nextcloud / server

apps/user_ldap/lib/Command/CheckUser.php

Indentation +96 added lines, -96 removed lines

@@ -36,101 +36,101 @@
 use OCA\User_LDAP\User_Proxy;
 
 class CheckUser extends Command {
-	/** @var \OCA\User_LDAP\User_Proxy */
-	protected $backend;
-
-	/** @var \OCA\User_LDAP\Helper */
-	protected $helper;
-
-	/** @var \OCA\User_LDAP\User\DeletedUsersIndex */
-	protected $dui;
-
-	/** @var \OCA\User_LDAP\Mapping\UserMapping */
-	protected $mapping;
-
-	/**
-	 * @param User_Proxy $uBackend
-	 * @param LDAPHelper $helper
-	 * @param DeletedUsersIndex $dui
-	 * @param UserMapping $mapping
-	 */
-	public function __construct(User_Proxy $uBackend, LDAPHelper $helper, DeletedUsersIndex $dui, UserMapping $mapping) {
-		$this->backend = $uBackend;
-		$this->helper = $helper;
-		$this->dui = $dui;
-		$this->mapping = $mapping;
-		parent::__construct();
-	}
-
-	protected function configure() {
-		$this
-			->setName('ldap:check-user')
-			->setDescription('checks whether a user exists on LDAP.')
-			->addArgument(
-					'ocName',
-					InputArgument::REQUIRED,
-					'the user name as used in Nextcloud'
-				     )
-			->addOption(
-					'force',
-					null,
-					InputOption::VALUE_NONE,
-					'ignores disabled LDAP configuration'
-				     )
-		;
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output) {
-		try {
-			$uid = $input->getArgument('ocName');
-			$this->isAllowed($input->getOption('force'));
-			$this->confirmUserIsMapped($uid);
-			$exists = $this->backend->userExistsOnLDAP($uid);
-			if($exists === true) {
-				$output->writeln('The user is still available on LDAP.');
-				return;
-			}
-
-			$this->dui->markUser($uid);
-			$output->writeln('The user does not exists on LDAP anymore.');
-			$output->writeln('Clean up the user\'s remnants by: ./occ user:delete "'
-				. $uid . '"');
-		} catch (\Exception $e) {
-			$output->writeln('<error>' . $e->getMessage(). '</error>');
-		}
-	}
-
-	/**
-	 * checks whether a user is actually mapped
-	 * @param string $ocName the username as used in Nextcloud
-	 * @throws \Exception
-	 * @return true
-	 */
-	protected function confirmUserIsMapped($ocName) {
-		$dn = $this->mapping->getDNByName($ocName);
-		if ($dn === false) {
-			throw new \Exception('The given user is not a recognized LDAP user.');
-		}
-
-		return true;
-	}
-
-	/**
-	 * checks whether the setup allows reliable checking of LDAP user existence
-	 * @throws \Exception
-	 * @return true
-	 */
-	protected function isAllowed($force) {
-		if($this->helper->haveDisabledConfigurations() && !$force) {
-			throw new \Exception('Cannot check user existence, because '
-				. 'disabled LDAP configurations are present.');
-		}
-
-		// we don't check ldapUserCleanupInterval from config.php because this
-		// action is triggered manually, while the setting only controls the
-		// background job.
-
-		return true;
-	}
+    /** @var \OCA\User_LDAP\User_Proxy */
+    protected $backend;
+
+    /** @var \OCA\User_LDAP\Helper */
+    protected $helper;
+
+    /** @var \OCA\User_LDAP\User\DeletedUsersIndex */
+    protected $dui;
+
+    /** @var \OCA\User_LDAP\Mapping\UserMapping */
+    protected $mapping;
+
+    /**
+     * @param User_Proxy $uBackend
+     * @param LDAPHelper $helper
+     * @param DeletedUsersIndex $dui
+     * @param UserMapping $mapping
+     */
+    public function __construct(User_Proxy $uBackend, LDAPHelper $helper, DeletedUsersIndex $dui, UserMapping $mapping) {
+        $this->backend = $uBackend;
+        $this->helper = $helper;
+        $this->dui = $dui;
+        $this->mapping = $mapping;
+        parent::__construct();
+    }
+
+    protected function configure() {
+        $this
+            ->setName('ldap:check-user')
+            ->setDescription('checks whether a user exists on LDAP.')
+            ->addArgument(
+                    'ocName',
+                    InputArgument::REQUIRED,
+                    'the user name as used in Nextcloud'
+                        )
+            ->addOption(
+                    'force',
+                    null,
+                    InputOption::VALUE_NONE,
+                    'ignores disabled LDAP configuration'
+                        )
+        ;
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output) {
+        try {
+            $uid = $input->getArgument('ocName');
+            $this->isAllowed($input->getOption('force'));
+            $this->confirmUserIsMapped($uid);
+            $exists = $this->backend->userExistsOnLDAP($uid);
+            if($exists === true) {
+                $output->writeln('The user is still available on LDAP.');
+                return;
+            }
+
+            $this->dui->markUser($uid);
+            $output->writeln('The user does not exists on LDAP anymore.');
+            $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "'
+                . $uid . '"');
+        } catch (\Exception $e) {
+            $output->writeln('<error>' . $e->getMessage(). '</error>');
+        }
+    }
+
+    /**
+     * checks whether a user is actually mapped
+     * @param string $ocName the username as used in Nextcloud
+     * @throws \Exception
+     * @return true
+     */
+    protected function confirmUserIsMapped($ocName) {
+        $dn = $this->mapping->getDNByName($ocName);
+        if ($dn === false) {
+            throw new \Exception('The given user is not a recognized LDAP user.');
+        }
+
+        return true;
+    }
+
+    /**
+     * checks whether the setup allows reliable checking of LDAP user existence
+     * @throws \Exception
+     * @return true
+     */
+    protected function isAllowed($force) {
+        if($this->helper->haveDisabledConfigurations() && !$force) {
+            throw new \Exception('Cannot check user existence, because '
+                . 'disabled LDAP configurations are present.');
+        }
+
+        // we don't check ldapUserCleanupInterval from config.php because this
+        // action is triggered manually, while the setting only controls the
+        // background job.
+
+        return true;
+    }
 
 }

apps/user_ldap/lib/LogWrapper.php

Indentation +8 added lines, -8 removed lines

@@ -28,13 +28,13 @@
  * @brief wraps around static Nextcloud core methods
  */
 class LogWrapper {
-	protected $app = 'user_ldap';
+    protected $app = 'user_ldap';
 
-	/**
-	 * @brief states whether the filesystem was loaded
-	 * @return bool
-	 */
-	public function log($msg, $level) {
-		\OCP\Util::writeLog($this->app, $msg, $level);
-	}
+    /**
+     * @brief states whether the filesystem was loaded
+     * @return bool
+     */
+    public function log($msg, $level) {
+        \OCP\Util::writeLog($this->app, $msg, $level);
+    }
 }

apps/user_ldap/lib/FilesystemHelper.php

Indentation +14 added lines, -14 removed lines

@@ -29,19 +29,19 @@
  */
 class FilesystemHelper {
 
-	/**
-	 * @brief states whether the filesystem was loaded
-	 * @return bool
-	 */
-	public function isLoaded() {
-		return \OC\Files\Filesystem::$loaded;
-	}
+    /**
+     * @brief states whether the filesystem was loaded
+     * @return bool
+     */
+    public function isLoaded() {
+        return \OC\Files\Filesystem::$loaded;
+    }
 
-	/**
-	 * @brief initializes the filesystem for the given user
-	 * @param string $uid the Nextcloud username of the user
-	 */
-	public function setup($uid) {
-		\OC_Util::setupFS($uid);
-	}
+    /**
+     * @brief initializes the filesystem for the given user
+     * @param string $uid the Nextcloud username of the user
+     */
+    public function setup($uid) {
+        \OC_Util::setupFS($uid);
+    }
 }

apps/user_ldap/lib/User/OfflineUser.php

Indentation +193 added lines, -193 removed lines

@@ -27,205 +27,205 @@
 use OCA\User_LDAP\Mapping\UserMapping;
 
 class OfflineUser {
-	/**
-	 * @var string $ocName
-	 */
-	protected $ocName;
-	/**
-	 * @var string $dn
-	 */
-	protected $dn;
-	/**
-	 * @var string $uid the UID as provided by LDAP
-	 */
-	protected $uid;
-	/**
-	 * @var string $displayName
-	 */
-	protected $displayName;
-	/**
-	 * @var string $homePath
-	 */
-	protected $homePath;
-	/**
-	 * @var string $lastLogin the timestamp of the last login
-	 */
-	protected $lastLogin;
-	/**
-	 * @var string $email
-	 */
-	protected $email;
-	/**
-	 * @var bool $hasActiveShares
-	 */
-	protected $hasActiveShares;
-	/**
-	 * @var \OCP\IConfig $config
-	 */
-	protected $config;
-	/**
-	 * @var \OCP\IDBConnection $db
-	 */
-	protected $db;
-	/**
-	 * @var \OCA\User_LDAP\Mapping\UserMapping
-	 */
-	protected $mapping;
-
-	/**
-	 * @param string $ocName
-	 * @param \OCP\IConfig $config
-	 * @param \OCP\IDBConnection $db
-	 * @param \OCA\User_LDAP\Mapping\UserMapping $mapping
-	 */
-	public function __construct($ocName, \OCP\IConfig $config, \OCP\IDBConnection $db, UserMapping $mapping) {
-		$this->ocName = $ocName;
-		$this->config = $config;
-		$this->db = $db;
-		$this->mapping = $mapping;
-		$this->fetchDetails();
-	}
-
-	/**
-	 * remove the Delete-flag from the user.
-	 */
-	public function unmark() {
-		$this->config->setUserValue($this->ocName, 'user_ldap', 'isDeleted', '0');
-	}
-
-	/**
-	 * exports the user details in an assoc array
-	 * @return array
-	 */
-	public function export() {
-		$data = array();
-		$data['ocName'] = $this->getOCName();
-		$data['dn'] = $this->getDN();
-		$data['uid'] = $this->getUID();
-		$data['displayName'] = $this->getDisplayName();
-		$data['homePath'] = $this->getHomePath();
-		$data['lastLogin'] = $this->getLastLogin();
-		$data['email'] = $this->getEmail();
-		$data['hasActiveShares'] = $this->getHasActiveShares();
-
-		return $data;
-	}
-
-	/**
-	 * getter for Nextcloud internal name
-	 * @return string
-	 */
-	public function getOCName() {
-		return $this->ocName;
-	}
-
-	/**
-	 * getter for LDAP uid
-	 * @return string
-	 */
-	public function getUID() {
-		return $this->uid;
-	}
-
-	/**
-	 * getter for LDAP DN
-	 * @return string
-	 */
-	public function getDN() {
-		return $this->dn;
-	}
-
-	/**
-	 * getter for display name
-	 * @return string
-	 */
-	public function getDisplayName() {
-		return $this->displayName;
-	}
-
-	/**
-	 * getter for email
-	 * @return string
-	 */
-	public function getEmail() {
-		return $this->email;
-	}
-
-	/**
-	 * getter for home directory path
-	 * @return string
-	 */
-	public function getHomePath() {
-		return $this->homePath;
-	}
-
-	/**
-	 * getter for the last login timestamp
-	 * @return int
-	 */
-	public function getLastLogin() {
-		return intval($this->lastLogin);
-	}
-
-	/**
-	 * getter for having active shares
-	 * @return bool
-	 */
-	public function getHasActiveShares() {
-		return $this->hasActiveShares;
-	}
-
-	/**
-	 * reads the user details
-	 */
-	protected function fetchDetails() {
-		$properties = array (
-			'displayName' => 'user_ldap',
-			'uid'         => 'user_ldap',
-			'homePath'    => 'user_ldap',
-			'email'       => 'settings',
-			'lastLogin'   => 'login'
-		);
-		foreach($properties as $property => $app) {
-			$this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
-		}
-
-		$dn = $this->mapping->getDNByName($this->ocName);
-		$this->dn = ($dn !== false) ? $dn : '';
-
-		$this->determineShares();
-	}
-
-
-	/**
-	 * finds out whether the user has active shares. The result is stored in
-	 * $this->hasActiveShares
-	 */
-	protected function determineShares() {
-		$query = $this->db->prepare('
+    /**
+     * @var string $ocName
+     */
+    protected $ocName;
+    /**
+     * @var string $dn
+     */
+    protected $dn;
+    /**
+     * @var string $uid the UID as provided by LDAP
+     */
+    protected $uid;
+    /**
+     * @var string $displayName
+     */
+    protected $displayName;
+    /**
+     * @var string $homePath
+     */
+    protected $homePath;
+    /**
+     * @var string $lastLogin the timestamp of the last login
+     */
+    protected $lastLogin;
+    /**
+     * @var string $email
+     */
+    protected $email;
+    /**
+     * @var bool $hasActiveShares
+     */
+    protected $hasActiveShares;
+    /**
+     * @var \OCP\IConfig $config
+     */
+    protected $config;
+    /**
+     * @var \OCP\IDBConnection $db
+     */
+    protected $db;
+    /**
+     * @var \OCA\User_LDAP\Mapping\UserMapping
+     */
+    protected $mapping;
+
+    /**
+     * @param string $ocName
+     * @param \OCP\IConfig $config
+     * @param \OCP\IDBConnection $db
+     * @param \OCA\User_LDAP\Mapping\UserMapping $mapping
+     */
+    public function __construct($ocName, \OCP\IConfig $config, \OCP\IDBConnection $db, UserMapping $mapping) {
+        $this->ocName = $ocName;
+        $this->config = $config;
+        $this->db = $db;
+        $this->mapping = $mapping;
+        $this->fetchDetails();
+    }
+
+    /**
+     * remove the Delete-flag from the user.
+     */
+    public function unmark() {
+        $this->config->setUserValue($this->ocName, 'user_ldap', 'isDeleted', '0');
+    }
+
+    /**
+     * exports the user details in an assoc array
+     * @return array
+     */
+    public function export() {
+        $data = array();
+        $data['ocName'] = $this->getOCName();
+        $data['dn'] = $this->getDN();
+        $data['uid'] = $this->getUID();
+        $data['displayName'] = $this->getDisplayName();
+        $data['homePath'] = $this->getHomePath();
+        $data['lastLogin'] = $this->getLastLogin();
+        $data['email'] = $this->getEmail();
+        $data['hasActiveShares'] = $this->getHasActiveShares();
+
+        return $data;
+    }
+
+    /**
+     * getter for Nextcloud internal name
+     * @return string
+     */
+    public function getOCName() {
+        return $this->ocName;
+    }
+
+    /**
+     * getter for LDAP uid
+     * @return string
+     */
+    public function getUID() {
+        return $this->uid;
+    }
+
+    /**
+     * getter for LDAP DN
+     * @return string
+     */
+    public function getDN() {
+        return $this->dn;
+    }
+
+    /**
+     * getter for display name
+     * @return string
+     */
+    public function getDisplayName() {
+        return $this->displayName;
+    }
+
+    /**
+     * getter for email
+     * @return string
+     */
+    public function getEmail() {
+        return $this->email;
+    }
+
+    /**
+     * getter for home directory path
+     * @return string
+     */
+    public function getHomePath() {
+        return $this->homePath;
+    }
+
+    /**
+     * getter for the last login timestamp
+     * @return int
+     */
+    public function getLastLogin() {
+        return intval($this->lastLogin);
+    }
+
+    /**
+     * getter for having active shares
+     * @return bool
+     */
+    public function getHasActiveShares() {
+        return $this->hasActiveShares;
+    }
+
+    /**
+     * reads the user details
+     */
+    protected function fetchDetails() {
+        $properties = array (
+            'displayName' => 'user_ldap',
+            'uid'         => 'user_ldap',
+            'homePath'    => 'user_ldap',
+            'email'       => 'settings',
+            'lastLogin'   => 'login'
+        );
+        foreach($properties as $property => $app) {
+            $this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
+        }
+
+        $dn = $this->mapping->getDNByName($this->ocName);
+        $this->dn = ($dn !== false) ? $dn : '';
+
+        $this->determineShares();
+    }
+
+
+    /**
+     * finds out whether the user has active shares. The result is stored in
+     * $this->hasActiveShares
+     */
+    protected function determineShares() {
+        $query = $this->db->prepare('
 			SELECT COUNT(`uid_owner`)
 			FROM `*PREFIX*share`
 			WHERE `uid_owner` = ?
 		', 1);
-		$query->execute(array($this->ocName));
-		$sResult = $query->fetchColumn(0);
-		if(intval($sResult) === 1) {
-			$this->hasActiveShares = true;
-			return;
-		}
-
-		$query = $this->db->prepare('
+        $query->execute(array($this->ocName));
+        $sResult = $query->fetchColumn(0);
+        if(intval($sResult) === 1) {
+            $this->hasActiveShares = true;
+            return;
+        }
+
+        $query = $this->db->prepare('
 			SELECT COUNT(`owner`)
 			FROM `*PREFIX*share_external`
 			WHERE `owner` = ?
 		', 1);
-		$query->execute(array($this->ocName));
-		$sResult = $query->fetchColumn(0);
-		if(intval($sResult) === 1) {
-			$this->hasActiveShares = true;
-			return;
-		}
-
-		$this->hasActiveShares = false;
-	}
+        $query->execute(array($this->ocName));
+        $sResult = $query->fetchColumn(0);
+        if(intval($sResult) === 1) {
+            $this->hasActiveShares = true;
+            return;
+        }
+
+        $this->hasActiveShares = false;
+    }
 }

apps/user_ldap/lib/User/User.php

Indentation +545 added lines, -545 removed lines

@@ -41,550 +41,550 @@
  * represents an LDAP user, gets and holds user-specific information from LDAP
  */
 class User {
-	/**
-	 * @var IUserTools
-	 */
-	protected $access;
-	/**
-	 * @var Connection
-	 */
-	protected $connection;
-	/**
-	 * @var IConfig
-	 */
-	protected $config;
-	/**
-	 * @var FilesystemHelper
-	 */
-	protected $fs;
-	/**
-	 * @var Image
-	 */
-	protected $image;
-	/**
-	 * @var LogWrapper
-	 */
-	protected $log;
-	/**
-	 * @var IAvatarManager
-	 */
-	protected $avatarManager;
-	/**
-	 * @var IUserManager
-	 */
-	protected $userManager;
-	/**
-	 * @var string
-	 */
-	protected $dn;
-	/**
-	 * @var string
-	 */
-	protected $uid;
-	/**
-	 * @var string[]
-	 */
-	protected $refreshedFeatures = array();
-	/**
-	 * @var string
-	 */
-	protected $avatarImage;
-
-	/**
-	 * DB config keys for user preferences
-	 */
-	const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
-	const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
-
-	/**
-	 * @brief constructor, make sure the subclasses call this one!
-	 * @param string $username the internal username
-	 * @param string $dn the LDAP DN
-	 * @param IUserTools $access an instance that implements IUserTools for
-	 * LDAP interaction
-	 * @param IConfig $config
-	 * @param FilesystemHelper $fs
-	 * @param Image $image any empty instance
-	 * @param LogWrapper $log
-	 * @param IAvatarManager $avatarManager
-	 * @param IUserManager $userManager
-	 */
-	public function __construct($username, $dn, IUserTools $access,
-		IConfig $config, FilesystemHelper $fs, Image $image,
-		LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager) {
-
-		if ($username === null) {
-			$log->log("uid for '$dn' must not be null!", Util::ERROR);
-			throw new \InvalidArgumentException('uid must not be null!');
-		} else if ($username === '') {
-			$log->log("uid for '$dn' must not be an empty string", Util::ERROR);
-			throw new \InvalidArgumentException('uid must not be an empty string!');
-		}
-
-		$this->access        = $access;
-		$this->connection    = $access->getConnection();
-		$this->config        = $config;
-		$this->fs            = $fs;
-		$this->dn            = $dn;
-		$this->uid           = $username;
-		$this->image         = $image;
-		$this->log           = $log;
-		$this->avatarManager = $avatarManager;
-		$this->userManager   = $userManager;
-	}
-
-	/**
-	 * @brief updates properties like email, quota or avatar provided by LDAP
-	 * @return null
-	 */
-	public function update() {
-		if(is_null($this->dn)) {
-			return null;
-		}
-
-		$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
-				self::USER_PREFKEY_FIRSTLOGIN, 0);
-
-		if($this->needsRefresh()) {
-			$this->updateEmail();
-			$this->updateQuota();
-			if($hasLoggedIn !== 0) {
-				//we do not need to try it, when the user has not been logged in
-				//before, because the file system will not be ready.
-				$this->updateAvatar();
-				//in order to get an avatar as soon as possible, mark the user
-				//as refreshed only when updating the avatar did happen
-				$this->markRefreshTime();
-			}
-		}
-	}
-
-	/**
-	 * processes results from LDAP for attributes as returned by getAttributesToRead()
-	 * @param array $ldapEntry the user entry as retrieved from LDAP
-	 */
-	public function processAttributes($ldapEntry) {
-		$this->markRefreshTime();
-		//Quota
-		$attr = strtolower($this->connection->ldapQuotaAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateQuota($ldapEntry[$attr][0]);
-		} else {
-			if ($this->connection->ldapQuotaDefault !== '') {
-				$this->updateQuota();
-			}
-		}
-		unset($attr);
-
-		//Email
-		$attr = strtolower($this->connection->ldapEmailAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateEmail($ldapEntry[$attr][0]);
-		}
-		unset($attr);
-
-		//displayName
-		$displayName = $displayName2 = '';
-		$attr = strtolower($this->connection->ldapUserDisplayName);
-		if(isset($ldapEntry[$attr])) {
-			$displayName = strval($ldapEntry[$attr][0]);
-		}
-		$attr = strtolower($this->connection->ldapUserDisplayName2);
-		if(isset($ldapEntry[$attr])) {
-			$displayName2 = strval($ldapEntry[$attr][0]);
-		}
-		if ($displayName !== '') {
-			$this->composeAndStoreDisplayName($displayName);
-			$this->access->cacheUserDisplayName(
-				$this->getUsername(),
-				$displayName,
-				$displayName2
-			);
-		}
-		unset($attr);
-
-		// LDAP Username, needed for s2s sharing
-		if(isset($ldapEntry['uid'])) {
-			$this->storeLDAPUserName($ldapEntry['uid'][0]);
-		} else if(isset($ldapEntry['samaccountname'])) {
-			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
-		}
-
-		//homePath
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
-			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
-			if(isset($ldapEntry[$attr])) {
-				$this->access->cacheUserHome(
-					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
-			}
-		}
-
-		//memberOf groups
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$groups = false;
-		if(isset($ldapEntry['memberof'])) {
-			$groups = $ldapEntry['memberof'];
-		}
-		$this->connection->writeToCache($cacheKey, $groups);
-
-		//Avatar
-		$attrs = array('jpegphoto', 'thumbnailphoto');
-		foreach ($attrs as $attr)  {
-			if(isset($ldapEntry[$attr])) {
-				$this->avatarImage = $ldapEntry[$attr][0];
-				// the call to the method that saves the avatar in the file
-				// system must be postponed after the login. It is to ensure
-				// external mounts are mounted properly (e.g. with login
-				// credentials from the session).
-				\OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
-				break;
-			}
-		}
-	}
-
-	/**
-	 * @brief returns the LDAP DN of the user
-	 * @return string
-	 */
-	public function getDN() {
-		return $this->dn;
-	}
-
-	/**
-	 * @brief returns the Nextcloud internal username of the user
-	 * @return string
-	 */
-	public function getUsername() {
-		return $this->uid;
-	}
-
-	/**
-	 * returns the home directory of the user if specified by LDAP settings
-	 * @param string $valueFromLDAP
-	 * @return bool|string
-	 * @throws \Exception
-	 */
-	public function getHomePath($valueFromLDAP = null) {
-		$path = strval($valueFromLDAP);
-		$attr = null;
-
-		if (is_null($valueFromLDAP)
-		   && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
-		   && $this->access->connection->homeFolderNamingRule !== 'attr:')
-		{
-			$attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
-			$homedir = $this->access->readAttribute(
-				$this->access->username2dn($this->getUsername()), $attr);
-			if ($homedir && isset($homedir[0])) {
-				$path = $homedir[0];
-			}
-		}
-
-		if ($path !== '') {
-			//if attribute's value is an absolute path take this, otherwise append it to data dir
-			//check for / at the beginning or pattern c:\ resp. c:/
-			if(   '/' !== $path[0]
-			   && !(3 < strlen($path) && ctype_alpha($path[0])
-			       && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
-			) {
-				$path = $this->config->getSystemValue('datadirectory',
-						\OC::$SERVERROOT.'/data' ) . '/' . $path;
-			}
-			//we need it to store it in the DB as well in case a user gets
-			//deleted so we can clean up afterwards
-			$this->config->setUserValue(
-				$this->getUsername(), 'user_ldap', 'homePath', $path
-			);
-			return $path;
-		}
-
-		if(    !is_null($attr)
-			&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
-		) {
-			// a naming rule attribute is defined, but it doesn't exist for that LDAP user
-			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
-		}
-
-		//false will apply default behaviour as defined and done by OC_User
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
-		return false;
-	}
-
-	public function getMemberOfGroups() {
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$memberOfGroups = $this->connection->getFromCache($cacheKey);
-		if(!is_null($memberOfGroups)) {
-			return $memberOfGroups;
-		}
-		$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
-		$this->connection->writeToCache($cacheKey, $groupDNs);
-		return $groupDNs;
-	}
-
-	/**
-	 * @brief reads the image from LDAP that shall be used as Avatar
-	 * @return string data (provided by LDAP) | false
-	 */
-	public function getAvatarImage() {
-		if(!is_null($this->avatarImage)) {
-			return $this->avatarImage;
-		}
-
-		$this->avatarImage = false;
-		$attributes = array('jpegPhoto', 'thumbnailPhoto');
-		foreach($attributes as $attribute) {
-			$result = $this->access->readAttribute($this->dn, $attribute);
-			if($result !== false && is_array($result) && isset($result[0])) {
-				$this->avatarImage = $result[0];
-				break;
-			}
-		}
-
-		return $this->avatarImage;
-	}
-
-	/**
-	 * @brief marks the user as having logged in at least once
-	 * @return null
-	 */
-	public function markLogin() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
-	}
-
-	/**
-	 * @brief marks the time when user features like email have been updated
-	 * @return null
-	 */
-	public function markRefreshTime() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
-	}
-
-	/**
-	 * @brief checks whether user features needs to be updated again by
-	 * comparing the difference of time of the last refresh to now with the
-	 * desired interval
-	 * @return bool
-	 */
-	private function needsRefresh() {
-		$lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
-			self::USER_PREFKEY_LASTREFRESH, 0);
-
-		//TODO make interval configurable
-		if((time() - intval($lastChecked)) < 86400 ) {
-			return false;
-		}
-		return  true;
-	}
-
-	/**
-	 * Stores a key-value pair in relation to this user
-	 *
-	 * @param string $key
-	 * @param string $value
-	 */
-	private function store($key, $value) {
-		$this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
-	}
-
-	/**
-	 * Composes the display name and stores it in the database. The final
-	 * display name is returned.
-	 *
-	 * @param string $displayName
-	 * @param string $displayName2
-	 * @returns string the effective display name
-	 */
-	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
-		$displayName2 = strval($displayName2);
-		if($displayName2 !== '') {
-			$displayName .= ' (' . $displayName2 . ')';
-		}
-		$this->store('displayName', $displayName);
-		return $displayName;
-	}
-
-	/**
-	 * Stores the LDAP Username in the Database
-	 * @param string $userName
-	 */
-	public function storeLDAPUserName($userName) {
-		$this->store('uid', $userName);
-	}
-
-	/**
-	 * @brief checks whether an update method specified by feature was run
-	 * already. If not, it will marked like this, because it is expected that
-	 * the method will be run, when false is returned.
-	 * @param string $feature email | quota | avatar (can be extended)
-	 * @return bool
-	 */
-	private function wasRefreshed($feature) {
-		if(isset($this->refreshedFeatures[$feature])) {
-			return true;
-		}
-		$this->refreshedFeatures[$feature] = 1;
-		return false;
-	}
-
-	/**
-	 * fetches the email from LDAP and stores it as Nextcloud user value
-	 * @param string $valueFromLDAP if known, to save an LDAP read request
-	 * @return null
-	 */
-	public function updateEmail($valueFromLDAP = null) {
-		if($this->wasRefreshed('email')) {
-			return;
-		}
-		$email = strval($valueFromLDAP);
-		if(is_null($valueFromLDAP)) {
-			$emailAttribute = $this->connection->ldapEmailAttribute;
-			if ($emailAttribute !== '') {
-				$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
-				if(is_array($aEmail) && (count($aEmail) > 0)) {
-					$email = strval($aEmail[0]);
-				}
-			}
-		}
-		if ($email !== '') {
-			$user = $this->userManager->get($this->uid);
-			if (!is_null($user)) {
-				$currentEmail = strval($user->getEMailAddress());
-				if ($currentEmail !== $email) {
-					$user->setEMailAddress($email);
-				}
-			}
-		}
-	}
-
-	/**
-	 * Overall process goes as follow:
-	 * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function
-	 * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota
-	 * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default')
-	 * 4. check if the target user exists and set the quota for the user.
-	 *
-	 * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP
-	 * parameter can be passed with the value of the attribute. This value will be considered as the
-	 * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to
-	 * fetch all the user's attributes in one call and use the fetched values in this function.
-	 * The expected value for that parameter is a string describing the quota for the user. Valid
-	 * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in
-	 * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info)
-	 *
-	 * fetches the quota from LDAP and stores it as Nextcloud user value
-	 * @param string $valueFromLDAP the quota attribute's value can be passed,
-	 * to save the readAttribute request
-	 * @return null
-	 */
-	public function updateQuota($valueFromLDAP = null) {
-		if($this->wasRefreshed('quota')) {
-			return;
-		}
-
-		$quota = false;
-		if(is_null($valueFromLDAP)) {
-			$quotaAttribute = $this->connection->ldapQuotaAttribute;
-			if ($quotaAttribute !== '') {
-				$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
-				if($aQuota && (count($aQuota) > 0)) {
-					if ($this->verifyQuotaValue($aQuota[0])) {
-						$quota = $aQuota[0];
-					} else {
-						$this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', \OCP\Util::WARN);
-					}
-				}
-			}
-		} else {
-			if ($this->verifyQuotaValue($valueFromLDAP)) {
-				$quota = $valueFromLDAP;
-			} else {
-				$this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', \OCP\Util::WARN);
-			}
-		}
-
-		if ($quota === false) {
-			// quota not found using the LDAP attribute (or not parseable). Try the default quota
-			$defaultQuota = $this->connection->ldapQuotaDefault;
-			if ($this->verifyQuotaValue($defaultQuota)) {
-				$quota = $defaultQuota;
-			}
-		}
-
-		$targetUser = $this->userManager->get($this->uid);
-		if ($targetUser) {
-			if($quota !== false) {
-				$targetUser->setQuota($quota);
-			} else {
-				$this->log->log('not suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', \OCP\Util::WARN);
-				$targetUser->setQuota('default');
-			}
-		} else {
-			$this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', \OCP\Util::ERROR);
-		}
-	}
-
-	private function verifyQuotaValue($quotaValue) {
-		return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false;
-	}
-
-	/**
-	 * called by a post_login hook to save the avatar picture
-	 *
-	 * @param array $params
-	 */
-	public function updateAvatarPostLogin($params) {
-		if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
-			$this->updateAvatar();
-		}
-	}
-
-	/**
-	 * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar
-	 * @return null
-	 */
-	public function updateAvatar() {
-		if($this->wasRefreshed('avatar')) {
-			return;
-		}
-		$avatarImage = $this->getAvatarImage();
-		if($avatarImage === false) {
-			//not set, nothing left to do;
-			return;
-		}
-		$this->image->loadFromBase64(base64_encode($avatarImage));
-		$this->setOwnCloudAvatar();
-	}
-
-	/**
-	 * @brief sets an image as Nextcloud avatar
-	 * @return null
-	 */
-	private function setOwnCloudAvatar() {
-		if(!$this->image->valid()) {
-			$this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
-			return;
-		}
-		//make sure it is a square and not bigger than 128x128
-		$size = min(array($this->image->width(), $this->image->height(), 128));
-		if(!$this->image->centerCrop($size)) {
-			$this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
-			return;
-		}
-
-		if(!$this->fs->isLoaded()) {
-			$this->fs->setup($this->uid);
-		}
-
-		try {
-			$avatar = $this->avatarManager->getAvatar($this->uid);
-			$avatar->set($this->image);
-		} catch (\Exception $e) {
-			\OC::$server->getLogger()->notice(
-				'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
-				['app' => 'user_ldap']);
-		}
-	}
+    /**
+     * @var IUserTools
+     */
+    protected $access;
+    /**
+     * @var Connection
+     */
+    protected $connection;
+    /**
+     * @var IConfig
+     */
+    protected $config;
+    /**
+     * @var FilesystemHelper
+     */
+    protected $fs;
+    /**
+     * @var Image
+     */
+    protected $image;
+    /**
+     * @var LogWrapper
+     */
+    protected $log;
+    /**
+     * @var IAvatarManager
+     */
+    protected $avatarManager;
+    /**
+     * @var IUserManager
+     */
+    protected $userManager;
+    /**
+     * @var string
+     */
+    protected $dn;
+    /**
+     * @var string
+     */
+    protected $uid;
+    /**
+     * @var string[]
+     */
+    protected $refreshedFeatures = array();
+    /**
+     * @var string
+     */
+    protected $avatarImage;
+
+    /**
+     * DB config keys for user preferences
+     */
+    const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
+    const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
+
+    /**
+     * @brief constructor, make sure the subclasses call this one!
+     * @param string $username the internal username
+     * @param string $dn the LDAP DN
+     * @param IUserTools $access an instance that implements IUserTools for
+     * LDAP interaction
+     * @param IConfig $config
+     * @param FilesystemHelper $fs
+     * @param Image $image any empty instance
+     * @param LogWrapper $log
+     * @param IAvatarManager $avatarManager
+     * @param IUserManager $userManager
+     */
+    public function __construct($username, $dn, IUserTools $access,
+        IConfig $config, FilesystemHelper $fs, Image $image,
+        LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager) {
+
+        if ($username === null) {
+            $log->log("uid for '$dn' must not be null!", Util::ERROR);
+            throw new \InvalidArgumentException('uid must not be null!');
+        } else if ($username === '') {
+            $log->log("uid for '$dn' must not be an empty string", Util::ERROR);
+            throw new \InvalidArgumentException('uid must not be an empty string!');
+        }
+
+        $this->access        = $access;
+        $this->connection    = $access->getConnection();
+        $this->config        = $config;
+        $this->fs            = $fs;
+        $this->dn            = $dn;
+        $this->uid           = $username;
+        $this->image         = $image;
+        $this->log           = $log;
+        $this->avatarManager = $avatarManager;
+        $this->userManager   = $userManager;
+    }
+
+    /**
+     * @brief updates properties like email, quota or avatar provided by LDAP
+     * @return null
+     */
+    public function update() {
+        if(is_null($this->dn)) {
+            return null;
+        }
+
+        $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
+                self::USER_PREFKEY_FIRSTLOGIN, 0);
+
+        if($this->needsRefresh()) {
+            $this->updateEmail();
+            $this->updateQuota();
+            if($hasLoggedIn !== 0) {
+                //we do not need to try it, when the user has not been logged in
+                //before, because the file system will not be ready.
+                $this->updateAvatar();
+                //in order to get an avatar as soon as possible, mark the user
+                //as refreshed only when updating the avatar did happen
+                $this->markRefreshTime();
+            }
+        }
+    }
+
+    /**
+     * processes results from LDAP for attributes as returned by getAttributesToRead()
+     * @param array $ldapEntry the user entry as retrieved from LDAP
+     */
+    public function processAttributes($ldapEntry) {
+        $this->markRefreshTime();
+        //Quota
+        $attr = strtolower($this->connection->ldapQuotaAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateQuota($ldapEntry[$attr][0]);
+        } else {
+            if ($this->connection->ldapQuotaDefault !== '') {
+                $this->updateQuota();
+            }
+        }
+        unset($attr);
+
+        //Email
+        $attr = strtolower($this->connection->ldapEmailAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateEmail($ldapEntry[$attr][0]);
+        }
+        unset($attr);
+
+        //displayName
+        $displayName = $displayName2 = '';
+        $attr = strtolower($this->connection->ldapUserDisplayName);
+        if(isset($ldapEntry[$attr])) {
+            $displayName = strval($ldapEntry[$attr][0]);
+        }
+        $attr = strtolower($this->connection->ldapUserDisplayName2);
+        if(isset($ldapEntry[$attr])) {
+            $displayName2 = strval($ldapEntry[$attr][0]);
+        }
+        if ($displayName !== '') {
+            $this->composeAndStoreDisplayName($displayName);
+            $this->access->cacheUserDisplayName(
+                $this->getUsername(),
+                $displayName,
+                $displayName2
+            );
+        }
+        unset($attr);
+
+        // LDAP Username, needed for s2s sharing
+        if(isset($ldapEntry['uid'])) {
+            $this->storeLDAPUserName($ldapEntry['uid'][0]);
+        } else if(isset($ldapEntry['samaccountname'])) {
+            $this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
+        }
+
+        //homePath
+        if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
+            $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
+            if(isset($ldapEntry[$attr])) {
+                $this->access->cacheUserHome(
+                    $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
+            }
+        }
+
+        //memberOf groups
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $groups = false;
+        if(isset($ldapEntry['memberof'])) {
+            $groups = $ldapEntry['memberof'];
+        }
+        $this->connection->writeToCache($cacheKey, $groups);
+
+        //Avatar
+        $attrs = array('jpegphoto', 'thumbnailphoto');
+        foreach ($attrs as $attr)  {
+            if(isset($ldapEntry[$attr])) {
+                $this->avatarImage = $ldapEntry[$attr][0];
+                // the call to the method that saves the avatar in the file
+                // system must be postponed after the login. It is to ensure
+                // external mounts are mounted properly (e.g. with login
+                // credentials from the session).
+                \OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
+                break;
+            }
+        }
+    }
+
+    /**
+     * @brief returns the LDAP DN of the user
+     * @return string
+     */
+    public function getDN() {
+        return $this->dn;
+    }
+
+    /**
+     * @brief returns the Nextcloud internal username of the user
+     * @return string
+     */
+    public function getUsername() {
+        return $this->uid;
+    }
+
+    /**
+     * returns the home directory of the user if specified by LDAP settings
+     * @param string $valueFromLDAP
+     * @return bool|string
+     * @throws \Exception
+     */
+    public function getHomePath($valueFromLDAP = null) {
+        $path = strval($valueFromLDAP);
+        $attr = null;
+
+        if (is_null($valueFromLDAP)
+           && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
+           && $this->access->connection->homeFolderNamingRule !== 'attr:')
+        {
+            $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
+            $homedir = $this->access->readAttribute(
+                $this->access->username2dn($this->getUsername()), $attr);
+            if ($homedir && isset($homedir[0])) {
+                $path = $homedir[0];
+            }
+        }
+
+        if ($path !== '') {
+            //if attribute's value is an absolute path take this, otherwise append it to data dir
+            //check for / at the beginning or pattern c:\ resp. c:/
+            if(   '/' !== $path[0]
+               && !(3 < strlen($path) && ctype_alpha($path[0])
+                   && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
+            ) {
+                $path = $this->config->getSystemValue('datadirectory',
+                        \OC::$SERVERROOT.'/data' ) . '/' . $path;
+            }
+            //we need it to store it in the DB as well in case a user gets
+            //deleted so we can clean up afterwards
+            $this->config->setUserValue(
+                $this->getUsername(), 'user_ldap', 'homePath', $path
+            );
+            return $path;
+        }
+
+        if(    !is_null($attr)
+            && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
+        ) {
+            // a naming rule attribute is defined, but it doesn't exist for that LDAP user
+            throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
+        }
+
+        //false will apply default behaviour as defined and done by OC_User
+        $this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
+        return false;
+    }
+
+    public function getMemberOfGroups() {
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $memberOfGroups = $this->connection->getFromCache($cacheKey);
+        if(!is_null($memberOfGroups)) {
+            return $memberOfGroups;
+        }
+        $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
+        $this->connection->writeToCache($cacheKey, $groupDNs);
+        return $groupDNs;
+    }
+
+    /**
+     * @brief reads the image from LDAP that shall be used as Avatar
+     * @return string data (provided by LDAP) | false
+     */
+    public function getAvatarImage() {
+        if(!is_null($this->avatarImage)) {
+            return $this->avatarImage;
+        }
+
+        $this->avatarImage = false;
+        $attributes = array('jpegPhoto', 'thumbnailPhoto');
+        foreach($attributes as $attribute) {
+            $result = $this->access->readAttribute($this->dn, $attribute);
+            if($result !== false && is_array($result) && isset($result[0])) {
+                $this->avatarImage = $result[0];
+                break;
+            }
+        }
+
+        return $this->avatarImage;
+    }
+
+    /**
+     * @brief marks the user as having logged in at least once
+     * @return null
+     */
+    public function markLogin() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
+    }
+
+    /**
+     * @brief marks the time when user features like email have been updated
+     * @return null
+     */
+    public function markRefreshTime() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
+    }
+
+    /**
+     * @brief checks whether user features needs to be updated again by
+     * comparing the difference of time of the last refresh to now with the
+     * desired interval
+     * @return bool
+     */
+    private function needsRefresh() {
+        $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
+            self::USER_PREFKEY_LASTREFRESH, 0);
+
+        //TODO make interval configurable
+        if((time() - intval($lastChecked)) < 86400 ) {
+            return false;
+        }
+        return  true;
+    }
+
+    /**
+     * Stores a key-value pair in relation to this user
+     *
+     * @param string $key
+     * @param string $value
+     */
+    private function store($key, $value) {
+        $this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
+    }
+
+    /**
+     * Composes the display name and stores it in the database. The final
+     * display name is returned.
+     *
+     * @param string $displayName
+     * @param string $displayName2
+     * @returns string the effective display name
+     */
+    public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
+        $displayName2 = strval($displayName2);
+        if($displayName2 !== '') {
+            $displayName .= ' (' . $displayName2 . ')';
+        }
+        $this->store('displayName', $displayName);
+        return $displayName;
+    }
+
+    /**
+     * Stores the LDAP Username in the Database
+     * @param string $userName
+     */
+    public function storeLDAPUserName($userName) {
+        $this->store('uid', $userName);
+    }
+
+    /**
+     * @brief checks whether an update method specified by feature was run
+     * already. If not, it will marked like this, because it is expected that
+     * the method will be run, when false is returned.
+     * @param string $feature email | quota | avatar (can be extended)
+     * @return bool
+     */
+    private function wasRefreshed($feature) {
+        if(isset($this->refreshedFeatures[$feature])) {
+            return true;
+        }
+        $this->refreshedFeatures[$feature] = 1;
+        return false;
+    }
+
+    /**
+     * fetches the email from LDAP and stores it as Nextcloud user value
+     * @param string $valueFromLDAP if known, to save an LDAP read request
+     * @return null
+     */
+    public function updateEmail($valueFromLDAP = null) {
+        if($this->wasRefreshed('email')) {
+            return;
+        }
+        $email = strval($valueFromLDAP);
+        if(is_null($valueFromLDAP)) {
+            $emailAttribute = $this->connection->ldapEmailAttribute;
+            if ($emailAttribute !== '') {
+                $aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
+                if(is_array($aEmail) && (count($aEmail) > 0)) {
+                    $email = strval($aEmail[0]);
+                }
+            }
+        }
+        if ($email !== '') {
+            $user = $this->userManager->get($this->uid);
+            if (!is_null($user)) {
+                $currentEmail = strval($user->getEMailAddress());
+                if ($currentEmail !== $email) {
+                    $user->setEMailAddress($email);
+                }
+            }
+        }
+    }
+
+    /**
+     * Overall process goes as follow:
+     * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function
+     * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota
+     * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default')
+     * 4. check if the target user exists and set the quota for the user.
+     *
+     * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP
+     * parameter can be passed with the value of the attribute. This value will be considered as the
+     * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to
+     * fetch all the user's attributes in one call and use the fetched values in this function.
+     * The expected value for that parameter is a string describing the quota for the user. Valid
+     * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in
+     * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info)
+     *
+     * fetches the quota from LDAP and stores it as Nextcloud user value
+     * @param string $valueFromLDAP the quota attribute's value can be passed,
+     * to save the readAttribute request
+     * @return null
+     */
+    public function updateQuota($valueFromLDAP = null) {
+        if($this->wasRefreshed('quota')) {
+            return;
+        }
+
+        $quota = false;
+        if(is_null($valueFromLDAP)) {
+            $quotaAttribute = $this->connection->ldapQuotaAttribute;
+            if ($quotaAttribute !== '') {
+                $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
+                if($aQuota && (count($aQuota) > 0)) {
+                    if ($this->verifyQuotaValue($aQuota[0])) {
+                        $quota = $aQuota[0];
+                    } else {
+                        $this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', \OCP\Util::WARN);
+                    }
+                }
+            }
+        } else {
+            if ($this->verifyQuotaValue($valueFromLDAP)) {
+                $quota = $valueFromLDAP;
+            } else {
+                $this->log->log('not suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', \OCP\Util::WARN);
+            }
+        }
+
+        if ($quota === false) {
+            // quota not found using the LDAP attribute (or not parseable). Try the default quota
+            $defaultQuota = $this->connection->ldapQuotaDefault;
+            if ($this->verifyQuotaValue($defaultQuota)) {
+                $quota = $defaultQuota;
+            }
+        }
+
+        $targetUser = $this->userManager->get($this->uid);
+        if ($targetUser) {
+            if($quota !== false) {
+                $targetUser->setQuota($quota);
+            } else {
+                $this->log->log('not suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', \OCP\Util::WARN);
+                $targetUser->setQuota('default');
+            }
+        } else {
+            $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', \OCP\Util::ERROR);
+        }
+    }
+
+    private function verifyQuotaValue($quotaValue) {
+        return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false;
+    }
+
+    /**
+     * called by a post_login hook to save the avatar picture
+     *
+     * @param array $params
+     */
+    public function updateAvatarPostLogin($params) {
+        if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
+            $this->updateAvatar();
+        }
+    }
+
+    /**
+     * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar
+     * @return null
+     */
+    public function updateAvatar() {
+        if($this->wasRefreshed('avatar')) {
+            return;
+        }
+        $avatarImage = $this->getAvatarImage();
+        if($avatarImage === false) {
+            //not set, nothing left to do;
+            return;
+        }
+        $this->image->loadFromBase64(base64_encode($avatarImage));
+        $this->setOwnCloudAvatar();
+    }
+
+    /**
+     * @brief sets an image as Nextcloud avatar
+     * @return null
+     */
+    private function setOwnCloudAvatar() {
+        if(!$this->image->valid()) {
+            $this->log->log('jpegPhoto data invalid for '.$this->dn, \OCP\Util::ERROR);
+            return;
+        }
+        //make sure it is a square and not bigger than 128x128
+        $size = min(array($this->image->width(), $this->image->height(), 128));
+        if(!$this->image->centerCrop($size)) {
+            $this->log->log('croping image for avatar failed for '.$this->dn, \OCP\Util::ERROR);
+            return;
+        }
+
+        if(!$this->fs->isLoaded()) {
+            $this->fs->setup($this->uid);
+        }
+
+        try {
+            $avatar = $this->avatarManager->getAvatar($this->uid);
+            $avatar->set($this->image);
+        } catch (\Exception $e) {
+            \OC::$server->getLogger()->notice(
+                'Could not set avatar for ' . $this->dn	. ', because: ' . $e->getMessage(),
+                ['app' => 'user_ldap']);
+        }
+    }
 
 }

apps/user_ldap/lib/User/Manager.php

Indentation +195 added lines, -195 removed lines

@@ -42,200 +42,200 @@
  * cache
  */
 class Manager {
-	/** @var IUserTools */
-	protected $access;
-
-	/** @var IConfig */
-	protected $ocConfig;
-
-	/** @var IDBConnection */
-	protected $db;
-
-	/** @var FilesystemHelper */
-	protected $ocFilesystem;
-
-	/** @var LogWrapper */
-	protected $ocLog;
-
-	/** @var Image */
-	protected $image;
-
-	/** @param \OCP\IAvatarManager */
-	protected $avatarManager;
-
-	/**
-	 * @var CappedMemoryCache $usersByDN
-	 */
-	protected $usersByDN;
-	/**
-	 * @var CappedMemoryCache $usersByUid
-	 */
-	protected $usersByUid;
-
-	/**
-	 * @param IConfig $ocConfig
-	 * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that
-	 * gives access to necessary functions from the OC filesystem
-	 * @param  \OCA\User_LDAP\LogWrapper $ocLog
-	 * @param IAvatarManager $avatarManager
-	 * @param Image $image an empty image instance
-	 * @param IDBConnection $db
-	 * @throws \Exception when the methods mentioned above do not exist
-	 */
-	public function __construct(IConfig $ocConfig,
-								FilesystemHelper $ocFilesystem, LogWrapper $ocLog,
-								IAvatarManager $avatarManager, Image $image,
-								IDBConnection $db, IUserManager $userManager) {
-
-		$this->ocConfig      = $ocConfig;
-		$this->ocFilesystem  = $ocFilesystem;
-		$this->ocLog         = $ocLog;
-		$this->avatarManager = $avatarManager;
-		$this->image         = $image;
-		$this->db            = $db;
-		$this->userManager   = $userManager;
-		$this->usersByDN     = new CappedMemoryCache();
-		$this->usersByUid    = new CappedMemoryCache();
-	}
-
-	/**
-	 * @brief binds manager to an instance of IUserTools (implemented by
-	 * Access). It needs to be assigned first before the manager can be used.
-	 * @param IUserTools
-	 */
-	public function setLdapAccess(IUserTools $access) {
-		$this->access = $access;
-	}
-
-	/**
-	 * @brief creates an instance of User and caches (just runtime) it in the
-	 * property array
-	 * @param string $dn the DN of the user
-	 * @param string $uid the internal (owncloud) username
-	 * @return \OCA\User_LDAP\User\User
-	 */
-	private function createAndCache($dn, $uid) {
-		$this->checkAccess();
-		$user = new User($uid, $dn, $this->access, $this->ocConfig,
-			$this->ocFilesystem, clone $this->image, $this->ocLog,
-			$this->avatarManager, $this->userManager);
-		$this->usersByDN[$dn]   = $user;
-		$this->usersByUid[$uid] = $user;
-		return $user;
-	}
-
-	/**
-	 * @brief checks whether the Access instance has been set
-	 * @throws \Exception if Access has not been set
-	 * @return null
-	 */
-	private function checkAccess() {
-		if(is_null($this->access)) {
-			throw new \Exception('LDAP Access instance must be set first');
-		}
-	}
-
-	/**
-	 * returns a list of attributes that will be processed further, e.g. quota,
-	 * email, displayname, or others.
-	 * @param bool $minimal - optional, set to true to skip attributes with big
-	 * payload
-	 * @return string[]
-	 */
-	public function getAttributes($minimal = false) {
-		$attributes = array('dn', 'uid', 'samaccountname', 'memberof');
-		$possible = array(
-			$this->access->getConnection()->ldapQuotaAttribute,
-			$this->access->getConnection()->ldapEmailAttribute,
-			$this->access->getConnection()->ldapUserDisplayName,
-			$this->access->getConnection()->ldapUserDisplayName2,
-		);
-		foreach($possible as $attr) {
-			if(!is_null($attr)) {
-				$attributes[] = $attr;
-			}
-		}
-
-		$homeRule = $this->access->getConnection()->homeFolderNamingRule;
-		if(strpos($homeRule, 'attr:') === 0) {
-			$attributes[] = substr($homeRule, strlen('attr:'));
-		}
-
-		if(!$minimal) {
-			// attributes that are not really important but may come with big
-			// payload.
-			$attributes = array_merge($attributes, array(
-				'jpegphoto',
-				'thumbnailphoto'
-			));
-		}
-
-		return $attributes;
-	}
-
-	/**
-	 * Checks whether the specified user is marked as deleted
-	 * @param string $id the Nextcloud user name
-	 * @return bool
-	 */
-	public function isDeletedUser($id) {
-		$isDeleted = $this->ocConfig->getUserValue(
-			$id, 'user_ldap', 'isDeleted', 0);
-		return intval($isDeleted) === 1;
-	}
-
-	/**
-	 * creates and returns an instance of OfflineUser for the specified user
-	 * @param string $id
-	 * @return \OCA\User_LDAP\User\OfflineUser
-	 */
-	public function getDeletedUser($id) {
-		return new OfflineUser(
-			$id,
-			$this->ocConfig,
-			$this->db,
-			$this->access->getUserMapper());
-	}
-
-	/**
-	 * @brief returns a User object by it's Nextcloud username
-	 * @param string $id the DN or username of the user
-	 * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
-	 */
-	protected function createInstancyByUserName($id) {
-		//most likely a uid. Check whether it is a deleted user
-		if($this->isDeletedUser($id)) {
-			return $this->getDeletedUser($id);
-		}
-		$dn = $this->access->username2dn($id);
-		if($dn !== false) {
-			return $this->createAndCache($dn, $id);
-		}
-		return null;
-	}
-
-	/**
-	 * @brief returns a User object by it's DN or Nextcloud username
-	 * @param string $id the DN or username of the user
-	 * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
-	 * @throws \Exception when connection could not be established
-	 */
-	public function get($id) {
-		$this->checkAccess();
-		if(isset($this->usersByDN[$id])) {
-			return $this->usersByDN[$id];
-		} else if(isset($this->usersByUid[$id])) {
-			return $this->usersByUid[$id];
-		}
-
-		if($this->access->stringResemblesDN($id) ) {
-			$uid = $this->access->dn2username($id);
-			if($uid !== false) {
-				return $this->createAndCache($id, $uid);
-			}
-		}
-
-		return $this->createInstancyByUserName($id);
-	}
+    /** @var IUserTools */
+    protected $access;
+
+    /** @var IConfig */
+    protected $ocConfig;
+
+    /** @var IDBConnection */
+    protected $db;
+
+    /** @var FilesystemHelper */
+    protected $ocFilesystem;
+
+    /** @var LogWrapper */
+    protected $ocLog;
+
+    /** @var Image */
+    protected $image;
+
+    /** @param \OCP\IAvatarManager */
+    protected $avatarManager;
+
+    /**
+     * @var CappedMemoryCache $usersByDN
+     */
+    protected $usersByDN;
+    /**
+     * @var CappedMemoryCache $usersByUid
+     */
+    protected $usersByUid;
+
+    /**
+     * @param IConfig $ocConfig
+     * @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that
+     * gives access to necessary functions from the OC filesystem
+     * @param  \OCA\User_LDAP\LogWrapper $ocLog
+     * @param IAvatarManager $avatarManager
+     * @param Image $image an empty image instance
+     * @param IDBConnection $db
+     * @throws \Exception when the methods mentioned above do not exist
+     */
+    public function __construct(IConfig $ocConfig,
+                                FilesystemHelper $ocFilesystem, LogWrapper $ocLog,
+                                IAvatarManager $avatarManager, Image $image,
+                                IDBConnection $db, IUserManager $userManager) {
+
+        $this->ocConfig      = $ocConfig;
+        $this->ocFilesystem  = $ocFilesystem;
+        $this->ocLog         = $ocLog;
+        $this->avatarManager = $avatarManager;
+        $this->image         = $image;
+        $this->db            = $db;
+        $this->userManager   = $userManager;
+        $this->usersByDN     = new CappedMemoryCache();
+        $this->usersByUid    = new CappedMemoryCache();
+    }
+
+    /**
+     * @brief binds manager to an instance of IUserTools (implemented by
+     * Access). It needs to be assigned first before the manager can be used.
+     * @param IUserTools
+     */
+    public function setLdapAccess(IUserTools $access) {
+        $this->access = $access;
+    }
+
+    /**
+     * @brief creates an instance of User and caches (just runtime) it in the
+     * property array
+     * @param string $dn the DN of the user
+     * @param string $uid the internal (owncloud) username
+     * @return \OCA\User_LDAP\User\User
+     */
+    private function createAndCache($dn, $uid) {
+        $this->checkAccess();
+        $user = new User($uid, $dn, $this->access, $this->ocConfig,
+            $this->ocFilesystem, clone $this->image, $this->ocLog,
+            $this->avatarManager, $this->userManager);
+        $this->usersByDN[$dn]   = $user;
+        $this->usersByUid[$uid] = $user;
+        return $user;
+    }
+
+    /**
+     * @brief checks whether the Access instance has been set
+     * @throws \Exception if Access has not been set
+     * @return null
+     */
+    private function checkAccess() {
+        if(is_null($this->access)) {
+            throw new \Exception('LDAP Access instance must be set first');
+        }
+    }
+
+    /**
+     * returns a list of attributes that will be processed further, e.g. quota,
+     * email, displayname, or others.
+     * @param bool $minimal - optional, set to true to skip attributes with big
+     * payload
+     * @return string[]
+     */
+    public function getAttributes($minimal = false) {
+        $attributes = array('dn', 'uid', 'samaccountname', 'memberof');
+        $possible = array(
+            $this->access->getConnection()->ldapQuotaAttribute,
+            $this->access->getConnection()->ldapEmailAttribute,
+            $this->access->getConnection()->ldapUserDisplayName,
+            $this->access->getConnection()->ldapUserDisplayName2,
+        );
+        foreach($possible as $attr) {
+            if(!is_null($attr)) {
+                $attributes[] = $attr;
+            }
+        }
+
+        $homeRule = $this->access->getConnection()->homeFolderNamingRule;
+        if(strpos($homeRule, 'attr:') === 0) {
+            $attributes[] = substr($homeRule, strlen('attr:'));
+        }
+
+        if(!$minimal) {
+            // attributes that are not really important but may come with big
+            // payload.
+            $attributes = array_merge($attributes, array(
+                'jpegphoto',
+                'thumbnailphoto'
+            ));
+        }
+
+        return $attributes;
+    }
+
+    /**
+     * Checks whether the specified user is marked as deleted
+     * @param string $id the Nextcloud user name
+     * @return bool
+     */
+    public function isDeletedUser($id) {
+        $isDeleted = $this->ocConfig->getUserValue(
+            $id, 'user_ldap', 'isDeleted', 0);
+        return intval($isDeleted) === 1;
+    }
+
+    /**
+     * creates and returns an instance of OfflineUser for the specified user
+     * @param string $id
+     * @return \OCA\User_LDAP\User\OfflineUser
+     */
+    public function getDeletedUser($id) {
+        return new OfflineUser(
+            $id,
+            $this->ocConfig,
+            $this->db,
+            $this->access->getUserMapper());
+    }
+
+    /**
+     * @brief returns a User object by it's Nextcloud username
+     * @param string $id the DN or username of the user
+     * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
+     */
+    protected function createInstancyByUserName($id) {
+        //most likely a uid. Check whether it is a deleted user
+        if($this->isDeletedUser($id)) {
+            return $this->getDeletedUser($id);
+        }
+        $dn = $this->access->username2dn($id);
+        if($dn !== false) {
+            return $this->createAndCache($dn, $id);
+        }
+        return null;
+    }
+
+    /**
+     * @brief returns a User object by it's DN or Nextcloud username
+     * @param string $id the DN or username of the user
+     * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
+     * @throws \Exception when connection could not be established
+     */
+    public function get($id) {
+        $this->checkAccess();
+        if(isset($this->usersByDN[$id])) {
+            return $this->usersByDN[$id];
+        } else if(isset($this->usersByUid[$id])) {
+            return $this->usersByUid[$id];
+        }
+
+        if($this->access->stringResemblesDN($id) ) {
+            $uid = $this->access->dn2username($id);
+            if($uid !== false) {
+                return $this->createAndCache($id, $uid);
+            }
+        }
+
+        return $this->createInstancyByUserName($id);
+    }
 
 }

apps/user_ldap/lib/User_Proxy.php

Indentation +260 added lines, -260 removed lines

@@ -33,285 +33,285 @@
 use OCP\IConfig;
 
 class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP {
-	private $backends = array();
-	private $refBackend = null;
+    private $backends = array();
+    private $refBackend = null;
 
-	/**
-	 * Constructor
-	 * @param array $serverConfigPrefixes array containing the config Prefixes
-	 */
-	public function __construct(array $serverConfigPrefixes, ILDAPWrapper $ldap, IConfig $ocConfig) {
-		parent::__construct($ldap);
-		foreach($serverConfigPrefixes as $configPrefix) {
-			$this->backends[$configPrefix] =
-				new User_LDAP($this->getAccess($configPrefix), $ocConfig);
-			if(is_null($this->refBackend)) {
-				$this->refBackend = &$this->backends[$configPrefix];
-			}
-		}
-	}
+    /**
+     * Constructor
+     * @param array $serverConfigPrefixes array containing the config Prefixes
+     */
+    public function __construct(array $serverConfigPrefixes, ILDAPWrapper $ldap, IConfig $ocConfig) {
+        parent::__construct($ldap);
+        foreach($serverConfigPrefixes as $configPrefix) {
+            $this->backends[$configPrefix] =
+                new User_LDAP($this->getAccess($configPrefix), $ocConfig);
+            if(is_null($this->refBackend)) {
+                $this->refBackend = &$this->backends[$configPrefix];
+            }
+        }
+    }
 
-	/**
-	 * Tries the backends one after the other until a positive result is returned from the specified method
-	 * @param string $uid the uid connected to the request
-	 * @param string $method the method of the user backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @return mixed the result of the method or false
-	 */
-	protected function walkBackends($uid, $method, $parameters) {
-		$cacheKey = $this->getUserCacheKey($uid);
-		foreach($this->backends as $configPrefix => $backend) {
-			$instance = $backend;
-			if(!method_exists($instance, $method)
-				&& method_exists($this->getAccess($configPrefix), $method)) {
-				$instance = $this->getAccess($configPrefix);
-			}
-			if($result = call_user_func_array(array($instance, $method), $parameters)) {
-				$this->writeToCache($cacheKey, $configPrefix);
-				return $result;
-			}
-		}
-		return false;
-	}
+    /**
+     * Tries the backends one after the other until a positive result is returned from the specified method
+     * @param string $uid the uid connected to the request
+     * @param string $method the method of the user backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @return mixed the result of the method or false
+     */
+    protected function walkBackends($uid, $method, $parameters) {
+        $cacheKey = $this->getUserCacheKey($uid);
+        foreach($this->backends as $configPrefix => $backend) {
+            $instance = $backend;
+            if(!method_exists($instance, $method)
+                && method_exists($this->getAccess($configPrefix), $method)) {
+                $instance = $this->getAccess($configPrefix);
+            }
+            if($result = call_user_func_array(array($instance, $method), $parameters)) {
+                $this->writeToCache($cacheKey, $configPrefix);
+                return $result;
+            }
+        }
+        return false;
+    }
 
-	/**
-	 * Asks the backend connected to the server that supposely takes care of the uid from the request.
-	 * @param string $uid the uid connected to the request
-	 * @param string $method the method of the user backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @param mixed $passOnWhen the result matches this variable
-	 * @return mixed the result of the method or false
-	 */
-	protected function callOnLastSeenOn($uid, $method, $parameters, $passOnWhen) {
-		$cacheKey = $this->getUserCacheKey($uid);
-		$prefix = $this->getFromCache($cacheKey);
-		//in case the uid has been found in the past, try this stored connection first
-		if(!is_null($prefix)) {
-			if(isset($this->backends[$prefix])) {
-				$instance = $this->backends[$prefix];
-				if(!method_exists($instance, $method)
-					&& method_exists($this->getAccess($prefix), $method)) {
-					$instance = $this->getAccess($prefix);
-				}
-				$result = call_user_func_array(array($instance, $method), $parameters);
-				if($result === $passOnWhen) {
-					//not found here, reset cache to null if user vanished
-					//because sometimes methods return false with a reason
-					$userExists = call_user_func_array(
-						array($this->backends[$prefix], 'userExists'),
-						array($uid)
-					);
-					if(!$userExists) {
-						$this->writeToCache($cacheKey, null);
-					}
-				}
-				return $result;
-			}
-		}
-		return false;
-	}
+    /**
+     * Asks the backend connected to the server that supposely takes care of the uid from the request.
+     * @param string $uid the uid connected to the request
+     * @param string $method the method of the user backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @param mixed $passOnWhen the result matches this variable
+     * @return mixed the result of the method or false
+     */
+    protected function callOnLastSeenOn($uid, $method, $parameters, $passOnWhen) {
+        $cacheKey = $this->getUserCacheKey($uid);
+        $prefix = $this->getFromCache($cacheKey);
+        //in case the uid has been found in the past, try this stored connection first
+        if(!is_null($prefix)) {
+            if(isset($this->backends[$prefix])) {
+                $instance = $this->backends[$prefix];
+                if(!method_exists($instance, $method)
+                    && method_exists($this->getAccess($prefix), $method)) {
+                    $instance = $this->getAccess($prefix);
+                }
+                $result = call_user_func_array(array($instance, $method), $parameters);
+                if($result === $passOnWhen) {
+                    //not found here, reset cache to null if user vanished
+                    //because sometimes methods return false with a reason
+                    $userExists = call_user_func_array(
+                        array($this->backends[$prefix], 'userExists'),
+                        array($uid)
+                    );
+                    if(!$userExists) {
+                        $this->writeToCache($cacheKey, null);
+                    }
+                }
+                return $result;
+            }
+        }
+        return false;
+    }
 
-	/**
-	 * Check if backend implements actions
-	 * @param int $actions bitwise-or'ed actions
-	 * @return boolean
-	 *
-	 * Returns the supported actions as int to be
-	 * compared with OC_USER_BACKEND_CREATE_USER etc.
-	 */
-	public function implementsActions($actions) {
-		//it's the same across all our user backends obviously
-		return $this->refBackend->implementsActions($actions);
-	}
+    /**
+     * Check if backend implements actions
+     * @param int $actions bitwise-or'ed actions
+     * @return boolean
+     *
+     * Returns the supported actions as int to be
+     * compared with OC_USER_BACKEND_CREATE_USER etc.
+     */
+    public function implementsActions($actions) {
+        //it's the same across all our user backends obviously
+        return $this->refBackend->implementsActions($actions);
+    }
 
-	/**
-	 * Backend name to be shown in user management
-	 * @return string the name of the backend to be shown
-	 */
-	public function getBackendName() {
-		return $this->refBackend->getBackendName();
-	}
+    /**
+     * Backend name to be shown in user management
+     * @return string the name of the backend to be shown
+     */
+    public function getBackendName() {
+        return $this->refBackend->getBackendName();
+    }
 
-	/**
-	 * Get a list of all users
-	 *
-	 * @param string $search
-	 * @param null|int $limit
-	 * @param null|int $offset
-	 * @return string[] an array of all uids
-	 */
-	public function getUsers($search = '', $limit = 10, $offset = 0) {
-		//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
-		$users = array();
-		foreach($this->backends as $backend) {
-			$backendUsers = $backend->getUsers($search, $limit, $offset);
-			if (is_array($backendUsers)) {
-				$users = array_merge($users, $backendUsers);
-			}
-		}
-		return $users;
-	}
+    /**
+     * Get a list of all users
+     *
+     * @param string $search
+     * @param null|int $limit
+     * @param null|int $offset
+     * @return string[] an array of all uids
+     */
+    public function getUsers($search = '', $limit = 10, $offset = 0) {
+        //we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
+        $users = array();
+        foreach($this->backends as $backend) {
+            $backendUsers = $backend->getUsers($search, $limit, $offset);
+            if (is_array($backendUsers)) {
+                $users = array_merge($users, $backendUsers);
+            }
+        }
+        return $users;
+    }
 
-	/**
-	 * check if a user exists
-	 * @param string $uid the username
-	 * @return boolean
-	 */
-	public function userExists($uid) {
-		return $this->handleRequest($uid, 'userExists', array($uid));
-	}
+    /**
+     * check if a user exists
+     * @param string $uid the username
+     * @return boolean
+     */
+    public function userExists($uid) {
+        return $this->handleRequest($uid, 'userExists', array($uid));
+    }
 
-	/**
-	 * check if a user exists on LDAP
-	 * @param string|\OCA\User_LDAP\User\User $user either the Nextcloud user
-	 * name or an instance of that user
-	 * @return boolean
-	 */
-	public function userExistsOnLDAP($user) {
-		$id = ($user instanceof User) ? $user->getUsername() : $user;
-		return $this->handleRequest($id, 'userExistsOnLDAP', array($user));
-	}
+    /**
+     * check if a user exists on LDAP
+     * @param string|\OCA\User_LDAP\User\User $user either the Nextcloud user
+     * name or an instance of that user
+     * @return boolean
+     */
+    public function userExistsOnLDAP($user) {
+        $id = ($user instanceof User) ? $user->getUsername() : $user;
+        return $this->handleRequest($id, 'userExistsOnLDAP', array($user));
+    }
 
-	/**
-	 * Check if the password is correct
-	 * @param string $uid The username
-	 * @param string $password The password
-	 * @return bool
-	 *
-	 * Check if the password is correct without logging in the user
-	 */
-	public function checkPassword($uid, $password) {
-		return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
-	}
+    /**
+     * Check if the password is correct
+     * @param string $uid The username
+     * @param string $password The password
+     * @return bool
+     *
+     * Check if the password is correct without logging in the user
+     */
+    public function checkPassword($uid, $password) {
+        return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
+    }
 
-	/**
-	 * returns the username for the given login name, if available
-	 *
-	 * @param string $loginName
-	 * @return string|false
-	 */
-	public function loginName2UserName($loginName) {
-		$id = 'LOGINNAME,' . $loginName;
-		return $this->handleRequest($id, 'loginName2UserName', array($loginName));
-	}
+    /**
+     * returns the username for the given login name, if available
+     *
+     * @param string $loginName
+     * @return string|false
+     */
+    public function loginName2UserName($loginName) {
+        $id = 'LOGINNAME,' . $loginName;
+        return $this->handleRequest($id, 'loginName2UserName', array($loginName));
+    }
 	
-	/**
-	 * returns the username for the given LDAP DN, if available
-	 *
-	 * @param string $dn
-	 * @return string|false with the username
-	 */
-	public function dn2UserName($dn) {
-		$id = 'DN,' . $dn;
-		return $this->handleRequest($id, 'dn2UserName', array($dn));
-	}
+    /**
+     * returns the username for the given LDAP DN, if available
+     *
+     * @param string $dn
+     * @return string|false with the username
+     */
+    public function dn2UserName($dn) {
+        $id = 'DN,' . $dn;
+        return $this->handleRequest($id, 'dn2UserName', array($dn));
+    }
 
-	/**
-	 * get the user's home directory
-	 * @param string $uid the username
-	 * @return boolean
-	 */
-	public function getHome($uid) {
-		return $this->handleRequest($uid, 'getHome', array($uid));
-	}
+    /**
+     * get the user's home directory
+     * @param string $uid the username
+     * @return boolean
+     */
+    public function getHome($uid) {
+        return $this->handleRequest($uid, 'getHome', array($uid));
+    }
 
-	/**
-	 * get display name of the user
-	 * @param string $uid user ID of the user
-	 * @return string display name
-	 */
-	public function getDisplayName($uid) {
-		return $this->handleRequest($uid, 'getDisplayName', array($uid));
-	}
+    /**
+     * get display name of the user
+     * @param string $uid user ID of the user
+     * @return string display name
+     */
+    public function getDisplayName($uid) {
+        return $this->handleRequest($uid, 'getDisplayName', array($uid));
+    }
 
-	/**
-	 * checks whether the user is allowed to change his avatar in Nextcloud
-	 * @param string $uid the Nextcloud user name
-	 * @return boolean either the user can or cannot
-	 */
-	public function canChangeAvatar($uid) {
-		return $this->handleRequest($uid, 'canChangeAvatar', array($uid), true);
-	}
+    /**
+     * checks whether the user is allowed to change his avatar in Nextcloud
+     * @param string $uid the Nextcloud user name
+     * @return boolean either the user can or cannot
+     */
+    public function canChangeAvatar($uid) {
+        return $this->handleRequest($uid, 'canChangeAvatar', array($uid), true);
+    }
 
-	/**
-	 * Get a list of all display names and user ids.
-	 * @param string $search
-	 * @param string|null $limit
-	 * @param string|null $offset
-	 * @return array an array of all displayNames (value) and the corresponding uids (key)
-	 */
-	public function getDisplayNames($search = '', $limit = null, $offset = null) {
-		//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
-		$users = array();
-		foreach($this->backends as $backend) {
-			$backendUsers = $backend->getDisplayNames($search, $limit, $offset);
-			if (is_array($backendUsers)) {
-				$users = $users + $backendUsers;
-			}
-		}
-		return $users;
-	}
+    /**
+     * Get a list of all display names and user ids.
+     * @param string $search
+     * @param string|null $limit
+     * @param string|null $offset
+     * @return array an array of all displayNames (value) and the corresponding uids (key)
+     */
+    public function getDisplayNames($search = '', $limit = null, $offset = null) {
+        //we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
+        $users = array();
+        foreach($this->backends as $backend) {
+            $backendUsers = $backend->getDisplayNames($search, $limit, $offset);
+            if (is_array($backendUsers)) {
+                $users = $users + $backendUsers;
+            }
+        }
+        return $users;
+    }
 
-	/**
-	 * delete a user
-	 * @param string $uid The username of the user to delete
-	 * @return bool
-	 *
-	 * Deletes a user
-	 */
-	public function deleteUser($uid) {
-		return $this->handleRequest($uid, 'deleteUser', array($uid));
-	}
+    /**
+     * delete a user
+     * @param string $uid The username of the user to delete
+     * @return bool
+     *
+     * Deletes a user
+     */
+    public function deleteUser($uid) {
+        return $this->handleRequest($uid, 'deleteUser', array($uid));
+    }
 	
-	/**
-	 * Set password
-	 * @param string $uid The username
-	 * @param string $password The new password
-	 * @return bool
-	 *
-	 */
-	public function setPassword($uid, $password) {
-		return $this->handleRequest($uid, 'setPassword', array($uid, $password));
-	}
+    /**
+     * Set password
+     * @param string $uid The username
+     * @param string $password The new password
+     * @return bool
+     *
+     */
+    public function setPassword($uid, $password) {
+        return $this->handleRequest($uid, 'setPassword', array($uid, $password));
+    }
 
-	/**
-	 * @return bool
-	 */
-	public function hasUserListings() {
-		return $this->refBackend->hasUserListings();
-	}
+    /**
+     * @return bool
+     */
+    public function hasUserListings() {
+        return $this->refBackend->hasUserListings();
+    }
 
-	/**
-	 * Count the number of users
-	 * @return int|bool
-	 */
-	public function countUsers() {
-		$users = false;
-		foreach($this->backends as $backend) {
-			$backendUsers = $backend->countUsers();
-			if ($backendUsers !== false) {
-				$users += $backendUsers;
-			}
-		}
-		return $users;
-	}
+    /**
+     * Count the number of users
+     * @return int|bool
+     */
+    public function countUsers() {
+        $users = false;
+        foreach($this->backends as $backend) {
+            $backendUsers = $backend->countUsers();
+            if ($backendUsers !== false) {
+                $users += $backendUsers;
+            }
+        }
+        return $users;
+    }
 
-	/**
-	 * Return access for LDAP interaction.
-	 * @param string $uid
-	 * @return Access instance of Access for LDAP interaction
-	 */
-	public function getLDAPAccess($uid) {
-		return $this->handleRequest($uid, 'getLDAPAccess', array($uid));
-	}
+    /**
+     * Return access for LDAP interaction.
+     * @param string $uid
+     * @return Access instance of Access for LDAP interaction
+     */
+    public function getLDAPAccess($uid) {
+        return $this->handleRequest($uid, 'getLDAPAccess', array($uid));
+    }
 	
-	/**
-	 * Return a new LDAP connection for the specified user.
-	 * The connection needs to be closed manually.
-	 * @param string $uid
-	 * @return resource of the LDAP connection
-	 */
-	public function getNewLDAPConnection($uid) {
-		return $this->handleRequest($uid, 'getNewLDAPConnection', array($uid));
-	}
+    /**
+     * Return a new LDAP connection for the specified user.
+     * The connection needs to be closed manually.
+     * @param string $uid
+     * @return resource of the LDAP connection
+     */
+    public function getNewLDAPConnection($uid) {
+        return $this->handleRequest($uid, 'getNewLDAPConnection', array($uid));
+    }
 }

apps/dav/lib/Connector/Sabre/Auth.php

Indentation +192 added lines, -192 removed lines

@@ -48,212 +48,212 @@
 class Auth extends AbstractBasic {
 
 
-	const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
+    const DAV_AUTHENTICATED = 'AUTHENTICATED_TO_DAV_BACKEND';
 
-	/** @var ISession */
-	private $session;
-	/** @var Session */
-	private $userSession;
-	/** @var IRequest */
-	private $request;
-	/** @var string */
-	private $currentUser;
-	/** @var Manager */
-	private $twoFactorManager;
-	/** @var Throttler */
-	private $throttler;
+    /** @var ISession */
+    private $session;
+    /** @var Session */
+    private $userSession;
+    /** @var IRequest */
+    private $request;
+    /** @var string */
+    private $currentUser;
+    /** @var Manager */
+    private $twoFactorManager;
+    /** @var Throttler */
+    private $throttler;
 
-	/**
-	 * @param ISession $session
-	 * @param Session $userSession
-	 * @param IRequest $request
-	 * @param Manager $twoFactorManager
-	 * @param Throttler $throttler
-	 * @param string $principalPrefix
-	 */
-	public function __construct(ISession $session,
-								Session $userSession,
-								IRequest $request,
-								Manager $twoFactorManager,
-								Throttler $throttler,
-								$principalPrefix = 'principals/users/') {
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->twoFactorManager = $twoFactorManager;
-		$this->request = $request;
-		$this->throttler = $throttler;
-		$this->principalPrefix = $principalPrefix;
+    /**
+     * @param ISession $session
+     * @param Session $userSession
+     * @param IRequest $request
+     * @param Manager $twoFactorManager
+     * @param Throttler $throttler
+     * @param string $principalPrefix
+     */
+    public function __construct(ISession $session,
+                                Session $userSession,
+                                IRequest $request,
+                                Manager $twoFactorManager,
+                                Throttler $throttler,
+                                $principalPrefix = 'principals/users/') {
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->twoFactorManager = $twoFactorManager;
+        $this->request = $request;
+        $this->throttler = $throttler;
+        $this->principalPrefix = $principalPrefix;
 
-		// setup realm
-		$defaults = new \OCP\Defaults();
-		$this->realm = $defaults->getName();
-	}
+        // setup realm
+        $defaults = new \OCP\Defaults();
+        $this->realm = $defaults->getName();
+    }
 
-	/**
-	 * Whether the user has initially authenticated via DAV
-	 *
-	 * This is required for WebDAV clients that resent the cookies even when the
-	 * account was changed.
-	 *
-	 * @see https://github.com/owncloud/core/issues/13245
-	 *
-	 * @param string $username
-	 * @return bool
-	 */
-	public function isDavAuthenticated($username) {
-		return !is_null($this->session->get(self::DAV_AUTHENTICATED)) &&
-		$this->session->get(self::DAV_AUTHENTICATED) === $username;
-	}
+    /**
+     * Whether the user has initially authenticated via DAV
+     *
+     * This is required for WebDAV clients that resent the cookies even when the
+     * account was changed.
+     *
+     * @see https://github.com/owncloud/core/issues/13245
+     *
+     * @param string $username
+     * @return bool
+     */
+    public function isDavAuthenticated($username) {
+        return !is_null($this->session->get(self::DAV_AUTHENTICATED)) &&
+        $this->session->get(self::DAV_AUTHENTICATED) === $username;
+    }
 
-	/**
-	 * Validates a username and password
-	 *
-	 * This method should return true or false depending on if login
-	 * succeeded.
-	 *
-	 * @param string $username
-	 * @param string $password
-	 * @return bool
-	 * @throws PasswordLoginForbidden
-	 */
-	protected function validateUserPass($username, $password) {
-		if ($this->userSession->isLoggedIn() &&
-			$this->isDavAuthenticated($this->userSession->getUser()->getUID())
-		) {
-			\OC_Util::setupFS($this->userSession->getUser()->getUID());
-			$this->session->close();
-			return true;
-		} else {
-			\OC_Util::setupFS(); //login hooks may need early access to the filesystem
-			try {
-				if ($this->userSession->logClientIn($username, $password, $this->request, $this->throttler)) {
-					\OC_Util::setupFS($this->userSession->getUser()->getUID());
-					$this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
-					$this->session->close();
-					return true;
-				} else {
-					$this->session->close();
-					return false;
-				}
-			} catch (PasswordLoginForbiddenException $ex) {
-				$this->session->close();
-				throw new PasswordLoginForbidden();
-			}
-		}
-	}
+    /**
+     * Validates a username and password
+     *
+     * This method should return true or false depending on if login
+     * succeeded.
+     *
+     * @param string $username
+     * @param string $password
+     * @return bool
+     * @throws PasswordLoginForbidden
+     */
+    protected function validateUserPass($username, $password) {
+        if ($this->userSession->isLoggedIn() &&
+            $this->isDavAuthenticated($this->userSession->getUser()->getUID())
+        ) {
+            \OC_Util::setupFS($this->userSession->getUser()->getUID());
+            $this->session->close();
+            return true;
+        } else {
+            \OC_Util::setupFS(); //login hooks may need early access to the filesystem
+            try {
+                if ($this->userSession->logClientIn($username, $password, $this->request, $this->throttler)) {
+                    \OC_Util::setupFS($this->userSession->getUser()->getUID());
+                    $this->session->set(self::DAV_AUTHENTICATED, $this->userSession->getUser()->getUID());
+                    $this->session->close();
+                    return true;
+                } else {
+                    $this->session->close();
+                    return false;
+                }
+            } catch (PasswordLoginForbiddenException $ex) {
+                $this->session->close();
+                throw new PasswordLoginForbidden();
+            }
+        }
+    }
 
-	/**
-	 * @param RequestInterface $request
-	 * @param ResponseInterface $response
-	 * @return array
-	 * @throws NotAuthenticated
-	 * @throws ServiceUnavailable
-	 */
-	function check(RequestInterface $request, ResponseInterface $response) {
-		try {
-			$result = $this->auth($request, $response);
-			return $result;
-		} catch (NotAuthenticated $e) {
-			throw $e;
-		} catch (Exception $e) {
-			$class = get_class($e);
-			$msg = $e->getMessage();
-			\OC::$server->getLogger()->logException($e);
-			throw new ServiceUnavailable("$class: $msg");
-		}
-	}
+    /**
+     * @param RequestInterface $request
+     * @param ResponseInterface $response
+     * @return array
+     * @throws NotAuthenticated
+     * @throws ServiceUnavailable
+     */
+    function check(RequestInterface $request, ResponseInterface $response) {
+        try {
+            $result = $this->auth($request, $response);
+            return $result;
+        } catch (NotAuthenticated $e) {
+            throw $e;
+        } catch (Exception $e) {
+            $class = get_class($e);
+            $msg = $e->getMessage();
+            \OC::$server->getLogger()->logException($e);
+            throw new ServiceUnavailable("$class: $msg");
+        }
+    }
 
-	/**
-	 * Checks whether a CSRF check is required on the request
-	 *
-	 * @return bool
-	 */
-	private function requiresCSRFCheck() {
-		// GET requires no check at all
-		if($this->request->getMethod() === 'GET') {
-			return false;
-		}
+    /**
+     * Checks whether a CSRF check is required on the request
+     *
+     * @return bool
+     */
+    private function requiresCSRFCheck() {
+        // GET requires no check at all
+        if($this->request->getMethod() === 'GET') {
+            return false;
+        }
 
-		// Official Nextcloud clients require no checks
-		if($this->request->isUserAgent([
-			IRequest::USER_AGENT_CLIENT_DESKTOP,
-			IRequest::USER_AGENT_CLIENT_ANDROID,
-			IRequest::USER_AGENT_CLIENT_IOS,
-		])) {
-			return false;
-		}
+        // Official Nextcloud clients require no checks
+        if($this->request->isUserAgent([
+            IRequest::USER_AGENT_CLIENT_DESKTOP,
+            IRequest::USER_AGENT_CLIENT_ANDROID,
+            IRequest::USER_AGENT_CLIENT_IOS,
+        ])) {
+            return false;
+        }
 
-		// If not logged-in no check is required
-		if(!$this->userSession->isLoggedIn()) {
-			return false;
-		}
+        // If not logged-in no check is required
+        if(!$this->userSession->isLoggedIn()) {
+            return false;
+        }
 
-		// POST always requires a check
-		if($this->request->getMethod() === 'POST') {
-			return true;
-		}
+        // POST always requires a check
+        if($this->request->getMethod() === 'POST') {
+            return true;
+        }
 
-		// If logged-in AND DAV authenticated no check is required
-		if($this->userSession->isLoggedIn() &&
-			$this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
-			return false;
-		}
+        // If logged-in AND DAV authenticated no check is required
+        if($this->userSession->isLoggedIn() &&
+            $this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
+            return false;
+        }
 
-		return true;
-	}
+        return true;
+    }
 
-	/**
-	 * @param RequestInterface $request
-	 * @param ResponseInterface $response
-	 * @return array
-	 * @throws NotAuthenticated
-	 */
-	private function auth(RequestInterface $request, ResponseInterface $response) {
-		$forcedLogout = false;
-		if(!$this->request->passesCSRFCheck() &&
-			$this->requiresCSRFCheck()) {
-			// In case of a fail with POST we need to recheck the credentials
-			if($this->request->getMethod() === 'POST') {
-				$forcedLogout = true;
-			} else {
-				$response->setStatus(401);
-				throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
-			}
-		}
+    /**
+     * @param RequestInterface $request
+     * @param ResponseInterface $response
+     * @return array
+     * @throws NotAuthenticated
+     */
+    private function auth(RequestInterface $request, ResponseInterface $response) {
+        $forcedLogout = false;
+        if(!$this->request->passesCSRFCheck() &&
+            $this->requiresCSRFCheck()) {
+            // In case of a fail with POST we need to recheck the credentials
+            if($this->request->getMethod() === 'POST') {
+                $forcedLogout = true;
+            } else {
+                $response->setStatus(401);
+                throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
+            }
+        }
 
-		if($forcedLogout) {
-			$this->userSession->logout();
-		} else {
-			if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
-				throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
-			}
-			if (\OC_User::handleApacheAuth() ||
-				//Fix for broken webdav clients
-				($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
-				//Well behaved clients that only send the cookie are allowed
-				($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
-			) {
-				$user = $this->userSession->getUser()->getUID();
-				\OC_Util::setupFS($user);
-				$this->currentUser = $user;
-				$this->session->close();
-				return [true, $this->principalPrefix . $user];
-			}
-		}
+        if($forcedLogout) {
+            $this->userSession->logout();
+        } else {
+            if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
+                throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
+            }
+            if (\OC_User::handleApacheAuth() ||
+                //Fix for broken webdav clients
+                ($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
+                //Well behaved clients that only send the cookie are allowed
+                ($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
+            ) {
+                $user = $this->userSession->getUser()->getUID();
+                \OC_Util::setupFS($user);
+                $this->currentUser = $user;
+                $this->session->close();
+                return [true, $this->principalPrefix . $user];
+            }
+        }
 
-		if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
-			// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
-			$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
-			$response->setStatus(401);
-			throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
-		}
+        if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
+            // do not re-authenticate over ajax, use dummy auth name to prevent browser popup
+            $response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
+            $response->setStatus(401);
+            throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
+        }
 
-		$data = parent::check($request, $response);
-		if($data[0] === true) {
-			$startPos = strrpos($data[1], '/') + 1;
-			$user = $this->userSession->getUser()->getUID();
-			$data[1] = substr_replace($data[1], $user, $startPos);
-		}
-		return $data;
-	}
+        $data = parent::check($request, $response);
+        if($data[0] === true) {
+            $startPos = strrpos($data[1], '/') + 1;
+            $user = $this->userSession->getUser()->getUID();
+            $data[1] = substr_replace($data[1], $user, $startPos);
+        }
+        return $data;
+    }
 }

Spacing +12 added lines, -12 removed lines

@@ -170,12 +170,12 @@ 
 	 */
 	private function requiresCSRFCheck() {
 		// GET requires no check at all
-		if($this->request->getMethod() === 'GET') {
+		if ($this->request->getMethod() === 'GET') {
 			return false;
 		}
 
 		// Official Nextcloud clients require no checks
-		if($this->request->isUserAgent([
+		if ($this->request->isUserAgent([
 			IRequest::USER_AGENT_CLIENT_DESKTOP,
 			IRequest::USER_AGENT_CLIENT_ANDROID,
 			IRequest::USER_AGENT_CLIENT_IOS,
@@ -184,17 +184,17 @@ 
 		}
 
 		// If not logged-in no check is required
-		if(!$this->userSession->isLoggedIn()) {
+		if (!$this->userSession->isLoggedIn()) {
 			return false;
 		}
 
 		// POST always requires a check
-		if($this->request->getMethod() === 'POST') {
+		if ($this->request->getMethod() === 'POST') {
 			return true;
 		}
 
 		// If logged-in AND DAV authenticated no check is required
-		if($this->userSession->isLoggedIn() &&
+		if ($this->userSession->isLoggedIn() &&
 			$this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
 			return false;
 		}
@@ -210,10 +210,10 @@ 
 	 */
 	private function auth(RequestInterface $request, ResponseInterface $response) {
 		$forcedLogout = false;
-		if(!$this->request->passesCSRFCheck() &&
+		if (!$this->request->passesCSRFCheck() &&
 			$this->requiresCSRFCheck()) {
 			// In case of a fail with POST we need to recheck the credentials
-			if($this->request->getMethod() === 'POST') {
+			if ($this->request->getMethod() === 'POST') {
 				$forcedLogout = true;
 			} else {
 				$response->setStatus(401);
@@ -221,10 +221,10 @@ 
 			}
 		}
 
-		if($forcedLogout) {
+		if ($forcedLogout) {
 			$this->userSession->logout();
 		} else {
-			if($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
+			if ($this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
 				throw new \Sabre\DAV\Exception\NotAuthenticated('2FA challenge not passed.');
 			}
 			if (\OC_User::handleApacheAuth() ||
@@ -237,19 +237,19 @@ 
 				\OC_Util::setupFS($user);
 				$this->currentUser = $user;
 				$this->session->close();
-				return [true, $this->principalPrefix . $user];
+				return [true, $this->principalPrefix.$user];
 			}
 		}
 
 		if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
 			// do not re-authenticate over ajax, use dummy auth name to prevent browser popup
-			$response->addHeader('WWW-Authenticate','DummyBasic realm="' . $this->realm . '"');
+			$response->addHeader('WWW-Authenticate', 'DummyBasic realm="'.$this->realm.'"');
 			$response->setStatus(401);
 			throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
 		}
 
 		$data = parent::check($request, $response);
-		if($data[0] === true) {
+		if ($data[0] === true) {
 			$startPos = strrpos($data[1], '/') + 1;
 			$user = $this->userSession->getUser()->getUID();
 			$data[1] = substr_replace($data[1], $user, $startPos);

apps/dav/lib/Connector/Sabre/ServerFactory.php

Indentation +145 added lines, -145 removed lines

@@ -42,158 +42,158 @@
 use Sabre\DAV\Auth\Backend\BackendInterface;
 
 class ServerFactory {
-	/** @var IConfig */
-	private $config;
-	/** @var ILogger */
-	private $logger;
-	/** @var IDBConnection */
-	private $databaseConnection;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IMountManager */
-	private $mountManager;
-	/** @var ITagManager */
-	private $tagManager;
-	/** @var IRequest */
-	private $request;
-	/** @var IPreview  */
-	private $previewManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ILogger */
+    private $logger;
+    /** @var IDBConnection */
+    private $databaseConnection;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IMountManager */
+    private $mountManager;
+    /** @var ITagManager */
+    private $tagManager;
+    /** @var IRequest */
+    private $request;
+    /** @var IPreview  */
+    private $previewManager;
 
-	/**
-	 * @param IConfig $config
-	 * @param ILogger $logger
-	 * @param IDBConnection $databaseConnection
-	 * @param IUserSession $userSession
-	 * @param IMountManager $mountManager
-	 * @param ITagManager $tagManager
-	 * @param IRequest $request
-	 * @param IPreview $previewManager
-	 */
-	public function __construct(
-		IConfig $config,
-		ILogger $logger,
-		IDBConnection $databaseConnection,
-		IUserSession $userSession,
-		IMountManager $mountManager,
-		ITagManager $tagManager,
-		IRequest $request,
-		IPreview $previewManager
-	) {
-		$this->config = $config;
-		$this->logger = $logger;
-		$this->databaseConnection = $databaseConnection;
-		$this->userSession = $userSession;
-		$this->mountManager = $mountManager;
-		$this->tagManager = $tagManager;
-		$this->request = $request;
-		$this->previewManager = $previewManager;
-	}
+    /**
+     * @param IConfig $config
+     * @param ILogger $logger
+     * @param IDBConnection $databaseConnection
+     * @param IUserSession $userSession
+     * @param IMountManager $mountManager
+     * @param ITagManager $tagManager
+     * @param IRequest $request
+     * @param IPreview $previewManager
+     */
+    public function __construct(
+        IConfig $config,
+        ILogger $logger,
+        IDBConnection $databaseConnection,
+        IUserSession $userSession,
+        IMountManager $mountManager,
+        ITagManager $tagManager,
+        IRequest $request,
+        IPreview $previewManager
+    ) {
+        $this->config = $config;
+        $this->logger = $logger;
+        $this->databaseConnection = $databaseConnection;
+        $this->userSession = $userSession;
+        $this->mountManager = $mountManager;
+        $this->tagManager = $tagManager;
+        $this->request = $request;
+        $this->previewManager = $previewManager;
+    }
 
-	/**
-	 * @param string $baseUri
-	 * @param string $requestUri
-	 * @param BackendInterface $authBackend
-	 * @param callable $viewCallBack callback that should return the view for the dav endpoint
-	 * @return Server
-	 */
-	public function createServer($baseUri,
-								 $requestUri,
-								 BackendInterface $authBackend,
-								 callable $viewCallBack) {
-		// Fire up server
-		$objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
-		$server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
-		// Set URL explicitly due to reverse-proxy situations
-		$server->httpRequest->setUrl($requestUri);
-		$server->setBaseUri($baseUri);
+    /**
+     * @param string $baseUri
+     * @param string $requestUri
+     * @param BackendInterface $authBackend
+     * @param callable $viewCallBack callback that should return the view for the dav endpoint
+     * @return Server
+     */
+    public function createServer($baseUri,
+                                    $requestUri,
+                                    BackendInterface $authBackend,
+                                    callable $viewCallBack) {
+        // Fire up server
+        $objectTree = new \OCA\DAV\Connector\Sabre\ObjectTree();
+        $server = new \OCA\DAV\Connector\Sabre\Server($objectTree);
+        // Set URL explicitly due to reverse-proxy situations
+        $server->httpRequest->setUrl($requestUri);
+        $server->setBaseUri($baseUri);
 
-		// Load plugins
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
-		$server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
-		// FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
-		$server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
-		// Some WebDAV clients do require Class 2 WebDAV support (locking), since
-		// we do not provide locking we emulate it using a fake locking plugin.
-		if($this->request->isUserAgent([
-				'/WebDAVFS/',
-				'/Microsoft Office OneNote 2013/',
-				'/Microsoft-WebDAV-MiniRedir/',
-		])) {
-			$server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
-		}
+        // Load plugins
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\MaintenancePlugin($this->config));
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin($this->config));
+        $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend));
+        // FIXME: The following line is a workaround for legacy components relying on being able to send a GET to /
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\DummyGetResponsePlugin());
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin('webdav', $this->logger));
+        $server->addPlugin(new \OCA\DAV\Connector\Sabre\LockPlugin());
+        // Some WebDAV clients do require Class 2 WebDAV support (locking), since
+        // we do not provide locking we emulate it using a fake locking plugin.
+        if($this->request->isUserAgent([
+                '/WebDAVFS/',
+                '/Microsoft Office OneNote 2013/',
+                '/Microsoft-WebDAV-MiniRedir/',
+        ])) {
+            $server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
+        }
 
-		if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
-			$server->addPlugin(new BrowserErrorPagePlugin());
-		}
+        if (BrowserErrorPagePlugin::isBrowserRequest($this->request)) {
+            $server->addPlugin(new BrowserErrorPagePlugin());
+        }
 
-		// wait with registering these until auth is handled and the filesystem is setup
-		$server->on('beforeMethod', function () use ($server, $objectTree, $viewCallBack) {
-			// ensure the skeleton is copied
-			$userFolder = \OC::$server->getUserFolder();
+        // wait with registering these until auth is handled and the filesystem is setup
+        $server->on('beforeMethod', function () use ($server, $objectTree, $viewCallBack) {
+            // ensure the skeleton is copied
+            $userFolder = \OC::$server->getUserFolder();
 			
-			/** @var \OC\Files\View $view */
-			$view = $viewCallBack($server);
-			if ($userFolder instanceof Folder && $userFolder->getPath() === $view->getRoot()) {
-				$rootInfo = $userFolder;
-			} else {
-				$rootInfo = $view->getFileInfo('');
-			}
+            /** @var \OC\Files\View $view */
+            $view = $viewCallBack($server);
+            if ($userFolder instanceof Folder && $userFolder->getPath() === $view->getRoot()) {
+                $rootInfo = $userFolder;
+            } else {
+                $rootInfo = $view->getFileInfo('');
+            }
 
-			// Create Nextcloud Dir
-			if ($rootInfo->getType() === 'dir') {
-				$root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
-			} else {
-				$root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
-			}
-			$objectTree->init($root, $view, $this->mountManager);
+            // Create Nextcloud Dir
+            if ($rootInfo->getType() === 'dir') {
+                $root = new \OCA\DAV\Connector\Sabre\Directory($view, $rootInfo, $objectTree);
+            } else {
+                $root = new \OCA\DAV\Connector\Sabre\File($view, $rootInfo);
+            }
+            $objectTree->init($root, $view, $this->mountManager);
 
-			$server->addPlugin(
-				new \OCA\DAV\Connector\Sabre\FilesPlugin(
-					$objectTree,
-					$this->config,
-					$this->request,
-					$this->previewManager,
-					false,
-					!$this->config->getSystemValue('debug', false)
-				)
-			);
-			$server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
+            $server->addPlugin(
+                new \OCA\DAV\Connector\Sabre\FilesPlugin(
+                    $objectTree,
+                    $this->config,
+                    $this->request,
+                    $this->previewManager,
+                    false,
+                    !$this->config->getSystemValue('debug', false)
+                )
+            );
+            $server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view));
 
-			if($this->userSession->isLoggedIn()) {
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin(
-					$objectTree,
-					$this->userSession,
-					$userFolder,
-					\OC::$server->getShareManager()
-				));
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
-				$server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin(
-					$objectTree,
-					$view,
-					\OC::$server->getSystemTagManager(),
-					\OC::$server->getSystemTagObjectMapper(),
-					\OC::$server->getTagManager(),
-					$this->userSession,
-					\OC::$server->getGroupManager(),
-					$userFolder
-				));
-				// custom properties plugin must be the last one
-				$server->addPlugin(
-					new \Sabre\DAV\PropertyStorage\Plugin(
-						new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend(
-							$objectTree,
-							$this->databaseConnection,
-							$this->userSession->getUser()
-						)
-					)
-				);
-			}
-			$server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
-		}, 30); // priority 30: after auth (10) and acl(20), before lock(50) and handling the request
-		return $server;
-	}
+            if($this->userSession->isLoggedIn()) {
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager));
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin(
+                    $objectTree,
+                    $this->userSession,
+                    $userFolder,
+                    \OC::$server->getShareManager()
+                ));
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\CommentPropertiesPlugin(\OC::$server->getCommentsManager(), $this->userSession));
+                $server->addPlugin(new \OCA\DAV\Connector\Sabre\FilesReportPlugin(
+                    $objectTree,
+                    $view,
+                    \OC::$server->getSystemTagManager(),
+                    \OC::$server->getSystemTagObjectMapper(),
+                    \OC::$server->getTagManager(),
+                    $this->userSession,
+                    \OC::$server->getGroupManager(),
+                    $userFolder
+                ));
+                // custom properties plugin must be the last one
+                $server->addPlugin(
+                    new \Sabre\DAV\PropertyStorage\Plugin(
+                        new \OCA\DAV\Connector\Sabre\CustomPropertiesBackend(
+                            $objectTree,
+                            $this->databaseConnection,
+                            $this->userSession->getUser()
+                        )
+                    )
+                );
+            }
+            $server->addPlugin(new \OCA\DAV\Connector\Sabre\CopyEtagHeaderPlugin());
+        }, 30); // priority 30: after auth (10) and acl(20), before lock(50) and handling the request
+        return $server;
+    }
 }