeLog('user_ldap',
-						'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset,
-						\OCP\Util::INFO);
-				}
-
-			}
-		/* ++ Fixing RHDS searches with pages with zero results ++
+            \OC::$server->getLogger()->info(
+                'Passed string does not resemble a valid GUID. Known UUID ' .
+                '({uuid}) probably does not match UUID configuration.',
+                [ 'app' => 'user_ldap', 'uuid' => $guid ]
+            );
+            return $guid;
+        }
+        for($i=0; $i < 3; $i++) {
+            $pairs = str_split($blocks[$i], 2);
+            $pairs = array_reverse($pairs);
+            $blocks[$i] = implode('', $pairs);
+        }
+        for($i=0; $i < 5; $i++) {
+            $pairs = str_split($blocks[$i], 2);
+            $blocks[$i] = '\\' . implode('\\', $pairs);
+        }
+        return implode('', $blocks);
+    }
+
+    /**
+     * gets a SID of the domain of the given dn
+     * @param string $dn
+     * @return string|bool
+     */
+    public function getSID($dn) {
+        $domainDN = $this->getDomainDNFromDN($dn);
+        $cacheKey = 'getSID-'.$domainDN;
+        $sid = $this->connection->getFromCache($cacheKey);
+        if(!is_null($sid)) {
+            return $sid;
+        }
+
+        $objectSid = $this->readAttribute($domainDN, 'objectsid');
+        if(!is_array($objectSid) || empty($objectSid)) {
+            $this->connection->writeToCache($cacheKey, false);
+            return false;
+        }
+        $domainObjectSid = $this->convertSID2Str($objectSid[0]);
+        $this->connection->writeToCache($cacheKey, $domainObjectSid);
+
+        return $domainObjectSid;
+    }
+
+    /**
+     * converts a binary SID into a string representation
+     * @param string $sid
+     * @return string
+     */
+    public function convertSID2Str($sid) {
+        // The format of a SID binary string is as follows:
+        // 1 byte for the revision level
+        // 1 byte for the number n of variable sub-ids
+        // 6 bytes for identifier authority value
+        // n*4 bytes for n sub-ids
+        //
+        // Example: 010400000000000515000000a681e50e4d6c6c2bca32055f
+        //  Legend: RRNNAAAAAAAAAAAA11111111222222223333333344444444
+        $revision = ord($sid[0]);
+        $numberSubID = ord($sid[1]);
+
+        $subIdStart = 8; // 1 + 1 + 6
+        $subIdLength = 4;
+        if (strlen($sid) !== $subIdStart + $subIdLength * $numberSubID) {
+            // Incorrect number of bytes present.
+            return '';
+        }
+
+        // 6 bytes = 48 bits can be represented using floats without loss of
+        // precision (see https://gist.github.com/bantu/886ac680b0aef5812f71)
+        $iav = number_format(hexdec(bin2hex(substr($sid, 2, 6))), 0, '', '');
+
+        $subIDs = array();
+        for ($i = 0; $i < $numberSubID; $i++) {
+            $subID = unpack('V', substr($sid, $subIdStart + $subIdLength * $i, $subIdLength));
+            $subIDs[] = sprintf('%u', $subID[1]);
+        }
+
+        // Result for example above: S-1-5-21-249921958-728525901-1594176202
+        return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
+    }
+
+    /**
+     * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
+     * @param string $dn the DN
+     * @return string
+     */
+    private function DNasBaseParameter($dn) {
+        return str_ireplace('\\5c', '\\', $dn);
+    }
+
+    /**
+     * checks if the given DN is part of the given base DN(s)
+     * @param string $dn the DN
+     * @param string[] $bases array containing the allowed base DN or DNs
+     * @return bool
+     */
+    public function isDNPartOfBase($dn, $bases) {
+        $belongsToBase = false;
+        $bases = $this->sanitizeDN($bases);
+
+        foreach($bases as $base) {
+            $belongsToBase = true;
+            if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
+                $belongsToBase = false;
+            }
+            if($belongsToBase) {
+                break;
+            }
+        }
+        return $belongsToBase;
+    }
+
+    /**
+     * resets a running Paged Search operation
+     */
+    private function abandonPagedSearch() {
+        if($this->connection->hasPagedResultSupport) {
+            $cr = $this->connection->getConnectionResource();
+            $this->ldap->controlPagedResult($cr, 0, false, $this->lastCookie);
+            $this->getPagedSearchResultState();
+            $this->lastCookie = '';
+            $this->cookies = array();
+        }
+    }
+
+    /**
+     * get a cookie for the next LDAP paged search
+     * @param string $base a string with the base DN for the search
+     * @param string $filter the search filter to identify the correct search
+     * @param int $limit the limit (or 'pageSize'), to identify the correct search well
+     * @param int $offset the offset for the new search to identify the correct search really good
+     * @return string containing the key or empty if none is cached
+     */
+    private function getPagedResultCookie($base, $filter, $limit, $offset) {
+        if($offset === 0) {
+            return '';
+        }
+        $offset -= $limit;
+        //we work with cache here
+        $cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
+        $cookie = '';
+        if(isset($this->cookies[$cacheKey])) {
+            $cookie = $this->cookies[$cacheKey];
+            if(is_null($cookie)) {
+                $cookie = '';
+            }
+        }
+        return $cookie;
+    }
+
+    /**
+     * checks whether an LDAP paged search operation has more pages that can be
+     * retrieved, typically when offset and limit are provided.
+     *
+     * Be very careful to use it: the last cookie value, which is inspected, can
+     * be reset by other operations. Best, call it immediately after a search(),
+     * searchUsers() or searchGroups() call. count-methods are probably safe as
+     * well. Don't rely on it with any fetchList-method.
+     * @return bool
+     */
+    public function hasMoreResults() {
+        if(!$this->connection->hasPagedResultSupport) {
+            return false;
+        }
+
+        if(empty($this->lastCookie) && $this->lastCookie !== '0') {
+            // as in RFC 2696, when all results are returned, the cookie will
+            // be empty.
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * set a cookie for LDAP paged search run
+     * @param string $base a string with the base DN for the search
+     * @param string $filter the search filter to identify the correct search
+     * @param int $limit the limit (or 'pageSize'), to identify the correct search well
+     * @param int $offset the offset for the run search to identify the correct search really good
+     * @param string $cookie string containing the cookie returned by ldap_control_paged_result_response
+     * @return void
+     */
+    private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
+        // allow '0' for 389ds
+        if(!empty($cookie) || $cookie === '0') {
+            $cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
+            $this->cookies[$cacheKey] = $cookie;
+            $this->lastCookie = $cookie;
+        }
+    }
+
+    /**
+     * Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
+     * @return boolean|null true on success, null or false otherwise
+     */
+    public function getPagedSearchResultState() {
+        $result = $this->pagedSearchedSuccessful;
+        $this->pagedSearchedSuccessful = null;
+        return $result;
+    }
+
+    /**
+     * Prepares a paged search, if possible
+     * @param string $filter the LDAP filter for the search
+     * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched
+     * @param string[] $attr optional, when a certain attribute shall be filtered outside
+     * @param int $limit
+     * @param int $offset
+     * @return bool|true
+     */
+    private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
+        $pagedSearchOK = false;
+        if($this->connection->hasPagedResultSupport && ($limit !== 0)) {
+            $offset = intval($offset); //can be null
+            \OCP\Util::writeLog('user_ldap',
+                'initializing paged search for  Filter '.$filter.' base '.print_r($bases, true)
+                .' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
+                \OCP\Util::DEBUG);
+            //get the cookie from the search for the previous search, required by LDAP
+            foreach($bases as $base) {
+
+                $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
+                if(empty($cookie) && $cookie !== "0" && ($offset > 0)) {
+                    // no cookie known, although the offset is not 0. Maybe cache run out. We need
+                    // to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
+                    // searching was designed by MSFT?)
+                    // 		Lukas: No, but thanks to reading that source I finally know!
+                    // '0' is valid, because 389ds
+                    $reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
+                    //a bit recursive, $offset of 0 is the exit
+                    \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
+                    $this->search($filter, array($base), $attr, $limit, $reOffset, true);
+                    $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
+                    //still no cookie? obviously, the server does not like us. Let's skip paging efforts.
+                    //TODO: remember this, probably does not change in the next request...
+                    if(empty($cookie) && $cookie !== '0') {
+                        // '0' is valid, because 389ds
+                        $cookie = null;
+                    }
+                }
+                if(!is_null($cookie)) {
+                    //since offset = 0, this is a new search. We abandon other searches that might be ongoing.
+                    $this->abandonPagedSearch();
+                    $pagedSearchOK = $this->ldap->controlPagedResult(
+                        $this->connection->getConnectionResource(), $limit,
+                        false, $cookie);
+                    if(!$pagedSearchOK) {
+                        return false;
+                    }
+                    \OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::DEBUG);
+                } else {
+                    \OCP\Util::writeLog('user_ldap',
+                        'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset,
+                        \OCP\Util::INFO);
+                }
+
+            }
+        /* ++ Fixing RHDS searches with pages with zero results ++
 		 * We coudn't get paged searches working with our RHDS for login ($limit = 0),
 		 * due to pages with zero results.
 		 * So we added "&& !empty($this->lastCookie)" to this test to ignore pagination
 		 * if we don't have a previous paged search.
 		 */
-		} else if($this->connection->hasPagedResultSupport && $limit === 0 && !empty($this->lastCookie)) {
-			// a search without limit was requested. However, if we do use
-			// Paged Search once, we always must do it. This requires us to
-			// initialize it with the configured page size.
-			$this->abandonPagedSearch();
-			// in case someone set it to 0 … use 500, otherwise no results will
-			// be returned.
-			$pageSize = intval($this->connection->ldapPagingSize) > 0 ? intval($this->connection->ldapPagingSize) : 500;
-			$pagedSearchOK = $this->ldap->controlPagedResult(
-				$this->connection->getConnectionResource(), $pageSize, false, ''
-			);
-		}
-
-		return $pagedSearchOK;
-	}
+        } else if($this->connection->hasPagedResultSupport && $limit === 0 && !empty($this->lastCookie)) {
+            // a search without limit was requested. However, if we do use
+            // Paged Search once, we always must do it. This requires us to
+            // initialize it with the configured page size.
+            $this->abandonPagedSearch();
+            // in case someone set it to 0 … use 500, otherwise no results will
+            // be returned.
+            $pageSize = intval($this->connection->ldapPagingSize) > 0 ? intval($this->connection->ldapPagingSize) : 500;
+            $pagedSearchOK = $this->ldap->controlPagedResult(
+                $this->connection->getConnectionResource(), $pageSize, false, ''
+            );
+        }
+
+        return $pagedSearchOK;
+    }
 
 }

Spacing +158 added lines, -159 removed lines

@@ -96,7 +96,7 @@ 
 	 * @return AbstractMapping
 	 */
 	public function getUserMapper() {
-		if(is_null($this->userMapper)) {
+		if (is_null($this->userMapper)) {
 			throw new \Exception('UserMapper was not assigned to this Access instance.');
 		}
 		return $this->userMapper;
@@ -116,7 +116,7 @@ 
 	 * @return AbstractMapping
 	 */
 	public function getGroupMapper() {
-		if(is_null($this->groupMapper)) {
+		if (is_null($this->groupMapper)) {
 			throw new \Exception('GroupMapper was not assigned to this Access instance.');
 		}
 		return $this->groupMapper;
@@ -147,14 +147,14 @@ 
 	 *          array if $attr is empty, false otherwise
 	 */
 	public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
-		if(!$this->checkConnection()) {
+		if (!$this->checkConnection()) {
 			\OCP\Util::writeLog('user_ldap',
 				'No LDAP Connector assigned, access impossible for readAttribute.',
 				\OCP\Util::WARN);
 			return false;
 		}
 		$cr = $this->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
+		if (!$this->ldap->isResource($cr)) {
 			//LDAP not available
 			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
 			return false;
@@ -171,8 +171,8 @@ 
 		$this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
 		$dn = $this->DNasBaseParameter($dn);
 		$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
-		if(!$this->ldap->isResource($rr)) {
-			if(!empty($attr)) {
+		if (!$this->ldap->isResource($rr)) {
+			if (!empty($attr)) {
 				//do not throw this message on userExists check, irritates
 				\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
 			}
@@ -184,7 +184,7 @@ 
 			return array();
 		}
 		$er = $this->ldap->firstEntry($cr, $rr);
-		if(!$this->ldap->isResource($er)) {
+		if (!$this->ldap->isResource($er)) {
 			//did not match the filter, return false
 			return false;
 		}
@@ -193,12 +193,12 @@ 
 				$this->ldap->getAttributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
 		$attr = mb_strtolower($attr, 'UTF-8');
 
-		if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
+		if (isset($result[$attr]) && $result[$attr]['count'] > 0) {
 			$values = array();
-			for($i=0;$i<$result[$attr]['count'];$i++) {
-				if($this->resemblesDN($attr)) {
+			for ($i = 0; $i < $result[$attr]['count']; $i++) {
+				if ($this->resemblesDN($attr)) {
 					$values[] = $this->sanitizeDN($result[$attr][$i]);
-				} elseif(strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
+				} elseif (strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
 					$values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
 				} else {
 					$values[] = $result[$attr][$i];
@@ -245,9 +245,9 @@ 
 	 */
 	private function sanitizeDN($dn) {
 		//treating multiple base DNs
-		if(is_array($dn)) {
+		if (is_array($dn)) {
 			$result = array();
-			foreach($dn as $singleDN) {
+			foreach ($dn as $singleDN) {
 				$result[] = $this->sanitizeDN($singleDN);
 			}
 			return $result;
@@ -290,17 +290,17 @@ 
 	 */
 	public function getDomainDNFromDN($dn) {
 		$allParts = $this->ldap->explodeDN($dn, 0);
-		if($allParts === false) {
+		if ($allParts === false) {
 			//not a valid DN
 			return '';
 		}
 		$domainParts = array();
 		$dcFound = false;
-		foreach($allParts as $part) {
-			if(!$dcFound && strpos($part, 'dc=') === 0) {
+		foreach ($allParts as $part) {
+			if (!$dcFound && strpos($part, 'dc=') === 0) {
 				$dcFound = true;
 			}
-			if($dcFound) {
+			if ($dcFound) {
 				$domainParts[] = $part;
 			}
 		}
@@ -327,7 +327,7 @@ 
 
 		//Check whether the DN belongs to the Base, to avoid issues on multi-
 		//server setups
-		if(is_string($fdn) && $this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
+		if (is_string($fdn) && $this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
 			return $fdn;
 		}
 
@@ -345,7 +345,7 @@ 
 		//To avoid bypassing the base DN settings under certain circumstances
 		//with the group support, check whether the provided DN matches one of
 		//the given Bases
-		if(!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
+		if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
 			return false;
 		}
 
@@ -362,11 +362,11 @@ 
 	 */
 	public function groupsMatchFilter($groupDNs) {
 		$validGroupDNs = [];
-		foreach($groupDNs as $dn) {
+		foreach ($groupDNs as $dn) {
 			$cacheKey = 'groupsMatchFilter-'.$dn;
 			$groupMatchFilter = $this->connection->getFromCache($cacheKey);
-			if(!is_null($groupMatchFilter)) {
-				if($groupMatchFilter) {
+			if (!is_null($groupMatchFilter)) {
+				if ($groupMatchFilter) {
 					$validGroupDNs[] = $dn;
 				}
 				continue;
@@ -374,13 +374,13 @@ 
 
 			// Check the base DN first. If this is not met already, we don't
 			// need to ask the server at all.
-			if(!$this->isDNPartOfBase($dn, $this->connection->ldapBaseGroups)) {
+			if (!$this->isDNPartOfBase($dn, $this->connection->ldapBaseGroups)) {
 				$this->connection->writeToCache($cacheKey, false);
 				continue;
 			}
 
 			$result = $this->readAttribute($dn, 'cn', $this->connection->ldapGroupFilter);
-			if(is_array($result)) {
+			if (is_array($result)) {
 				$this->connection->writeToCache($cacheKey, true);
 				$validGroupDNs[] = $dn;
 			} else {
@@ -401,7 +401,7 @@ 
 		//To avoid bypassing the base DN settings under certain circumstances
 		//with the group support, check whether the provided DN matches one of
 		//the given Bases
-		if(!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
+		if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
 			return false;
 		}
 
@@ -416,7 +416,7 @@ 
 	 * @return string|false with with the name to use in ownCloud
 	 */
 	public function dn2ocname($fdn, $ldapName = null, $isUser = true) {
-		if($isUser) {
+		if ($isUser) {
 			$mapper = $this->getUserMapper();
 			$nameAttribute = $this->connection->ldapUserDisplayName;
 		} else {
@@ -426,15 +426,15 @@ 
 
 		//let's try to retrieve the ownCloud name from the mappings table
 		$ocName = $mapper->getNameByDN($fdn);
-		if(is_string($ocName)) {
+		if (is_string($ocName)) {
 			return $ocName;
 		}
 
 		//second try: get the UUID and check if it is known. Then, update the DN and return the name.
 		$uuid = $this->getUUID($fdn, $isUser);
-		if(is_string($uuid)) {
+		if (is_string($uuid)) {
 			$ocName = $mapper->getNameByUUID($uuid);
-			if(is_string($ocName)) {
+			if (is_string($ocName)) {
 				$mapper->setDNbyUUID($fdn, $uuid);
 				return $ocName;
 			}
@@ -444,18 +444,18 @@ 
 			return false;
 		}
 
-		if(is_null($ldapName)) {
+		if (is_null($ldapName)) {
 			$ldapName = $this->readAttribute($fdn, $nameAttribute);
-			if(!isset($ldapName[0]) && empty($ldapName[0])) {
+			if (!isset($ldapName[0]) && empty($ldapName[0])) {
 				\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$fdn.'.', \OCP\Util::INFO);
 				return false;
 			}
 			$ldapName = $ldapName[0];
 		}
 
-		if($isUser) {
+		if ($isUser) {
 			$usernameAttribute = $this->connection->ldapExpertUsernameAttr;
-			if(!empty($usernameAttribute)) {
+			if (!empty($usernameAttribute)) {
 				$username = $this->readAttribute($fdn, $usernameAttribute);
 				$username = $username[0];
 			} else {
@@ -472,9 +472,9 @@ 
 		// outside of core user management will still cache the user as non-existing.
 		$originalTTL = $this->connection->ldapCacheTTL;
 		$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
-		if(($isUser && !\OCP\User::userExists($intName))
+		if (($isUser && !\OCP\User::userExists($intName))
 			|| (!$isUser && !\OC_Group::groupExists($intName))) {
-			if($mapper->map($fdn, $intName, $uuid)) {
+			if ($mapper->map($fdn, $intName, $uuid)) {
 				$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
 				return $intName;
 			}
@@ -482,7 +482,7 @@ 
 		$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
 
 		$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
-		if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
+		if (is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
 			return $altName;
 		}
 
@@ -519,7 +519,7 @@ 
 	 * @return array
 	 */
 	private function ldap2ownCloudNames($ldapObjects, $isUsers) {
-		if($isUsers) {
+		if ($isUsers) {
 			$nameAttribute = $this->connection->ldapUserDisplayName;
 			$sndAttribute  = $this->connection->ldapUserDisplayName2;
 		} else {
@@ -527,9 +527,9 @@ 
 		}
 		$ownCloudNames = array();
 
-		foreach($ldapObjects as $ldapObject) {
+		foreach ($ldapObjects as $ldapObject) {
 			$nameByLDAP = null;
-			if(    isset($ldapObject[$nameAttribute])
+			if (isset($ldapObject[$nameAttribute])
 				&& is_array($ldapObject[$nameAttribute])
 				&& isset($ldapObject[$nameAttribute][0])
 			) {
@@ -538,12 +538,12 @@ 
 			}
 
 			$ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
-			if($ocName) {
+			if ($ocName) {
 				$ownCloudNames[] = $ocName;
-				if($isUsers) {
+				if ($isUsers) {
 					//cache the user names so it does not need to be retrieved
 					//again later (e.g. sharing dialogue).
-					if(is_null($nameByLDAP)) {
+					if (is_null($nameByLDAP)) {
 						continue;
 					}
 					$sndName = isset($ldapObject[$sndAttribute][0])
@@ -598,9 +598,9 @@ 
 		$attempts = 0;
 		//while loop is just a precaution. If a name is not generated within
 		//20 attempts, something else is very wrong. Avoids infinite loop.
-		while($attempts < 20){
-			$altName = $name . '_' . rand(1000,9999);
-			if(!\OCP\User::userExists($altName)) {
+		while ($attempts < 20) {
+			$altName = $name.'_'.rand(1000, 9999);
+			if (!\OCP\User::userExists($altName)) {
 				return $altName;
 			}
 			$attempts++;
@@ -622,25 +622,25 @@ 
 	 */
 	private function _createAltInternalOwnCloudNameForGroups($name) {
 		$usedNames = $this->groupMapper->getNamesBySearch($name.'_%');
-		if(!($usedNames) || count($usedNames) === 0) {
+		if (!($usedNames) || count($usedNames) === 0) {
 			$lastNo = 1; //will become name_2
 		} else {
 			natsort($usedNames);
 			$lastName = array_pop($usedNames);
 			$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
 		}
-		$altName = $name.'_'.strval($lastNo+1);
+		$altName = $name.'_'.strval($lastNo + 1);
 		unset($usedNames);
 
 		$attempts = 1;
-		while($attempts < 21){
+		while ($attempts < 21) {
 			// Check to be really sure it is unique
 			// while loop is just a precaution. If a name is not generated within
 			// 20 attempts, something else is very wrong. Avoids infinite loop.
-			if(!\OC_Group::groupExists($altName)) {
+			if (!\OC_Group::groupExists($altName)) {
 				return $altName;
 			}
-			$altName = $name . '_' . ($lastNo + $attempts);
+			$altName = $name.'_'.($lastNo + $attempts);
 			$attempts++;
 		}
 		return false;
@@ -655,7 +655,7 @@ 
 	private function createAltInternalOwnCloudName($name, $isUser) {
 		$originalTTL = $this->connection->ldapCacheTTL;
 		$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
-		if($isUser) {
+		if ($isUser) {
 			$altName = $this->_createAltInternalOwnCloudNameForUsers($name);
 		} else {
 			$altName = $this->_createAltInternalOwnCloudNameForGroups($name);
@@ -713,20 +713,20 @@ 
 	 * and their values
 	 * @param array $ldapRecords
 	 */
-	public function batchApplyUserAttributes(array $ldapRecords){
+	public function batchApplyUserAttributes(array $ldapRecords) {
 		$displayNameAttribute = strtolower($this->connection->ldapUserDisplayName);
-		foreach($ldapRecords as $userRecord) {
-			if(!isset($userRecord[$displayNameAttribute])) {
+		foreach ($ldapRecords as $userRecord) {
+			if (!isset($userRecord[$displayNameAttribute])) {
 				// displayName is obligatory
 				continue;
 			}
-			$ocName  = $this->dn2ocname($userRecord['dn'][0]);
-			if($ocName === false) {
+			$ocName = $this->dn2ocname($userRecord['dn'][0]);
+			if ($ocName === false) {
 				continue;
 			}
 			$this->cacheUserExists($ocName);
 			$user = $this->userManager->get($ocName);
-			if($user instanceof OfflineUser) {
+			if ($user instanceof OfflineUser) {
 				$user->unmark();
 				$user = $this->userManager->get($ocName);
 			}
@@ -758,8 +758,8 @@ 
 	 * @return array
 	 */
 	private function fetchList($list, $manyAttributes) {
-		if(is_array($list)) {
-			if($manyAttributes) {
+		if (is_array($list)) {
+			if ($manyAttributes) {
 				return $list;
 			} else {
 				$list = array_reduce($list, function($carry, $item) {
@@ -845,13 +845,13 @@ 
 	 * second | false if not successful
 	 */
 	private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
-		if(!is_null($attr) && !is_array($attr)) {
+		if (!is_null($attr) && !is_array($attr)) {
 			$attr = array(mb_strtolower($attr, 'UTF-8'));
 		}
 
 		// See if we have a resource, in case not cancel with message
 		$cr = $this->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
+		if (!$this->ldap->isResource($cr)) {
 			// Seems like we didn't find any resource.
 			// Return an empty array just like before.
 			\OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', \OCP\Util::DEBUG);
@@ -864,7 +864,7 @@ 
 		$linkResources = array_pad(array(), count($base), $cr);
 		$sr = $this->ldap->search($linkResources, $base, $filter, $attr);
 		$error = $this->ldap->errno($cr);
-		if(!is_array($sr) || $error !== 0) {
+		if (!is_array($sr) || $error !== 0) {
 			\OCP\Util::writeLog('user_ldap',
 				'Error when searching: '.$this->ldap->error($cr).
 					' code '.$this->ldap->errno($cr),
@@ -891,26 +891,26 @@ 
 	 */
 	private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
 		$cookie = null;
-		if($pagedSearchOK) {
+		if ($pagedSearchOK) {
 			$cr = $this->connection->getConnectionResource();
-			foreach($sr as $key => $res) {
-				if($this->ldap->controlPagedResultResponse($cr, $res, $cookie)) {
+			foreach ($sr as $key => $res) {
+				if ($this->ldap->controlPagedResultResponse($cr, $res, $cookie)) {
 					$this->setPagedResultCookie($base[$key], $filter, $limit, $offset, $cookie);
 				}
 			}
 
 			//browsing through prior pages to get the cookie for the new one
-			if($skipHandling) {
+			if ($skipHandling) {
 				return;
 			}
 			// if count is bigger, then the server does not support
 			// paged search. Instead, he did a normal search. We set a
 			// flag here, so the callee knows how to deal with it.
-			if($iFoundItems <= $limit) {
+			if ($iFoundItems <= $limit) {
 				$this->pagedSearchedSuccessful = true;
 			}
 		} else {
-			if(!is_null($limit)) {
+			if (!is_null($limit)) {
 				\OCP\Util::writeLog('user_ldap', 'Paged search was not available', \OCP\Util::INFO);
 			}
 		}
@@ -939,7 +939,7 @@ 
 		\OCP\Util::writeLog('user_ldap', 'Count filter:  '.print_r($filter, true), \OCP\Util::DEBUG);
 
 		$limitPerPage = intval($this->connection->ldapPagingSize);
-		if(!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
+		if (!is_null($limit) && $limit < $limitPerPage && $limit > 0) {
 			$limitPerPage = $limit;
 		}
 
@@ -950,7 +950,7 @@ 
 		do {
 			$search = $this->executeSearch($filter, $base, $attr,
 										   $limitPerPage, $offset);
-			if($search === false) {
+			if ($search === false) {
 				return $counter > 0 ? $counter : false;
 			}
 			list($sr, $pagedSearchOK) = $search;
@@ -969,7 +969,7 @@ 
 			 * Continue now depends on $hasMorePages value
 			 */
 			$continue = $pagedSearchOK && $hasMorePages;
-		} while($continue && (is_null($limit) || $limit <= 0 || $limit > $counter));
+		} while ($continue && (is_null($limit) || $limit <= 0 || $limit > $counter));
 
 		return $counter;
 	}
@@ -982,7 +982,7 @@ 
 		$cr = $this->connection->getConnectionResource();
 		$counter = 0;
 
-		foreach($searchResults as $res) {
+		foreach ($searchResults as $res) {
 			$count = intval($this->ldap->countEntries($cr, $res));
 			$counter += $count;
 		}
@@ -1001,7 +1001,7 @@ 
 	 * @return array with the search result
 	 */
 	private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
-		if($limit <= 0) {
+		if ($limit <= 0) {
 			//otherwise search will fail
 			$limit = null;
 		}
@@ -1017,13 +1017,13 @@ 
 		do {
 			$continue = false;
 			$search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
-			if($search === false) {
+			if ($search === false) {
 				return array();
 			}
 			list($sr, $pagedSearchOK) = $search;
 			$cr = $this->connection->getConnectionResource();
 
-			if($skipHandling) {
+			if ($skipHandling) {
 				//i.e. result do not need to be fetched, we just need the cookie
 				//thus pass 1 or any other value as $iFoundItems because it is not
 				//used
@@ -1033,8 +1033,8 @@ 
 				return array();
 			}
 
-			foreach($sr as $res) {
-				$findings = array_merge($findings, $this->ldap->getEntries($cr	, $res ));
+			foreach ($sr as $res) {
+				$findings = array_merge($findings, $this->ldap->getEntries($cr, $res));
 			}
 
 			$continue = $this->processPagedSearchStatus($sr, $filter, $base, $findings['count'],
@@ -1047,25 +1047,25 @@ 
 
 		// if we're here, probably no connection resource is returned.
 		// to make ownCloud behave nicely, we simply give back an empty array.
-		if(is_null($findings)) {
+		if (is_null($findings)) {
 			return array();
 		}
 
-		if(!is_null($attr)) {
+		if (!is_null($attr)) {
 			$selection = array();
 			$i = 0;
-			foreach($findings as $item) {
-				if(!is_array($item)) {
+			foreach ($findings as $item) {
+				if (!is_array($item)) {
 					continue;
 				}
 				$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
-				foreach($attr as $key) {
+				foreach ($attr as $key) {
 					$key = mb_strtolower($key, 'UTF-8');
-					if(isset($item[$key])) {
-						if(is_array($item[$key]) && isset($item[$key]['count'])) {
+					if (isset($item[$key])) {
+						if (is_array($item[$key]) && isset($item[$key]['count'])) {
 							unset($item[$key]['count']);
 						}
-						if($key !== 'dn') {
+						if ($key !== 'dn') {
 							$selection[$i][$key] = $this->resemblesDN($key) ?
 								$this->sanitizeDN($item[$key])
 								: $item[$key];
@@ -1082,7 +1082,7 @@ 
 		//we slice the findings, when
 		//a) paged search unsuccessful, though attempted
 		//b) no paged search, but limit set
-		if((!$this->getPagedSearchResultState()
+		if ((!$this->getPagedSearchResultState()
 			&& $pagedSearchOK)
 			|| (
 				!$pagedSearchOK
@@ -1099,7 +1099,7 @@ 
 	 * @return bool|mixed|string
 	 */
 	public function sanitizeUsername($name) {
-		if($this->connection->ldapIgnoreNamingRules) {
+		if ($this->connection->ldapIgnoreNamingRules) {
 			return $name;
 		}
 
@@ -1124,13 +1124,13 @@ 
 	*/
 	public function escapeFilterPart($input, $allowAsterisk = false) {
 		$asterisk = '';
-		if($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
+		if ($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
 			$asterisk = '*';
 			$input = mb_substr($input, 1, null, 'UTF-8');
 		}
 		$search  = array('*', '\\', '(', ')');
 		$replace = array('\\*', '\\\\', '\\(', '\\)');
-		return $asterisk . str_replace($search, $replace, $input);
+		return $asterisk.str_replace($search, $replace, $input);
 	}
 
 	/**
@@ -1160,13 +1160,13 @@ 
 	 */
 	private function combineFilter($filters, $operator) {
 		$combinedFilter = '('.$operator;
-		foreach($filters as $filter) {
-			if(!empty($filter) && $filter[0] !== '(') {
+		foreach ($filters as $filter) {
+			if (!empty($filter) && $filter[0] !== '(') {
 				$filter = '('.$filter.')';
 			}
-			$combinedFilter.=$filter;
+			$combinedFilter .= $filter;
 		}
-		$combinedFilter.=')';
+		$combinedFilter .= ')';
 		return $combinedFilter;
 	}
 
@@ -1202,17 +1202,17 @@ 
 	 * @throws \Exception
 	 */
 	private function getAdvancedFilterPartForSearch($search, $searchAttributes) {
-		if(!is_array($searchAttributes) || count($searchAttributes) < 2) {
+		if (!is_array($searchAttributes) || count($searchAttributes) < 2) {
 			throw new \Exception('searchAttributes must be an array with at least two string');
 		}
 		$searchWords = explode(' ', trim($search));
 		$wordFilters = array();
-		foreach($searchWords as $word) {
+		foreach ($searchWords as $word) {
 			$word = $this->prepareSearchTerm($word);
 			//every word needs to appear at least once
 			$wordMatchOneAttrFilters = array();
-			foreach($searchAttributes as $attr) {
-				$wordMatchOneAttrFilters[] = $attr . '=' . $word;
+			foreach ($searchAttributes as $attr) {
+				$wordMatchOneAttrFilters[] = $attr.'='.$word;
 			}
 			$wordFilters[] = $this->combineFilterWithOr($wordMatchOneAttrFilters);
 		}
@@ -1230,10 +1230,10 @@ 
 	private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
 		$filter = array();
 		$haveMultiSearchAttributes = (is_array($searchAttributes) && count($searchAttributes) > 0);
-		if($haveMultiSearchAttributes && strpos(trim($search), ' ') !== false) {
+		if ($haveMultiSearchAttributes && strpos(trim($search), ' ') !== false) {
 			try {
 				return $this->getAdvancedFilterPartForSearch($search, $searchAttributes);
-			} catch(\Exception $e) {
+			} catch (\Exception $e) {
 				\OCP\Util::writeLog(
 					'user_ldap',
 					'Creating advanced filter for search failed, falling back to simple method.',
@@ -1243,17 +1243,17 @@ 
 		}
 
 		$search = $this->prepareSearchTerm($search);
-		if(!is_array($searchAttributes) || count($searchAttributes) === 0) {
-			if(empty($fallbackAttribute)) {
+		if (!is_array($searchAttributes) || count($searchAttributes) === 0) {
+			if (empty($fallbackAttribute)) {
 				return '';
 			}
-			$filter[] = $fallbackAttribute . '=' . $search;
+			$filter[] = $fallbackAttribute.'='.$search;
 		} else {
-			foreach($searchAttributes as $attribute) {
-				$filter[] = $attribute . '=' . $search;
+			foreach ($searchAttributes as $attribute) {
+				$filter[] = $attribute.'='.$search;
 			}
 		}
-		if(count($filter) === 1) {
+		if (count($filter) === 1) {
 			return '('.$filter[0].')';
 		}
 		return $this->combineFilterWithOr($filter);
@@ -1270,8 +1270,7 @@ 
 
 		$allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
 
-		$result = empty($term) ? '*' :
-			$allowEnum !== 'no' ? $term . '*' : $term;
+		$result = empty($term) ? '*' : $allowEnum !== 'no' ? $term.'*' : $term;
 		return $result;
 	}
 
@@ -1282,7 +1281,7 @@ 
 	public function getFilterForUserCount() {
 		$filter = $this->combineFilterWithAnd(array(
 			$this->connection->ldapUserFilter,
-			$this->connection->ldapUserDisplayName . '=*'
+			$this->connection->ldapUserDisplayName.'=*'
 		));
 
 		return $filter;
@@ -1300,7 +1299,7 @@ 
 			'ldapAgentName' => $name,
 			'ldapAgentPassword' => $password
 		);
-		if(!$testConnection->setConfiguration($credentials)) {
+		if (!$testConnection->setConfiguration($credentials)) {
 			return false;
 		}
 		return $testConnection->bind();
@@ -1318,34 +1317,34 @@ 
 		$filter       = $this->connection->ldapUserFilter;
 		$base         = $this->connection->ldapBaseUsers;
 
-		if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) {
+		if ($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) {
 			// Sacrebleu! The UUID attribute is unknown :( We need first an
 			// existing DN to be able to reliably detect it.
 			$result = $this->search($filter, $base, ['dn'], 1);
-			if(!isset($result[0]) || !isset($result[0]['dn'])) {
+			if (!isset($result[0]) || !isset($result[0]['dn'])) {
 				throw new \Exception('Cannot determine UUID attribute');
 			}
 			$dn = $result[0]['dn'][0];
-			if(!$this->detectUuidAttribute($dn, true)) {
+			if (!$this->detectUuidAttribute($dn, true)) {
 				throw new \Exception('Cannot determine UUID attribute');
 			}
 		} else {
 			// The UUID attribute is either known or an override is given.
 			// By calling this method we ensure that $this->connection->$uuidAttr
 			// is definitely set
-			if(!$this->detectUuidAttribute('', true)) {
+			if (!$this->detectUuidAttribute('', true)) {
 				throw new \Exception('Cannot determine UUID attribute');
 			}
 		}
 
 		$uuidAttr = $this->connection->ldapUuidUserAttribute;
-		if($uuidAttr === 'guid' || $uuidAttr === 'objectguid') {
+		if ($uuidAttr === 'guid' || $uuidAttr === 'objectguid') {
 			$uuid = $this->formatGuid2ForFilterUser($uuid);
 		}
 
-		$filter = $uuidAttr . '=' . $uuid;
+		$filter = $uuidAttr.'='.$uuid;
 		$result = $this->searchUsers($filter, ['dn'], 2);
-		if(is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) {
+		if (is_array($result) && isset($result[0]) && isset($result[0]['dn']) && count($result) === 1) {
 			// we put the count into account to make sure that this is
 			// really unique
 			return $result[0]['dn'][0];
@@ -1362,7 +1361,7 @@ 
 	 * @return bool true on success, false otherwise
 	 */
 	private function detectUuidAttribute($dn, $isUser = true, $force = false) {
-		if($isUser) {
+		if ($isUser) {
 			$uuidAttr     = 'ldapUuidUserAttribute';
 			$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
 		} else {
@@ -1370,11 +1369,11 @@ 
 			$uuidOverride = $this->connection->ldapExpertUUIDGroupAttr;
 		}
 
-		if(($this->connection->$uuidAttr !== 'auto') && !$force) {
+		if (($this->connection->$uuidAttr !== 'auto') && !$force) {
 			return true;
 		}
 
-		if(!empty($uuidOverride) && !$force) {
+		if (!empty($uuidOverride) && !$force) {
 			$this->connection->$uuidAttr = $uuidOverride;
 			return true;
 		}
@@ -1382,9 +1381,9 @@ 
 		// for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
 		$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
 
-		foreach($testAttributes as $attribute) {
+		foreach ($testAttributes as $attribute) {
 			$value = $this->readAttribute($dn, $attribute);
-			if(is_array($value) && isset($value[0]) && !empty($value[0])) {
+			if (is_array($value) && isset($value[0]) && !empty($value[0])) {
 				\OCP\Util::writeLog('user_ldap',
 									'Setting '.$attribute.' as '.$uuidAttr,
 									\OCP\Util::DEBUG);
@@ -1405,7 +1404,7 @@ 
 	 * @return string|bool
 	 */
 	public function getUUID($dn, $isUser = true) {
-		if($isUser) {
+		if ($isUser) {
 			$uuidAttr     = 'ldapUuidUserAttribute';
 			$uuidOverride = $this->connection->ldapExpertUUIDUserAttr;
 		} else {
@@ -1414,15 +1413,15 @@ 
 		}
 
 		$uuid = false;
-		if($this->detectUuidAttribute($dn, $isUser)) {
+		if ($this->detectUuidAttribute($dn, $isUser)) {
 			$uuid = $this->readAttribute($dn, $this->connection->$uuidAttr);
-			if( !is_array($uuid)
+			if (!is_array($uuid)
 				&& !empty($uuidOverride)
 				&& $this->detectUuidAttribute($dn, $isUser, true)) {
 					$uuid = $this->readAttribute($dn,
 												 $this->connection->$uuidAttr);
 			}
-			if(is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) {
+			if (is_array($uuid) && isset($uuid[0]) && !empty($uuid[0])) {
 				$uuid = $uuid[0];
 			}
 		}
@@ -1439,19 +1438,19 @@ 
 	private function convertObjectGUID2Str($oguid) {
 		$hex_guid = bin2hex($oguid);
 		$hex_guid_to_guid_str = '';
-		for($k = 1; $k <= 4; ++$k) {
+		for ($k = 1; $k <= 4; ++$k) {
 			$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
 		}
 		$hex_guid_to_guid_str .= '-';
-		for($k = 1; $k <= 2; ++$k) {
+		for ($k = 1; $k <= 2; ++$k) {
 			$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
 		}
 		$hex_guid_to_guid_str .= '-';
-		for($k = 1; $k <= 2; ++$k) {
+		for ($k = 1; $k <= 2; ++$k) {
 			$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
 		}
-		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
-		$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+		$hex_guid_to_guid_str .= '-'.substr($hex_guid, 16, 4);
+		$hex_guid_to_guid_str .= '-'.substr($hex_guid, 20);
 
 		return strtoupper($hex_guid_to_guid_str);
 	}
@@ -1468,11 +1467,11 @@ 
 	 * @return string
 	 */
 	public function formatGuid2ForFilterUser($guid) {
-		if(!is_string($guid)) {
+		if (!is_string($guid)) {
 			throw new \InvalidArgumentException('String expected');
 		}
 		$blocks = explode('-', $guid);
-		if(count($blocks) !== 5) {
+		if (count($blocks) !== 5) {
 			/*
 			 * Why not throw an Exception instead? This method is a utility
 			 * called only when trying to figure out whether a "missing" known
@@ -1485,20 +1484,20 @@ 
 			 * user. Instead we write a log message.
 			 */
 			\OC::$server->getLogger()->info(
-				'Passed string does not resemble a valid GUID. Known UUID ' .
+				'Passed string does not resemble a valid GUID. Known UUID '.
 				'({uuid}) probably does not match UUID configuration.',
-				[ 'app' => 'user_ldap', 'uuid' => $guid ]
+				['app' => 'user_ldap', 'uuid' => $guid]
 			);
 			return $guid;
 		}
-		for($i=0; $i < 3; $i++) {
+		for ($i = 0; $i < 3; $i++) {
 			$pairs = str_split($blocks[$i], 2);
 			$pairs = array_reverse($pairs);
 			$blocks[$i] = implode('', $pairs);
 		}
-		for($i=0; $i < 5; $i++) {
+		for ($i = 0; $i < 5; $i++) {
 			$pairs = str_split($blocks[$i], 2);
-			$blocks[$i] = '\\' . implode('\\', $pairs);
+			$blocks[$i] = '\\'.implode('\\', $pairs);
 		}
 		return implode('', $blocks);
 	}
@@ -1512,12 +1511,12 @@ 
 		$domainDN = $this->getDomainDNFromDN($dn);
 		$cacheKey = 'getSID-'.$domainDN;
 		$sid = $this->connection->getFromCache($cacheKey);
-		if(!is_null($sid)) {
+		if (!is_null($sid)) {
 			return $sid;
 		}
 
 		$objectSid = $this->readAttribute($domainDN, 'objectsid');
-		if(!is_array($objectSid) || empty($objectSid)) {
+		if (!is_array($objectSid) || empty($objectSid)) {
 			$this->connection->writeToCache($cacheKey, false);
 			return false;
 		}
@@ -1584,12 +1583,12 @@ 
 		$belongsToBase = false;
 		$bases = $this->sanitizeDN($bases);
 
-		foreach($bases as $base) {
+		foreach ($bases as $base) {
 			$belongsToBase = true;
-			if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
+			if (mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8') - mb_strlen($base, 'UTF-8'))) {
 				$belongsToBase = false;
 			}
-			if($belongsToBase) {
+			if ($belongsToBase) {
 				break;
 			}
 		}
@@ -1600,7 +1599,7 @@ 
 	 * resets a running Paged Search operation
 	 */
 	private function abandonPagedSearch() {
-		if($this->connection->hasPagedResultSupport) {
+		if ($this->connection->hasPagedResultSupport) {
 			$cr = $this->connection->getConnectionResource();
 			$this->ldap->controlPagedResult($cr, 0, false, $this->lastCookie);
 			$this->getPagedSearchResultState();
@@ -1618,16 +1617,16 @@ 
 	 * @return string containing the key or empty if none is cached
 	 */
 	private function getPagedResultCookie($base, $filter, $limit, $offset) {
-		if($offset === 0) {
+		if ($offset === 0) {
 			return '';
 		}
 		$offset -= $limit;
 		//we work with cache here
-		$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
+		$cacheKey = 'lc'.crc32($base).'-'.crc32($filter).'-'.intval($limit).'-'.intval($offset);
 		$cookie = '';
-		if(isset($this->cookies[$cacheKey])) {
+		if (isset($this->cookies[$cacheKey])) {
 			$cookie = $this->cookies[$cacheKey];
-			if(is_null($cookie)) {
+			if (is_null($cookie)) {
 				$cookie = '';
 			}
 		}
@@ -1645,11 +1644,11 @@ 
 	 * @return bool
 	 */
 	public function hasMoreResults() {
-		if(!$this->connection->hasPagedResultSupport) {
+		if (!$this->connection->hasPagedResultSupport) {
 			return false;
 		}
 
-		if(empty($this->lastCookie) && $this->lastCookie !== '0') {
+		if (empty($this->lastCookie) && $this->lastCookie !== '0') {
 			// as in RFC 2696, when all results are returned, the cookie will
 			// be empty.
 			return false;
@@ -1669,8 +1668,8 @@ 
 	 */
 	private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
 		// allow '0' for 389ds
-		if(!empty($cookie) || $cookie === '0') {
-			$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
+		if (!empty($cookie) || $cookie === '0') {
+			$cacheKey = 'lc'.crc32($base).'-'.crc32($filter).'-'.intval($limit).'-'.intval($offset);
 			$this->cookies[$cacheKey] = $cookie;
 			$this->lastCookie = $cookie;
 		}
@@ -1697,17 +1696,17 @@ 
 	 */
 	private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
 		$pagedSearchOK = false;
-		if($this->connection->hasPagedResultSupport && ($limit !== 0)) {
+		if ($this->connection->hasPagedResultSupport && ($limit !== 0)) {
 			$offset = intval($offset); //can be null
 			\OCP\Util::writeLog('user_ldap',
 				'initializing paged search for  Filter '.$filter.' base '.print_r($bases, true)
-				.' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
+				.' attr '.print_r($attr, true).' limit '.$limit.' offset '.$offset,
 				\OCP\Util::DEBUG);
 			//get the cookie from the search for the previous search, required by LDAP
-			foreach($bases as $base) {
+			foreach ($bases as $base) {
 
 				$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
-				if(empty($cookie) && $cookie !== "0" && ($offset > 0)) {
+				if (empty($cookie) && $cookie !== "0" && ($offset > 0)) {
 					// no cookie known, although the offset is not 0. Maybe cache run out. We need
 					// to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
 					// searching was designed by MSFT?)
@@ -1720,18 +1719,18 @@ 
 					$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
 					//still no cookie? obviously, the server does not like us. Let's skip paging efforts.
 					//TODO: remember this, probably does not change in the next request...
-					if(empty($cookie) && $cookie !== '0') {
+					if (empty($cookie) && $cookie !== '0') {
 						// '0' is valid, because 389ds
 						$cookie = null;
 					}
 				}
-				if(!is_null($cookie)) {
+				if (!is_null($cookie)) {
 					//since offset = 0, this is a new search. We abandon other searches that might be ongoing.
 					$this->abandonPagedSearch();
 					$pagedSearchOK = $this->ldap->controlPagedResult(
 						$this->connection->getConnectionResource(), $limit,
 						false, $cookie);
-					if(!$pagedSearchOK) {
+					if (!$pagedSearchOK) {
 						return false;
 					}
 					\OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::DEBUG);
@@ -1748,7 +1747,7 @@ 
 		 * So we added "&& !empty($this->lastCookie)" to this test to ignore pagination
 		 * if we don't have a previous paged search.
 		 */
-		} else if($this->connection->hasPagedResultSupport && $limit === 0 && !empty($this->lastCookie)) {
+		} else if ($this->connection->hasPagedResultSupport && $limit === 0 && !empty($this->lastCookie)) {
 			// a search without limit was requested. However, if we do use
 			// Paged Search once, we always must do it. This requires us to
 			// initialize it with the configured page size.

apps/user_ldap/lib/wizard.php

Doc Comments +1 added lines, -1 removed lines

@@ -1104,7 +1104,7 @@
 	}
 
 	/**
-	 * @param array $reqs
+	 * @param string[] $reqs
 	 * @return bool
 	 */
 	private function checkRequirements($reqs) {

Indentation +1315 added lines, -1315 removed lines

@@ -35,1321 +35,1321 @@
 use OC\ServerNotAvailableException;
 
 class Wizard extends LDAPUtility {
-	static protected $l;
-	protected $access;
-	protected $cr;
-	protected $configuration;
-	protected $result;
-	protected $resultCache = array();
-
-	const LRESULT_PROCESSED_OK = 2;
-	const LRESULT_PROCESSED_INVALID = 3;
-	const LRESULT_PROCESSED_SKIP = 4;
-
-	const LFILTER_LOGIN      = 2;
-	const LFILTER_USER_LIST  = 3;
-	const LFILTER_GROUP_LIST = 4;
-
-	const LFILTER_MODE_ASSISTED = 2;
-	const LFILTER_MODE_RAW = 1;
-
-	const LDAP_NW_TIMEOUT = 4;
-
-	/**
-	 * Constructor
-	 * @param Configuration $configuration an instance of Configuration
-	 * @param ILDAPWrapper $ldap an instance of ILDAPWrapper
-	 */
-	public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) {
-		parent::__construct($ldap);
-		$this->configuration = $configuration;
-		if(is_null(Wizard::$l)) {
-			Wizard::$l = \OC::$server->getL10N('user_ldap');
-		}
-		$this->access = $access;
-		$this->result = new WizardResult();
-	}
-
-	public function  __destruct() {
-		if($this->result->hasChanges()) {
-			$this->configuration->saveConfiguration();
-		}
-	}
-
-	/**
-	 * counts entries in the LDAP directory
-	 *
-	 * @param string $filter the LDAP search filter
-	 * @param string $type a string being either 'users' or 'groups';
-	 * @return bool|int
-	 * @throws \Exception
-	 */
-	public function countEntries($filter, $type) {
-		$reqs = array('ldapHost', 'ldapPort', 'ldapBase');
-		if($type === 'users') {
-			$reqs[] = 'ldapUserFilter';
-		}
-		if(!$this->checkRequirements($reqs)) {
-			throw new \Exception('Requirements not met', 400);
-		}
-
-		$attr = array('dn'); // default
-		$limit = 1001;
-		if($type === 'groups') {
-			$result =  $this->access->countGroups($filter, $attr, $limit);
-		} else if($type === 'users') {
-			$result = $this->access->countUsers($filter, $attr, $limit);
-		} else if ($type === 'objects') {
-			$result = $this->access->countObjects($limit);
-		} else {
-			throw new \Exception('internal error: invalid object type', 500);
-		}
-
-		return $result;
-	}
-
-	/**
-	 * formats the return value of a count operation to the string to be
-	 * inserted.
-	 *
-	 * @param bool|int $count
-	 * @return int|string
-	 */
-	private function formatCountResult($count) {
-		$formatted = ($count !== false) ? $count : 0;
-		if($formatted > 1000) {
-			$formatted = '> 1000';
-		}
-		return $formatted;
-	}
-
-	public function countGroups() {
-		$filter = $this->configuration->ldapGroupFilter;
-
-		if(empty($filter)) {
-			$output = self::$l->n('%s group found', '%s groups found', 0, array(0));
-			$this->result->addChange('ldap_group_count', $output);
-			return $this->result;
-		}
-
-		try {
-			$groupsTotal = $this->formatCountResult($this->countEntries($filter, 'groups'));
-		} catch (\Exception $e) {
-			//400 can be ignored, 500 is forwarded
-			if($e->getCode() === 500) {
-				throw $e;
-			}
-			return false;
-		}
-		$output = self::$l->n('%s group found', '%s groups found', $groupsTotal, array($groupsTotal));
-		$this->result->addChange('ldap_group_count', $output);
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function countUsers() {
-		$filter = $this->access->getFilterForUserCount();
-
-		$usersTotal = $this->formatCountResult($this->countEntries($filter, 'users'));
-		$output = self::$l->n('%s user found', '%s users found', $usersTotal, array($usersTotal));
-		$this->result->addChange('ldap_user_count', $output);
-		return $this->result;
-	}
-
-	/**
-	 * counts any objects in the currently set base dn
-	 *
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function countInBaseDN() {
-		// we don't need to provide a filter in this case
-		$total = $this->countEntries(null, 'objects');
-		if($total === false) {
-			throw new \Exception('invalid results received');
-		}
-		$this->result->addChange('ldap_test_base', $total);
-		return $this->result;
-	}
-
-	/**
-	 * counts users with a specified attribute
-	 * @param string $attr
-	 * @param bool $existsCheck
-	 * @return int|bool
-	 */
-	public function countUsersWithAttribute($attr, $existsCheck = false) {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-
-		$filter = $this->access->combineFilterWithAnd(array(
-			$this->configuration->ldapUserFilter,
-			$attr . '=*'
-		));
-
-		$limit = ($existsCheck === false) ? null : 1;
-
-		return $this->access->countUsers($filter, array('dn'), $limit);
-	}
-
-	/**
-	 * detects the display name attribute. If a setting is already present that
-	 * returns at least one hit, the detection will be canceled.
-	 * @return WizardResult|bool
-	 * @throws \Exception
-	 */
-	public function detectUserDisplayNameAttribute() {
-		if(!$this->checkRequirements(array('ldapHost',
-										'ldapPort',
-										'ldapBase',
-										'ldapUserFilter',
-										))) {
-			return  false;
-		}
-
-		$attr = $this->configuration->ldapUserDisplayName;
-		if($attr !== 'displayName' && !empty($attr)) {
-			// most likely not the default value with upper case N,
-			// verify it still produces a result
-			$count = intval($this->countUsersWithAttribute($attr, true));
-			if($count > 0) {
-				//no change, but we sent it back to make sure the user interface
-				//is still correct, even if the ajax call was cancelled inbetween
-				$this->result->addChange('ldap_display_name', $attr);
-				return $this->result;
-			}
-		}
-
-		// first attribute that has at least one result wins
-		$displayNameAttrs = array('displayname', 'cn');
-		foreach ($displayNameAttrs as $attr) {
-			$count = intval($this->countUsersWithAttribute($attr, true));
-
-			if($count > 0) {
-				$this->applyFind('ldap_display_name', $attr);
-				return $this->result;
-			}
-		};
-
-		throw new \Exception(self::$l->t('Could not detect user display name attribute. Please specify it yourself in advanced ldap settings.'));
-	}
-
-	/**
-	 * detects the most often used email attribute for users applying to the
-	 * user list filter. If a setting is already present that returns at least
-	 * one hit, the detection will be canceled.
-	 * @return WizardResult|bool
-	 */
-	public function detectEmailAttribute() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-
-		$attr = $this->configuration->ldapEmailAttribute;
-		if(!empty($attr)) {
-			$count = intval($this->countUsersWithAttribute($attr, true));
-			if($count > 0) {
-				return false;
-			}
-			$writeLog = true;
-		} else {
-			$writeLog = false;
-		}
-
-		$emailAttributes = array('mail', 'mailPrimaryAddress');
-		$winner = '';
-		$maxUsers = 0;
-		foreach($emailAttributes as $attr) {
-			$count = $this->countUsersWithAttribute($attr);
-			if($count > $maxUsers) {
-				$maxUsers = $count;
-				$winner = $attr;
-			}
-		}
-
-		if($winner !== '') {
-			$this->applyFind('ldap_email_attr', $winner);
-			if($writeLog) {
-				\OCP\Util::writeLog('user_ldap', 'The mail attribute has ' .
-					'automatically been reset, because the original value ' .
-					'did not return any results.', \OCP\Util::INFO);
-			}
-		}
-
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function determineAttributes() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-
-		$attributes = $this->getUserAttributes();
-
-		natcasesort($attributes);
-		$attributes = array_values($attributes);
-
-		$this->result->addOptions('ldap_loginfilter_attributes', $attributes);
-
-		$selected = $this->configuration->ldapLoginFilterAttributes;
-		if(is_array($selected) && !empty($selected)) {
-			$this->result->addChange('ldap_loginfilter_attributes', $selected);
-		}
-
-		return $this->result;
-	}
-
-	/**
-	 * detects the available LDAP attributes
-	 * @return array|false The instance's WizardResult instance
-	 * @throws \Exception
-	 */
-	private function getUserAttributes() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$base = $this->configuration->ldapBase[0];
-		$filter = $this->configuration->ldapUserFilter;
-		$rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
-		if(!$this->ldap->isResource($rr)) {
-			return false;
-		}
-		$er = $this->ldap->firstEntry($cr, $rr);
-		$attributes = $this->ldap->getAttributes($cr, $er);
-		$pureAttributes = array();
-		for($i = 0; $i < $attributes['count']; $i++) {
-			$pureAttributes[] = $attributes[$i];
-		}
-
-		return $pureAttributes;
-	}
-
-	/**
-	 * detects the available LDAP groups
-	 * @return WizardResult|false the instance's WizardResult instance
-	 */
-	public function determineGroupsForGroups() {
-		return $this->determineGroups('ldap_groupfilter_groups',
-									  'ldapGroupFilterGroups',
-									  false);
-	}
-
-	/**
-	 * detects the available LDAP groups
-	 * @return WizardResult|false the instance's WizardResult instance
-	 */
-	public function determineGroupsForUsers() {
-		return $this->determineGroups('ldap_userfilter_groups',
-									  'ldapUserFilterGroups');
-	}
-
-	/**
-	 * detects the available LDAP groups
-	 * @param string $dbKey
-	 * @param string $confKey
-	 * @param bool $testMemberOf
-	 * @return WizardResult|false the instance's WizardResult instance
-	 * @throws \Exception
-	 */
-	private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$this->fetchGroups($dbKey, $confKey);
-
-		if($testMemberOf) {
-			$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
-			$this->result->markChange();
-			if(!$this->configuration->hasMemberOfFilterSupport) {
-				throw new \Exception('memberOf is not supported by the server');
-			}
-		}
-
-		return $this->result;
-	}
-
-	/**
-	 * fetches all groups from LDAP and adds them to the result object
-	 *
-	 * @param string $dbKey
-	 * @param string $confKey
-	 * @return array $groupEntries
-	 * @throws \Exception
-	 */
-	public function fetchGroups($dbKey, $confKey) {
-		$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
-
-		$filterParts = array();
-		foreach($obclasses as $obclass) {
-			$filterParts[] = 'objectclass='.$obclass;
-		}
-		//we filter for everything
-		//- that looks like a group and
-		//- has the group display name set
-		$filter = $this->access->combineFilterWithOr($filterParts);
-		$filter = $this->access->combineFilterWithAnd(array($filter, 'cn=*'));
-
-		$groupNames = array();
-		$groupEntries = array();
-		$limit = 400;
-		$offset = 0;
-		do {
-			// we need to request dn additionally here, otherwise memberOf
-			// detection will fail later
-			$result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
-			foreach($result as $item) {
-				if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
-					// just in case - no issue known
-					continue;
-				}
-				$groupNames[] = $item['cn'][0];
-				$groupEntries[] = $item;
-			}
-			$offset += $limit;
-		} while ($this->access->hasMoreResults());
-
-		if(count($groupNames) > 0) {
-			natsort($groupNames);
-			$this->result->addOptions($dbKey, array_values($groupNames));
-		} else {
-			throw new \Exception(self::$l->t('Could not find the desired feature'));
-		}
-
-		$setFeatures = $this->configuration->$confKey;
-		if(is_array($setFeatures) && !empty($setFeatures)) {
-			//something is already configured? pre-select it.
-			$this->result->addChange($dbKey, $setFeatures);
-		}
-		return $groupEntries;
-	}
-
-	public function determineGroupMemberAssoc() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapGroupFilter',
-										   ))) {
-			return  false;
-		}
-		$attribute = $this->detectGroupMemberAssoc();
-		if($attribute === false) {
-			return false;
-		}
-		$this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
-		$this->result->addChange('ldap_group_member_assoc_attribute', $attribute);
-
-		return $this->result;
-	}
-
-	/**
-	 * Detects the available object classes
-	 * @return WizardResult|false the instance's WizardResult instance
-	 * @throws \Exception
-	 */
-	public function determineGroupObjectClasses() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$obclasses = array('groupOfNames', 'group', 'posixGroup', '*');
-		$this->determineFeature($obclasses,
-								'objectclass',
-								'ldap_groupfilter_objectclass',
-								'ldapGroupFilterObjectclass',
-								false);
-
-		return $this->result;
-	}
-
-	/**
-	 * detects the available object classes
-	 * @return WizardResult
-	 * @throws \Exception
-	 */
-	public function determineUserObjectClasses() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return  false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
-						   'user', 'posixAccount', '*');
-		$filter = $this->configuration->ldapUserFilter;
-		//if filter is empty, it is probably the first time the wizard is called
-		//then, apply suggestions.
-		$this->determineFeature($obclasses,
-								'objectclass',
-								'ldap_userfilter_objectclass',
-								'ldapUserFilterObjectclass',
-								empty($filter));
-
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult|false
-	 * @throws \Exception
-	 */
-	public function getGroupFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return false;
-		}
-		//make sure the use display name is set
-		$displayName = $this->configuration->ldapGroupDisplayName;
-		if(empty($displayName)) {
-			$d = $this->configuration->getDefaults();
-			$this->applyFind('ldap_group_display_name',
-							 $d['ldap_group_display_name']);
-		}
-		$filter = $this->composeLdapFilter(self::LFILTER_GROUP_LIST);
-
-		$this->applyFind('ldap_group_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * @return WizardResult|false
-	 * @throws \Exception
-	 */
-	public function getUserListFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   ))) {
-			return false;
-		}
-		//make sure the use display name is set
-		$displayName = $this->configuration->ldapUserDisplayName;
-		if(empty($displayName)) {
-			$d = $this->configuration->getDefaults();
-			$this->applyFind('ldap_display_name', $d['ldap_display_name']);
-		}
-		$filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
-		if(!$filter) {
-			throw new \Exception('Cannot create filter');
-		}
-
-		$this->applyFind('ldap_userlist_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * @return bool|WizardResult
-	 * @throws \Exception
-	 */
-	public function getUserLoginFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   'ldapBase',
-										   'ldapUserFilter',
-										   ))) {
-			return false;
-		}
-
-		$filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
-		if(!$filter) {
-			throw new \Exception('Cannot create filter');
-		}
-
-		$this->applyFind('ldap_login_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * @return bool|WizardResult
-	 * @param string $loginName
-	 * @throws \Exception
-	 */
-	public function testLoginName($loginName) {
-		if(!$this->checkRequirements(array('ldapHost',
-			'ldapPort',
-			'ldapBase',
-			'ldapLoginFilter',
-		))) {
-			return false;
-		}
-
-		$cr = $this->access->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
-			throw new \Exception('connection error');
-		}
-
-		if(mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
-			=== false) {
-			throw new \Exception('missing placeholder');
-		}
-
-		$users = $this->access->countUsersByLoginName($loginName);
-		if($this->ldap->errno($cr) !== 0) {
-			throw new \Exception($this->ldap->error($cr));
-		}
-		$filter = str_replace('%uid', $loginName, $this->access->connection->ldapLoginFilter);
-		$this->result->addChange('ldap_test_loginname', $users);
-		$this->result->addChange('ldap_test_effective_filter', $filter);
-		return $this->result;
-	}
-
-	/**
-	 * Tries to determine the port, requires given Host, User DN and Password
-	 * @return WizardResult|false WizardResult on success, false otherwise
-	 * @throws \Exception
-	 */
-	public function guessPortAndTLS() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   ))) {
-			return false;
-		}
-		$this->checkHost();
-		$portSettings = $this->getPortSettingsToTry();
-
-		if(!is_array($portSettings)) {
-			throw new \Exception(print_r($portSettings, true));
-		}
-
-		//proceed from the best configuration and return on first success
-		foreach($portSettings as $setting) {
-			$p = $setting['port'];
-			$t = $setting['tls'];
-			\OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, \OCP\Util::DEBUG);
-			//connectAndBind may throw Exception, it needs to be catched by the
-			//callee of this method
-
-			try {
-				$settingsFound = $this->connectAndBind($p, $t);
-			} catch (\Exception $e) {
-				// any reply other than -1 (= cannot connect) is already okay,
-				// because then we found the server
-				// unavailable startTLS returns -11
-				if($e->getCode() > 0) {
-					$settingsFound = true;
-				} else {
-					throw $e;
-				}
-			}
-
-			if ($settingsFound === true) {
-				$config = array(
-					'ldapPort' => $p,
-					'ldapTLS' => intval($t)
-				);
-				$this->configuration->setConfiguration($config);
-				\OCP\Util::writeLog('user_ldap', 'Wiz: detected Port ' . $p, \OCP\Util::DEBUG);
-				$this->result->addChange('ldap_port', $p);
-				return $this->result;
-			}
-		}
-
-		//custom port, undetected (we do not brute force)
-		return false;
-	}
-
-	/**
-	 * tries to determine a base dn from User DN or LDAP Host
-	 * @return WizardResult|false WizardResult on success, false otherwise
-	 */
-	public function guessBaseDN() {
-		if(!$this->checkRequirements(array('ldapHost',
-										   'ldapPort',
-										   ))) {
-			return false;
-		}
-
-		//check whether a DN is given in the agent name (99.9% of all cases)
-		$base = null;
-		$i = stripos($this->configuration->ldapAgentName, 'dc=');
-		if($i !== false) {
-			$base = substr($this->configuration->ldapAgentName, $i);
-			if($this->testBaseDN($base)) {
-				$this->applyFind('ldap_base', $base);
-				return $this->result;
-			}
-		}
-
-		//this did not help :(
-		//Let's see whether we can parse the Host URL and convert the domain to
-		//a base DN
-		$helper = new Helper();
-		$domain = $helper->getDomainFromURL($this->configuration->ldapHost);
-		if(!$domain) {
-			return false;
-		}
-
-		$dparts = explode('.', $domain);
-		while(count($dparts) > 0) {
-			$base2 = 'dc=' . implode(',dc=', $dparts);
-			if ($base !== $base2 && $this->testBaseDN($base2)) {
-				$this->applyFind('ldap_base', $base2);
-				return $this->result;
-			}
-			array_shift($dparts);
-		}
-
-		return false;
-	}
-
-	/**
-	 * sets the found value for the configuration key in the WizardResult
-	 * as well as in the Configuration instance
-	 * @param string $key the configuration key
-	 * @param string $value the (detected) value
-	 *
-	 */
-	private function applyFind($key, $value) {
-		$this->result->addChange($key, $value);
-		$this->configuration->setConfiguration(array($key => $value));
-	}
-
-	/**
-	 * Checks, whether a port was entered in the Host configuration
-	 * field. In this case the port will be stripped off, but also stored as
-	 * setting.
-	 */
-	private function checkHost() {
-		$host = $this->configuration->ldapHost;
-		$hostInfo = parse_url($host);
-
-		//removes Port from Host
-		if(is_array($hostInfo) && isset($hostInfo['port'])) {
-			$port = $hostInfo['port'];
-			$host = str_replace(':'.$port, '', $host);
-			$this->applyFind('ldap_host', $host);
-			$this->applyFind('ldap_port', $port);
-		}
-	}
-
-	/**
-	 * tries to detect the group member association attribute which is
-	 * one of 'uniqueMember', 'memberUid', 'member'
-	 * @return string|false, string with the attribute name, false on error
-	 * @throws \Exception
-	 */
-	private function detectGroupMemberAssoc() {
-		$possibleAttrs = array('uniqueMember', 'memberUid', 'member');
-		$filter = $this->configuration->ldapGroupFilter;
-		if(empty($filter)) {
-			return false;
-		}
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-		$base = $this->configuration->ldapBase[0];
-		$rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
-		if(!$this->ldap->isResource($rr)) {
-			return false;
-		}
-		$er = $this->ldap->firstEntry($cr, $rr);
-		while(is_resource($er)) {
-			$this->ldap->getDN($cr, $er);
-			$attrs = $this->ldap->getAttributes($cr, $er);
-			$result = array();
-			$possibleAttrsCount = count($possibleAttrs);
-			for($i = 0; $i < $possibleAttrsCount; $i++) {
-				if(isset($attrs[$possibleAttrs[$i]])) {
-					$result[$possibleAttrs[$i]] = $attrs[$possibleAttrs[$i]]['count'];
-				}
-			}
-			if(!empty($result)) {
-				natsort($result);
-				return key($result);
-			}
-
-			$er = $this->ldap->nextEntry($cr, $er);
-		}
-
-		return false;
-	}
-
-	/**
-	 * Checks whether for a given BaseDN results will be returned
-	 * @param string $base the BaseDN to test
-	 * @return bool true on success, false otherwise
-	 * @throws \Exception
-	 */
-	private function testBaseDN($base) {
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-
-		//base is there, let's validate it. If we search for anything, we should
-		//get a result set > 0 on a proper base
-		$rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
-		if(!$this->ldap->isResource($rr)) {
-			$errorNo  = $this->ldap->errno($cr);
-			$errorMsg = $this->ldap->error($cr);
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
-							' Error '.$errorNo.': '.$errorMsg, \OCP\Util::INFO);
-			return false;
-		}
-		$entries = $this->ldap->countEntries($cr, $rr);
-		return ($entries !== false) && ($entries > 0);
-	}
-
-	/**
-	 * Checks whether the server supports memberOf in LDAP Filter.
-	 * Note: at least in OpenLDAP, availability of memberOf is dependent on
-	 * a configured objectClass. I.e. not necessarily for all available groups
-	 * memberOf does work.
-	 *
-	 * @return bool true if it does, false otherwise
-	 * @throws \Exception
-	 */
-	private function testMemberOf() {
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-		$result = $this->access->countUsers('memberOf=*', array('memberOf'), 1);
-		if(is_int($result) &&  $result > 0) {
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * creates an LDAP Filter from given configuration
-	 * @param integer $filterType int, for which use case the filter shall be created
-	 * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
-	 * self::LFILTER_GROUP_LIST
-	 * @return string|false string with the filter on success, false otherwise
-	 * @throws \Exception
-	 */
-	private function composeLdapFilter($filterType) {
-		$filter = '';
-		$parts = 0;
-		switch ($filterType) {
-			case self::LFILTER_USER_LIST:
-				$objcs = $this->configuration->ldapUserFilterObjectclass;
-				//glue objectclasses
-				if(is_array($objcs) && count($objcs) > 0) {
-					$filter .= '(|';
-					foreach($objcs as $objc) {
-						$filter .= '(objectclass=' . $objc . ')';
-					}
-					$filter .= ')';
-					$parts++;
-				}
-				//glue group memberships
-				if($this->configuration->hasMemberOfFilterSupport) {
-					$cns = $this->configuration->ldapUserFilterGroups;
-					if(is_array($cns) && count($cns) > 0) {
-						$filter .= '(|';
-						$cr = $this->getConnection();
-						if(!$cr) {
-							throw new \Exception('Could not connect to LDAP');
-						}
-						$base = $this->configuration->ldapBase[0];
-						foreach($cns as $cn) {
-							$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
-							if(!$this->ldap->isResource($rr)) {
-								continue;
-							}
-							$er = $this->ldap->firstEntry($cr, $rr);
-							$attrs = $this->ldap->getAttributes($cr, $er);
-							$dn = $this->ldap->getDN($cr, $er);
-							if(empty($dn)) {
-								continue;
-							}
-							$filterPart = '(memberof=' . $dn . ')';
-							if(isset($attrs['primaryGroupToken'])) {
-								$pgt = $attrs['primaryGroupToken'][0];
-								$primaryFilterPart = '(primaryGroupID=' . $pgt .')';
-								$filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
-							}
-							$filter .= $filterPart;
-						}
-						$filter .= ')';
-					}
-					$parts++;
-				}
-				//wrap parts in AND condition
-				if($parts > 1) {
-					$filter = '(&' . $filter . ')';
-				}
-				if(empty($filter)) {
-					$filter = '(objectclass=*)';
-				}
-				break;
-
-			case self::LFILTER_GROUP_LIST:
-				$objcs = $this->configuration->ldapGroupFilterObjectclass;
-				//glue objectclasses
-				if(is_array($objcs) && count($objcs) > 0) {
-					$filter .= '(|';
-					foreach($objcs as $objc) {
-						$filter .= '(objectclass=' . $objc . ')';
-					}
-					$filter .= ')';
-					$parts++;
-				}
-				//glue group memberships
-				$cns = $this->configuration->ldapGroupFilterGroups;
-				if(is_array($cns) && count($cns) > 0) {
-					$filter .= '(|';
-					$base = $this->configuration->ldapBase[0];
-					foreach($cns as $cn) {
-						$filter .= '(cn=' . $cn . ')';
-					}
-					$filter .= ')';
-				}
-				$parts++;
-				//wrap parts in AND condition
-				if($parts > 1) {
-					$filter = '(&' . $filter . ')';
-				}
-				break;
-
-			case self::LFILTER_LOGIN:
-				$ulf = $this->configuration->ldapUserFilter;
-				$loginpart = '=%uid';
-				$filterUsername = '';
-				$userAttributes = $this->getUserAttributes();
-				$userAttributes = array_change_key_case(array_flip($userAttributes));
-				$parts = 0;
-
-				if($this->configuration->ldapLoginFilterUsername === '1') {
-					$attr = '';
-					if(isset($userAttributes['uid'])) {
-						$attr = 'uid';
-					} else if(isset($userAttributes['samaccountname'])) {
-						$attr = 'samaccountname';
-					} else if(isset($userAttributes['cn'])) {
-						//fallback
-						$attr = 'cn';
-					}
-					if(!empty($attr)) {
-						$filterUsername = '(' . $attr . $loginpart . ')';
-						$parts++;
-					}
-				}
-
-				$filterEmail = '';
-				if($this->configuration->ldapLoginFilterEmail === '1') {
-					$filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
-					$parts++;
-				}
-
-				$filterAttributes = '';
-				$attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
-				if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
-					$filterAttributes = '(|';
-					foreach($attrsToFilter as $attribute) {
-						$filterAttributes .= '(' . $attribute . $loginpart . ')';
-					}
-					$filterAttributes .= ')';
-					$parts++;
-				}
-
-				$filterLogin = '';
-				if($parts > 1) {
-					$filterLogin = '(|';
-				}
-				$filterLogin .= $filterUsername;
-				$filterLogin .= $filterEmail;
-				$filterLogin .= $filterAttributes;
-				if($parts > 1) {
-					$filterLogin .= ')';
-				}
-
-				$filter = '(&'.$ulf.$filterLogin.')';
-				break;
-		}
-
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
-
-		return $filter;
-	}
-
-	/**
-	 * Connects and Binds to an LDAP Server
-	 * @param int $port the port to connect with
-	 * @param bool $tls whether startTLS is to be used
-	 * @param bool $ncc
-	 * @return bool
-	 * @throws \Exception
-	 */
-	private function connectAndBind($port = 389, $tls = false, $ncc = false) {
-		if($ncc) {
-			//No certificate check
-			//FIXME: undo afterwards
-			putenv('LDAPTLS_REQCERT=never');
-		}
-
-		//connect, does not really trigger any server communication
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
-		$host = $this->configuration->ldapHost;
-		$hostInfo = parse_url($host);
-		if(!$hostInfo) {
-			throw new \Exception($this->l->t('Invalid Host'));
-		}
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', \OCP\Util::DEBUG);
-		$cr = $this->ldap->connect($host, $port);
-		if(!is_resource($cr)) {
-			throw new \Exception($this->l->t('Invalid Host'));
-		}
-
-		\OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG);
-		//set LDAP options
-		$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-		$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
-		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
-
-		try {
-			if($tls) {
-				$isTlsWorking = @$this->ldap->startTls($cr);
-				if(!$isTlsWorking) {
-					return false;
-				}
-			}
-
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Attemping to Bind ', \OCP\Util::DEBUG);
-			//interesting part: do the bind!
-			$login = $this->ldap->bind($cr,
-				$this->configuration->ldapAgentName,
-				$this->configuration->ldapAgentPassword
-			);
-			$errNo = $this->ldap->errno($cr);
-			$error = ldap_error($cr);
-			$this->ldap->unbind($cr);
-		} catch(ServerNotAvailableException $e) {
-			return false;
-		}
-
-		if($login === true) {
-			$this->ldap->unbind($cr);
-			if($ncc) {
-				throw new \Exception('Certificate cannot be validated.');
-			}
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
-			return true;
-		}
-
-		if($errNo === -1 || ($errNo === 2 && $ncc)) {
-			//host, port or TLS wrong
-			return false;
-		} else if ($errNo === 2) {
-			return $this->connectAndBind($port, $tls, true);
-		}
-		throw new \Exception($error, $errNo);
-	}
-
-	/**
-	 * checks whether a valid combination of agent and password has been
-	 * provided (either two values or nothing for anonymous connect)
-	 * @return bool, true if everything is fine, false otherwise
-	 */
-	private function checkAgentRequirements() {
-		$agent = $this->configuration->ldapAgentName;
-		$pwd = $this->configuration->ldapAgentPassword;
-
-		return ( (!empty($agent) && !empty($pwd))
-		       || (empty($agent) &&  empty($pwd)));
-	}
-
-	/**
-	 * @param array $reqs
-	 * @return bool
-	 */
-	private function checkRequirements($reqs) {
-		$this->checkAgentRequirements();
-		foreach($reqs as $option) {
-			$value = $this->configuration->$option;
-			if(empty($value)) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	/**
-	 * does a cumulativeSearch on LDAP to get different values of a
-	 * specified attribute
-	 * @param string[] $filters array, the filters that shall be used in the search
-	 * @param string $attr the attribute of which a list of values shall be returned
-	 * @param int $dnReadLimit the amount of how many DNs should be analyzed.
-	 * The lower, the faster
-	 * @param string $maxF string. if not null, this variable will have the filter that
-	 * yields most result entries
-	 * @return array|false an array with the values on success, false otherwise
-	 */
-	public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) {
-		$dnRead = array();
-		$foundItems = array();
-		$maxEntries = 0;
-		if(!is_array($this->configuration->ldapBase)
-		   || !isset($this->configuration->ldapBase[0])) {
-			return false;
-		}
-		$base = $this->configuration->ldapBase[0];
-		$cr = $this->getConnection();
-		if(!$this->ldap->isResource($cr)) {
-			return false;
-		}
-		$lastFilter = null;
-		if(isset($filters[count($filters)-1])) {
-			$lastFilter = $filters[count($filters)-1];
-		}
-		foreach($filters as $filter) {
-			if($lastFilter === $filter && count($foundItems) > 0) {
-				//skip when the filter is a wildcard and results were found
-				continue;
-			}
-			// 20k limit for performance and reason
-			$rr = $this->ldap->search($cr, $base, $filter, array($attr), 0, 20000);
-			if(!$this->ldap->isResource($rr)) {
-				continue;
-			}
-			$entries = $this->ldap->countEntries($cr, $rr);
-			$getEntryFunc = 'firstEntry';
-			if(($entries !== false) && ($entries > 0)) {
-				if(!is_null($maxF) && $entries > $maxEntries) {
-					$maxEntries = $entries;
-					$maxF = $filter;
-				}
-				$dnReadCount = 0;
-				do {
-					$entry = $this->ldap->$getEntryFunc($cr, $rr);
-					$getEntryFunc = 'nextEntry';
-					if(!$this->ldap->isResource($entry)) {
-						continue 2;
-					}
-					$rr = $entry; //will be expected by nextEntry next round
-					$attributes = $this->ldap->getAttributes($cr, $entry);
-					$dn = $this->ldap->getDN($cr, $entry);
-					if($dn === false || in_array($dn, $dnRead)) {
-						continue;
-					}
-					$newItems = array();
-					$state = $this->getAttributeValuesFromEntry($attributes,
-																$attr,
-																$newItems);
-					$dnReadCount++;
-					$foundItems = array_merge($foundItems, $newItems);
-					$this->resultCache[$dn][$attr] = $newItems;
-					$dnRead[] = $dn;
-				} while(($state === self::LRESULT_PROCESSED_SKIP
-						|| $this->ldap->isResource($entry))
-						&& ($dnReadLimit === 0 || $dnReadCount < $dnReadLimit));
-			}
-		}
-
-		return array_unique($foundItems);
-	}
-
-	/**
-	 * determines if and which $attr are available on the LDAP server
-	 * @param string[] $objectclasses the objectclasses to use as search filter
-	 * @param string $attr the attribute to look for
-	 * @param string $dbkey the dbkey of the setting the feature is connected to
-	 * @param string $confkey the confkey counterpart for the $dbkey as used in the
-	 * Configuration class
-	 * @param bool $po whether the objectClass with most result entries
-	 * shall be pre-selected via the result
-	 * @return array|false list of found items.
-	 * @throws \Exception
-	 */
-	private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
-		$cr = $this->getConnection();
-		if(!$cr) {
-			throw new \Exception('Could not connect to LDAP');
-		}
-		$p = 'objectclass=';
-		foreach($objectclasses as $key => $value) {
-			$objectclasses[$key] = $p.$value;
-		}
-		$maxEntryObjC = '';
-
-		//how deep to dig?
-		//When looking for objectclasses, testing few entries is sufficient,
-		$dig = 3;
-
-		$availableFeatures =
-			$this->cumulativeSearchOnAttribute($objectclasses, $attr,
-											   $dig, $maxEntryObjC);
-		if(is_array($availableFeatures)
-		   && count($availableFeatures) > 0) {
-			natcasesort($availableFeatures);
-			//natcasesort keeps indices, but we must get rid of them for proper
-			//sorting in the web UI. Therefore: array_values
-			$this->result->addOptions($dbkey, array_values($availableFeatures));
-		} else {
-			throw new \Exception(self::$l->t('Could not find the desired feature'));
-		}
-
-		$setFeatures = $this->configuration->$confkey;
-		if(is_array($setFeatures) && !empty($setFeatures)) {
-			//something is already configured? pre-select it.
-			$this->result->addChange($dbkey, $setFeatures);
-		} else if($po && !empty($maxEntryObjC)) {
-			//pre-select objectclass with most result entries
-			$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
-			$this->applyFind($dbkey, $maxEntryObjC);
-			$this->result->addChange($dbkey, $maxEntryObjC);
-		}
-
-		return $availableFeatures;
-	}
-
-	/**
-	 * appends a list of values fr
-	 * @param resource $result the return value from ldap_get_attributes
-	 * @param string $attribute the attribute values to look for
-	 * @param array &$known new values will be appended here
-	 * @return int, state on of the class constants LRESULT_PROCESSED_OK,
-	 * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
-	 */
-	private function getAttributeValuesFromEntry($result, $attribute, &$known) {
-		if(!is_array($result)
-		   || !isset($result['count'])
-		   || !$result['count'] > 0) {
-			return self::LRESULT_PROCESSED_INVALID;
-		}
-
-		// strtolower on all keys for proper comparison
-		$result = \OCP\Util::mb_array_change_key_case($result);
-		$attribute = strtolower($attribute);
-		if(isset($result[$attribute])) {
-			foreach($result[$attribute] as $key => $val) {
-				if($key === 'count') {
-					continue;
-				}
-				if(!in_array($val, $known)) {
-					$known[] = $val;
-				}
-			}
-			return self::LRESULT_PROCESSED_OK;
-		} else {
-			return self::LRESULT_PROCESSED_SKIP;
-		}
-	}
-
-	/**
-	 * @return bool|mixed
-	 */
-	private function getConnection() {
-		if(!is_null($this->cr)) {
-			return $this->cr;
-		}
-
-		$cr = $this->ldap->connect(
-			$this->configuration->ldapHost,
-			$this->configuration->ldapPort
-		);
-
-		$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
-		$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
-		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
-		if($this->configuration->ldapTLS === 1) {
-			$this->ldap->startTls($cr);
-		}
-
-		$lo = @$this->ldap->bind($cr,
-								 $this->configuration->ldapAgentName,
-								 $this->configuration->ldapAgentPassword);
-		if($lo === true) {
-			$this->$cr = $cr;
-			return $cr;
-		}
-
-		return false;
-	}
-
-	/**
-	 * @return array
-	 */
-	private function getDefaultLdapPortSettings() {
-		static $settings = array(
-								array('port' => 7636, 'tls' => false),
-								array('port' =>  636, 'tls' => false),
-								array('port' => 7389, 'tls' => true),
-								array('port' =>  389, 'tls' => true),
-								array('port' => 7389, 'tls' => false),
-								array('port' =>  389, 'tls' => false),
-						  );
-		return $settings;
-	}
-
-	/**
-	 * @return array
-	 */
-	private function getPortSettingsToTry() {
-		//389 ← LDAP / Unencrypted or StartTLS
-		//636 ← LDAPS / SSL
-		//7xxx ← UCS. need to be checked first, because both ports may be open
-		$host = $this->configuration->ldapHost;
-		$port = intval($this->configuration->ldapPort);
-		$portSettings = array();
-
-		//In case the port is already provided, we will check this first
-		if($port > 0) {
-			$hostInfo = parse_url($host);
-			if(!(is_array($hostInfo)
-				&& isset($hostInfo['scheme'])
-				&& stripos($hostInfo['scheme'], 'ldaps') !== false)) {
-				$portSettings[] = array('port' => $port, 'tls' => true);
-			}
-			$portSettings[] =array('port' => $port, 'tls' => false);
-		}
-
-		//default ports
-		$portSettings = array_merge($portSettings,
-		                            $this->getDefaultLdapPortSettings());
-
-		return $portSettings;
-	}
+    static protected $l;
+    protected $access;
+    protected $cr;
+    protected $configuration;
+    protected $result;
+    protected $resultCache = array();
+
+    const LRESULT_PROCESSED_OK = 2;
+    const LRESULT_PROCESSED_INVALID = 3;
+    const LRESULT_PROCESSED_SKIP = 4;
+
+    const LFILTER_LOGIN      = 2;
+    const LFILTER_USER_LIST  = 3;
+    const LFILTER_GROUP_LIST = 4;
+
+    const LFILTER_MODE_ASSISTED = 2;
+    const LFILTER_MODE_RAW = 1;
+
+    const LDAP_NW_TIMEOUT = 4;
+
+    /**
+     * Constructor
+     * @param Configuration $configuration an instance of Configuration
+     * @param ILDAPWrapper $ldap an instance of ILDAPWrapper
+     */
+    public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) {
+        parent::__construct($ldap);
+        $this->configuration = $configuration;
+        if(is_null(Wizard::$l)) {
+            Wizard::$l = \OC::$server->getL10N('user_ldap');
+        }
+        $this->access = $access;
+        $this->result = new WizardResult();
+    }
+
+    public function  __destruct() {
+        if($this->result->hasChanges()) {
+            $this->configuration->saveConfiguration();
+        }
+    }
+
+    /**
+     * counts entries in the LDAP directory
+     *
+     * @param string $filter the LDAP search filter
+     * @param string $type a string being either 'users' or 'groups';
+     * @return bool|int
+     * @throws \Exception
+     */
+    public function countEntries($filter, $type) {
+        $reqs = array('ldapHost', 'ldapPort', 'ldapBase');
+        if($type === 'users') {
+            $reqs[] = 'ldapUserFilter';
+        }
+        if(!$this->checkRequirements($reqs)) {
+            throw new \Exception('Requirements not met', 400);
+        }
+
+        $attr = array('dn'); // default
+        $limit = 1001;
+        if($type === 'groups') {
+            $result =  $this->access->countGroups($filter, $attr, $limit);
+        } else if($type === 'users') {
+            $result = $this->access->countUsers($filter, $attr, $limit);
+        } else if ($type === 'objects') {
+            $result = $this->access->countObjects($limit);
+        } else {
+            throw new \Exception('internal error: invalid object type', 500);
+        }
+
+        return $result;
+    }
+
+    /**
+     * formats the return value of a count operation to the string to be
+     * inserted.
+     *
+     * @param bool|int $count
+     * @return int|string
+     */
+    private function formatCountResult($count) {
+        $formatted = ($count !== false) ? $count : 0;
+        if($formatted > 1000) {
+            $formatted = '> 1000';
+        }
+        return $formatted;
+    }
+
+    public function countGroups() {
+        $filter = $this->configuration->ldapGroupFilter;
+
+        if(empty($filter)) {
+            $output = self::$l->n('%s group found', '%s groups found', 0, array(0));
+            $this->result->addChange('ldap_group_count', $output);
+            return $this->result;
+        }
+
+        try {
+            $groupsTotal = $this->formatCountResult($this->countEntries($filter, 'groups'));
+        } catch (\Exception $e) {
+            //400 can be ignored, 500 is forwarded
+            if($e->getCode() === 500) {
+                throw $e;
+            }
+            return false;
+        }
+        $output = self::$l->n('%s group found', '%s groups found', $groupsTotal, array($groupsTotal));
+        $this->result->addChange('ldap_group_count', $output);
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function countUsers() {
+        $filter = $this->access->getFilterForUserCount();
+
+        $usersTotal = $this->formatCountResult($this->countEntries($filter, 'users'));
+        $output = self::$l->n('%s user found', '%s users found', $usersTotal, array($usersTotal));
+        $this->result->addChange('ldap_user_count', $output);
+        return $this->result;
+    }
+
+    /**
+     * counts any objects in the currently set base dn
+     *
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function countInBaseDN() {
+        // we don't need to provide a filter in this case
+        $total = $this->countEntries(null, 'objects');
+        if($total === false) {
+            throw new \Exception('invalid results received');
+        }
+        $this->result->addChange('ldap_test_base', $total);
+        return $this->result;
+    }
+
+    /**
+     * counts users with a specified attribute
+     * @param string $attr
+     * @param bool $existsCheck
+     * @return int|bool
+     */
+    public function countUsersWithAttribute($attr, $existsCheck = false) {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+
+        $filter = $this->access->combineFilterWithAnd(array(
+            $this->configuration->ldapUserFilter,
+            $attr . '=*'
+        ));
+
+        $limit = ($existsCheck === false) ? null : 1;
+
+        return $this->access->countUsers($filter, array('dn'), $limit);
+    }
+
+    /**
+     * detects the display name attribute. If a setting is already present that
+     * returns at least one hit, the detection will be canceled.
+     * @return WizardResult|bool
+     * @throws \Exception
+     */
+    public function detectUserDisplayNameAttribute() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                        'ldapPort',
+                                        'ldapBase',
+                                        'ldapUserFilter',
+                                        ))) {
+            return  false;
+        }
+
+        $attr = $this->configuration->ldapUserDisplayName;
+        if($attr !== 'displayName' && !empty($attr)) {
+            // most likely not the default value with upper case N,
+            // verify it still produces a result
+            $count = intval($this->countUsersWithAttribute($attr, true));
+            if($count > 0) {
+                //no change, but we sent it back to make sure the user interface
+                //is still correct, even if the ajax call was cancelled inbetween
+                $this->result->addChange('ldap_display_name', $attr);
+                return $this->result;
+            }
+        }
+
+        // first attribute that has at least one result wins
+        $displayNameAttrs = array('displayname', 'cn');
+        foreach ($displayNameAttrs as $attr) {
+            $count = intval($this->countUsersWithAttribute($attr, true));
+
+            if($count > 0) {
+                $this->applyFind('ldap_display_name', $attr);
+                return $this->result;
+            }
+        };
+
+        throw new \Exception(self::$l->t('Could not detect user display name attribute. Please specify it yourself in advanced ldap settings.'));
+    }
+
+    /**
+     * detects the most often used email attribute for users applying to the
+     * user list filter. If a setting is already present that returns at least
+     * one hit, the detection will be canceled.
+     * @return WizardResult|bool
+     */
+    public function detectEmailAttribute() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+
+        $attr = $this->configuration->ldapEmailAttribute;
+        if(!empty($attr)) {
+            $count = intval($this->countUsersWithAttribute($attr, true));
+            if($count > 0) {
+                return false;
+            }
+            $writeLog = true;
+        } else {
+            $writeLog = false;
+        }
+
+        $emailAttributes = array('mail', 'mailPrimaryAddress');
+        $winner = '';
+        $maxUsers = 0;
+        foreach($emailAttributes as $attr) {
+            $count = $this->countUsersWithAttribute($attr);
+            if($count > $maxUsers) {
+                $maxUsers = $count;
+                $winner = $attr;
+            }
+        }
+
+        if($winner !== '') {
+            $this->applyFind('ldap_email_attr', $winner);
+            if($writeLog) {
+                \OCP\Util::writeLog('user_ldap', 'The mail attribute has ' .
+                    'automatically been reset, because the original value ' .
+                    'did not return any results.', \OCP\Util::INFO);
+            }
+        }
+
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function determineAttributes() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+
+        $attributes = $this->getUserAttributes();
+
+        natcasesort($attributes);
+        $attributes = array_values($attributes);
+
+        $this->result->addOptions('ldap_loginfilter_attributes', $attributes);
+
+        $selected = $this->configuration->ldapLoginFilterAttributes;
+        if(is_array($selected) && !empty($selected)) {
+            $this->result->addChange('ldap_loginfilter_attributes', $selected);
+        }
+
+        return $this->result;
+    }
+
+    /**
+     * detects the available LDAP attributes
+     * @return array|false The instance's WizardResult instance
+     * @throws \Exception
+     */
+    private function getUserAttributes() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $base = $this->configuration->ldapBase[0];
+        $filter = $this->configuration->ldapUserFilter;
+        $rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
+        if(!$this->ldap->isResource($rr)) {
+            return false;
+        }
+        $er = $this->ldap->firstEntry($cr, $rr);
+        $attributes = $this->ldap->getAttributes($cr, $er);
+        $pureAttributes = array();
+        for($i = 0; $i < $attributes['count']; $i++) {
+            $pureAttributes[] = $attributes[$i];
+        }
+
+        return $pureAttributes;
+    }
+
+    /**
+     * detects the available LDAP groups
+     * @return WizardResult|false the instance's WizardResult instance
+     */
+    public function determineGroupsForGroups() {
+        return $this->determineGroups('ldap_groupfilter_groups',
+                                        'ldapGroupFilterGroups',
+                                        false);
+    }
+
+    /**
+     * detects the available LDAP groups
+     * @return WizardResult|false the instance's WizardResult instance
+     */
+    public function determineGroupsForUsers() {
+        return $this->determineGroups('ldap_userfilter_groups',
+                                        'ldapUserFilterGroups');
+    }
+
+    /**
+     * detects the available LDAP groups
+     * @param string $dbKey
+     * @param string $confKey
+     * @param bool $testMemberOf
+     * @return WizardResult|false the instance's WizardResult instance
+     * @throws \Exception
+     */
+    private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $this->fetchGroups($dbKey, $confKey);
+
+        if($testMemberOf) {
+            $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
+            $this->result->markChange();
+            if(!$this->configuration->hasMemberOfFilterSupport) {
+                throw new \Exception('memberOf is not supported by the server');
+            }
+        }
+
+        return $this->result;
+    }
+
+    /**
+     * fetches all groups from LDAP and adds them to the result object
+     *
+     * @param string $dbKey
+     * @param string $confKey
+     * @return array $groupEntries
+     * @throws \Exception
+     */
+    public function fetchGroups($dbKey, $confKey) {
+        $obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
+
+        $filterParts = array();
+        foreach($obclasses as $obclass) {
+            $filterParts[] = 'objectclass='.$obclass;
+        }
+        //we filter for everything
+        //- that looks like a group and
+        //- has the group display name set
+        $filter = $this->access->combineFilterWithOr($filterParts);
+        $filter = $this->access->combineFilterWithAnd(array($filter, 'cn=*'));
+
+        $groupNames = array();
+        $groupEntries = array();
+        $limit = 400;
+        $offset = 0;
+        do {
+            // we need to request dn additionally here, otherwise memberOf
+            // detection will fail later
+            $result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
+            foreach($result as $item) {
+                if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
+                    // just in case - no issue known
+                    continue;
+                }
+                $groupNames[] = $item['cn'][0];
+                $groupEntries[] = $item;
+            }
+            $offset += $limit;
+        } while ($this->access->hasMoreResults());
+
+        if(count($groupNames) > 0) {
+            natsort($groupNames);
+            $this->result->addOptions($dbKey, array_values($groupNames));
+        } else {
+            throw new \Exception(self::$l->t('Could not find the desired feature'));
+        }
+
+        $setFeatures = $this->configuration->$confKey;
+        if(is_array($setFeatures) && !empty($setFeatures)) {
+            //something is already configured? pre-select it.
+            $this->result->addChange($dbKey, $setFeatures);
+        }
+        return $groupEntries;
+    }
+
+    public function determineGroupMemberAssoc() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapGroupFilter',
+                                            ))) {
+            return  false;
+        }
+        $attribute = $this->detectGroupMemberAssoc();
+        if($attribute === false) {
+            return false;
+        }
+        $this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
+        $this->result->addChange('ldap_group_member_assoc_attribute', $attribute);
+
+        return $this->result;
+    }
+
+    /**
+     * Detects the available object classes
+     * @return WizardResult|false the instance's WizardResult instance
+     * @throws \Exception
+     */
+    public function determineGroupObjectClasses() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $obclasses = array('groupOfNames', 'group', 'posixGroup', '*');
+        $this->determineFeature($obclasses,
+                                'objectclass',
+                                'ldap_groupfilter_objectclass',
+                                'ldapGroupFilterObjectclass',
+                                false);
+
+        return $this->result;
+    }
+
+    /**
+     * detects the available object classes
+     * @return WizardResult
+     * @throws \Exception
+     */
+    public function determineUserObjectClasses() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return  false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        $obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
+                            'user', 'posixAccount', '*');
+        $filter = $this->configuration->ldapUserFilter;
+        //if filter is empty, it is probably the first time the wizard is called
+        //then, apply suggestions.
+        $this->determineFeature($obclasses,
+                                'objectclass',
+                                'ldap_userfilter_objectclass',
+                                'ldapUserFilterObjectclass',
+                                empty($filter));
+
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult|false
+     * @throws \Exception
+     */
+    public function getGroupFilter() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return false;
+        }
+        //make sure the use display name is set
+        $displayName = $this->configuration->ldapGroupDisplayName;
+        if(empty($displayName)) {
+            $d = $this->configuration->getDefaults();
+            $this->applyFind('ldap_group_display_name',
+                                $d['ldap_group_display_name']);
+        }
+        $filter = $this->composeLdapFilter(self::LFILTER_GROUP_LIST);
+
+        $this->applyFind('ldap_group_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * @return WizardResult|false
+     * @throws \Exception
+     */
+    public function getUserListFilter() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            ))) {
+            return false;
+        }
+        //make sure the use display name is set
+        $displayName = $this->configuration->ldapUserDisplayName;
+        if(empty($displayName)) {
+            $d = $this->configuration->getDefaults();
+            $this->applyFind('ldap_display_name', $d['ldap_display_name']);
+        }
+        $filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
+        if(!$filter) {
+            throw new \Exception('Cannot create filter');
+        }
+
+        $this->applyFind('ldap_userlist_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * @return bool|WizardResult
+     * @throws \Exception
+     */
+    public function getUserLoginFilter() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            'ldapBase',
+                                            'ldapUserFilter',
+                                            ))) {
+            return false;
+        }
+
+        $filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
+        if(!$filter) {
+            throw new \Exception('Cannot create filter');
+        }
+
+        $this->applyFind('ldap_login_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * @return bool|WizardResult
+     * @param string $loginName
+     * @throws \Exception
+     */
+    public function testLoginName($loginName) {
+        if(!$this->checkRequirements(array('ldapHost',
+            'ldapPort',
+            'ldapBase',
+            'ldapLoginFilter',
+        ))) {
+            return false;
+        }
+
+        $cr = $this->access->connection->getConnectionResource();
+        if(!$this->ldap->isResource($cr)) {
+            throw new \Exception('connection error');
+        }
+
+        if(mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
+            === false) {
+            throw new \Exception('missing placeholder');
+        }
+
+        $users = $this->access->countUsersByLoginName($loginName);
+        if($this->ldap->errno($cr) !== 0) {
+            throw new \Exception($this->ldap->error($cr));
+        }
+        $filter = str_replace('%uid', $loginName, $this->access->connection->ldapLoginFilter);
+        $this->result->addChange('ldap_test_loginname', $users);
+        $this->result->addChange('ldap_test_effective_filter', $filter);
+        return $this->result;
+    }
+
+    /**
+     * Tries to determine the port, requires given Host, User DN and Password
+     * @return WizardResult|false WizardResult on success, false otherwise
+     * @throws \Exception
+     */
+    public function guessPortAndTLS() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            ))) {
+            return false;
+        }
+        $this->checkHost();
+        $portSettings = $this->getPortSettingsToTry();
+
+        if(!is_array($portSettings)) {
+            throw new \Exception(print_r($portSettings, true));
+        }
+
+        //proceed from the best configuration and return on first success
+        foreach($portSettings as $setting) {
+            $p = $setting['port'];
+            $t = $setting['tls'];
+            \OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, \OCP\Util::DEBUG);
+            //connectAndBind may throw Exception, it needs to be catched by the
+            //callee of this method
+
+            try {
+                $settingsFound = $this->connectAndBind($p, $t);
+            } catch (\Exception $e) {
+                // any reply other than -1 (= cannot connect) is already okay,
+                // because then we found the server
+                // unavailable startTLS returns -11
+                if($e->getCode() > 0) {
+                    $settingsFound = true;
+                } else {
+                    throw $e;
+                }
+            }
+
+            if ($settingsFound === true) {
+                $config = array(
+                    'ldapPort' => $p,
+                    'ldapTLS' => intval($t)
+                );
+                $this->configuration->setConfiguration($config);
+                \OCP\Util::writeLog('user_ldap', 'Wiz: detected Port ' . $p, \OCP\Util::DEBUG);
+                $this->result->addChange('ldap_port', $p);
+                return $this->result;
+            }
+        }
+
+        //custom port, undetected (we do not brute force)
+        return false;
+    }
+
+    /**
+     * tries to determine a base dn from User DN or LDAP Host
+     * @return WizardResult|false WizardResult on success, false otherwise
+     */
+    public function guessBaseDN() {
+        if(!$this->checkRequirements(array('ldapHost',
+                                            'ldapPort',
+                                            ))) {
+            return false;
+        }
+
+        //check whether a DN is given in the agent name (99.9% of all cases)
+        $base = null;
+        $i = stripos($this->configuration->ldapAgentName, 'dc=');
+        if($i !== false) {
+            $base = substr($this->configuration->ldapAgentName, $i);
+            if($this->testBaseDN($base)) {
+                $this->applyFind('ldap_base', $base);
+                return $this->result;
+            }
+        }
+
+        //this did not help :(
+        //Let's see whether we can parse the Host URL and convert the domain to
+        //a base DN
+        $helper = new Helper();
+        $domain = $helper->getDomainFromURL($this->configuration->ldapHost);
+        if(!$domain) {
+            return false;
+        }
+
+        $dparts = explode('.', $domain);
+        while(count($dparts) > 0) {
+            $base2 = 'dc=' . implode(',dc=', $dparts);
+            if ($base !== $base2 && $this->testBaseDN($base2)) {
+                $this->applyFind('ldap_base', $base2);
+                return $this->result;
+            }
+            array_shift($dparts);
+        }
+
+        return false;
+    }
+
+    /**
+     * sets the found value for the configuration key in the WizardResult
+     * as well as in the Configuration instance
+     * @param string $key the configuration key
+     * @param string $value the (detected) value
+     *
+     */
+    private function applyFind($key, $value) {
+        $this->result->addChange($key, $value);
+        $this->configuration->setConfiguration(array($key => $value));
+    }
+
+    /**
+     * Checks, whether a port was entered in the Host configuration
+     * field. In this case the port will be stripped off, but also stored as
+     * setting.
+     */
+    private function checkHost() {
+        $host = $this->configuration->ldapHost;
+        $hostInfo = parse_url($host);
+
+        //removes Port from Host
+        if(is_array($hostInfo) && isset($hostInfo['port'])) {
+            $port = $hostInfo['port'];
+            $host = str_replace(':'.$port, '', $host);
+            $this->applyFind('ldap_host', $host);
+            $this->applyFind('ldap_port', $port);
+        }
+    }
+
+    /**
+     * tries to detect the group member association attribute which is
+     * one of 'uniqueMember', 'memberUid', 'member'
+     * @return string|false, string with the attribute name, false on error
+     * @throws \Exception
+     */
+    private function detectGroupMemberAssoc() {
+        $possibleAttrs = array('uniqueMember', 'memberUid', 'member');
+        $filter = $this->configuration->ldapGroupFilter;
+        if(empty($filter)) {
+            return false;
+        }
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+        $base = $this->configuration->ldapBase[0];
+        $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
+        if(!$this->ldap->isResource($rr)) {
+            return false;
+        }
+        $er = $this->ldap->firstEntry($cr, $rr);
+        while(is_resource($er)) {
+            $this->ldap->getDN($cr, $er);
+            $attrs = $this->ldap->getAttributes($cr, $er);
+            $result = array();
+            $possibleAttrsCount = count($possibleAttrs);
+            for($i = 0; $i < $possibleAttrsCount; $i++) {
+                if(isset($attrs[$possibleAttrs[$i]])) {
+                    $result[$possibleAttrs[$i]] = $attrs[$possibleAttrs[$i]]['count'];
+                }
+            }
+            if(!empty($result)) {
+                natsort($result);
+                return key($result);
+            }
+
+            $er = $this->ldap->nextEntry($cr, $er);
+        }
+
+        return false;
+    }
+
+    /**
+     * Checks whether for a given BaseDN results will be returned
+     * @param string $base the BaseDN to test
+     * @return bool true on success, false otherwise
+     * @throws \Exception
+     */
+    private function testBaseDN($base) {
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+
+        //base is there, let's validate it. If we search for anything, we should
+        //get a result set > 0 on a proper base
+        $rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
+        if(!$this->ldap->isResource($rr)) {
+            $errorNo  = $this->ldap->errno($cr);
+            $errorMsg = $this->ldap->error($cr);
+            \OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
+                            ' Error '.$errorNo.': '.$errorMsg, \OCP\Util::INFO);
+            return false;
+        }
+        $entries = $this->ldap->countEntries($cr, $rr);
+        return ($entries !== false) && ($entries > 0);
+    }
+
+    /**
+     * Checks whether the server supports memberOf in LDAP Filter.
+     * Note: at least in OpenLDAP, availability of memberOf is dependent on
+     * a configured objectClass. I.e. not necessarily for all available groups
+     * memberOf does work.
+     *
+     * @return bool true if it does, false otherwise
+     * @throws \Exception
+     */
+    private function testMemberOf() {
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+        $result = $this->access->countUsers('memberOf=*', array('memberOf'), 1);
+        if(is_int($result) &&  $result > 0) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * creates an LDAP Filter from given configuration
+     * @param integer $filterType int, for which use case the filter shall be created
+     * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
+     * self::LFILTER_GROUP_LIST
+     * @return string|false string with the filter on success, false otherwise
+     * @throws \Exception
+     */
+    private function composeLdapFilter($filterType) {
+        $filter = '';
+        $parts = 0;
+        switch ($filterType) {
+            case self::LFILTER_USER_LIST:
+                $objcs = $this->configuration->ldapUserFilterObjectclass;
+                //glue objectclasses
+                if(is_array($objcs) && count($objcs) > 0) {
+                    $filter .= '(|';
+                    foreach($objcs as $objc) {
+                        $filter .= '(objectclass=' . $objc . ')';
+                    }
+                    $filter .= ')';
+                    $parts++;
+                }
+                //glue group memberships
+                if($this->configuration->hasMemberOfFilterSupport) {
+                    $cns = $this->configuration->ldapUserFilterGroups;
+                    if(is_array($cns) && count($cns) > 0) {
+                        $filter .= '(|';
+                        $cr = $this->getConnection();
+                        if(!$cr) {
+                            throw new \Exception('Could not connect to LDAP');
+                        }
+                        $base = $this->configuration->ldapBase[0];
+                        foreach($cns as $cn) {
+                            $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
+                            if(!$this->ldap->isResource($rr)) {
+                                continue;
+                            }
+                            $er = $this->ldap->firstEntry($cr, $rr);
+                            $attrs = $this->ldap->getAttributes($cr, $er);
+                            $dn = $this->ldap->getDN($cr, $er);
+                            if(empty($dn)) {
+                                continue;
+                            }
+                            $filterPart = '(memberof=' . $dn . ')';
+                            if(isset($attrs['primaryGroupToken'])) {
+                                $pgt = $attrs['primaryGroupToken'][0];
+                                $primaryFilterPart = '(primaryGroupID=' . $pgt .')';
+                                $filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
+                            }
+                            $filter .= $filterPart;
+                        }
+                        $filter .= ')';
+                    }
+                    $parts++;
+                }
+                //wrap parts in AND condition
+                if($parts > 1) {
+                    $filter = '(&' . $filter . ')';
+                }
+                if(empty($filter)) {
+                    $filter = '(objectclass=*)';
+                }
+                break;
+
+            case self::LFILTER_GROUP_LIST:
+                $objcs = $this->configuration->ldapGroupFilterObjectclass;
+                //glue objectclasses
+                if(is_array($objcs) && count($objcs) > 0) {
+                    $filter .= '(|';
+                    foreach($objcs as $objc) {
+                        $filter .= '(objectclass=' . $objc . ')';
+                    }
+                    $filter .= ')';
+                    $parts++;
+                }
+                //glue group memberships
+                $cns = $this->configuration->ldapGroupFilterGroups;
+                if(is_array($cns) && count($cns) > 0) {
+                    $filter .= '(|';
+                    $base = $this->configuration->ldapBase[0];
+                    foreach($cns as $cn) {
+                        $filter .= '(cn=' . $cn . ')';
+                    }
+                    $filter .= ')';
+                }
+                $parts++;
+                //wrap parts in AND condition
+                if($parts > 1) {
+                    $filter = '(&' . $filter . ')';
+                }
+                break;
+
+            case self::LFILTER_LOGIN:
+                $ulf = $this->configuration->ldapUserFilter;
+                $loginpart = '=%uid';
+                $filterUsername = '';
+                $userAttributes = $this->getUserAttributes();
+                $userAttributes = array_change_key_case(array_flip($userAttributes));
+                $parts = 0;
+
+                if($this->configuration->ldapLoginFilterUsername === '1') {
+                    $attr = '';
+                    if(isset($userAttributes['uid'])) {
+                        $attr = 'uid';
+                    } else if(isset($userAttributes['samaccountname'])) {
+                        $attr = 'samaccountname';
+                    } else if(isset($userAttributes['cn'])) {
+                        //fallback
+                        $attr = 'cn';
+                    }
+                    if(!empty($attr)) {
+                        $filterUsername = '(' . $attr . $loginpart . ')';
+                        $parts++;
+                    }
+                }
+
+                $filterEmail = '';
+                if($this->configuration->ldapLoginFilterEmail === '1') {
+                    $filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
+                    $parts++;
+                }
+
+                $filterAttributes = '';
+                $attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
+                if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
+                    $filterAttributes = '(|';
+                    foreach($attrsToFilter as $attribute) {
+                        $filterAttributes .= '(' . $attribute . $loginpart . ')';
+                    }
+                    $filterAttributes .= ')';
+                    $parts++;
+                }
+
+                $filterLogin = '';
+                if($parts > 1) {
+                    $filterLogin = '(|';
+                }
+                $filterLogin .= $filterUsername;
+                $filterLogin .= $filterEmail;
+                $filterLogin .= $filterAttributes;
+                if($parts > 1) {
+                    $filterLogin .= ')';
+                }
+
+                $filter = '(&'.$ulf.$filterLogin.')';
+                break;
+        }
+
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, \OCP\Util::DEBUG);
+
+        return $filter;
+    }
+
+    /**
+     * Connects and Binds to an LDAP Server
+     * @param int $port the port to connect with
+     * @param bool $tls whether startTLS is to be used
+     * @param bool $ncc
+     * @return bool
+     * @throws \Exception
+     */
+    private function connectAndBind($port = 389, $tls = false, $ncc = false) {
+        if($ncc) {
+            //No certificate check
+            //FIXME: undo afterwards
+            putenv('LDAPTLS_REQCERT=never');
+        }
+
+        //connect, does not really trigger any server communication
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
+        $host = $this->configuration->ldapHost;
+        $hostInfo = parse_url($host);
+        if(!$hostInfo) {
+            throw new \Exception($this->l->t('Invalid Host'));
+        }
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', \OCP\Util::DEBUG);
+        $cr = $this->ldap->connect($host, $port);
+        if(!is_resource($cr)) {
+            throw new \Exception($this->l->t('Invalid Host'));
+        }
+
+        \OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG);
+        //set LDAP options
+        $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+        $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
+        $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
+
+        try {
+            if($tls) {
+                $isTlsWorking = @$this->ldap->startTls($cr);
+                if(!$isTlsWorking) {
+                    return false;
+                }
+            }
+
+            \OCP\Util::writeLog('user_ldap', 'Wiz: Attemping to Bind ', \OCP\Util::DEBUG);
+            //interesting part: do the bind!
+            $login = $this->ldap->bind($cr,
+                $this->configuration->ldapAgentName,
+                $this->configuration->ldapAgentPassword
+            );
+            $errNo = $this->ldap->errno($cr);
+            $error = ldap_error($cr);
+            $this->ldap->unbind($cr);
+        } catch(ServerNotAvailableException $e) {
+            return false;
+        }
+
+        if($login === true) {
+            $this->ldap->unbind($cr);
+            if($ncc) {
+                throw new \Exception('Certificate cannot be validated.');
+            }
+            \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
+            return true;
+        }
+
+        if($errNo === -1 || ($errNo === 2 && $ncc)) {
+            //host, port or TLS wrong
+            return false;
+        } else if ($errNo === 2) {
+            return $this->connectAndBind($port, $tls, true);
+        }
+        throw new \Exception($error, $errNo);
+    }
+
+    /**
+     * checks whether a valid combination of agent and password has been
+     * provided (either two values or nothing for anonymous connect)
+     * @return bool, true if everything is fine, false otherwise
+     */
+    private function checkAgentRequirements() {
+        $agent = $this->configuration->ldapAgentName;
+        $pwd = $this->configuration->ldapAgentPassword;
+
+        return ( (!empty($agent) && !empty($pwd))
+               || (empty($agent) &&  empty($pwd)));
+    }
+
+    /**
+     * @param array $reqs
+     * @return bool
+     */
+    private function checkRequirements($reqs) {
+        $this->checkAgentRequirements();
+        foreach($reqs as $option) {
+            $value = $this->configuration->$option;
+            if(empty($value)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * does a cumulativeSearch on LDAP to get different values of a
+     * specified attribute
+     * @param string[] $filters array, the filters that shall be used in the search
+     * @param string $attr the attribute of which a list of values shall be returned
+     * @param int $dnReadLimit the amount of how many DNs should be analyzed.
+     * The lower, the faster
+     * @param string $maxF string. if not null, this variable will have the filter that
+     * yields most result entries
+     * @return array|false an array with the values on success, false otherwise
+     */
+    public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) {
+        $dnRead = array();
+        $foundItems = array();
+        $maxEntries = 0;
+        if(!is_array($this->configuration->ldapBase)
+           || !isset($this->configuration->ldapBase[0])) {
+            return false;
+        }
+        $base = $this->configuration->ldapBase[0];
+        $cr = $this->getConnection();
+        if(!$this->ldap->isResource($cr)) {
+            return false;
+        }
+        $lastFilter = null;
+        if(isset($filters[count($filters)-1])) {
+            $lastFilter = $filters[count($filters)-1];
+        }
+        foreach($filters as $filter) {
+            if($lastFilter === $filter && count($foundItems) > 0) {
+                //skip when the filter is a wildcard and results were found
+                continue;
+            }
+            // 20k limit for performance and reason
+            $rr = $this->ldap->search($cr, $base, $filter, array($attr), 0, 20000);
+            if(!$this->ldap->isResource($rr)) {
+                continue;
+            }
+            $entries = $this->ldap->countEntries($cr, $rr);
+            $getEntryFunc = 'firstEntry';
+            if(($entries !== false) && ($entries > 0)) {
+                if(!is_null($maxF) && $entries > $maxEntries) {
+                    $maxEntries = $entries;
+                    $maxF = $filter;
+                }
+                $dnReadCount = 0;
+                do {
+                    $entry = $this->ldap->$getEntryFunc($cr, $rr);
+                    $getEntryFunc = 'nextEntry';
+                    if(!$this->ldap->isResource($entry)) {
+                        continue 2;
+                    }
+                    $rr = $entry; //will be expected by nextEntry next round
+                    $attributes = $this->ldap->getAttributes($cr, $entry);
+                    $dn = $this->ldap->getDN($cr, $entry);
+                    if($dn === false || in_array($dn, $dnRead)) {
+                        continue;
+                    }
+                    $newItems = array();
+                    $state = $this->getAttributeValuesFromEntry($attributes,
+                                                                $attr,
+                                                                $newItems);
+                    $dnReadCount++;
+                    $foundItems = array_merge($foundItems, $newItems);
+                    $this->resultCache[$dn][$attr] = $newItems;
+                    $dnRead[] = $dn;
+                } while(($state === self::LRESULT_PROCESSED_SKIP
+                        || $this->ldap->isResource($entry))
+                        && ($dnReadLimit === 0 || $dnReadCount < $dnReadLimit));
+            }
+        }
+
+        return array_unique($foundItems);
+    }
+
+    /**
+     * determines if and which $attr are available on the LDAP server
+     * @param string[] $objectclasses the objectclasses to use as search filter
+     * @param string $attr the attribute to look for
+     * @param string $dbkey the dbkey of the setting the feature is connected to
+     * @param string $confkey the confkey counterpart for the $dbkey as used in the
+     * Configuration class
+     * @param bool $po whether the objectClass with most result entries
+     * shall be pre-selected via the result
+     * @return array|false list of found items.
+     * @throws \Exception
+     */
+    private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
+        $cr = $this->getConnection();
+        if(!$cr) {
+            throw new \Exception('Could not connect to LDAP');
+        }
+        $p = 'objectclass=';
+        foreach($objectclasses as $key => $value) {
+            $objectclasses[$key] = $p.$value;
+        }
+        $maxEntryObjC = '';
+
+        //how deep to dig?
+        //When looking for objectclasses, testing few entries is sufficient,
+        $dig = 3;
+
+        $availableFeatures =
+            $this->cumulativeSearchOnAttribute($objectclasses, $attr,
+                                                $dig, $maxEntryObjC);
+        if(is_array($availableFeatures)
+           && count($availableFeatures) > 0) {
+            natcasesort($availableFeatures);
+            //natcasesort keeps indices, but we must get rid of them for proper
+            //sorting in the web UI. Therefore: array_values
+            $this->result->addOptions($dbkey, array_values($availableFeatures));
+        } else {
+            throw new \Exception(self::$l->t('Could not find the desired feature'));
+        }
+
+        $setFeatures = $this->configuration->$confkey;
+        if(is_array($setFeatures) && !empty($setFeatures)) {
+            //something is already configured? pre-select it.
+            $this->result->addChange($dbkey, $setFeatures);
+        } else if($po && !empty($maxEntryObjC)) {
+            //pre-select objectclass with most result entries
+            $maxEntryObjC = str_replace($p, '', $maxEntryObjC);
+            $this->applyFind($dbkey, $maxEntryObjC);
+            $this->result->addChange($dbkey, $maxEntryObjC);
+        }
+
+        return $availableFeatures;
+    }
+
+    /**
+     * appends a list of values fr
+     * @param resource $result the return value from ldap_get_attributes
+     * @param string $attribute the attribute values to look for
+     * @param array &$known new values will be appended here
+     * @return int, state on of the class constants LRESULT_PROCESSED_OK,
+     * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
+     */
+    private function getAttributeValuesFromEntry($result, $attribute, &$known) {
+        if(!is_array($result)
+           || !isset($result['count'])
+           || !$result['count'] > 0) {
+            return self::LRESULT_PROCESSED_INVALID;
+        }
+
+        // strtolower on all keys for proper comparison
+        $result = \OCP\Util::mb_array_change_key_case($result);
+        $attribute = strtolower($attribute);
+        if(isset($result[$attribute])) {
+            foreach($result[$attribute] as $key => $val) {
+                if($key === 'count') {
+                    continue;
+                }
+                if(!in_array($val, $known)) {
+                    $known[] = $val;
+                }
+            }
+            return self::LRESULT_PROCESSED_OK;
+        } else {
+            return self::LRESULT_PROCESSED_SKIP;
+        }
+    }
+
+    /**
+     * @return bool|mixed
+     */
+    private function getConnection() {
+        if(!is_null($this->cr)) {
+            return $this->cr;
+        }
+
+        $cr = $this->ldap->connect(
+            $this->configuration->ldapHost,
+            $this->configuration->ldapPort
+        );
+
+        $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
+        $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
+        $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
+        if($this->configuration->ldapTLS === 1) {
+            $this->ldap->startTls($cr);
+        }
+
+        $lo = @$this->ldap->bind($cr,
+                                    $this->configuration->ldapAgentName,
+                                    $this->configuration->ldapAgentPassword);
+        if($lo === true) {
+            $this->$cr = $cr;
+            return $cr;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return array
+     */
+    private function getDefaultLdapPortSettings() {
+        static $settings = array(
+                                array('port' => 7636, 'tls' => false),
+                                array('port' =>  636, 'tls' => false),
+                                array('port' => 7389, 'tls' => true),
+                                array('port' =>  389, 'tls' => true),
+                                array('port' => 7389, 'tls' => false),
+                                array('port' =>  389, 'tls' => false),
+                            );
+        return $settings;
+    }
+
+    /**
+     * @return array
+     */
+    private function getPortSettingsToTry() {
+        //389 ← LDAP / Unencrypted or StartTLS
+        //636 ← LDAPS / SSL
+        //7xxx ← UCS. need to be checked first, because both ports may be open
+        $host = $this->configuration->ldapHost;
+        $port = intval($this->configuration->ldapPort);
+        $portSettings = array();
+
+        //In case the port is already provided, we will check this first
+        if($port > 0) {
+            $hostInfo = parse_url($host);
+            if(!(is_array($hostInfo)
+                && isset($hostInfo['scheme'])
+                && stripos($hostInfo['scheme'], 'ldaps') !== false)) {
+                $portSettings[] = array('port' => $port, 'tls' => true);
+            }
+            $portSettings[] =array('port' => $port, 'tls' => false);
+        }
+
+        //default ports
+        $portSettings = array_merge($portSettings,
+                                    $this->getDefaultLdapPortSettings());
+
+        return $portSettings;
+    }
 
 
 }

Spacing +161 added lines, -161 removed lines

@@ -63,7 +63,7 @@ 
 	public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) {
 		parent::__construct($ldap);
 		$this->configuration = $configuration;
-		if(is_null(Wizard::$l)) {
+		if (is_null(Wizard::$l)) {
 			Wizard::$l = \OC::$server->getL10N('user_ldap');
 		}
 		$this->access = $access;
@@ -71,7 +71,7 @@ 
 	}
 
 	public function  __destruct() {
-		if($this->result->hasChanges()) {
+		if ($this->result->hasChanges()) {
 			$this->configuration->saveConfiguration();
 		}
 	}
@@ -86,18 +86,18 @@ 
 	 */
 	public function countEntries($filter, $type) {
 		$reqs = array('ldapHost', 'ldapPort', 'ldapBase');
-		if($type === 'users') {
+		if ($type === 'users') {
 			$reqs[] = 'ldapUserFilter';
 		}
-		if(!$this->checkRequirements($reqs)) {
+		if (!$this->checkRequirements($reqs)) {
 			throw new \Exception('Requirements not met', 400);
 		}
 
 		$attr = array('dn'); // default
 		$limit = 1001;
-		if($type === 'groups') {
-			$result =  $this->access->countGroups($filter, $attr, $limit);
-		} else if($type === 'users') {
+		if ($type === 'groups') {
+			$result = $this->access->countGroups($filter, $attr, $limit);
+		} else if ($type === 'users') {
 			$result = $this->access->countUsers($filter, $attr, $limit);
 		} else if ($type === 'objects') {
 			$result = $this->access->countObjects($limit);
@@ -117,7 +117,7 @@ 
 	 */
 	private function formatCountResult($count) {
 		$formatted = ($count !== false) ? $count : 0;
-		if($formatted > 1000) {
+		if ($formatted > 1000) {
 			$formatted = '> 1000';
 		}
 		return $formatted;
@@ -126,7 +126,7 @@ 
 	public function countGroups() {
 		$filter = $this->configuration->ldapGroupFilter;
 
-		if(empty($filter)) {
+		if (empty($filter)) {
 			$output = self::$l->n('%s group found', '%s groups found', 0, array(0));
 			$this->result->addChange('ldap_group_count', $output);
 			return $this->result;
@@ -136,7 +136,7 @@ 
 			$groupsTotal = $this->formatCountResult($this->countEntries($filter, 'groups'));
 		} catch (\Exception $e) {
 			//400 can be ignored, 500 is forwarded
-			if($e->getCode() === 500) {
+			if ($e->getCode() === 500) {
 				throw $e;
 			}
 			return false;
@@ -168,7 +168,7 @@ 
 	public function countInBaseDN() {
 		// we don't need to provide a filter in this case
 		$total = $this->countEntries(null, 'objects');
-		if($total === false) {
+		if ($total === false) {
 			throw new \Exception('invalid results received');
 		}
 		$this->result->addChange('ldap_test_base', $total);
@@ -182,7 +182,7 @@ 
 	 * @return int|bool
 	 */
 	public function countUsersWithAttribute($attr, $existsCheck = false) {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   'ldapUserFilter',
@@ -192,7 +192,7 @@ 
 
 		$filter = $this->access->combineFilterWithAnd(array(
 			$this->configuration->ldapUserFilter,
-			$attr . '=*'
+			$attr.'=*'
 		));
 
 		$limit = ($existsCheck === false) ? null : 1;
@@ -207,7 +207,7 @@ 
 	 * @throws \Exception
 	 */
 	public function detectUserDisplayNameAttribute() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										'ldapPort',
 										'ldapBase',
 										'ldapUserFilter',
@@ -216,11 +216,11 @@ 
 		}
 
 		$attr = $this->configuration->ldapUserDisplayName;
-		if($attr !== 'displayName' && !empty($attr)) {
+		if ($attr !== 'displayName' && !empty($attr)) {
 			// most likely not the default value with upper case N,
 			// verify it still produces a result
 			$count = intval($this->countUsersWithAttribute($attr, true));
-			if($count > 0) {
+			if ($count > 0) {
 				//no change, but we sent it back to make sure the user interface
 				//is still correct, even if the ajax call was cancelled inbetween
 				$this->result->addChange('ldap_display_name', $attr);
@@ -233,7 +233,7 @@ 
 		foreach ($displayNameAttrs as $attr) {
 			$count = intval($this->countUsersWithAttribute($attr, true));
 
-			if($count > 0) {
+			if ($count > 0) {
 				$this->applyFind('ldap_display_name', $attr);
 				return $this->result;
 			}
@@ -249,7 +249,7 @@ 
 	 * @return WizardResult|bool
 	 */
 	public function detectEmailAttribute() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   'ldapUserFilter',
@@ -258,9 +258,9 @@ 
 		}
 
 		$attr = $this->configuration->ldapEmailAttribute;
-		if(!empty($attr)) {
+		if (!empty($attr)) {
 			$count = intval($this->countUsersWithAttribute($attr, true));
-			if($count > 0) {
+			if ($count > 0) {
 				return false;
 			}
 			$writeLog = true;
@@ -271,19 +271,19 @@ 
 		$emailAttributes = array('mail', 'mailPrimaryAddress');
 		$winner = '';
 		$maxUsers = 0;
-		foreach($emailAttributes as $attr) {
+		foreach ($emailAttributes as $attr) {
 			$count = $this->countUsersWithAttribute($attr);
-			if($count > $maxUsers) {
+			if ($count > $maxUsers) {
 				$maxUsers = $count;
 				$winner = $attr;
 			}
 		}
 
-		if($winner !== '') {
+		if ($winner !== '') {
 			$this->applyFind('ldap_email_attr', $winner);
-			if($writeLog) {
-				\OCP\Util::writeLog('user_ldap', 'The mail attribute has ' .
-					'automatically been reset, because the original value ' .
+			if ($writeLog) {
+				\OCP\Util::writeLog('user_ldap', 'The mail attribute has '.
+					'automatically been reset, because the original value '.
 					'did not return any results.', \OCP\Util::INFO);
 			}
 		}
@@ -296,7 +296,7 @@ 
 	 * @throws \Exception
 	 */
 	public function determineAttributes() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   'ldapUserFilter',
@@ -312,7 +312,7 @@ 
 		$this->result->addOptions('ldap_loginfilter_attributes', $attributes);
 
 		$selected = $this->configuration->ldapLoginFilterAttributes;
-		if(is_array($selected) && !empty($selected)) {
+		if (is_array($selected) && !empty($selected)) {
 			$this->result->addChange('ldap_loginfilter_attributes', $selected);
 		}
 
@@ -325,7 +325,7 @@ 
 	 * @throws \Exception
 	 */
 	private function getUserAttributes() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   'ldapUserFilter',
@@ -333,20 +333,20 @@ 
 			return  false;
 		}
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 
 		$base = $this->configuration->ldapBase[0];
 		$filter = $this->configuration->ldapUserFilter;
 		$rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
-		if(!$this->ldap->isResource($rr)) {
+		if (!$this->ldap->isResource($rr)) {
 			return false;
 		}
 		$er = $this->ldap->firstEntry($cr, $rr);
 		$attributes = $this->ldap->getAttributes($cr, $er);
 		$pureAttributes = array();
-		for($i = 0; $i < $attributes['count']; $i++) {
+		for ($i = 0; $i < $attributes['count']; $i++) {
 			$pureAttributes[] = $attributes[$i];
 		}
 
@@ -381,23 +381,23 @@ 
 	 * @throws \Exception
 	 */
 	private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   ))) {
 			return  false;
 		}
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 
 		$this->fetchGroups($dbKey, $confKey);
 
-		if($testMemberOf) {
+		if ($testMemberOf) {
 			$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
 			$this->result->markChange();
-			if(!$this->configuration->hasMemberOfFilterSupport) {
+			if (!$this->configuration->hasMemberOfFilterSupport) {
 				throw new \Exception('memberOf is not supported by the server');
 			}
 		}
@@ -417,7 +417,7 @@ 
 		$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames');
 
 		$filterParts = array();
-		foreach($obclasses as $obclass) {
+		foreach ($obclasses as $obclass) {
 			$filterParts[] = 'objectclass='.$obclass;
 		}
 		//we filter for everything
@@ -434,8 +434,8 @@ 
 			// we need to request dn additionally here, otherwise memberOf
 			// detection will fail later
 			$result = $this->access->searchGroups($filter, array('cn', 'dn'), $limit, $offset);
-			foreach($result as $item) {
-				if(!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
+			foreach ($result as $item) {
+				if (!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) {
 					// just in case - no issue known
 					continue;
 				}
@@ -445,7 +445,7 @@ 
 			$offset += $limit;
 		} while ($this->access->hasMoreResults());
 
-		if(count($groupNames) > 0) {
+		if (count($groupNames) > 0) {
 			natsort($groupNames);
 			$this->result->addOptions($dbKey, array_values($groupNames));
 		} else {
@@ -453,7 +453,7 @@ 
 		}
 
 		$setFeatures = $this->configuration->$confKey;
-		if(is_array($setFeatures) && !empty($setFeatures)) {
+		if (is_array($setFeatures) && !empty($setFeatures)) {
 			//something is already configured? pre-select it.
 			$this->result->addChange($dbKey, $setFeatures);
 		}
@@ -461,14 +461,14 @@ 
 	}
 
 	public function determineGroupMemberAssoc() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapGroupFilter',
 										   ))) {
 			return  false;
 		}
 		$attribute = $this->detectGroupMemberAssoc();
-		if($attribute === false) {
+		if ($attribute === false) {
 			return false;
 		}
 		$this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
@@ -483,14 +483,14 @@ 
 	 * @throws \Exception
 	 */
 	public function determineGroupObjectClasses() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   ))) {
 			return  false;
 		}
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 
@@ -510,14 +510,14 @@ 
 	 * @throws \Exception
 	 */
 	public function determineUserObjectClasses() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   ))) {
 			return  false;
 		}
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 
@@ -540,7 +540,7 @@ 
 	 * @throws \Exception
 	 */
 	public function getGroupFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   ))) {
@@ -548,7 +548,7 @@ 
 		}
 		//make sure the use display name is set
 		$displayName = $this->configuration->ldapGroupDisplayName;
-		if(empty($displayName)) {
+		if (empty($displayName)) {
 			$d = $this->configuration->getDefaults();
 			$this->applyFind('ldap_group_display_name',
 							 $d['ldap_group_display_name']);
@@ -564,7 +564,7 @@ 
 	 * @throws \Exception
 	 */
 	public function getUserListFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   ))) {
@@ -572,12 +572,12 @@ 
 		}
 		//make sure the use display name is set
 		$displayName = $this->configuration->ldapUserDisplayName;
-		if(empty($displayName)) {
+		if (empty($displayName)) {
 			$d = $this->configuration->getDefaults();
 			$this->applyFind('ldap_display_name', $d['ldap_display_name']);
 		}
 		$filter = $this->composeLdapFilter(self::LFILTER_USER_LIST);
-		if(!$filter) {
+		if (!$filter) {
 			throw new \Exception('Cannot create filter');
 		}
 
@@ -590,7 +590,7 @@ 
 	 * @throws \Exception
 	 */
 	public function getUserLoginFilter() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   'ldapBase',
 										   'ldapUserFilter',
@@ -599,7 +599,7 @@ 
 		}
 
 		$filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
-		if(!$filter) {
+		if (!$filter) {
 			throw new \Exception('Cannot create filter');
 		}
 
@@ -613,7 +613,7 @@ 
 	 * @throws \Exception
 	 */
 	public function testLoginName($loginName) {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 			'ldapPort',
 			'ldapBase',
 			'ldapLoginFilter',
@@ -622,17 +622,17 @@ 
 		}
 
 		$cr = $this->access->connection->getConnectionResource();
-		if(!$this->ldap->isResource($cr)) {
+		if (!$this->ldap->isResource($cr)) {
 			throw new \Exception('connection error');
 		}
 
-		if(mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
+		if (mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
 			=== false) {
 			throw new \Exception('missing placeholder');
 		}
 
 		$users = $this->access->countUsersByLoginName($loginName);
-		if($this->ldap->errno($cr) !== 0) {
+		if ($this->ldap->errno($cr) !== 0) {
 			throw new \Exception($this->ldap->error($cr));
 		}
 		$filter = str_replace('%uid', $loginName, $this->access->connection->ldapLoginFilter);
@@ -647,22 +647,22 @@ 
 	 * @throws \Exception
 	 */
 	public function guessPortAndTLS() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   ))) {
 			return false;
 		}
 		$this->checkHost();
 		$portSettings = $this->getPortSettingsToTry();
 
-		if(!is_array($portSettings)) {
+		if (!is_array($portSettings)) {
 			throw new \Exception(print_r($portSettings, true));
 		}
 
 		//proceed from the best configuration and return on first success
-		foreach($portSettings as $setting) {
+		foreach ($portSettings as $setting) {
 			$p = $setting['port'];
 			$t = $setting['tls'];
-			\OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'Wiz: trying port '.$p.', TLS '.$t, \OCP\Util::DEBUG);
 			//connectAndBind may throw Exception, it needs to be catched by the
 			//callee of this method
 
@@ -672,7 +672,7 @@ 
 				// any reply other than -1 (= cannot connect) is already okay,
 				// because then we found the server
 				// unavailable startTLS returns -11
-				if($e->getCode() > 0) {
+				if ($e->getCode() > 0) {
 					$settingsFound = true;
 				} else {
 					throw $e;
@@ -685,7 +685,7 @@ 
 					'ldapTLS' => intval($t)
 				);
 				$this->configuration->setConfiguration($config);
-				\OCP\Util::writeLog('user_ldap', 'Wiz: detected Port ' . $p, \OCP\Util::DEBUG);
+				\OCP\Util::writeLog('user_ldap', 'Wiz: detected Port '.$p, \OCP\Util::DEBUG);
 				$this->result->addChange('ldap_port', $p);
 				return $this->result;
 			}
@@ -700,7 +700,7 @@ 
 	 * @return WizardResult|false WizardResult on success, false otherwise
 	 */
 	public function guessBaseDN() {
-		if(!$this->checkRequirements(array('ldapHost',
+		if (!$this->checkRequirements(array('ldapHost',
 										   'ldapPort',
 										   ))) {
 			return false;
@@ -709,9 +709,9 @@ 
 		//check whether a DN is given in the agent name (99.9% of all cases)
 		$base = null;
 		$i = stripos($this->configuration->ldapAgentName, 'dc=');
-		if($i !== false) {
+		if ($i !== false) {
 			$base = substr($this->configuration->ldapAgentName, $i);
-			if($this->testBaseDN($base)) {
+			if ($this->testBaseDN($base)) {
 				$this->applyFind('ldap_base', $base);
 				return $this->result;
 			}
@@ -722,13 +722,13 @@ 
 		//a base DN
 		$helper = new Helper();
 		$domain = $helper->getDomainFromURL($this->configuration->ldapHost);
-		if(!$domain) {
+		if (!$domain) {
 			return false;
 		}
 
 		$dparts = explode('.', $domain);
-		while(count($dparts) > 0) {
-			$base2 = 'dc=' . implode(',dc=', $dparts);
+		while (count($dparts) > 0) {
+			$base2 = 'dc='.implode(',dc=', $dparts);
 			if ($base !== $base2 && $this->testBaseDN($base2)) {
 				$this->applyFind('ldap_base', $base2);
 				return $this->result;
@@ -761,7 +761,7 @@ 
 		$hostInfo = parse_url($host);
 
 		//removes Port from Host
-		if(is_array($hostInfo) && isset($hostInfo['port'])) {
+		if (is_array($hostInfo) && isset($hostInfo['port'])) {
 			$port = $hostInfo['port'];
 			$host = str_replace(':'.$port, '', $host);
 			$this->applyFind('ldap_host', $host);
@@ -778,30 +778,30 @@ 
 	private function detectGroupMemberAssoc() {
 		$possibleAttrs = array('uniqueMember', 'memberUid', 'member');
 		$filter = $this->configuration->ldapGroupFilter;
-		if(empty($filter)) {
+		if (empty($filter)) {
 			return false;
 		}
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 		$base = $this->configuration->ldapBase[0];
 		$rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
-		if(!$this->ldap->isResource($rr)) {
+		if (!$this->ldap->isResource($rr)) {
 			return false;
 		}
 		$er = $this->ldap->firstEntry($cr, $rr);
-		while(is_resource($er)) {
+		while (is_resource($er)) {
 			$this->ldap->getDN($cr, $er);
 			$attrs = $this->ldap->getAttributes($cr, $er);
 			$result = array();
 			$possibleAttrsCount = count($possibleAttrs);
-			for($i = 0; $i < $possibleAttrsCount; $i++) {
-				if(isset($attrs[$possibleAttrs[$i]])) {
+			for ($i = 0; $i < $possibleAttrsCount; $i++) {
+				if (isset($attrs[$possibleAttrs[$i]])) {
 					$result[$possibleAttrs[$i]] = $attrs[$possibleAttrs[$i]]['count'];
 				}
 			}
-			if(!empty($result)) {
+			if (!empty($result)) {
 				natsort($result);
 				return key($result);
 			}
@@ -820,14 +820,14 @@ 
 	 */
 	private function testBaseDN($base) {
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 
 		//base is there, let's validate it. If we search for anything, we should
 		//get a result set > 0 on a proper base
 		$rr = $this->ldap->search($cr, $base, 'objectClass=*', array('dn'), 0, 1);
-		if(!$this->ldap->isResource($rr)) {
+		if (!$this->ldap->isResource($rr)) {
 			$errorNo  = $this->ldap->errno($cr);
 			$errorMsg = $this->ldap->error($cr);
 			\OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base.
@@ -849,11 +849,11 @@ 
 	 */
 	private function testMemberOf() {
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 		$result = $this->access->countUsers('memberOf=*', array('memberOf'), 1);
-		if(is_int($result) &&  $result > 0) {
+		if (is_int($result) && $result > 0) {
 			return true;
 		}
 		return false;
@@ -874,40 +874,40 @@ 
 			case self::LFILTER_USER_LIST:
 				$objcs = $this->configuration->ldapUserFilterObjectclass;
 				//glue objectclasses
-				if(is_array($objcs) && count($objcs) > 0) {
+				if (is_array($objcs) && count($objcs) > 0) {
 					$filter .= '(|';
-					foreach($objcs as $objc) {
-						$filter .= '(objectclass=' . $objc . ')';
+					foreach ($objcs as $objc) {
+						$filter .= '(objectclass='.$objc.')';
 					}
 					$filter .= ')';
 					$parts++;
 				}
 				//glue group memberships
-				if($this->configuration->hasMemberOfFilterSupport) {
+				if ($this->configuration->hasMemberOfFilterSupport) {
 					$cns = $this->configuration->ldapUserFilterGroups;
-					if(is_array($cns) && count($cns) > 0) {
+					if (is_array($cns) && count($cns) > 0) {
 						$filter .= '(|';
 						$cr = $this->getConnection();
-						if(!$cr) {
+						if (!$cr) {
 							throw new \Exception('Could not connect to LDAP');
 						}
 						$base = $this->configuration->ldapBase[0];
-						foreach($cns as $cn) {
-							$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
-							if(!$this->ldap->isResource($rr)) {
+						foreach ($cns as $cn) {
+							$rr = $this->ldap->search($cr, $base, 'cn='.$cn, array('dn', 'primaryGroupToken'));
+							if (!$this->ldap->isResource($rr)) {
 								continue;
 							}
 							$er = $this->ldap->firstEntry($cr, $rr);
 							$attrs = $this->ldap->getAttributes($cr, $er);
 							$dn = $this->ldap->getDN($cr, $er);
-							if(empty($dn)) {
+							if (empty($dn)) {
 								continue;
 							}
-							$filterPart = '(memberof=' . $dn . ')';
-							if(isset($attrs['primaryGroupToken'])) {
+							$filterPart = '(memberof='.$dn.')';
+							if (isset($attrs['primaryGroupToken'])) {
 								$pgt = $attrs['primaryGroupToken'][0];
-								$primaryFilterPart = '(primaryGroupID=' . $pgt .')';
-								$filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
+								$primaryFilterPart = '(primaryGroupID='.$pgt.')';
+								$filterPart = '(|'.$filterPart.$primaryFilterPart.')';
 							}
 							$filter .= $filterPart;
 						}
@@ -916,10 +916,10 @@ 
 					$parts++;
 				}
 				//wrap parts in AND condition
-				if($parts > 1) {
-					$filter = '(&' . $filter . ')';
+				if ($parts > 1) {
+					$filter = '(&'.$filter.')';
 				}
-				if(empty($filter)) {
+				if (empty($filter)) {
 					$filter = '(objectclass=*)';
 				}
 				break;
@@ -927,28 +927,28 @@ 
 			case self::LFILTER_GROUP_LIST:
 				$objcs = $this->configuration->ldapGroupFilterObjectclass;
 				//glue objectclasses
-				if(is_array($objcs) && count($objcs) > 0) {
+				if (is_array($objcs) && count($objcs) > 0) {
 					$filter .= '(|';
-					foreach($objcs as $objc) {
-						$filter .= '(objectclass=' . $objc . ')';
+					foreach ($objcs as $objc) {
+						$filter .= '(objectclass='.$objc.')';
 					}
 					$filter .= ')';
 					$parts++;
 				}
 				//glue group memberships
 				$cns = $this->configuration->ldapGroupFilterGroups;
-				if(is_array($cns) && count($cns) > 0) {
+				if (is_array($cns) && count($cns) > 0) {
 					$filter .= '(|';
 					$base = $this->configuration->ldapBase[0];
-					foreach($cns as $cn) {
-						$filter .= '(cn=' . $cn . ')';
+					foreach ($cns as $cn) {
+						$filter .= '(cn='.$cn.')';
 					}
 					$filter .= ')';
 				}
 				$parts++;
 				//wrap parts in AND condition
-				if($parts > 1) {
-					$filter = '(&' . $filter . ')';
+				if ($parts > 1) {
+					$filter = '(&'.$filter.')';
 				}
 				break;
 
@@ -960,47 +960,47 @@ 
 				$userAttributes = array_change_key_case(array_flip($userAttributes));
 				$parts = 0;
 
-				if($this->configuration->ldapLoginFilterUsername === '1') {
+				if ($this->configuration->ldapLoginFilterUsername === '1') {
 					$attr = '';
-					if(isset($userAttributes['uid'])) {
+					if (isset($userAttributes['uid'])) {
 						$attr = 'uid';
-					} else if(isset($userAttributes['samaccountname'])) {
+					} else if (isset($userAttributes['samaccountname'])) {
 						$attr = 'samaccountname';
-					} else if(isset($userAttributes['cn'])) {
+					} else if (isset($userAttributes['cn'])) {
 						//fallback
 						$attr = 'cn';
 					}
-					if(!empty($attr)) {
-						$filterUsername = '(' . $attr . $loginpart . ')';
+					if (!empty($attr)) {
+						$filterUsername = '('.$attr.$loginpart.')';
 						$parts++;
 					}
 				}
 
 				$filterEmail = '';
-				if($this->configuration->ldapLoginFilterEmail === '1') {
+				if ($this->configuration->ldapLoginFilterEmail === '1') {
 					$filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
 					$parts++;
 				}
 
 				$filterAttributes = '';
 				$attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
-				if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
+				if (is_array($attrsToFilter) && count($attrsToFilter) > 0) {
 					$filterAttributes = '(|';
-					foreach($attrsToFilter as $attribute) {
-						$filterAttributes .= '(' . $attribute . $loginpart . ')';
+					foreach ($attrsToFilter as $attribute) {
+						$filterAttributes .= '('.$attribute.$loginpart.')';
 					}
 					$filterAttributes .= ')';
 					$parts++;
 				}
 
 				$filterLogin = '';
-				if($parts > 1) {
+				if ($parts > 1) {
 					$filterLogin = '(|';
 				}
 				$filterLogin .= $filterUsername;
 				$filterLogin .= $filterEmail;
 				$filterLogin .= $filterAttributes;
-				if($parts > 1) {
+				if ($parts > 1) {
 					$filterLogin .= ')';
 				}
 
@@ -1022,7 +1022,7 @@ 
 	 * @throws \Exception
 	 */
 	private function connectAndBind($port = 389, $tls = false, $ncc = false) {
-		if($ncc) {
+		if ($ncc) {
 			//No certificate check
 			//FIXME: undo afterwards
 			putenv('LDAPTLS_REQCERT=never');
@@ -1032,12 +1032,12 @@ 
 		\OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
 		$host = $this->configuration->ldapHost;
 		$hostInfo = parse_url($host);
-		if(!$hostInfo) {
+		if (!$hostInfo) {
 			throw new \Exception($this->l->t('Invalid Host'));
 		}
 		\OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', \OCP\Util::DEBUG);
 		$cr = $this->ldap->connect($host, $port);
-		if(!is_resource($cr)) {
+		if (!is_resource($cr)) {
 			throw new \Exception($this->l->t('Invalid Host'));
 		}
 
@@ -1048,9 +1048,9 @@ 
 		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
 
 		try {
-			if($tls) {
+			if ($tls) {
 				$isTlsWorking = @$this->ldap->startTls($cr);
-				if(!$isTlsWorking) {
+				if (!$isTlsWorking) {
 					return false;
 				}
 			}
@@ -1064,20 +1064,20 @@ 
 			$errNo = $this->ldap->errno($cr);
 			$error = ldap_error($cr);
 			$this->ldap->unbind($cr);
-		} catch(ServerNotAvailableException $e) {
+		} catch (ServerNotAvailableException $e) {
 			return false;
 		}
 
-		if($login === true) {
+		if ($login === true) {
 			$this->ldap->unbind($cr);
-			if($ncc) {
+			if ($ncc) {
 				throw new \Exception('Certificate cannot be validated.');
 			}
-			\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '.$port.' TLS '.intval($tls), \OCP\Util::DEBUG);
 			return true;
 		}
 
-		if($errNo === -1 || ($errNo === 2 && $ncc)) {
+		if ($errNo === -1 || ($errNo === 2 && $ncc)) {
 			//host, port or TLS wrong
 			return false;
 		} else if ($errNo === 2) {
@@ -1095,8 +1095,8 @@ 
 		$agent = $this->configuration->ldapAgentName;
 		$pwd = $this->configuration->ldapAgentPassword;
 
-		return ( (!empty($agent) && !empty($pwd))
-		       || (empty($agent) &&  empty($pwd)));
+		return ((!empty($agent) && !empty($pwd))
+		       || (empty($agent) && empty($pwd)));
 	}
 
 	/**
@@ -1105,9 +1105,9 @@ 
 	 */
 	private function checkRequirements($reqs) {
 		$this->checkAgentRequirements();
-		foreach($reqs as $option) {
+		foreach ($reqs as $option) {
 			$value = $this->configuration->$option;
-			if(empty($value)) {
+			if (empty($value)) {
 				return false;
 			}
 		}
@@ -1129,33 +1129,33 @@ 
 		$dnRead = array();
 		$foundItems = array();
 		$maxEntries = 0;
-		if(!is_array($this->configuration->ldapBase)
+		if (!is_array($this->configuration->ldapBase)
 		   || !isset($this->configuration->ldapBase[0])) {
 			return false;
 		}
 		$base = $this->configuration->ldapBase[0];
 		$cr = $this->getConnection();
-		if(!$this->ldap->isResource($cr)) {
+		if (!$this->ldap->isResource($cr)) {
 			return false;
 		}
 		$lastFilter = null;
-		if(isset($filters[count($filters)-1])) {
-			$lastFilter = $filters[count($filters)-1];
+		if (isset($filters[count($filters) - 1])) {
+			$lastFilter = $filters[count($filters) - 1];
 		}
-		foreach($filters as $filter) {
-			if($lastFilter === $filter && count($foundItems) > 0) {
+		foreach ($filters as $filter) {
+			if ($lastFilter === $filter && count($foundItems) > 0) {
 				//skip when the filter is a wildcard and results were found
 				continue;
 			}
 			// 20k limit for performance and reason
 			$rr = $this->ldap->search($cr, $base, $filter, array($attr), 0, 20000);
-			if(!$this->ldap->isResource($rr)) {
+			if (!$this->ldap->isResource($rr)) {
 				continue;
 			}
 			$entries = $this->ldap->countEntries($cr, $rr);
 			$getEntryFunc = 'firstEntry';
-			if(($entries !== false) && ($entries > 0)) {
-				if(!is_null($maxF) && $entries > $maxEntries) {
+			if (($entries !== false) && ($entries > 0)) {
+				if (!is_null($maxF) && $entries > $maxEntries) {
 					$maxEntries = $entries;
 					$maxF = $filter;
 				}
@@ -1163,13 +1163,13 @@ 
 				do {
 					$entry = $this->ldap->$getEntryFunc($cr, $rr);
 					$getEntryFunc = 'nextEntry';
-					if(!$this->ldap->isResource($entry)) {
+					if (!$this->ldap->isResource($entry)) {
 						continue 2;
 					}
 					$rr = $entry; //will be expected by nextEntry next round
 					$attributes = $this->ldap->getAttributes($cr, $entry);
 					$dn = $this->ldap->getDN($cr, $entry);
-					if($dn === false || in_array($dn, $dnRead)) {
+					if ($dn === false || in_array($dn, $dnRead)) {
 						continue;
 					}
 					$newItems = array();
@@ -1180,7 +1180,7 @@ 
 					$foundItems = array_merge($foundItems, $newItems);
 					$this->resultCache[$dn][$attr] = $newItems;
 					$dnRead[] = $dn;
-				} while(($state === self::LRESULT_PROCESSED_SKIP
+				} while (($state === self::LRESULT_PROCESSED_SKIP
 						|| $this->ldap->isResource($entry))
 						&& ($dnReadLimit === 0 || $dnReadCount < $dnReadLimit));
 			}
@@ -1203,11 +1203,11 @@ 
 	 */
 	private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
 		$cr = $this->getConnection();
-		if(!$cr) {
+		if (!$cr) {
 			throw new \Exception('Could not connect to LDAP');
 		}
 		$p = 'objectclass=';
-		foreach($objectclasses as $key => $value) {
+		foreach ($objectclasses as $key => $value) {
 			$objectclasses[$key] = $p.$value;
 		}
 		$maxEntryObjC = '';
@@ -1219,7 +1219,7 @@ 
 		$availableFeatures =
 			$this->cumulativeSearchOnAttribute($objectclasses, $attr,
 											   $dig, $maxEntryObjC);
-		if(is_array($availableFeatures)
+		if (is_array($availableFeatures)
 		   && count($availableFeatures) > 0) {
 			natcasesort($availableFeatures);
 			//natcasesort keeps indices, but we must get rid of them for proper
@@ -1230,10 +1230,10 @@ 
 		}
 
 		$setFeatures = $this->configuration->$confkey;
-		if(is_array($setFeatures) && !empty($setFeatures)) {
+		if (is_array($setFeatures) && !empty($setFeatures)) {
 			//something is already configured? pre-select it.
 			$this->result->addChange($dbkey, $setFeatures);
-		} else if($po && !empty($maxEntryObjC)) {
+		} else if ($po && !empty($maxEntryObjC)) {
 			//pre-select objectclass with most result entries
 			$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
 			$this->applyFind($dbkey, $maxEntryObjC);
@@ -1252,7 +1252,7 @@ 
 	 * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP
 	 */
 	private function getAttributeValuesFromEntry($result, $attribute, &$known) {
-		if(!is_array($result)
+		if (!is_array($result)
 		   || !isset($result['count'])
 		   || !$result['count'] > 0) {
 			return self::LRESULT_PROCESSED_INVALID;
@@ -1261,12 +1261,12 @@ 
 		// strtolower on all keys for proper comparison
 		$result = \OCP\Util::mb_array_change_key_case($result);
 		$attribute = strtolower($attribute);
-		if(isset($result[$attribute])) {
-			foreach($result[$attribute] as $key => $val) {
-				if($key === 'count') {
+		if (isset($result[$attribute])) {
+			foreach ($result[$attribute] as $key => $val) {
+				if ($key === 'count') {
 					continue;
 				}
-				if(!in_array($val, $known)) {
+				if (!in_array($val, $known)) {
 					$known[] = $val;
 				}
 			}
@@ -1280,7 +1280,7 @@ 
 	 * @return bool|mixed
 	 */
 	private function getConnection() {
-		if(!is_null($this->cr)) {
+		if (!is_null($this->cr)) {
 			return $this->cr;
 		}
 
@@ -1292,14 +1292,14 @@ 
 		$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
 		$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
 		$this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
-		if($this->configuration->ldapTLS === 1) {
+		if ($this->configuration->ldapTLS === 1) {
 			$this->ldap->startTls($cr);
 		}
 
 		$lo = @$this->ldap->bind($cr,
 								 $this->configuration->ldapAgentName,
 								 $this->configuration->ldapAgentPassword);
-		if($lo === true) {
+		if ($lo === true) {
 			$this->$cr = $cr;
 			return $cr;
 		}
@@ -1334,14 +1334,14 @@ 
 		$portSettings = array();
 
 		//In case the port is already provided, we will check this first
-		if($port > 0) {
+		if ($port > 0) {
 			$hostInfo = parse_url($host);
-			if(!(is_array($hostInfo)
+			if (!(is_array($hostInfo)
 				&& isset($hostInfo['scheme'])
 				&& stripos($hostInfo['scheme'], 'ldaps') !== false)) {
 				$portSettings[] = array('port' => $port, 'tls' => true);
 			}
-			$portSettings[] =array('port' => $port, 'tls' => false);
+			$portSettings[] = array('port' => $port, 'tls' => false);
 		}
 
 		//default ports