Inspection of "Merge pull request #20168 from nextcloud/techdebt/..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 62403d...0c3e2f )

by Joas

created 2020-03-26 15:36 UTC

Status

Indentation +20 added lines, -20 removed lines patch added patch discarded remove patch

@@ -35,26 +35,26 @@
 block discarded – undo
 $subject = (string)$_POST['ldap_clear_mapping'];
 $mapping = null;
 try {
-	if($subject === 'user') {
-		$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
-		$result = $mapping->clearCb(
-			function ($uid) {
-				\OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
-			},
-			function ($uid) {
-				\OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
-			}
-		);
-	} else if($subject === 'group') {
-		$mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
-		$result = $mapping->clear();
-	}
+    if($subject === 'user') {
+        $mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+        $result = $mapping->clearCb(
+            function ($uid) {
+                \OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
+            },
+            function ($uid) {
+                \OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
+            }
+        );
+    } else if($subject === 'group') {
+        $mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
+        $result = $mapping->clear();
+    }
 
-	if($mapping === null || !$result) {
-		$l = \OC::$server->getL10N('user_ldap');
-		throw new \Exception($l->t('Failed to clear the mappings.'));
-	}
-	\OC_JSON::success();
+    if($mapping === null || !$result) {
+        $l = \OC::$server->getL10N('user_ldap');
+        throw new \Exception($l->t('Failed to clear the mappings.'));
+    }
+    \OC_JSON::success();
 } catch (\Exception $e) {
-	\OC_JSON::error(['message' => $e->getMessage()]);
+    \OC_JSON::error(['message' => $e->getMessage()]);
 }

Please login to merge, or discard this patch.

apps/user_ldap/ajax/getNewServerConfigPrefix.php 1 patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

@@ -32,13 +32,13 @@
 block discarded – undo
 $serverConnections = $helper->getServerConfigurationPrefixes();
 sort($serverConnections);
 $lk = array_pop($serverConnections);
-$ln = (int)str_replace('s', '', $lk);
-$nk = 's'.str_pad($ln+1, 2, '0', STR_PAD_LEFT);
+$ln = (int) str_replace('s', '', $lk);
+$nk = 's'.str_pad($ln + 1, 2, '0', STR_PAD_LEFT);
 
 $resultData = ['configPrefix' => $nk];
 
 $newConfig = new \OCA\User_LDAP\Configuration($nk, false);
-if(isset($_POST['copyConfig'])) {
+if (isset($_POST['copyConfig'])) {
 	$originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
 	$newConfig->setConfiguration($originalConfig->getConfiguration());
 } else {

Please login to merge, or discard this patch.

apps/user_ldap/templates/part.wizard-server.php 2 patches

Indentation +6 added lines, -6 removed lines patch added patch discarded remove patch

@@ -2,14 +2,14 @@
 block discarded – undo
 		<p>
 		<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
 		<?php
-		$i = 1;
-		$sel = ' selected';
-		foreach($_['serverConfigurationPrefixes'] as $prefix) {
-			?>
+        $i = 1;
+        $sel = ' selected';
+        foreach($_['serverConfigurationPrefixes'] as $prefix) {
+            ?>
 			<option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($l->t('%s. Server:', [$i++]));?> <?php p(' '.$_['serverConfigurationHosts'][$prefix]); ?></option>
 			<?php
-		}
-		?>
+        }
+        ?>
 		</select>
 		<button type="button" id="ldap_action_add_configuration"
 			name="ldap_action_add_configuration" class="icon-add icon-default-style"

Please login to merge, or discard this patch.

Spacing +20 added lines, -20 removed lines patch added patch discarded remove patch

@@ -4,23 +4,23 @@  discard block
 block discarded – undo
 		<?php
 		$i = 1;
 		$sel = ' selected';
-		foreach($_['serverConfigurationPrefixes'] as $prefix) {
+		foreach ($_['serverConfigurationPrefixes'] as $prefix) {
 			?>
-			<option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($l->t('%s. Server:', [$i++]));?> <?php p(' '.$_['serverConfigurationHosts'][$prefix]); ?></option>
+			<option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($l->t('%s. Server:', [$i++])); ?> <?php p(' '.$_['serverConfigurationHosts'][$prefix]); ?></option>
 			<?php
 		}
 		?>
 		</select>
 		<button type="button" id="ldap_action_add_configuration"
 			name="ldap_action_add_configuration" class="icon-add icon-default-style"
-			title="<?php p($l->t('Add a new configuration'));?>">&nbsp;</button>
+			title="<?php p($l->t('Add a new configuration')); ?>">&nbsp;</button>
 		<button type="button" id="ldap_action_copy_configuration"
 			name="ldap_action_copy_configuration"
 			class="ldapIconCopy icon-default-style"
-			title="<?php p($l->t('Copy current configuration into new directory binding'));?>">&nbsp;</button>
+			title="<?php p($l->t('Copy current configuration into new directory binding')); ?>">&nbsp;</button>
 		<button type="button" id="ldap_action_delete_configuration"
 			name="ldap_action_delete_configuration" class="icon-delete icon-default-style"
-			title="<?php p($l->t('Delete the current configuration'));?>">&nbsp;</button>
+			title="<?php p($l->t('Delete the current configuration')); ?>">&nbsp;</button>
 		</p>
 
 		<div class="hostPortCombinator">
@@ -29,14 +29,14 @@  discard block
 block discarded – undo
 					<div class="table">
 						<input type="text" class="host" id="ldap_host"
 							name="ldap_host"
-							placeholder="<?php p($l->t('Host'));?>"
-							title="<?php p($l->t('You can omit the protocol, unless you require SSL. If so, start with ldaps://'));?>"
+							placeholder="<?php p($l->t('Host')); ?>"
+							title="<?php p($l->t('You can omit the protocol, unless you require SSL. If so, start with ldaps://')); ?>"
 							/>
 						<span class="hostPortCombinatorSpan">
 							<input type="number" id="ldap_port" name="ldap_port"
-								placeholder="<?php p($l->t('Port'));?>" />
+								placeholder="<?php p($l->t('Port')); ?>" />
 							<button class="ldapDetectPort" name="ldapDetectPort" type="button">
-								<?php p($l->t('Detect Port'));?>
+								<?php p($l->t('Detect Port')); ?>
 							</button>
 						</span>
 					</div>
@@ -46,19 +46,19 @@  discard block
 block discarded – undo
 			<div class="tablerow">
 				<input type="text" id="ldap_dn" name="ldap_dn"
 				class="tablecell"
-				placeholder="<?php p($l->t('User DN'));?>" autocomplete="off"
-				title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.'));?>"
+				placeholder="<?php p($l->t('User DN')); ?>" autocomplete="off"
+				title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.')); ?>"
 				/>
 			</div>
 
 			<div class="tablerow">
 				<input type="password" id="ldap_agent_password"
 				class="tablecell" name="ldap_agent_password"
-				placeholder="<?php p($l->t('Password'));?>" autocomplete="off"
-				title="<?php p($l->t('For anonymous access, leave DN and Password empty.'));?>"
+				placeholder="<?php p($l->t('Password')); ?>" autocomplete="off"
+				title="<?php p($l->t('For anonymous access, leave DN and Password empty.')); ?>"
 				/>
 				<button class="ldapSaveAgentCredentials" name="ldapSaveAgentCredentials" type="button">
-					<?php p($l->t('Save Credentials'));?>
+					<?php p($l->t('Save Credentials')); ?>
 				</button>
 			</div>
 			<div class="tablerow">&nbsp;</div>
@@ -66,24 +66,24 @@  discard block
 block discarded – undo
 			<div class="tablerow">
 				<textarea id="ldap_base" name="ldap_base"
 					class="tablecell"
-					placeholder="<?php p($l->t('One Base DN per line'));?>"
-					title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>">
+					placeholder="<?php p($l->t('One Base DN per line')); ?>"
+					title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab')); ?>">
 				</textarea>
 				<button class="ldapDetectBase" name="ldapDetectBase" type="button">
-					<?php p($l->t('Detect Base DN'));?>
+					<?php p($l->t('Detect Base DN')); ?>
 				</button>
 				<button class="ldapTestBase" name="ldapTestBase" type="button">
-					<?php p($l->t('Test Base DN'));?>
+					<?php p($l->t('Test Base DN')); ?>
 				</button>
 			</div>
 
 			<div class="tablerow left">
 				<input type="checkbox" id="ldap_experienced_admin" value="1"
 					name="ldap_experienced_admin" class="tablecell"
-					title="<?php p($l->t('Avoids automatic LDAP requests. Better for bigger setups, but requires some LDAP knowledge.'));?>"
+					title="<?php p($l->t('Avoids automatic LDAP requests. Better for bigger setups, but requires some LDAP knowledge.')); ?>"
 					/>
 				<label for="ldap_experienced_admin" class="tablecell">
-					<?php p($l->t('Manually enter LDAP filters (recommended for large directories)'));?>
+					<?php p($l->t('Manually enter LDAP filters (recommended for large directories)')); ?>
 				</label>
 			</div>
 

Please login to merge, or discard this patch.

apps/user_ldap/lib/Group_Proxy.php 2 patches

Indentation +223 added lines, -223 removed lines patch added patch discarded remove patch

@@ -30,251 +30,251 @@
 block discarded – undo
 use OCP\Group\Backend\IGetDisplayNameBackend;
 
 class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend {
-	private $backends = [];
-	private $refBackend = null;
+    private $backends = [];
+    private $refBackend = null;
 
-	/**
-	 * Constructor
-	 * @param string[] $serverConfigPrefixes array containing the config Prefixes
-	 */
-	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
-		parent::__construct($ldap);
-		foreach($serverConfigPrefixes as $configPrefix) {
-			$this->backends[$configPrefix] =
-				new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
-			if(is_null($this->refBackend)) {
-				$this->refBackend = &$this->backends[$configPrefix];
-			}
-		}
-	}
+    /**
+     * Constructor
+     * @param string[] $serverConfigPrefixes array containing the config Prefixes
+     */
+    public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
+        parent::__construct($ldap);
+        foreach($serverConfigPrefixes as $configPrefix) {
+            $this->backends[$configPrefix] =
+                new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
+            if(is_null($this->refBackend)) {
+                $this->refBackend = &$this->backends[$configPrefix];
+            }
+        }
+    }
 
-	/**
-	 * Tries the backends one after the other until a positive result is returned from the specified method
-	 * @param string $gid the gid connected to the request
-	 * @param string $method the method of the group backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @return mixed, the result of the method or false
-	 */
-	protected function walkBackends($gid, $method, $parameters) {
-		$cacheKey = $this->getGroupCacheKey($gid);
-		foreach($this->backends as $configPrefix => $backend) {
-			if($result = call_user_func_array([$backend, $method], $parameters)) {
-				$this->writeToCache($cacheKey, $configPrefix);
-				return $result;
-			}
-		}
-		return false;
-	}
+    /**
+     * Tries the backends one after the other until a positive result is returned from the specified method
+     * @param string $gid the gid connected to the request
+     * @param string $method the method of the group backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @return mixed, the result of the method or false
+     */
+    protected function walkBackends($gid, $method, $parameters) {
+        $cacheKey = $this->getGroupCacheKey($gid);
+        foreach($this->backends as $configPrefix => $backend) {
+            if($result = call_user_func_array([$backend, $method], $parameters)) {
+                $this->writeToCache($cacheKey, $configPrefix);
+                return $result;
+            }
+        }
+        return false;
+    }
 
-	/**
-	 * Asks the backend connected to the server that supposely takes care of the gid from the request.
-	 * @param string $gid the gid connected to the request
-	 * @param string $method the method of the group backend that shall be called
-	 * @param array $parameters an array of parameters to be passed
-	 * @param mixed $passOnWhen the result matches this variable
-	 * @return mixed, the result of the method or false
-	 */
-	protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
-		$cacheKey = $this->getGroupCacheKey($gid);
-		$prefix = $this->getFromCache($cacheKey);
-		//in case the uid has been found in the past, try this stored connection first
-		if(!is_null($prefix)) {
-			if(isset($this->backends[$prefix])) {
-				$result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
-				if($result === $passOnWhen) {
-					//not found here, reset cache to null if group vanished
-					//because sometimes methods return false with a reason
-					$groupExists = call_user_func_array(
-						[$this->backends[$prefix], 'groupExists'],
-						[$gid]
-					);
-					if(!$groupExists) {
-						$this->writeToCache($cacheKey, null);
-					}
-				}
-				return $result;
-			}
-		}
-		return false;
-	}
+    /**
+     * Asks the backend connected to the server that supposely takes care of the gid from the request.
+     * @param string $gid the gid connected to the request
+     * @param string $method the method of the group backend that shall be called
+     * @param array $parameters an array of parameters to be passed
+     * @param mixed $passOnWhen the result matches this variable
+     * @return mixed, the result of the method or false
+     */
+    protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
+        $cacheKey = $this->getGroupCacheKey($gid);
+        $prefix = $this->getFromCache($cacheKey);
+        //in case the uid has been found in the past, try this stored connection first
+        if(!is_null($prefix)) {
+            if(isset($this->backends[$prefix])) {
+                $result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
+                if($result === $passOnWhen) {
+                    //not found here, reset cache to null if group vanished
+                    //because sometimes methods return false with a reason
+                    $groupExists = call_user_func_array(
+                        [$this->backends[$prefix], 'groupExists'],
+                        [$gid]
+                    );
+                    if(!$groupExists) {
+                        $this->writeToCache($cacheKey, null);
+                    }
+                }
+                return $result;
+            }
+        }
+        return false;
+    }
 
-	/**
-	 * is user in group?
-	 * @param string $uid uid of the user
-	 * @param string $gid gid of the group
-	 * @return bool
-	 *
-	 * Checks whether the user is member of a group or not.
-	 */
-	public function inGroup($uid, $gid) {
-		return $this->handleRequest($gid, 'inGroup', [$uid, $gid]);
-	}
+    /**
+     * is user in group?
+     * @param string $uid uid of the user
+     * @param string $gid gid of the group
+     * @return bool
+     *
+     * Checks whether the user is member of a group or not.
+     */
+    public function inGroup($uid, $gid) {
+        return $this->handleRequest($gid, 'inGroup', [$uid, $gid]);
+    }
 
-	/**
-	 * Get all groups a user belongs to
-	 * @param string $uid Name of the user
-	 * @return string[] with group names
-	 *
-	 * This function fetches all groups a user belongs to. It does not check
-	 * if the user exists at all.
-	 */
-	public function getUserGroups($uid) {
-		$groups = [];
+    /**
+     * Get all groups a user belongs to
+     * @param string $uid Name of the user
+     * @return string[] with group names
+     *
+     * This function fetches all groups a user belongs to. It does not check
+     * if the user exists at all.
+     */
+    public function getUserGroups($uid) {
+        $groups = [];
 
-		foreach($this->backends as $backend) {
-			$backendGroups = $backend->getUserGroups($uid);
-			if (is_array($backendGroups)) {
-				$groups = array_merge($groups, $backendGroups);
-			}
-		}
+        foreach($this->backends as $backend) {
+            $backendGroups = $backend->getUserGroups($uid);
+            if (is_array($backendGroups)) {
+                $groups = array_merge($groups, $backendGroups);
+            }
+        }
 
-		return $groups;
-	}
+        return $groups;
+    }
 
-	/**
-	 * get a list of all users in a group
-	 * @return string[] with user ids
-	 */
-	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
-		$users = [];
+    /**
+     * get a list of all users in a group
+     * @return string[] with user ids
+     */
+    public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
+        $users = [];
 
-		foreach($this->backends as $backend) {
-			$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
-			if (is_array($backendUsers)) {
-				$users = array_merge($users, $backendUsers);
-			}
-		}
+        foreach($this->backends as $backend) {
+            $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
+            if (is_array($backendUsers)) {
+                $users = array_merge($users, $backendUsers);
+            }
+        }
 
-		return $users;
-	}
+        return $users;
+    }
 
-	/**
-	 * @param string $gid
-	 * @return bool
-	 */
-	public function createGroup($gid) {
-		return $this->handleRequest(
-			$gid, 'createGroup', [$gid]);
-	}
+    /**
+     * @param string $gid
+     * @return bool
+     */
+    public function createGroup($gid) {
+        return $this->handleRequest(
+            $gid, 'createGroup', [$gid]);
+    }
 
-	/**
-	 * delete a group
-	 * @param string $gid gid of the group to delete
-	 * @return bool
-	 */
-	public function deleteGroup($gid) {
-		return $this->handleRequest(
-			$gid, 'deleteGroup', [$gid]);
-	}
+    /**
+     * delete a group
+     * @param string $gid gid of the group to delete
+     * @return bool
+     */
+    public function deleteGroup($gid) {
+        return $this->handleRequest(
+            $gid, 'deleteGroup', [$gid]);
+    }
 
-	/**
-	 * Add a user to a group
-	 * @param string $uid Name of the user to add to group
-	 * @param string $gid Name of the group in which add the user
-	 * @return bool
-	 *
-	 * Adds a user to a group.
-	 */
-	public function addToGroup($uid, $gid) {
-		return $this->handleRequest(
-			$gid, 'addToGroup', [$uid, $gid]);
-	}
+    /**
+     * Add a user to a group
+     * @param string $uid Name of the user to add to group
+     * @param string $gid Name of the group in which add the user
+     * @return bool
+     *
+     * Adds a user to a group.
+     */
+    public function addToGroup($uid, $gid) {
+        return $this->handleRequest(
+            $gid, 'addToGroup', [$uid, $gid]);
+    }
 
-	/**
-	 * Removes a user from a group
-	 * @param string $uid Name of the user to remove from group
-	 * @param string $gid Name of the group from which remove the user
-	 * @return bool
-	 *
-	 * removes the user from a group.
-	 */
-	public function removeFromGroup($uid, $gid) {
-		return $this->handleRequest(
-			$gid, 'removeFromGroup', [$uid, $gid]);
-	}
+    /**
+     * Removes a user from a group
+     * @param string $uid Name of the user to remove from group
+     * @param string $gid Name of the group from which remove the user
+     * @return bool
+     *
+     * removes the user from a group.
+     */
+    public function removeFromGroup($uid, $gid) {
+        return $this->handleRequest(
+            $gid, 'removeFromGroup', [$uid, $gid]);
+    }
 
-	/**
-	 * returns the number of users in a group, who match the search term
-	 * @param string $gid the internal group name
-	 * @param string $search optional, a search string
-	 * @return int|bool
-	 */
-	public function countUsersInGroup($gid, $search = '') {
-		return $this->handleRequest(
-			$gid, 'countUsersInGroup', [$gid, $search]);
-	}
+    /**
+     * returns the number of users in a group, who match the search term
+     * @param string $gid the internal group name
+     * @param string $search optional, a search string
+     * @return int|bool
+     */
+    public function countUsersInGroup($gid, $search = '') {
+        return $this->handleRequest(
+            $gid, 'countUsersInGroup', [$gid, $search]);
+    }
 
-	/**
-	 * get an array with group details
-	 * @param string $gid
-	 * @return array|false
-	 */
-	public function getGroupDetails($gid) {
-		return $this->handleRequest(
-			$gid, 'getGroupDetails', [$gid]);
-	}
+    /**
+     * get an array with group details
+     * @param string $gid
+     * @return array|false
+     */
+    public function getGroupDetails($gid) {
+        return $this->handleRequest(
+            $gid, 'getGroupDetails', [$gid]);
+    }
 
-	/**
-	 * get a list of all groups
-	 * @return string[] with group names
-	 *
-	 * Returns a list with all groups
-	 */
-	public function getGroups($search = '', $limit = -1, $offset = 0) {
-		$groups = [];
+    /**
+     * get a list of all groups
+     * @return string[] with group names
+     *
+     * Returns a list with all groups
+     */
+    public function getGroups($search = '', $limit = -1, $offset = 0) {
+        $groups = [];
 
-		foreach($this->backends as $backend) {
-			$backendGroups = $backend->getGroups($search, $limit, $offset);
-			if (is_array($backendGroups)) {
-				$groups = array_merge($groups, $backendGroups);
-			}
-		}
+        foreach($this->backends as $backend) {
+            $backendGroups = $backend->getGroups($search, $limit, $offset);
+            if (is_array($backendGroups)) {
+                $groups = array_merge($groups, $backendGroups);
+            }
+        }
 
-		return $groups;
-	}
+        return $groups;
+    }
 
-	/**
-	 * check if a group exists
-	 * @param string $gid
-	 * @return bool
-	 */
-	public function groupExists($gid) {
-		return $this->handleRequest($gid, 'groupExists', [$gid]);
-	}
+    /**
+     * check if a group exists
+     * @param string $gid
+     * @return bool
+     */
+    public function groupExists($gid) {
+        return $this->handleRequest($gid, 'groupExists', [$gid]);
+    }
 
-	/**
-	 * Check if backend implements actions
-	 * @param int $actions bitwise-or'ed actions
-	 * @return boolean
-	 *
-	 * Returns the supported actions as int to be
-	 * compared with \OCP\GroupInterface::CREATE_GROUP etc.
-	 */
-	public function implementsActions($actions) {
-		//it's the same across all our user backends obviously
-		return $this->refBackend->implementsActions($actions);
-	}
+    /**
+     * Check if backend implements actions
+     * @param int $actions bitwise-or'ed actions
+     * @return boolean
+     *
+     * Returns the supported actions as int to be
+     * compared with \OCP\GroupInterface::CREATE_GROUP etc.
+     */
+    public function implementsActions($actions) {
+        //it's the same across all our user backends obviously
+        return $this->refBackend->implementsActions($actions);
+    }
 
-	/**
-	 * Return access for LDAP interaction.
-	 * @param string $gid
-	 * @return Access instance of Access for LDAP interaction
-	 */
-	public function getLDAPAccess($gid) {
-		return $this->handleRequest($gid, 'getLDAPAccess', [$gid]);
-	}
+    /**
+     * Return access for LDAP interaction.
+     * @param string $gid
+     * @return Access instance of Access for LDAP interaction
+     */
+    public function getLDAPAccess($gid) {
+        return $this->handleRequest($gid, 'getLDAPAccess', [$gid]);
+    }
 
-	/**
-	 * Return a new LDAP connection for the specified group.
-	 * The connection needs to be closed manually.
-	 * @param string $gid
-	 * @return resource of the LDAP connection
-	 */
-	public function getNewLDAPConnection($gid) {
-		return $this->handleRequest($gid, 'getNewLDAPConnection', [$gid]);
-	}
+    /**
+     * Return a new LDAP connection for the specified group.
+     * The connection needs to be closed manually.
+     * @param string $gid
+     * @return resource of the LDAP connection
+     */
+    public function getNewLDAPConnection($gid) {
+        return $this->handleRequest($gid, 'getNewLDAPConnection', [$gid]);
+    }
 
-	public function getDisplayName(string $gid): string {
-		return $this->handleRequest($gid, 'getDisplayName', [$gid]);
-	}
+    public function getDisplayName(string $gid): string {
+        return $this->handleRequest($gid, 'getDisplayName', [$gid]);
+    }
 }

Please login to merge, or discard this patch.

Spacing +11 added lines, -11 removed lines patch added patch discarded remove patch

@@ -39,10 +39,10 @@  discard block
 block discarded – undo
 	 */
 	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
 		parent::__construct($ldap);
-		foreach($serverConfigPrefixes as $configPrefix) {
+		foreach ($serverConfigPrefixes as $configPrefix) {
 			$this->backends[$configPrefix] =
 				new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
-			if(is_null($this->refBackend)) {
+			if (is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}
 		}
@@ -57,8 +57,8 @@  discard block
 block discarded – undo
 	 */
 	protected function walkBackends($gid, $method, $parameters) {
 		$cacheKey = $this->getGroupCacheKey($gid);
-		foreach($this->backends as $configPrefix => $backend) {
-			if($result = call_user_func_array([$backend, $method], $parameters)) {
+		foreach ($this->backends as $configPrefix => $backend) {
+			if ($result = call_user_func_array([$backend, $method], $parameters)) {
 				$this->writeToCache($cacheKey, $configPrefix);
 				return $result;
 			}
@@ -78,17 +78,17 @@  discard block
 block discarded – undo
 		$cacheKey = $this->getGroupCacheKey($gid);
 		$prefix = $this->getFromCache($cacheKey);
 		//in case the uid has been found in the past, try this stored connection first
-		if(!is_null($prefix)) {
-			if(isset($this->backends[$prefix])) {
+		if (!is_null($prefix)) {
+			if (isset($this->backends[$prefix])) {
 				$result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
-				if($result === $passOnWhen) {
+				if ($result === $passOnWhen) {
 					//not found here, reset cache to null if group vanished
 					//because sometimes methods return false with a reason
 					$groupExists = call_user_func_array(
 						[$this->backends[$prefix], 'groupExists'],
 						[$gid]
 					);
-					if(!$groupExists) {
+					if (!$groupExists) {
 						$this->writeToCache($cacheKey, null);
 					}
 				}
@@ -121,7 +121,7 @@  discard block
 block discarded – undo
 	public function getUserGroups($uid) {
 		$groups = [];
 
-		foreach($this->backends as $backend) {
+		foreach ($this->backends as $backend) {
 			$backendGroups = $backend->getUserGroups($uid);
 			if (is_array($backendGroups)) {
 				$groups = array_merge($groups, $backendGroups);
@@ -138,7 +138,7 @@  discard block
 block discarded – undo
 	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
 		$users = [];
 
-		foreach($this->backends as $backend) {
+		foreach ($this->backends as $backend) {
 			$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
 			if (is_array($backendUsers)) {
 				$users = array_merge($users, $backendUsers);
@@ -223,7 +223,7 @@  discard block
 block discarded – undo
 	public function getGroups($search = '', $limit = -1, $offset = 0) {
 		$groups = [];
 
-		foreach($this->backends as $backend) {
+		foreach ($this->backends as $backend) {
 			$backendGroups = $backend->getGroups($search, $limit, $offset);
 			if (is_array($backendGroups)) {
 				$groups = array_merge($groups, $backendGroups);

Please login to merge, or discard this patch.

apps/user_ldap/lib/Command/ShowConfig.php 2 patches

Indentation +67 added lines, -67 removed lines patch added patch discarded remove patch

@@ -36,77 +36,77 @@
 block discarded – undo
 use Symfony\Component\Console\Output\OutputInterface;
 
 class ShowConfig extends Command {
-	/** @var \OCA\User_LDAP\Helper */
-	protected $helper;
+    /** @var \OCA\User_LDAP\Helper */
+    protected $helper;
 
-	/**
-	 * @param Helper $helper
-	 */
-	public function __construct(Helper $helper) {
-		$this->helper = $helper;
-		parent::__construct();
-	}
+    /**
+     * @param Helper $helper
+     */
+    public function __construct(Helper $helper) {
+        $this->helper = $helper;
+        parent::__construct();
+    }
 
-	protected function configure() {
-		$this
-			->setName('ldap:show-config')
-			->setDescription('shows the LDAP configuration')
-			->addArgument(
-					'configID',
-					InputArgument::OPTIONAL,
-					'will show the configuration of the specified id'
-				     )
-			->addOption(
-					'show-password',
-					null,
-					InputOption::VALUE_NONE,
-					'show ldap bind password'
-				     )
-		;
-	}
+    protected function configure() {
+        $this
+            ->setName('ldap:show-config')
+            ->setDescription('shows the LDAP configuration')
+            ->addArgument(
+                    'configID',
+                    InputArgument::OPTIONAL,
+                    'will show the configuration of the specified id'
+                        )
+            ->addOption(
+                    'show-password',
+                    null,
+                    InputOption::VALUE_NONE,
+                    'show ldap bind password'
+                        )
+        ;
+    }
 
-	protected function execute(InputInterface $input, OutputInterface $output) {
-		$availableConfigs = $this->helper->getServerConfigurationPrefixes();
-		$configID = $input->getArgument('configID');
-		if(!is_null($configID)) {
-			$configIDs[] = $configID;
-			if(!in_array($configIDs[0], $availableConfigs)) {
-				$output->writeln("Invalid configID");
-				return;
-			}
-		} else {
-			$configIDs = $availableConfigs;
-		}
+    protected function execute(InputInterface $input, OutputInterface $output) {
+        $availableConfigs = $this->helper->getServerConfigurationPrefixes();
+        $configID = $input->getArgument('configID');
+        if(!is_null($configID)) {
+            $configIDs[] = $configID;
+            if(!in_array($configIDs[0], $availableConfigs)) {
+                $output->writeln("Invalid configID");
+                return;
+            }
+        } else {
+            $configIDs = $availableConfigs;
+        }
 
-		$this->renderConfigs($configIDs, $output, $input->getOption('show-password'));
-	}
+        $this->renderConfigs($configIDs, $output, $input->getOption('show-password'));
+    }
 
-	/**
-	 * prints the LDAP configuration(s)
-	 * @param string[] configID(s)
-	 * @param OutputInterface $output
-	 * @param bool $withPassword      Set to TRUE to show plaintext passwords in output
-	 */
-	protected function renderConfigs($configIDs, $output, $withPassword) {
-		foreach($configIDs as $id) {
-			$configHolder = new Configuration($id);
-			$configuration = $configHolder->getConfiguration();
-			ksort($configuration);
+    /**
+     * prints the LDAP configuration(s)
+     * @param string[] configID(s)
+     * @param OutputInterface $output
+     * @param bool $withPassword      Set to TRUE to show plaintext passwords in output
+     */
+    protected function renderConfigs($configIDs, $output, $withPassword) {
+        foreach($configIDs as $id) {
+            $configHolder = new Configuration($id);
+            $configuration = $configHolder->getConfiguration();
+            ksort($configuration);
 
-			$table = new Table($output);
-			$table->setHeaders(['Configuration', $id]);
-			$rows = [];
-			foreach($configuration as $key => $value) {
-				if($key === 'ldapAgentPassword' && !$withPassword) {
-					$value = '***';
-				}
-				if(is_array($value)) {
-					$value = implode(';', $value);
-				}
-				$rows[] = [$key, $value];
-			}
-			$table->setRows($rows);
-			$table->render($output);
-		}
-	}
+            $table = new Table($output);
+            $table->setHeaders(['Configuration', $id]);
+            $rows = [];
+            foreach($configuration as $key => $value) {
+                if($key === 'ldapAgentPassword' && !$withPassword) {
+                    $value = '***';
+                }
+                if(is_array($value)) {
+                    $value = implode(';', $value);
+                }
+                $rows[] = [$key, $value];
+            }
+            $table->setRows($rows);
+            $table->render($output);
+        }
+    }
 }

Please login to merge, or discard this patch.

Spacing +6 added lines, -6 removed lines patch added patch discarded remove patch

@@ -68,9 +68,9 @@  discard block
 block discarded – undo
 	protected function execute(InputInterface $input, OutputInterface $output) {
 		$availableConfigs = $this->helper->getServerConfigurationPrefixes();
 		$configID = $input->getArgument('configID');
-		if(!is_null($configID)) {
+		if (!is_null($configID)) {
 			$configIDs[] = $configID;
-			if(!in_array($configIDs[0], $availableConfigs)) {
+			if (!in_array($configIDs[0], $availableConfigs)) {
 				$output->writeln("Invalid configID");
 				return;
 			}
@@ -88,7 +88,7 @@  discard block
 block discarded – undo
 	 * @param bool $withPassword      Set to TRUE to show plaintext passwords in output
 	 */
 	protected function renderConfigs($configIDs, $output, $withPassword) {
-		foreach($configIDs as $id) {
+		foreach ($configIDs as $id) {
 			$configHolder = new Configuration($id);
 			$configuration = $configHolder->getConfiguration();
 			ksort($configuration);
@@ -96,11 +96,11 @@  discard block
 block discarded – undo
 			$table = new Table($output);
 			$table->setHeaders(['Configuration', $id]);
 			$rows = [];
-			foreach($configuration as $key => $value) {
-				if($key === 'ldapAgentPassword' && !$withPassword) {
+			foreach ($configuration as $key => $value) {
+				if ($key === 'ldapAgentPassword' && !$withPassword) {
 					$value = '***';
 				}
-				if(is_array($value)) {
+				if (is_array($value)) {
 					$value = implode(';', $value);
 				}
 				$rows[] = [$key, $value];

Please login to merge, or discard this patch.

apps/user_ldap/lib/Command/TestConfig.php 2 patches

Indentation +50 added lines, -50 removed lines patch added patch discarded remove patch

@@ -35,59 +35,59 @@
 block discarded – undo
 
 class TestConfig extends Command {
 
-	protected function configure() {
-		$this
-			->setName('ldap:test-config')
-			->setDescription('tests an LDAP configuration')
-			->addArgument(
-					'configID',
-					InputArgument::REQUIRED,
-					'the configuration ID'
-				     )
-		;
-	}
+    protected function configure() {
+        $this
+            ->setName('ldap:test-config')
+            ->setDescription('tests an LDAP configuration')
+            ->addArgument(
+                    'configID',
+                    InputArgument::REQUIRED,
+                    'the configuration ID'
+                        )
+        ;
+    }
 
-	protected function execute(InputInterface $input, OutputInterface $output) {
-		$helper = new Helper(\OC::$server->getConfig());
-		$availableConfigs = $helper->getServerConfigurationPrefixes();
-		$configID = $input->getArgument('configID');
-		if(!in_array($configID, $availableConfigs)) {
-			$output->writeln("Invalid configID");
-			return;
-		}
+    protected function execute(InputInterface $input, OutputInterface $output) {
+        $helper = new Helper(\OC::$server->getConfig());
+        $availableConfigs = $helper->getServerConfigurationPrefixes();
+        $configID = $input->getArgument('configID');
+        if(!in_array($configID, $availableConfigs)) {
+            $output->writeln("Invalid configID");
+            return;
+        }
 
-		$result = $this->testConfig($configID);
-		if($result === 0) {
-			$output->writeln('The configuration is valid and the connection could be established!');
-		} else if($result === 1) {
-			$output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
-		} else if($result === 2) {
-			$output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
-		} else {
-			$output->writeln('Your LDAP server was kidnapped by aliens.');
-		}
-	}
+        $result = $this->testConfig($configID);
+        if($result === 0) {
+            $output->writeln('The configuration is valid and the connection could be established!');
+        } else if($result === 1) {
+            $output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
+        } else if($result === 2) {
+            $output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
+        } else {
+            $output->writeln('Your LDAP server was kidnapped by aliens.');
+        }
+    }
 
-	/**
-	 * tests the specified connection
-	 * @param string $configID
-	 * @return int
-	 */
-	protected function testConfig($configID) {
-		$lw = new \OCA\User_LDAP\LDAP();
-		$connection = new Connection($lw, $configID);
+    /**
+     * tests the specified connection
+     * @param string $configID
+     * @return int
+     */
+    protected function testConfig($configID) {
+        $lw = new \OCA\User_LDAP\LDAP();
+        $connection = new Connection($lw, $configID);
 
-		//ensure validation is run before we attempt the bind
-		$connection->getConfiguration();
+        //ensure validation is run before we attempt the bind
+        $connection->getConfiguration();
 
-		if(!$connection->setConfiguration([
-			'ldap_configuration_active' => 1,
-		])) {
-			return 1;
-		}
-		if($connection->bind()) {
-			return 0;
-		}
-		return 2;
-	}
+        if(!$connection->setConfiguration([
+            'ldap_configuration_active' => 1,
+        ])) {
+            return 1;
+        }
+        if($connection->bind()) {
+            return 0;
+        }
+        return 2;
+    }
 }

Please login to merge, or discard this patch.

Spacing +6 added lines, -6 removed lines patch added patch discarded remove patch

@@ -51,17 +51,17 @@  discard block
 block discarded – undo
 		$helper = new Helper(\OC::$server->getConfig());
 		$availableConfigs = $helper->getServerConfigurationPrefixes();
 		$configID = $input->getArgument('configID');
-		if(!in_array($configID, $availableConfigs)) {
+		if (!in_array($configID, $availableConfigs)) {
 			$output->writeln("Invalid configID");
 			return;
 		}
 
 		$result = $this->testConfig($configID);
-		if($result === 0) {
+		if ($result === 0) {
 			$output->writeln('The configuration is valid and the connection could be established!');
-		} else if($result === 1) {
+		} else if ($result === 1) {
 			$output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
-		} else if($result === 2) {
+		} else if ($result === 2) {
 			$output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
 		} else {
 			$output->writeln('Your LDAP server was kidnapped by aliens.');
@@ -80,12 +80,12 @@  discard block
 block discarded – undo
 		//ensure validation is run before we attempt the bind
 		$connection->getConfiguration();
 
-		if(!$connection->setConfiguration([
+		if (!$connection->setConfiguration([
 			'ldap_configuration_active' => 1,
 		])) {
 			return 1;
 		}
-		if($connection->bind()) {
+		if ($connection->bind()) {
 			return 0;
 		}
 		return 2;

Please login to merge, or discard this patch.

apps/user_ldap/lib/User/OfflineUser.php 2 patches

Indentation +207 added lines, -207 removed lines patch added patch discarded remove patch

@@ -29,219 +29,219 @@
 block discarded – undo
 use OCP\IDBConnection;
 
 class OfflineUser {
-	/**
-	 * @var string $ocName
-	 */
-	protected $ocName;
-	/**
-	 * @var string $dn
-	 */
-	protected $dn;
-	/**
-	 * @var string $uid the UID as provided by LDAP
-	 */
-	protected $uid;
-	/**
-	 * @var string $displayName
-	 */
-	protected $displayName;
-	/**
-	 * @var string $homePath
-	 */
-	protected $homePath;
-	/**
-	 * @var string $lastLogin the timestamp of the last login
-	 */
-	protected $lastLogin;
-	/**
-	 * @var string $foundDeleted the timestamp when the user was detected as unavailable
-	 */
-	protected $foundDeleted;
-	/**
-	 * @var string $email
-	 */
-	protected $email;
-	/**
-	 * @var bool $hasActiveShares
-	 */
-	protected $hasActiveShares;
-	/**
-	 * @var IConfig $config
-	 */
-	protected $config;
-	/**
-	 * @var IDBConnection $db
-	 */
-	protected $db;
-	/**
-	 * @var \OCA\User_LDAP\Mapping\UserMapping
-	 */
-	protected $mapping;
-
-	/**
-	 * @param string $ocName
-	 * @param IConfig $config
-	 * @param IDBConnection $db
-	 * @param \OCA\User_LDAP\Mapping\UserMapping $mapping
-	 */
-	public function __construct($ocName, IConfig $config, IDBConnection $db, UserMapping $mapping) {
-		$this->ocName = $ocName;
-		$this->config = $config;
-		$this->db = $db;
-		$this->mapping = $mapping;
-		$this->fetchDetails();
-	}
-
-	/**
-	 * remove the Delete-flag from the user.
-	 */
-	public function unmark() {
-		$this->config->deleteUserValue($this->ocName, 'user_ldap', 'isDeleted');
-		$this->config->deleteUserValue($this->ocName, 'user_ldap', 'foundDeleted');
-	}
-
-	/**
-	 * exports the user details in an assoc array
-	 * @return array
-	 */
-	public function export() {
-		$data = [];
-		$data['ocName'] = $this->getOCName();
-		$data['dn'] = $this->getDN();
-		$data['uid'] = $this->getUID();
-		$data['displayName'] = $this->getDisplayName();
-		$data['homePath'] = $this->getHomePath();
-		$data['lastLogin'] = $this->getLastLogin();
-		$data['email'] = $this->getEmail();
-		$data['hasActiveShares'] = $this->getHasActiveShares();
-
-		return $data;
-	}
-
-	/**
-	 * getter for Nextcloud internal name
-	 * @return string
-	 */
-	public function getOCName() {
-		return $this->ocName;
-	}
-
-	/**
-	 * getter for LDAP uid
-	 * @return string
-	 */
-	public function getUID() {
-		return $this->uid;
-	}
-
-	/**
-	 * getter for LDAP DN
-	 * @return string
-	 */
-	public function getDN() {
-		return $this->dn;
-	}
-
-	/**
-	 * getter for display name
-	 * @return string
-	 */
-	public function getDisplayName() {
-		return $this->displayName;
-	}
-
-	/**
-	 * getter for email
-	 * @return string
-	 */
-	public function getEmail() {
-		return $this->email;
-	}
-
-	/**
-	 * getter for home directory path
-	 * @return string
-	 */
-	public function getHomePath() {
-		return $this->homePath;
-	}
-
-	/**
-	 * getter for the last login timestamp
-	 * @return int
-	 */
-	public function getLastLogin() {
-		return (int)$this->lastLogin;
-	}
-
-	/**
-	 * getter for the detection timestamp
-	 * @return int
-	 */
-	public function getDetectedOn() {
-		return (int)$this->foundDeleted;
-	}
-
-	/**
-	 * getter for having active shares
-	 * @return bool
-	 */
-	public function getHasActiveShares() {
-		return $this->hasActiveShares;
-	}
-
-	/**
-	 * reads the user details
-	 */
-	protected function fetchDetails() {
-		$properties = [
-			'displayName'  => 'user_ldap',
-			'uid'          => 'user_ldap',
-			'homePath'     => 'user_ldap',
-			'foundDeleted' => 'user_ldap',
-			'email'        => 'settings',
-			'lastLogin'    => 'login',
-		];
-		foreach($properties as $property => $app) {
-			$this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
-		}
-
-		$dn = $this->mapping->getDNByName($this->ocName);
-		$this->dn = ($dn !== false) ? $dn : '';
-
-		$this->determineShares();
-	}
-
-
-	/**
-	 * finds out whether the user has active shares. The result is stored in
-	 * $this->hasActiveShares
-	 */
-	protected function determineShares() {
-		$query = $this->db->prepare('
+    /**
+     * @var string $ocName
+     */
+    protected $ocName;
+    /**
+     * @var string $dn
+     */
+    protected $dn;
+    /**
+     * @var string $uid the UID as provided by LDAP
+     */
+    protected $uid;
+    /**
+     * @var string $displayName
+     */
+    protected $displayName;
+    /**
+     * @var string $homePath
+     */
+    protected $homePath;
+    /**
+     * @var string $lastLogin the timestamp of the last login
+     */
+    protected $lastLogin;
+    /**
+     * @var string $foundDeleted the timestamp when the user was detected as unavailable
+     */
+    protected $foundDeleted;
+    /**
+     * @var string $email
+     */
+    protected $email;
+    /**
+     * @var bool $hasActiveShares
+     */
+    protected $hasActiveShares;
+    /**
+     * @var IConfig $config
+     */
+    protected $config;
+    /**
+     * @var IDBConnection $db
+     */
+    protected $db;
+    /**
+     * @var \OCA\User_LDAP\Mapping\UserMapping
+     */
+    protected $mapping;
+
+    /**
+     * @param string $ocName
+     * @param IConfig $config
+     * @param IDBConnection $db
+     * @param \OCA\User_LDAP\Mapping\UserMapping $mapping
+     */
+    public function __construct($ocName, IConfig $config, IDBConnection $db, UserMapping $mapping) {
+        $this->ocName = $ocName;
+        $this->config = $config;
+        $this->db = $db;
+        $this->mapping = $mapping;
+        $this->fetchDetails();
+    }
+
+    /**
+     * remove the Delete-flag from the user.
+     */
+    public function unmark() {
+        $this->config->deleteUserValue($this->ocName, 'user_ldap', 'isDeleted');
+        $this->config->deleteUserValue($this->ocName, 'user_ldap', 'foundDeleted');
+    }
+
+    /**
+     * exports the user details in an assoc array
+     * @return array
+     */
+    public function export() {
+        $data = [];
+        $data['ocName'] = $this->getOCName();
+        $data['dn'] = $this->getDN();
+        $data['uid'] = $this->getUID();
+        $data['displayName'] = $this->getDisplayName();
+        $data['homePath'] = $this->getHomePath();
+        $data['lastLogin'] = $this->getLastLogin();
+        $data['email'] = $this->getEmail();
+        $data['hasActiveShares'] = $this->getHasActiveShares();
+
+        return $data;
+    }
+
+    /**
+     * getter for Nextcloud internal name
+     * @return string
+     */
+    public function getOCName() {
+        return $this->ocName;
+    }
+
+    /**
+     * getter for LDAP uid
+     * @return string
+     */
+    public function getUID() {
+        return $this->uid;
+    }
+
+    /**
+     * getter for LDAP DN
+     * @return string
+     */
+    public function getDN() {
+        return $this->dn;
+    }
+
+    /**
+     * getter for display name
+     * @return string
+     */
+    public function getDisplayName() {
+        return $this->displayName;
+    }
+
+    /**
+     * getter for email
+     * @return string
+     */
+    public function getEmail() {
+        return $this->email;
+    }
+
+    /**
+     * getter for home directory path
+     * @return string
+     */
+    public function getHomePath() {
+        return $this->homePath;
+    }
+
+    /**
+     * getter for the last login timestamp
+     * @return int
+     */
+    public function getLastLogin() {
+        return (int)$this->lastLogin;
+    }
+
+    /**
+     * getter for the detection timestamp
+     * @return int
+     */
+    public function getDetectedOn() {
+        return (int)$this->foundDeleted;
+    }
+
+    /**
+     * getter for having active shares
+     * @return bool
+     */
+    public function getHasActiveShares() {
+        return $this->hasActiveShares;
+    }
+
+    /**
+     * reads the user details
+     */
+    protected function fetchDetails() {
+        $properties = [
+            'displayName'  => 'user_ldap',
+            'uid'          => 'user_ldap',
+            'homePath'     => 'user_ldap',
+            'foundDeleted' => 'user_ldap',
+            'email'        => 'settings',
+            'lastLogin'    => 'login',
+        ];
+        foreach($properties as $property => $app) {
+            $this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
+        }
+
+        $dn = $this->mapping->getDNByName($this->ocName);
+        $this->dn = ($dn !== false) ? $dn : '';
+
+        $this->determineShares();
+    }
+
+
+    /**
+     * finds out whether the user has active shares. The result is stored in
+     * $this->hasActiveShares
+     */
+    protected function determineShares() {
+        $query = $this->db->prepare('
 			SELECT COUNT(`uid_owner`)
 			FROM `*PREFIX*share`
 			WHERE `uid_owner` = ?
 		', 1);
-		$query->execute([$this->ocName]);
-		$sResult = $query->fetchColumn(0);
-		if((int)$sResult === 1) {
-			$this->hasActiveShares = true;
-			return;
-		}
-
-		$query = $this->db->prepare('
+        $query->execute([$this->ocName]);
+        $sResult = $query->fetchColumn(0);
+        if((int)$sResult === 1) {
+            $this->hasActiveShares = true;
+            return;
+        }
+
+        $query = $this->db->prepare('
 			SELECT COUNT(`owner`)
 			FROM `*PREFIX*share_external`
 			WHERE `owner` = ?
 		', 1);
-		$query->execute([$this->ocName]);
-		$sResult = $query->fetchColumn(0);
-		if((int)$sResult === 1) {
-			$this->hasActiveShares = true;
-			return;
-		}
-
-		$this->hasActiveShares = false;
-	}
+        $query->execute([$this->ocName]);
+        $sResult = $query->fetchColumn(0);
+        if((int)$sResult === 1) {
+            $this->hasActiveShares = true;
+            return;
+        }
+
+        $this->hasActiveShares = false;
+    }
 }

Please login to merge, or discard this patch.

Spacing +5 added lines, -5 removed lines patch added patch discarded remove patch

@@ -171,7 +171,7 @@  discard block
 block discarded – undo
 	 * @return int
 	 */
 	public function getLastLogin() {
-		return (int)$this->lastLogin;
+		return (int) $this->lastLogin;
 	}
 
 	/**
@@ -179,7 +179,7 @@  discard block
 block discarded – undo
 	 * @return int
 	 */
 	public function getDetectedOn() {
-		return (int)$this->foundDeleted;
+		return (int) $this->foundDeleted;
 	}
 
 	/**
@@ -202,7 +202,7 @@  discard block
 block discarded – undo
 			'email'        => 'settings',
 			'lastLogin'    => 'login',
 		];
-		foreach($properties as $property => $app) {
+		foreach ($properties as $property => $app) {
 			$this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
 		}
 
@@ -225,7 +225,7 @@  discard block
 block discarded – undo
 		', 1);
 		$query->execute([$this->ocName]);
 		$sResult = $query->fetchColumn(0);
-		if((int)$sResult === 1) {
+		if ((int) $sResult === 1) {
 			$this->hasActiveShares = true;
 			return;
 		}
@@ -237,7 +237,7 @@  discard block
 block discarded – undo
 		', 1);
 		$query->execute([$this->ocName]);
 		$sResult = $query->fetchColumn(0);
-		if((int)$sResult === 1) {
+		if ((int) $sResult === 1) {
 			$this->hasActiveShares = true;
 			return;
 		}

Please login to merge, or discard this patch.

apps/user_ldap/lib/User/User.php 2 patches

Indentation +741 added lines, -741 removed lines patch added patch discarded remove patch

@@ -49,745 +49,745 @@
 block discarded – undo
  * represents an LDAP user, gets and holds user-specific information from LDAP
  */
 class User {
-	/**
-	 * @var Access
-	 */
-	protected $access;
-	/**
-	 * @var Connection
-	 */
-	protected $connection;
-	/**
-	 * @var IConfig
-	 */
-	protected $config;
-	/**
-	 * @var FilesystemHelper
-	 */
-	protected $fs;
-	/**
-	 * @var Image
-	 */
-	protected $image;
-	/**
-	 * @var LogWrapper
-	 */
-	protected $log;
-	/**
-	 * @var IAvatarManager
-	 */
-	protected $avatarManager;
-	/**
-	 * @var IUserManager
-	 */
-	protected $userManager;
-	/**
-	 * @var INotificationManager
-	 */
-	protected $notificationManager;
-	/**
-	 * @var string
-	 */
-	protected $dn;
-	/**
-	 * @var string
-	 */
-	protected $uid;
-	/**
-	 * @var string[]
-	 */
-	protected $refreshedFeatures = [];
-	/**
-	 * @var string
-	 */
-	protected $avatarImage;
-
-	/**
-	 * DB config keys for user preferences
-	 */
-	const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
-	const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
-
-	/**
-	 * @brief constructor, make sure the subclasses call this one!
-	 * @param string $username the internal username
-	 * @param string $dn the LDAP DN
-	 * @param Access $access
-	 * @param IConfig $config
-	 * @param FilesystemHelper $fs
-	 * @param Image $image any empty instance
-	 * @param LogWrapper $log
-	 * @param IAvatarManager $avatarManager
-	 * @param IUserManager $userManager
-	 * @param INotificationManager $notificationManager
-	 */
-	public function __construct($username, $dn, Access $access,
-		IConfig $config, FilesystemHelper $fs, Image $image,
-		LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager,
-		INotificationManager $notificationManager) {
-
-		if ($username === null) {
-			$log->log("uid for '$dn' must not be null!", ILogger::ERROR);
-			throw new \InvalidArgumentException('uid must not be null!');
-		} else if ($username === '') {
-			$log->log("uid for '$dn' must not be an empty string", ILogger::ERROR);
-			throw new \InvalidArgumentException('uid must not be an empty string!');
-		}
-
-		$this->access              = $access;
-		$this->connection          = $access->getConnection();
-		$this->config              = $config;
-		$this->fs                  = $fs;
-		$this->dn                  = $dn;
-		$this->uid                 = $username;
-		$this->image               = $image;
-		$this->log                 = $log;
-		$this->avatarManager       = $avatarManager;
-		$this->userManager         = $userManager;
-		$this->notificationManager = $notificationManager;
-
-		\OCP\Util::connectHook('OC_User', 'post_login', $this, 'handlePasswordExpiry');
-	}
-
-	/**
-	 * @brief updates properties like email, quota or avatar provided by LDAP
-	 * @return null
-	 */
-	public function update() {
-		if(is_null($this->dn)) {
-			return null;
-		}
-
-		$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
-				self::USER_PREFKEY_FIRSTLOGIN, 0);
-
-		if($this->needsRefresh()) {
-			$this->updateEmail();
-			$this->updateQuota();
-			if($hasLoggedIn !== 0) {
-				//we do not need to try it, when the user has not been logged in
-				//before, because the file system will not be ready.
-				$this->updateAvatar();
-				//in order to get an avatar as soon as possible, mark the user
-				//as refreshed only when updating the avatar did happen
-				$this->markRefreshTime();
-			}
-		}
-	}
-
-	/**
-	 * marks a user as deleted
-	 *
-	 * @throws \OCP\PreConditionNotMetException
-	 */
-	public function markUser() {
-		$curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0');
-		if($curValue === '1') {
-			// the user is already marked, do not write to DB again
-			return;
-		}
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1');
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time());
-	}
-
-	/**
-	 * processes results from LDAP for attributes as returned by getAttributesToRead()
-	 * @param array $ldapEntry the user entry as retrieved from LDAP
-	 */
-	public function processAttributes($ldapEntry) {
-		$this->markRefreshTime();
-		//Quota
-		$attr = strtolower($this->connection->ldapQuotaAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateQuota($ldapEntry[$attr][0]);
-		} else {
-			if ($this->connection->ldapQuotaDefault !== '') {
-				$this->updateQuota();
-			}
-		}
-		unset($attr);
-
-		//displayName
-		$displayName = $displayName2 = '';
-		$attr = strtolower($this->connection->ldapUserDisplayName);
-		if(isset($ldapEntry[$attr])) {
-			$displayName = (string)$ldapEntry[$attr][0];
-		}
-		$attr = strtolower($this->connection->ldapUserDisplayName2);
-		if(isset($ldapEntry[$attr])) {
-			$displayName2 = (string)$ldapEntry[$attr][0];
-		}
-		if ($displayName !== '') {
-			$this->composeAndStoreDisplayName($displayName, $displayName2);
-			$this->access->cacheUserDisplayName(
-				$this->getUsername(),
-				$displayName,
-				$displayName2
-			);
-		}
-		unset($attr);
-
-		//Email
-		//email must be stored after displayname, because it would cause a user
-		//change event that will trigger fetching the display name again
-		$attr = strtolower($this->connection->ldapEmailAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateEmail($ldapEntry[$attr][0]);
-		}
-		unset($attr);
-
-		// LDAP Username, needed for s2s sharing
-		if(isset($ldapEntry['uid'])) {
-			$this->storeLDAPUserName($ldapEntry['uid'][0]);
-		} else if(isset($ldapEntry['samaccountname'])) {
-			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
-		}
-
-		//homePath
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
-			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
-			if(isset($ldapEntry[$attr])) {
-				$this->access->cacheUserHome(
-					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
-			}
-		}
-
-		//memberOf groups
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$groups = false;
-		if(isset($ldapEntry['memberof'])) {
-			$groups = $ldapEntry['memberof'];
-		}
-		$this->connection->writeToCache($cacheKey, $groups);
-
-		//external storage var
-		$attr = strtolower($this->connection->ldapExtStorageHomeAttribute);
-		if(isset($ldapEntry[$attr])) {
-			$this->updateExtStorageHome($ldapEntry[$attr][0]);
-		}
-		unset($attr);
-
-		//Avatar
-		/** @var Connection $connection */
-		$connection = $this->access->getConnection();
-		$attributes = $connection->resolveRule('avatar');
-		foreach ($attributes as $attribute)  {
-			if(isset($ldapEntry[$attribute])) {
-				$this->avatarImage = $ldapEntry[$attribute][0];
-				// the call to the method that saves the avatar in the file
-				// system must be postponed after the login. It is to ensure
-				// external mounts are mounted properly (e.g. with login
-				// credentials from the session).
-				\OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
-				break;
-			}
-		}
-	}
-
-	/**
-	 * @brief returns the LDAP DN of the user
-	 * @return string
-	 */
-	public function getDN() {
-		return $this->dn;
-	}
-
-	/**
-	 * @brief returns the Nextcloud internal username of the user
-	 * @return string
-	 */
-	public function getUsername() {
-		return $this->uid;
-	}
-
-	/**
-	 * returns the home directory of the user if specified by LDAP settings
-	 * @param string $valueFromLDAP
-	 * @return bool|string
-	 * @throws \Exception
-	 */
-	public function getHomePath($valueFromLDAP = null) {
-		$path = (string)$valueFromLDAP;
-		$attr = null;
-
-		if (is_null($valueFromLDAP)
-		   && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
-		   && $this->access->connection->homeFolderNamingRule !== 'attr:')
-		{
-			$attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
-			$homedir = $this->access->readAttribute(
-				$this->access->username2dn($this->getUsername()), $attr);
-			if ($homedir && isset($homedir[0])) {
-				$path = $homedir[0];
-			}
-		}
-
-		if ($path !== '') {
-			//if attribute's value is an absolute path take this, otherwise append it to data dir
-			//check for / at the beginning or pattern c:\ resp. c:/
-			if(   '/' !== $path[0]
-			   && !(3 < strlen($path) && ctype_alpha($path[0])
-			       && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
-			) {
-				$path = $this->config->getSystemValue('datadirectory',
-						\OC::$SERVERROOT.'/data' ) . '/' . $path;
-			}
-			//we need it to store it in the DB as well in case a user gets
-			//deleted so we can clean up afterwards
-			$this->config->setUserValue(
-				$this->getUsername(), 'user_ldap', 'homePath', $path
-			);
-			return $path;
-		}
-
-		if(    !is_null($attr)
-			&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
-		) {
-			// a naming rule attribute is defined, but it doesn't exist for that LDAP user
-			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
-		}
-
-		//false will apply default behaviour as defined and done by OC_User
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
-		return false;
-	}
-
-	public function getMemberOfGroups() {
-		$cacheKey = 'getMemberOf'.$this->getUsername();
-		$memberOfGroups = $this->connection->getFromCache($cacheKey);
-		if(!is_null($memberOfGroups)) {
-			return $memberOfGroups;
-		}
-		$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
-		$this->connection->writeToCache($cacheKey, $groupDNs);
-		return $groupDNs;
-	}
-
-	/**
-	 * @brief reads the image from LDAP that shall be used as Avatar
-	 * @return string data (provided by LDAP) | false
-	 */
-	public function getAvatarImage() {
-		if(!is_null($this->avatarImage)) {
-			return $this->avatarImage;
-		}
-
-		$this->avatarImage = false;
-		/** @var Connection $connection */
-		$connection = $this->access->getConnection();
-		$attributes = $connection->resolveRule('avatar');
-		foreach($attributes as $attribute) {
-			$result = $this->access->readAttribute($this->dn, $attribute);
-			if($result !== false && is_array($result) && isset($result[0])) {
-				$this->avatarImage = $result[0];
-				break;
-			}
-		}
-
-		return $this->avatarImage;
-	}
-
-	/**
-	 * @brief marks the user as having logged in at least once
-	 * @return null
-	 */
-	public function markLogin() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
-	}
-
-	/**
-	 * @brief marks the time when user features like email have been updated
-	 * @return null
-	 */
-	public function markRefreshTime() {
-		$this->config->setUserValue(
-			$this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
-	}
-
-	/**
-	 * @brief checks whether user features needs to be updated again by
-	 * comparing the difference of time of the last refresh to now with the
-	 * desired interval
-	 * @return bool
-	 */
-	private function needsRefresh() {
-		$lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
-			self::USER_PREFKEY_LASTREFRESH, 0);
-
-		if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) {
-			return false;
-		}
-		return  true;
-	}
-
-	/**
-	 * Stores a key-value pair in relation to this user
-	 *
-	 * @param string $key
-	 * @param string $value
-	 */
-	private function store($key, $value) {
-		$this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
-	}
-
-	/**
-	 * Composes the display name and stores it in the database. The final
-	 * display name is returned.
-	 *
-	 * @param string $displayName
-	 * @param string $displayName2
-	 * @return string the effective display name
-	 */
-	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
-		$displayName2 = (string)$displayName2;
-		if($displayName2 !== '') {
-			$displayName .= ' (' . $displayName2 . ')';
-		}
-		$oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null);
-		if ($oldName !== $displayName)  {
-			$this->store('displayName', $displayName);
-			$user = $this->userManager->get($this->getUsername());
-			if (!empty($oldName) && $user instanceof \OC\User\User) {
-				// if it was empty, it would be a new record, not a change emitting the trigger could
-				// potentially cause a UniqueConstraintViolationException, depending on some factors.
-				$user->triggerChange('displayName', $displayName, $oldName);
-			}
-		}
-		return $displayName;
-	}
-
-	/**
-	 * Stores the LDAP Username in the Database
-	 * @param string $userName
-	 */
-	public function storeLDAPUserName($userName) {
-		$this->store('uid', $userName);
-	}
-
-	/**
-	 * @brief checks whether an update method specified by feature was run
-	 * already. If not, it will marked like this, because it is expected that
-	 * the method will be run, when false is returned.
-	 * @param string $feature email | quota | avatar (can be extended)
-	 * @return bool
-	 */
-	private function wasRefreshed($feature) {
-		if(isset($this->refreshedFeatures[$feature])) {
-			return true;
-		}
-		$this->refreshedFeatures[$feature] = 1;
-		return false;
-	}
-
-	/**
-	 * fetches the email from LDAP and stores it as Nextcloud user value
-	 * @param string $valueFromLDAP if known, to save an LDAP read request
-	 * @return null
-	 */
-	public function updateEmail($valueFromLDAP = null) {
-		if($this->wasRefreshed('email')) {
-			return;
-		}
-		$email = (string)$valueFromLDAP;
-		if(is_null($valueFromLDAP)) {
-			$emailAttribute = $this->connection->ldapEmailAttribute;
-			if ($emailAttribute !== '') {
-				$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
-				if(is_array($aEmail) && (count($aEmail) > 0)) {
-					$email = (string)$aEmail[0];
-				}
-			}
-		}
-		if ($email !== '') {
-			$user = $this->userManager->get($this->uid);
-			if (!is_null($user)) {
-				$currentEmail = (string)$user->getEMailAddress();
-				if ($currentEmail !== $email) {
-					$user->setEMailAddress($email);
-				}
-			}
-		}
-	}
-
-	/**
-	 * Overall process goes as follow:
-	 * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function
-	 * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota
-	 * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default')
-	 * 4. check if the target user exists and set the quota for the user.
-	 *
-	 * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP
-	 * parameter can be passed with the value of the attribute. This value will be considered as the
-	 * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to
-	 * fetch all the user's attributes in one call and use the fetched values in this function.
-	 * The expected value for that parameter is a string describing the quota for the user. Valid
-	 * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in
-	 * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info)
-	 *
-	 * fetches the quota from LDAP and stores it as Nextcloud user value
-	 * @param string $valueFromLDAP the quota attribute's value can be passed,
-	 * to save the readAttribute request
-	 * @return null
-	 */
-	public function updateQuota($valueFromLDAP = null) {
-		if($this->wasRefreshed('quota')) {
-			return;
-		}
-
-		$quotaAttribute = $this->connection->ldapQuotaAttribute;
-		$defaultQuota = $this->connection->ldapQuotaDefault;
-		if($quotaAttribute === '' && $defaultQuota === '') {
-			return;
-		}
-
-		$quota = false;
-		if(is_null($valueFromLDAP) && $quotaAttribute !== '') {
-			$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
-			if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) {
-				$quota = $aQuota[0];
-			} else if(is_array($aQuota) && isset($aQuota[0])) {
-				$this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG);
-			}
-		} else if ($this->verifyQuotaValue($valueFromLDAP)) {
-			$quota = $valueFromLDAP;
-		} else {
-			$this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG);
-		}
-
-		if ($quota === false && $this->verifyQuotaValue($defaultQuota)) {
-			// quota not found using the LDAP attribute (or not parseable). Try the default quota
-			$quota = $defaultQuota;
-		} else if($quota === false) {
-			$this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG);
-			return;
-		}
-
-		$targetUser = $this->userManager->get($this->uid);
-		if ($targetUser instanceof IUser) {
-			$targetUser->setQuota($quota);
-		} else {
-			$this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO);
-		}
-	}
-
-	private function verifyQuotaValue($quotaValue) {
-		return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false;
-	}
-
-	/**
-	 * called by a post_login hook to save the avatar picture
-	 *
-	 * @param array $params
-	 */
-	public function updateAvatarPostLogin($params) {
-		if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
-			$this->updateAvatar();
-		}
-	}
-
-	/**
-	 * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar
-	 * @return bool
-	 */
-	public function updateAvatar($force = false) {
-		if(!$force && $this->wasRefreshed('avatar')) {
-			return false;
-		}
-		$avatarImage = $this->getAvatarImage();
-		if($avatarImage === false) {
-			//not set, nothing left to do;
-			return false;
-		}
-
-		if(!$this->image->loadFromBase64(base64_encode($avatarImage))) {
-			return false;
-		}
-
-		// use the checksum before modifications
-		$checksum = md5($this->image->data());
-
-		if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) {
-			return true;
-		}
-
-		$isSet = $this->setOwnCloudAvatar();
-
-		if($isSet) {
-			// save checksum only after successful setting
-			$this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum);
-		}
-
-		return $isSet;
-	}
-
-	/**
-	 * @brief sets an image as Nextcloud avatar
-	 * @return bool
-	 */
-	private function setOwnCloudAvatar() {
-		if(!$this->image->valid()) {
-			$this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR);
-			return false;
-		}
-
-
-		//make sure it is a square and not bigger than 128x128
-		$size = min([$this->image->width(), $this->image->height(), 128]);
-		if(!$this->image->centerCrop($size)) {
-			$this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR);
-			return false;
-		}
-
-		if(!$this->fs->isLoaded()) {
-			$this->fs->setup($this->uid);
-		}
-
-		try {
-			$avatar = $this->avatarManager->getAvatar($this->uid);
-			$avatar->set($this->image);
-			return true;
-		} catch (\Exception $e) {
-			\OC::$server->getLogger()->logException($e, [
-				'message' => 'Could not set avatar for ' . $this->dn,
-				'level' => ILogger::INFO,
-				'app' => 'user_ldap',
-			]);
-		}
-		return false;
-	}
-
-	/**
-	 * @throws AttributeNotSet
-	 * @throws \OC\ServerNotAvailableException
-	 * @throws \OCP\PreConditionNotMetException
-	 */
-	public function getExtStorageHome():string {
-		$value = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', '');
-		if ($value !== '') {
-			return $value;
-		}
-
-		$value = $this->updateExtStorageHome();
-		if ($value !== '') {
-			return $value;
-		}
-
-		throw new AttributeNotSet(sprintf(
-			'external home storage attribute yield no value for %s', $this->getUsername()
-		));
-	}
-
-	/**
-	 * @throws \OCP\PreConditionNotMetException
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	public function updateExtStorageHome(string $valueFromLDAP = null):string {
-		if ($valueFromLDAP === null) {
-			$extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute);
-		} else {
-			$extHomeValues = [$valueFromLDAP];
-		}
-		if ($extHomeValues && isset($extHomeValues[0])) {
-			$extHome = $extHomeValues[0];
-			$this->config->setUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', $extHome);
-			return $extHome;
-		} else {
-			$this->config->deleteUserValue($this->getUsername(), 'user_ldap', 'extStorageHome');
-			return '';
-		}
-	}
-
-	/**
-	 * called by a post_login hook to handle password expiry
-	 *
-	 * @param array $params
-	 */
-	public function handlePasswordExpiry($params) {
-		$ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
-		if (empty($ppolicyDN) || ((int)$this->connection->turnOnPasswordChange !== 1)) {
-			return;//password expiry handling disabled
-		}
-		$uid = $params['uid'];
-		if (isset($uid) && $uid === $this->getUsername()) {
-			//retrieve relevant user attributes
-			$result = $this->access->search('objectclass=*', [$this->dn], ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
-
-			if (array_key_exists('pwdpolicysubentry', $result[0])) {
-				$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
-				if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
-					$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
-				}
-			}
-
-			$pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : [];
-			$pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : [];
-			$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : [];
-
-			//retrieve relevant password policy attributes
-			$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
-			$result = $this->connection->getFromCache($cacheKey);
-			if(is_null($result)) {
-				$result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
-				$this->connection->writeToCache($cacheKey, $result);
-			}
-
-			$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : [];
-			$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : [];
-			$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : [];
-
-			//handle grace login
-			if (!empty($pwdGraceUseTime)) { //was this a grace login?
-				if (!empty($pwdGraceAuthNLimit)
-					&& count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available?
-					$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
-					header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
-					'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid]));
-				} else { //no more grace login available
-					header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
-					'user_ldap.renewPassword.showLoginFormInvalidPassword', ['user' => $uid]));
-				}
-				exit();
-			}
-			//handle pwdReset attribute
-			if (!empty($pwdReset) && $pwdReset[0] === 'TRUE') { //user must change his password
-				$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
-				header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
-				'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid]));
-				exit();
-			}
-			//handle password expiry warning
-			if (!empty($pwdChangedTime)) {
-				if (!empty($pwdMaxAge)
-					&& !empty($pwdExpireWarning)) {
-					$pwdMaxAgeInt = (int)$pwdMaxAge[0];
-					$pwdExpireWarningInt = (int)$pwdExpireWarning[0];
-					if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
-						$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
-						$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
-						$currentDateTime = new \DateTime();
-						$secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
-						if ($secondsToExpiry <= $pwdExpireWarningInt) {
-							//remove last password expiry warning if any
-							$notification = $this->notificationManager->createNotification();
-							$notification->setApp('user_ldap')
-								->setUser($uid)
-								->setObject('pwd_exp_warn', $uid)
-							;
-							$this->notificationManager->markProcessed($notification);
-							//create new password expiry warning
-							$notification = $this->notificationManager->createNotification();
-							$notification->setApp('user_ldap')
-								->setUser($uid)
-								->setDateTime($currentDateTime)
-								->setObject('pwd_exp_warn', $uid)
-								->setSubject('pwd_exp_warn_days', [(int) ceil($secondsToExpiry / 60 / 60 / 24)])
-							;
-							$this->notificationManager->notify($notification);
-						}
-					}
-				}
-			}
-		}
-	}
+    /**
+     * @var Access
+     */
+    protected $access;
+    /**
+     * @var Connection
+     */
+    protected $connection;
+    /**
+     * @var IConfig
+     */
+    protected $config;
+    /**
+     * @var FilesystemHelper
+     */
+    protected $fs;
+    /**
+     * @var Image
+     */
+    protected $image;
+    /**
+     * @var LogWrapper
+     */
+    protected $log;
+    /**
+     * @var IAvatarManager
+     */
+    protected $avatarManager;
+    /**
+     * @var IUserManager
+     */
+    protected $userManager;
+    /**
+     * @var INotificationManager
+     */
+    protected $notificationManager;
+    /**
+     * @var string
+     */
+    protected $dn;
+    /**
+     * @var string
+     */
+    protected $uid;
+    /**
+     * @var string[]
+     */
+    protected $refreshedFeatures = [];
+    /**
+     * @var string
+     */
+    protected $avatarImage;
+
+    /**
+     * DB config keys for user preferences
+     */
+    const USER_PREFKEY_FIRSTLOGIN  = 'firstLoginAccomplished';
+    const USER_PREFKEY_LASTREFRESH = 'lastFeatureRefresh';
+
+    /**
+     * @brief constructor, make sure the subclasses call this one!
+     * @param string $username the internal username
+     * @param string $dn the LDAP DN
+     * @param Access $access
+     * @param IConfig $config
+     * @param FilesystemHelper $fs
+     * @param Image $image any empty instance
+     * @param LogWrapper $log
+     * @param IAvatarManager $avatarManager
+     * @param IUserManager $userManager
+     * @param INotificationManager $notificationManager
+     */
+    public function __construct($username, $dn, Access $access,
+        IConfig $config, FilesystemHelper $fs, Image $image,
+        LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager,
+        INotificationManager $notificationManager) {
+
+        if ($username === null) {
+            $log->log("uid for '$dn' must not be null!", ILogger::ERROR);
+            throw new \InvalidArgumentException('uid must not be null!');
+        } else if ($username === '') {
+            $log->log("uid for '$dn' must not be an empty string", ILogger::ERROR);
+            throw new \InvalidArgumentException('uid must not be an empty string!');
+        }
+
+        $this->access              = $access;
+        $this->connection          = $access->getConnection();
+        $this->config              = $config;
+        $this->fs                  = $fs;
+        $this->dn                  = $dn;
+        $this->uid                 = $username;
+        $this->image               = $image;
+        $this->log                 = $log;
+        $this->avatarManager       = $avatarManager;
+        $this->userManager         = $userManager;
+        $this->notificationManager = $notificationManager;
+
+        \OCP\Util::connectHook('OC_User', 'post_login', $this, 'handlePasswordExpiry');
+    }
+
+    /**
+     * @brief updates properties like email, quota or avatar provided by LDAP
+     * @return null
+     */
+    public function update() {
+        if(is_null($this->dn)) {
+            return null;
+        }
+
+        $hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
+                self::USER_PREFKEY_FIRSTLOGIN, 0);
+
+        if($this->needsRefresh()) {
+            $this->updateEmail();
+            $this->updateQuota();
+            if($hasLoggedIn !== 0) {
+                //we do not need to try it, when the user has not been logged in
+                //before, because the file system will not be ready.
+                $this->updateAvatar();
+                //in order to get an avatar as soon as possible, mark the user
+                //as refreshed only when updating the avatar did happen
+                $this->markRefreshTime();
+            }
+        }
+    }
+
+    /**
+     * marks a user as deleted
+     *
+     * @throws \OCP\PreConditionNotMetException
+     */
+    public function markUser() {
+        $curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0');
+        if($curValue === '1') {
+            // the user is already marked, do not write to DB again
+            return;
+        }
+        $this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1');
+        $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time());
+    }
+
+    /**
+     * processes results from LDAP for attributes as returned by getAttributesToRead()
+     * @param array $ldapEntry the user entry as retrieved from LDAP
+     */
+    public function processAttributes($ldapEntry) {
+        $this->markRefreshTime();
+        //Quota
+        $attr = strtolower($this->connection->ldapQuotaAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateQuota($ldapEntry[$attr][0]);
+        } else {
+            if ($this->connection->ldapQuotaDefault !== '') {
+                $this->updateQuota();
+            }
+        }
+        unset($attr);
+
+        //displayName
+        $displayName = $displayName2 = '';
+        $attr = strtolower($this->connection->ldapUserDisplayName);
+        if(isset($ldapEntry[$attr])) {
+            $displayName = (string)$ldapEntry[$attr][0];
+        }
+        $attr = strtolower($this->connection->ldapUserDisplayName2);
+        if(isset($ldapEntry[$attr])) {
+            $displayName2 = (string)$ldapEntry[$attr][0];
+        }
+        if ($displayName !== '') {
+            $this->composeAndStoreDisplayName($displayName, $displayName2);
+            $this->access->cacheUserDisplayName(
+                $this->getUsername(),
+                $displayName,
+                $displayName2
+            );
+        }
+        unset($attr);
+
+        //Email
+        //email must be stored after displayname, because it would cause a user
+        //change event that will trigger fetching the display name again
+        $attr = strtolower($this->connection->ldapEmailAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateEmail($ldapEntry[$attr][0]);
+        }
+        unset($attr);
+
+        // LDAP Username, needed for s2s sharing
+        if(isset($ldapEntry['uid'])) {
+            $this->storeLDAPUserName($ldapEntry['uid'][0]);
+        } else if(isset($ldapEntry['samaccountname'])) {
+            $this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
+        }
+
+        //homePath
+        if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
+            $attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
+            if(isset($ldapEntry[$attr])) {
+                $this->access->cacheUserHome(
+                    $this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
+            }
+        }
+
+        //memberOf groups
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $groups = false;
+        if(isset($ldapEntry['memberof'])) {
+            $groups = $ldapEntry['memberof'];
+        }
+        $this->connection->writeToCache($cacheKey, $groups);
+
+        //external storage var
+        $attr = strtolower($this->connection->ldapExtStorageHomeAttribute);
+        if(isset($ldapEntry[$attr])) {
+            $this->updateExtStorageHome($ldapEntry[$attr][0]);
+        }
+        unset($attr);
+
+        //Avatar
+        /** @var Connection $connection */
+        $connection = $this->access->getConnection();
+        $attributes = $connection->resolveRule('avatar');
+        foreach ($attributes as $attribute)  {
+            if(isset($ldapEntry[$attribute])) {
+                $this->avatarImage = $ldapEntry[$attribute][0];
+                // the call to the method that saves the avatar in the file
+                // system must be postponed after the login. It is to ensure
+                // external mounts are mounted properly (e.g. with login
+                // credentials from the session).
+                \OCP\Util::connectHook('OC_User', 'post_login', $this, 'updateAvatarPostLogin');
+                break;
+            }
+        }
+    }
+
+    /**
+     * @brief returns the LDAP DN of the user
+     * @return string
+     */
+    public function getDN() {
+        return $this->dn;
+    }
+
+    /**
+     * @brief returns the Nextcloud internal username of the user
+     * @return string
+     */
+    public function getUsername() {
+        return $this->uid;
+    }
+
+    /**
+     * returns the home directory of the user if specified by LDAP settings
+     * @param string $valueFromLDAP
+     * @return bool|string
+     * @throws \Exception
+     */
+    public function getHomePath($valueFromLDAP = null) {
+        $path = (string)$valueFromLDAP;
+        $attr = null;
+
+        if (is_null($valueFromLDAP)
+           && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0
+           && $this->access->connection->homeFolderNamingRule !== 'attr:')
+        {
+            $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
+            $homedir = $this->access->readAttribute(
+                $this->access->username2dn($this->getUsername()), $attr);
+            if ($homedir && isset($homedir[0])) {
+                $path = $homedir[0];
+            }
+        }
+
+        if ($path !== '') {
+            //if attribute's value is an absolute path take this, otherwise append it to data dir
+            //check for / at the beginning or pattern c:\ resp. c:/
+            if(   '/' !== $path[0]
+               && !(3 < strlen($path) && ctype_alpha($path[0])
+                   && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
+            ) {
+                $path = $this->config->getSystemValue('datadirectory',
+                        \OC::$SERVERROOT.'/data' ) . '/' . $path;
+            }
+            //we need it to store it in the DB as well in case a user gets
+            //deleted so we can clean up afterwards
+            $this->config->setUserValue(
+                $this->getUsername(), 'user_ldap', 'homePath', $path
+            );
+            return $path;
+        }
+
+        if(    !is_null($attr)
+            && $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
+        ) {
+            // a naming rule attribute is defined, but it doesn't exist for that LDAP user
+            throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
+        }
+
+        //false will apply default behaviour as defined and done by OC_User
+        $this->config->setUserValue($this->getUsername(), 'user_ldap', 'homePath', '');
+        return false;
+    }
+
+    public function getMemberOfGroups() {
+        $cacheKey = 'getMemberOf'.$this->getUsername();
+        $memberOfGroups = $this->connection->getFromCache($cacheKey);
+        if(!is_null($memberOfGroups)) {
+            return $memberOfGroups;
+        }
+        $groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
+        $this->connection->writeToCache($cacheKey, $groupDNs);
+        return $groupDNs;
+    }
+
+    /**
+     * @brief reads the image from LDAP that shall be used as Avatar
+     * @return string data (provided by LDAP) | false
+     */
+    public function getAvatarImage() {
+        if(!is_null($this->avatarImage)) {
+            return $this->avatarImage;
+        }
+
+        $this->avatarImage = false;
+        /** @var Connection $connection */
+        $connection = $this->access->getConnection();
+        $attributes = $connection->resolveRule('avatar');
+        foreach($attributes as $attribute) {
+            $result = $this->access->readAttribute($this->dn, $attribute);
+            if($result !== false && is_array($result) && isset($result[0])) {
+                $this->avatarImage = $result[0];
+                break;
+            }
+        }
+
+        return $this->avatarImage;
+    }
+
+    /**
+     * @brief marks the user as having logged in at least once
+     * @return null
+     */
+    public function markLogin() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_FIRSTLOGIN, 1);
+    }
+
+    /**
+     * @brief marks the time when user features like email have been updated
+     * @return null
+     */
+    public function markRefreshTime() {
+        $this->config->setUserValue(
+            $this->uid, 'user_ldap', self::USER_PREFKEY_LASTREFRESH, time());
+    }
+
+    /**
+     * @brief checks whether user features needs to be updated again by
+     * comparing the difference of time of the last refresh to now with the
+     * desired interval
+     * @return bool
+     */
+    private function needsRefresh() {
+        $lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
+            self::USER_PREFKEY_LASTREFRESH, 0);
+
+        if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) {
+            return false;
+        }
+        return  true;
+    }
+
+    /**
+     * Stores a key-value pair in relation to this user
+     *
+     * @param string $key
+     * @param string $value
+     */
+    private function store($key, $value) {
+        $this->config->setUserValue($this->uid, 'user_ldap', $key, $value);
+    }
+
+    /**
+     * Composes the display name and stores it in the database. The final
+     * display name is returned.
+     *
+     * @param string $displayName
+     * @param string $displayName2
+     * @return string the effective display name
+     */
+    public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
+        $displayName2 = (string)$displayName2;
+        if($displayName2 !== '') {
+            $displayName .= ' (' . $displayName2 . ')';
+        }
+        $oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null);
+        if ($oldName !== $displayName)  {
+            $this->store('displayName', $displayName);
+            $user = $this->userManager->get($this->getUsername());
+            if (!empty($oldName) && $user instanceof \OC\User\User) {
+                // if it was empty, it would be a new record, not a change emitting the trigger could
+                // potentially cause a UniqueConstraintViolationException, depending on some factors.
+                $user->triggerChange('displayName', $displayName, $oldName);
+            }
+        }
+        return $displayName;
+    }
+
+    /**
+     * Stores the LDAP Username in the Database
+     * @param string $userName
+     */
+    public function storeLDAPUserName($userName) {
+        $this->store('uid', $userName);
+    }
+
+    /**
+     * @brief checks whether an update method specified by feature was run
+     * already. If not, it will marked like this, because it is expected that
+     * the method will be run, when false is returned.
+     * @param string $feature email | quota | avatar (can be extended)
+     * @return bool
+     */
+    private function wasRefreshed($feature) {
+        if(isset($this->refreshedFeatures[$feature])) {
+            return true;
+        }
+        $this->refreshedFeatures[$feature] = 1;
+        return false;
+    }
+
+    /**
+     * fetches the email from LDAP and stores it as Nextcloud user value
+     * @param string $valueFromLDAP if known, to save an LDAP read request
+     * @return null
+     */
+    public function updateEmail($valueFromLDAP = null) {
+        if($this->wasRefreshed('email')) {
+            return;
+        }
+        $email = (string)$valueFromLDAP;
+        if(is_null($valueFromLDAP)) {
+            $emailAttribute = $this->connection->ldapEmailAttribute;
+            if ($emailAttribute !== '') {
+                $aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
+                if(is_array($aEmail) && (count($aEmail) > 0)) {
+                    $email = (string)$aEmail[0];
+                }
+            }
+        }
+        if ($email !== '') {
+            $user = $this->userManager->get($this->uid);
+            if (!is_null($user)) {
+                $currentEmail = (string)$user->getEMailAddress();
+                if ($currentEmail !== $email) {
+                    $user->setEMailAddress($email);
+                }
+            }
+        }
+    }
+
+    /**
+     * Overall process goes as follow:
+     * 1. fetch the quota from LDAP and check if it's parseable with the "verifyQuotaValue" function
+     * 2. if the value can't be fetched, is empty or not parseable, use the default LDAP quota
+     * 3. if the default LDAP quota can't be parsed, use the Nextcloud's default quota (use 'default')
+     * 4. check if the target user exists and set the quota for the user.
+     *
+     * In order to improve performance and prevent an unwanted extra LDAP call, the $valueFromLDAP
+     * parameter can be passed with the value of the attribute. This value will be considered as the
+     * quota for the user coming from the LDAP server (step 1 of the process) It can be useful to
+     * fetch all the user's attributes in one call and use the fetched values in this function.
+     * The expected value for that parameter is a string describing the quota for the user. Valid
+     * values are 'none' (unlimited), 'default' (the Nextcloud's default quota), '1234' (quota in
+     * bytes), '1234 MB' (quota in MB - check the \OC_Helper::computerFileSize method for more info)
+     *
+     * fetches the quota from LDAP and stores it as Nextcloud user value
+     * @param string $valueFromLDAP the quota attribute's value can be passed,
+     * to save the readAttribute request
+     * @return null
+     */
+    public function updateQuota($valueFromLDAP = null) {
+        if($this->wasRefreshed('quota')) {
+            return;
+        }
+
+        $quotaAttribute = $this->connection->ldapQuotaAttribute;
+        $defaultQuota = $this->connection->ldapQuotaDefault;
+        if($quotaAttribute === '' && $defaultQuota === '') {
+            return;
+        }
+
+        $quota = false;
+        if(is_null($valueFromLDAP) && $quotaAttribute !== '') {
+            $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
+            if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) {
+                $quota = $aQuota[0];
+            } else if(is_array($aQuota) && isset($aQuota[0])) {
+                $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG);
+            }
+        } else if ($this->verifyQuotaValue($valueFromLDAP)) {
+            $quota = $valueFromLDAP;
+        } else {
+            $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG);
+        }
+
+        if ($quota === false && $this->verifyQuotaValue($defaultQuota)) {
+            // quota not found using the LDAP attribute (or not parseable). Try the default quota
+            $quota = $defaultQuota;
+        } else if($quota === false) {
+            $this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG);
+            return;
+        }
+
+        $targetUser = $this->userManager->get($this->uid);
+        if ($targetUser instanceof IUser) {
+            $targetUser->setQuota($quota);
+        } else {
+            $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO);
+        }
+    }
+
+    private function verifyQuotaValue($quotaValue) {
+        return $quotaValue === 'none' || $quotaValue === 'default' || \OC_Helper::computerFileSize($quotaValue) !== false;
+    }
+
+    /**
+     * called by a post_login hook to save the avatar picture
+     *
+     * @param array $params
+     */
+    public function updateAvatarPostLogin($params) {
+        if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
+            $this->updateAvatar();
+        }
+    }
+
+    /**
+     * @brief attempts to get an image from LDAP and sets it as Nextcloud avatar
+     * @return bool
+     */
+    public function updateAvatar($force = false) {
+        if(!$force && $this->wasRefreshed('avatar')) {
+            return false;
+        }
+        $avatarImage = $this->getAvatarImage();
+        if($avatarImage === false) {
+            //not set, nothing left to do;
+            return false;
+        }
+
+        if(!$this->image->loadFromBase64(base64_encode($avatarImage))) {
+            return false;
+        }
+
+        // use the checksum before modifications
+        $checksum = md5($this->image->data());
+
+        if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) {
+            return true;
+        }
+
+        $isSet = $this->setOwnCloudAvatar();
+
+        if($isSet) {
+            // save checksum only after successful setting
+            $this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum);
+        }
+
+        return $isSet;
+    }
+
+    /**
+     * @brief sets an image as Nextcloud avatar
+     * @return bool
+     */
+    private function setOwnCloudAvatar() {
+        if(!$this->image->valid()) {
+            $this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR);
+            return false;
+        }
+
+
+        //make sure it is a square and not bigger than 128x128
+        $size = min([$this->image->width(), $this->image->height(), 128]);
+        if(!$this->image->centerCrop($size)) {
+            $this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR);
+            return false;
+        }
+
+        if(!$this->fs->isLoaded()) {
+            $this->fs->setup($this->uid);
+        }
+
+        try {
+            $avatar = $this->avatarManager->getAvatar($this->uid);
+            $avatar->set($this->image);
+            return true;
+        } catch (\Exception $e) {
+            \OC::$server->getLogger()->logException($e, [
+                'message' => 'Could not set avatar for ' . $this->dn,
+                'level' => ILogger::INFO,
+                'app' => 'user_ldap',
+            ]);
+        }
+        return false;
+    }
+
+    /**
+     * @throws AttributeNotSet
+     * @throws \OC\ServerNotAvailableException
+     * @throws \OCP\PreConditionNotMetException
+     */
+    public function getExtStorageHome():string {
+        $value = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', '');
+        if ($value !== '') {
+            return $value;
+        }
+
+        $value = $this->updateExtStorageHome();
+        if ($value !== '') {
+            return $value;
+        }
+
+        throw new AttributeNotSet(sprintf(
+            'external home storage attribute yield no value for %s', $this->getUsername()
+        ));
+    }
+
+    /**
+     * @throws \OCP\PreConditionNotMetException
+     * @throws \OC\ServerNotAvailableException
+     */
+    public function updateExtStorageHome(string $valueFromLDAP = null):string {
+        if ($valueFromLDAP === null) {
+            $extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute);
+        } else {
+            $extHomeValues = [$valueFromLDAP];
+        }
+        if ($extHomeValues && isset($extHomeValues[0])) {
+            $extHome = $extHomeValues[0];
+            $this->config->setUserValue($this->getUsername(), 'user_ldap', 'extStorageHome', $extHome);
+            return $extHome;
+        } else {
+            $this->config->deleteUserValue($this->getUsername(), 'user_ldap', 'extStorageHome');
+            return '';
+        }
+    }
+
+    /**
+     * called by a post_login hook to handle password expiry
+     *
+     * @param array $params
+     */
+    public function handlePasswordExpiry($params) {
+        $ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
+        if (empty($ppolicyDN) || ((int)$this->connection->turnOnPasswordChange !== 1)) {
+            return;//password expiry handling disabled
+        }
+        $uid = $params['uid'];
+        if (isset($uid) && $uid === $this->getUsername()) {
+            //retrieve relevant user attributes
+            $result = $this->access->search('objectclass=*', [$this->dn], ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
+
+            if (array_key_exists('pwdpolicysubentry', $result[0])) {
+                $pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
+                if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
+                    $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
+                }
+            }
+
+            $pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : [];
+            $pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : [];
+            $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : [];
+
+            //retrieve relevant password policy attributes
+            $cacheKey = 'ppolicyAttributes' . $ppolicyDN;
+            $result = $this->connection->getFromCache($cacheKey);
+            if(is_null($result)) {
+                $result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
+                $this->connection->writeToCache($cacheKey, $result);
+            }
+
+            $pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : [];
+            $pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : [];
+            $pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : [];
+
+            //handle grace login
+            if (!empty($pwdGraceUseTime)) { //was this a grace login?
+                if (!empty($pwdGraceAuthNLimit)
+                    && count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available?
+                    $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
+                    header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
+                    'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid]));
+                } else { //no more grace login available
+                    header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
+                    'user_ldap.renewPassword.showLoginFormInvalidPassword', ['user' => $uid]));
+                }
+                exit();
+            }
+            //handle pwdReset attribute
+            if (!empty($pwdReset) && $pwdReset[0] === 'TRUE') { //user must change his password
+                $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
+                header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
+                'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid]));
+                exit();
+            }
+            //handle password expiry warning
+            if (!empty($pwdChangedTime)) {
+                if (!empty($pwdMaxAge)
+                    && !empty($pwdExpireWarning)) {
+                    $pwdMaxAgeInt = (int)$pwdMaxAge[0];
+                    $pwdExpireWarningInt = (int)$pwdExpireWarning[0];
+                    if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
+                        $pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
+                        $pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
+                        $currentDateTime = new \DateTime();
+                        $secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
+                        if ($secondsToExpiry <= $pwdExpireWarningInt) {
+                            //remove last password expiry warning if any
+                            $notification = $this->notificationManager->createNotification();
+                            $notification->setApp('user_ldap')
+                                ->setUser($uid)
+                                ->setObject('pwd_exp_warn', $uid)
+                            ;
+                            $this->notificationManager->markProcessed($notification);
+                            //create new password expiry warning
+                            $notification = $this->notificationManager->createNotification();
+                            $notification->setApp('user_ldap')
+                                ->setUser($uid)
+                                ->setDateTime($currentDateTime)
+                                ->setObject('pwd_exp_warn', $uid)
+                                ->setSubject('pwd_exp_warn_days', [(int) ceil($secondsToExpiry / 60 / 60 / 24)])
+                            ;
+                            $this->notificationManager->notify($notification);
+                        }
+                    }
+                }
+            }
+        }
+    }
 }

Please login to merge, or discard this patch.

Spacing +70 added lines, -70 removed lines patch added patch discarded remove patch

@@ -154,17 +154,17 @@  discard block
 block discarded – undo
 	 * @return null
 	 */
 	public function update() {
-		if(is_null($this->dn)) {
+		if (is_null($this->dn)) {
 			return null;
 		}
 
 		$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
 				self::USER_PREFKEY_FIRSTLOGIN, 0);
 
-		if($this->needsRefresh()) {
+		if ($this->needsRefresh()) {
 			$this->updateEmail();
 			$this->updateQuota();
-			if($hasLoggedIn !== 0) {
+			if ($hasLoggedIn !== 0) {
 				//we do not need to try it, when the user has not been logged in
 				//before, because the file system will not be ready.
 				$this->updateAvatar();
@@ -182,12 +182,12 @@  discard block
 block discarded – undo
 	 */
 	public function markUser() {
 		$curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0');
-		if($curValue === '1') {
+		if ($curValue === '1') {
 			// the user is already marked, do not write to DB again
 			return;
 		}
 		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1');
-		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time());
+		$this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string) time());
 	}
 
 	/**
@@ -198,7 +198,7 @@  discard block
 block discarded – undo
 		$this->markRefreshTime();
 		//Quota
 		$attr = strtolower($this->connection->ldapQuotaAttribute);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$this->updateQuota($ldapEntry[$attr][0]);
 		} else {
 			if ($this->connection->ldapQuotaDefault !== '') {
@@ -210,12 +210,12 @@  discard block
 block discarded – undo
 		//displayName
 		$displayName = $displayName2 = '';
 		$attr = strtolower($this->connection->ldapUserDisplayName);
-		if(isset($ldapEntry[$attr])) {
-			$displayName = (string)$ldapEntry[$attr][0];
+		if (isset($ldapEntry[$attr])) {
+			$displayName = (string) $ldapEntry[$attr][0];
 		}
 		$attr = strtolower($this->connection->ldapUserDisplayName2);
-		if(isset($ldapEntry[$attr])) {
-			$displayName2 = (string)$ldapEntry[$attr][0];
+		if (isset($ldapEntry[$attr])) {
+			$displayName2 = (string) $ldapEntry[$attr][0];
 		}
 		if ($displayName !== '') {
 			$this->composeAndStoreDisplayName($displayName, $displayName2);
@@ -231,22 +231,22 @@  discard block
 block discarded – undo
 		//email must be stored after displayname, because it would cause a user
 		//change event that will trigger fetching the display name again
 		$attr = strtolower($this->connection->ldapEmailAttribute);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$this->updateEmail($ldapEntry[$attr][0]);
 		}
 		unset($attr);
 
 		// LDAP Username, needed for s2s sharing
-		if(isset($ldapEntry['uid'])) {
+		if (isset($ldapEntry['uid'])) {
 			$this->storeLDAPUserName($ldapEntry['uid'][0]);
-		} else if(isset($ldapEntry['samaccountname'])) {
+		} else if (isset($ldapEntry['samaccountname'])) {
 			$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
 		}
 
 		//homePath
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
+		if (strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
 			$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
-			if(isset($ldapEntry[$attr])) {
+			if (isset($ldapEntry[$attr])) {
 				$this->access->cacheUserHome(
 					$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
 			}
@@ -255,14 +255,14 @@  discard block
 block discarded – undo
 		//memberOf groups
 		$cacheKey = 'getMemberOf'.$this->getUsername();
 		$groups = false;
-		if(isset($ldapEntry['memberof'])) {
+		if (isset($ldapEntry['memberof'])) {
 			$groups = $ldapEntry['memberof'];
 		}
 		$this->connection->writeToCache($cacheKey, $groups);
 
 		//external storage var
 		$attr = strtolower($this->connection->ldapExtStorageHomeAttribute);
-		if(isset($ldapEntry[$attr])) {
+		if (isset($ldapEntry[$attr])) {
 			$this->updateExtStorageHome($ldapEntry[$attr][0]);
 		}
 		unset($attr);
@@ -271,8 +271,8 @@  discard block
 block discarded – undo
 		/** @var Connection $connection */
 		$connection = $this->access->getConnection();
 		$attributes = $connection->resolveRule('avatar');
-		foreach ($attributes as $attribute)  {
-			if(isset($ldapEntry[$attribute])) {
+		foreach ($attributes as $attribute) {
+			if (isset($ldapEntry[$attribute])) {
 				$this->avatarImage = $ldapEntry[$attribute][0];
 				// the call to the method that saves the avatar in the file
 				// system must be postponed after the login. It is to ensure
@@ -307,7 +307,7 @@  discard block
 block discarded – undo
 	 * @throws \Exception
 	 */
 	public function getHomePath($valueFromLDAP = null) {
-		$path = (string)$valueFromLDAP;
+		$path = (string) $valueFromLDAP;
 		$attr = null;
 
 		if (is_null($valueFromLDAP)
@@ -325,12 +325,12 @@  discard block
 block discarded – undo
 		if ($path !== '') {
 			//if attribute's value is an absolute path take this, otherwise append it to data dir
 			//check for / at the beginning or pattern c:\ resp. c:/
-			if(   '/' !== $path[0]
+			if ('/' !== $path[0]
 			   && !(3 < strlen($path) && ctype_alpha($path[0])
 			       && $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))
 			) {
 				$path = $this->config->getSystemValue('datadirectory',
-						\OC::$SERVERROOT.'/data' ) . '/' . $path;
+						\OC::$SERVERROOT.'/data').'/'.$path;
 			}
 			//we need it to store it in the DB as well in case a user gets
 			//deleted so we can clean up afterwards
@@ -340,11 +340,11 @@  discard block
 block discarded – undo
 			return $path;
 		}
 
-		if(    !is_null($attr)
+		if (!is_null($attr)
 			&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
 		) {
 			// a naming rule attribute is defined, but it doesn't exist for that LDAP user
-			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
+			throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: '.$this->getUsername());
 		}
 
 		//false will apply default behaviour as defined and done by OC_User
@@ -355,7 +355,7 @@  discard block
 block discarded – undo
 	public function getMemberOfGroups() {
 		$cacheKey = 'getMemberOf'.$this->getUsername();
 		$memberOfGroups = $this->connection->getFromCache($cacheKey);
-		if(!is_null($memberOfGroups)) {
+		if (!is_null($memberOfGroups)) {
 			return $memberOfGroups;
 		}
 		$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
@@ -368,7 +368,7 @@  discard block
 block discarded – undo
 	 * @return string data (provided by LDAP) | false
 	 */
 	public function getAvatarImage() {
-		if(!is_null($this->avatarImage)) {
+		if (!is_null($this->avatarImage)) {
 			return $this->avatarImage;
 		}
 
@@ -376,9 +376,9 @@  discard block
 block discarded – undo
 		/** @var Connection $connection */
 		$connection = $this->access->getConnection();
 		$attributes = $connection->resolveRule('avatar');
-		foreach($attributes as $attribute) {
+		foreach ($attributes as $attribute) {
 			$result = $this->access->readAttribute($this->dn, $attribute);
-			if($result !== false && is_array($result) && isset($result[0])) {
+			if ($result !== false && is_array($result) && isset($result[0])) {
 				$this->avatarImage = $result[0];
 				break;
 			}
@@ -415,7 +415,7 @@  discard block
 block discarded – undo
 		$lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
 			self::USER_PREFKEY_LASTREFRESH, 0);
 
-		if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) {
+		if ((time() - (int) $lastChecked) < (int) $this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) {
 			return false;
 		}
 		return  true;
@@ -440,12 +440,12 @@  discard block
 block discarded – undo
 	 * @return string the effective display name
 	 */
 	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
-		$displayName2 = (string)$displayName2;
-		if($displayName2 !== '') {
-			$displayName .= ' (' . $displayName2 . ')';
+		$displayName2 = (string) $displayName2;
+		if ($displayName2 !== '') {
+			$displayName .= ' ('.$displayName2.')';
 		}
 		$oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null);
-		if ($oldName !== $displayName)  {
+		if ($oldName !== $displayName) {
 			$this->store('displayName', $displayName);
 			$user = $this->userManager->get($this->getUsername());
 			if (!empty($oldName) && $user instanceof \OC\User\User) {
@@ -473,7 +473,7 @@  discard block
 block discarded – undo
 	 * @return bool
 	 */
 	private function wasRefreshed($feature) {
-		if(isset($this->refreshedFeatures[$feature])) {
+		if (isset($this->refreshedFeatures[$feature])) {
 			return true;
 		}
 		$this->refreshedFeatures[$feature] = 1;
@@ -486,23 +486,23 @@  discard block
 block discarded – undo
 	 * @return null
 	 */
 	public function updateEmail($valueFromLDAP = null) {
-		if($this->wasRefreshed('email')) {
+		if ($this->wasRefreshed('email')) {
 			return;
 		}
-		$email = (string)$valueFromLDAP;
-		if(is_null($valueFromLDAP)) {
+		$email = (string) $valueFromLDAP;
+		if (is_null($valueFromLDAP)) {
 			$emailAttribute = $this->connection->ldapEmailAttribute;
 			if ($emailAttribute !== '') {
 				$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
-				if(is_array($aEmail) && (count($aEmail) > 0)) {
-					$email = (string)$aEmail[0];
+				if (is_array($aEmail) && (count($aEmail) > 0)) {
+					$email = (string) $aEmail[0];
 				}
 			}
 		}
 		if ($email !== '') {
 			$user = $this->userManager->get($this->uid);
 			if (!is_null($user)) {
-				$currentEmail = (string)$user->getEMailAddress();
+				$currentEmail = (string) $user->getEMailAddress();
 				if ($currentEmail !== $email) {
 					$user->setEMailAddress($email);
 				}
@@ -531,35 +531,35 @@  discard block
 block discarded – undo
 	 * @return null
 	 */
 	public function updateQuota($valueFromLDAP = null) {
-		if($this->wasRefreshed('quota')) {
+		if ($this->wasRefreshed('quota')) {
 			return;
 		}
 
 		$quotaAttribute = $this->connection->ldapQuotaAttribute;
 		$defaultQuota = $this->connection->ldapQuotaDefault;
-		if($quotaAttribute === '' && $defaultQuota === '') {
+		if ($quotaAttribute === '' && $defaultQuota === '') {
 			return;
 		}
 
 		$quota = false;
-		if(is_null($valueFromLDAP) && $quotaAttribute !== '') {
+		if (is_null($valueFromLDAP) && $quotaAttribute !== '') {
 			$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
-			if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) {
+			if ($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) {
 				$quota = $aQuota[0];
-			} else if(is_array($aQuota) && isset($aQuota[0])) {
-				$this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG);
+			} else if (is_array($aQuota) && isset($aQuota[0])) {
+				$this->log->log('no suitable LDAP quota found for user '.$this->uid.': ['.$aQuota[0].']', ILogger::DEBUG);
 			}
 		} else if ($this->verifyQuotaValue($valueFromLDAP)) {
 			$quota = $valueFromLDAP;
 		} else {
-			$this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG);
+			$this->log->log('no suitable LDAP quota found for user '.$this->uid.': ['.$valueFromLDAP.']', ILogger::DEBUG);
 		}
 
 		if ($quota === false && $this->verifyQuotaValue($defaultQuota)) {
 			// quota not found using the LDAP attribute (or not parseable). Try the default quota
 			$quota = $defaultQuota;
-		} else if($quota === false) {
-			$this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG);
+		} else if ($quota === false) {
+			$this->log->log('no suitable default quota found for user '.$this->uid.': ['.$defaultQuota.']', ILogger::DEBUG);
 			return;
 		}
 
@@ -567,7 +567,7 @@  discard block
 block discarded – undo
 		if ($targetUser instanceof IUser) {
 			$targetUser->setQuota($quota);
 		} else {
-			$this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO);
+			$this->log->log('trying to set a quota for user '.$this->uid.' but the user is missing', ILogger::INFO);
 		}
 	}
 
@@ -581,7 +581,7 @@  discard block
 block discarded – undo
 	 * @param array $params
 	 */
 	public function updateAvatarPostLogin($params) {
-		if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
+		if (isset($params['uid']) && $params['uid'] === $this->getUsername()) {
 			$this->updateAvatar();
 		}
 	}
@@ -591,29 +591,29 @@  discard block
 block discarded – undo
 	 * @return bool
 	 */
 	public function updateAvatar($force = false) {
-		if(!$force && $this->wasRefreshed('avatar')) {
+		if (!$force && $this->wasRefreshed('avatar')) {
 			return false;
 		}
 		$avatarImage = $this->getAvatarImage();
-		if($avatarImage === false) {
+		if ($avatarImage === false) {
 			//not set, nothing left to do;
 			return false;
 		}
 
-		if(!$this->image->loadFromBase64(base64_encode($avatarImage))) {
+		if (!$this->image->loadFromBase64(base64_encode($avatarImage))) {
 			return false;
 		}
 
 		// use the checksum before modifications
 		$checksum = md5($this->image->data());
 
-		if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) {
+		if ($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) {
 			return true;
 		}
 
 		$isSet = $this->setOwnCloudAvatar();
 
-		if($isSet) {
+		if ($isSet) {
 			// save checksum only after successful setting
 			$this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum);
 		}
@@ -626,7 +626,7 @@  discard block
 block discarded – undo
 	 * @return bool
 	 */
 	private function setOwnCloudAvatar() {
-		if(!$this->image->valid()) {
+		if (!$this->image->valid()) {
 			$this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR);
 			return false;
 		}
@@ -634,12 +634,12 @@  discard block
 block discarded – undo
 
 		//make sure it is a square and not bigger than 128x128
 		$size = min([$this->image->width(), $this->image->height(), 128]);
-		if(!$this->image->centerCrop($size)) {
+		if (!$this->image->centerCrop($size)) {
 			$this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR);
 			return false;
 		}
 
-		if(!$this->fs->isLoaded()) {
+		if (!$this->fs->isLoaded()) {
 			$this->fs->setup($this->uid);
 		}
 
@@ -649,7 +649,7 @@  discard block
 block discarded – undo
 			return true;
 		} catch (\Exception $e) {
 			\OC::$server->getLogger()->logException($e, [
-				'message' => 'Could not set avatar for ' . $this->dn,
+				'message' => 'Could not set avatar for '.$this->dn,
 				'level' => ILogger::INFO,
 				'app' => 'user_ldap',
 			]);
@@ -705,8 +705,8 @@  discard block
 block discarded – undo
 	 */
 	public function handlePasswordExpiry($params) {
 		$ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
-		if (empty($ppolicyDN) || ((int)$this->connection->turnOnPasswordChange !== 1)) {
-			return;//password expiry handling disabled
+		if (empty($ppolicyDN) || ((int) $this->connection->turnOnPasswordChange !== 1)) {
+			return; //password expiry handling disabled
 		}
 		$uid = $params['uid'];
 		if (isset($uid) && $uid === $this->getUsername()) {
@@ -715,8 +715,8 @@  discard block
 block discarded – undo
 
 			if (array_key_exists('pwdpolicysubentry', $result[0])) {
 				$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
-				if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
-					$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
+				if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)) {
+					$ppolicyDN = $pwdPolicySubentry[0]; //custom ppolicy DN
 				}
 			}
 
@@ -725,9 +725,9 @@  discard block
 block discarded – undo
 			$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : [];
 
 			//retrieve relevant password policy attributes
-			$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
+			$cacheKey = 'ppolicyAttributes'.$ppolicyDN;
 			$result = $this->connection->getFromCache($cacheKey);
-			if(is_null($result)) {
+			if (is_null($result)) {
 				$result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
 				$this->connection->writeToCache($cacheKey, $result);
 			}
@@ -739,7 +739,7 @@  discard block
 block discarded – undo
 			//handle grace login
 			if (!empty($pwdGraceUseTime)) { //was this a grace login?
 				if (!empty($pwdGraceAuthNLimit)
-					&& count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available?
+					&& count($pwdGraceUseTime) < (int) $pwdGraceAuthNLimit[0]) { //at least one more grace login available?
 					$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
 					header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
 					'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid]));
@@ -760,9 +760,9 @@  discard block
 block discarded – undo
 			if (!empty($pwdChangedTime)) {
 				if (!empty($pwdMaxAge)
 					&& !empty($pwdExpireWarning)) {
-					$pwdMaxAgeInt = (int)$pwdMaxAge[0];
-					$pwdExpireWarningInt = (int)$pwdExpireWarning[0];
-					if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
+					$pwdMaxAgeInt = (int) $pwdMaxAge[0];
+					$pwdExpireWarningInt = (int) $pwdExpireWarning[0];
+					if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0) {
 						$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
 						$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
 						$currentDateTime = new \DateTime();

Please login to merge, or discard this patch.

apps/user_ldap/lib/Group_LDAP.php 2 patches

Indentation +1231 added lines, -1231 removed lines patch added patch discarded remove patch

@@ -48,1235 +48,1235 @@
 block discarded – undo
 use OCP\ILogger;
 
 class Group_LDAP extends BackendUtility implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend {
-	protected $enabled = false;
-
-	/**
-	 * @var string[] $cachedGroupMembers array of users with gid as key
-	 */
-	protected $cachedGroupMembers;
-
-	/**
-	 * @var string[] $cachedGroupsByMember array of groups with uid as key
-	 */
-	protected $cachedGroupsByMember;
-
-	/**
-	 * @var string[] $cachedNestedGroups array of groups with gid (DN) as key
-	 */
-	protected $cachedNestedGroups;
-
-	/** @var GroupPluginManager */
-	protected $groupPluginManager;
-
-	public function __construct(Access $access, GroupPluginManager $groupPluginManager) {
-		parent::__construct($access);
-		$filter = $this->access->connection->ldapGroupFilter;
-		$gassoc = $this->access->connection->ldapGroupMemberAssocAttr;
-		if(!empty($filter) && !empty($gassoc)) {
-			$this->enabled = true;
-		}
-
-		$this->cachedGroupMembers = new CappedMemoryCache();
-		$this->cachedGroupsByMember = new CappedMemoryCache();
-		$this->cachedNestedGroups = new CappedMemoryCache();
-		$this->groupPluginManager = $groupPluginManager;
-	}
-
-	/**
-	 * is user in group?
-	 * @param string $uid uid of the user
-	 * @param string $gid gid of the group
-	 * @return bool
-	 *
-	 * Checks whether the user is member of a group or not.
-	 */
-	public function inGroup($uid, $gid) {
-		if(!$this->enabled) {
-			return false;
-		}
-		$cacheKey = 'inGroup'.$uid.':'.$gid;
-		$inGroup = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($inGroup)) {
-			return (bool)$inGroup;
-		}
-
-		$userDN = $this->access->username2dn($uid);
-
-		if(isset($this->cachedGroupMembers[$gid])) {
-			$isInGroup = in_array($userDN, $this->cachedGroupMembers[$gid]);
-			return $isInGroup;
-		}
-
-		$cacheKeyMembers = 'inGroup-members:'.$gid;
-		$members = $this->access->connection->getFromCache($cacheKeyMembers);
-		if(!is_null($members)) {
-			$this->cachedGroupMembers[$gid] = $members;
-			$isInGroup = in_array($userDN, $members, true);
-			$this->access->connection->writeToCache($cacheKey, $isInGroup);
-			return $isInGroup;
-		}
-
-		$groupDN = $this->access->groupname2dn($gid);
-		// just in case
-		if(!$groupDN || !$userDN) {
-			$this->access->connection->writeToCache($cacheKey, false);
-			return false;
-		}
-
-		//check primary group first
-		if($gid === $this->getUserPrimaryGroup($userDN)) {
-			$this->access->connection->writeToCache($cacheKey, true);
-			return true;
-		}
-
-		//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
-		$members = $this->_groupMembers($groupDN);
-		if(!is_array($members) || count($members) === 0) {
-			$this->access->connection->writeToCache($cacheKey, false);
-			return false;
-		}
-
-		//extra work if we don't get back user DNs
-		if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
-			$dns = [];
-			$filterParts = [];
-			$bytes = 0;
-			foreach($members as $mid) {
-				$filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
-				$filterParts[] = $filter;
-				$bytes += strlen($filter);
-				if($bytes >= 9000000) {
-					// AD has a default input buffer of 10 MB, we do not want
-					// to take even the chance to exceed it
-					$filter = $this->access->combineFilterWithOr($filterParts);
-					$bytes = 0;
-					$filterParts = [];
-					$users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
-					$dns = array_merge($dns, $users);
-				}
-			}
-			if(count($filterParts) > 0) {
-				$filter = $this->access->combineFilterWithOr($filterParts);
-				$users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
-				$dns = array_merge($dns, $users);
-			}
-			$members = $dns;
-		}
-
-		$isInGroup = in_array($userDN, $members);
-		$this->access->connection->writeToCache($cacheKey, $isInGroup);
-		$this->access->connection->writeToCache($cacheKeyMembers, $members);
-		$this->cachedGroupMembers[$gid] = $members;
-
-		return $isInGroup;
-	}
-
-	/**
-	 * @param string $dnGroup
-	 * @return array
-	 *
-	 * For a group that has user membership defined by an LDAP search url attribute returns the users
-	 * that match the search url otherwise returns an empty array.
-	 */
-	public function getDynamicGroupMembers($dnGroup) {
-		$dynamicGroupMemberURL = strtolower($this->access->connection->ldapDynamicGroupMemberURL);
-
-		if (empty($dynamicGroupMemberURL)) {
-			return [];
-		}
-
-		$dynamicMembers = [];
-		$memberURLs = $this->access->readAttribute(
-			$dnGroup,
-			$dynamicGroupMemberURL,
-			$this->access->connection->ldapGroupFilter
-		);
-		if ($memberURLs !== false) {
-			// this group has the 'memberURL' attribute so this is a dynamic group
-			// example 1: ldap:///cn=users,cn=accounts,dc=dcsubbase,dc=dcbase??one?(o=HeadOffice)
-			// example 2: ldap:///cn=users,cn=accounts,dc=dcsubbase,dc=dcbase??one?(&(o=HeadOffice)(uidNumber>=500))
-			$pos = strpos($memberURLs[0], '(');
-			if ($pos !== false) {
-				$memberUrlFilter = substr($memberURLs[0], $pos);
-				$foundMembers = $this->access->searchUsers($memberUrlFilter,'dn');
-				$dynamicMembers = [];
-				foreach($foundMembers as $value) {
-					$dynamicMembers[$value['dn'][0]] = 1;
-				}
-			} else {
-				\OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
-					'of group ' . $dnGroup, ILogger::DEBUG);
-			}
-		}
-		return $dynamicMembers;
-	}
-
-	/**
-	 * @param string $dnGroup
-	 * @param array|null &$seen
-	 * @return array|mixed|null
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	private function _groupMembers($dnGroup, &$seen = null) {
-		if ($seen === null) {
-			$seen = [];
-		}
-		$allMembers = [];
-		if (array_key_exists($dnGroup, $seen)) {
-			// avoid loops
-			return [];
-		}
-		// used extensively in cron job, caching makes sense for nested groups
-		$cacheKey = '_groupMembers'.$dnGroup;
-		$groupMembers = $this->access->connection->getFromCache($cacheKey);
-		if($groupMembers !== null) {
-			return $groupMembers;
-		}
-		$seen[$dnGroup] = 1;
-		$members = $this->access->readAttribute($dnGroup, $this->access->connection->ldapGroupMemberAssocAttr);
-		if (is_array($members)) {
-			$fetcher = function($memberDN, &$seen) {
-				return $this->_groupMembers($memberDN, $seen);
-			};
-			$allMembers = $this->walkNestedGroups($dnGroup, $fetcher, $members);
-		}
-
-		$allMembers += $this->getDynamicGroupMembers($dnGroup);
-
-		$this->access->connection->writeToCache($cacheKey, $allMembers);
-		return $allMembers;
-	}
-
-	/**
-	 * @param string $DN
-	 * @param array|null &$seen
-	 * @return array
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	private function _getGroupDNsFromMemberOf($DN) {
-		$groups = $this->access->readAttribute($DN, 'memberOf');
-		if (!is_array($groups)) {
-			return [];
-		}
-
-		$fetcher = function($groupDN) {
-			if (isset($this->cachedNestedGroups[$groupDN])) {
-				$nestedGroups = $this->cachedNestedGroups[$groupDN];
-			} else {
-				$nestedGroups = $this->access->readAttribute($groupDN, 'memberOf');
-				if (!is_array($nestedGroups)) {
-					$nestedGroups = [];
-				}
-				$this->cachedNestedGroups[$groupDN] = $nestedGroups;
-			}
-			return $nestedGroups;
-		};
-
-		$groups = $this->walkNestedGroups($DN, $fetcher, $groups);
-		return $this->access->groupsMatchFilter($groups);
-	}
-
-	/**
-	 * @param string $dn
-	 * @param \Closure $fetcher args: string $dn, array $seen, returns: string[] of dns
-	 * @param array $list
-	 * @return array
-	 */
-	private function walkNestedGroups(string $dn, \Closure $fetcher, array $list): array {
-		$nesting = (int) $this->access->connection->ldapNestedGroups;
-		// depending on the input, we either have a list of DNs or a list of LDAP records
-		// also, the output expects either DNs or records. Testing the first element should suffice.
-		$recordMode = is_array($list) && isset($list[0]) && is_array($list[0]) && isset($list[0]['dn'][0]);
-
-		if ($nesting !== 1) {
-			if($recordMode) {
-				// the keys are numeric, but should hold the DN
-				return array_reduce($list, function ($transformed, $record) use ($dn) {
-					if($record['dn'][0] != $dn) {
-						$transformed[$record['dn'][0]] = $record;
-					}
-					return $transformed;
-				}, []);
-			}
-			return $list;
-		}
-
-		$seen = [];
-		while ($record = array_pop($list)) {
-			$recordDN = $recordMode ? $record['dn'][0] : $record;
-			if ($recordDN === $dn || array_key_exists($recordDN, $seen)) {
-				// Prevent loops
-				continue;
-			}
-			$fetched = $fetcher($record, $seen);
-			$list = array_merge($list, $fetched);
-			$seen[$recordDN] = $record;
-		}
-
-		return $recordMode ? $seen : array_keys($seen);
-	}
-
-	/**
-	 * translates a gidNumber into an ownCloud internal name
-	 * @param string $gid as given by gidNumber on POSIX LDAP
-	 * @param string $dn a DN that belongs to the same domain as the group
-	 * @return string|bool
-	 */
-	public function gidNumber2Name($gid, $dn) {
-		$cacheKey = 'gidNumberToName' . $gid;
-		$groupName = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupName) && isset($groupName)) {
-			return $groupName;
-		}
-
-		//we need to get the DN from LDAP
-		$filter = $this->access->combineFilterWithAnd([
-			$this->access->connection->ldapGroupFilter,
-			'objectClass=posixGroup',
-			$this->access->connection->ldapGidNumber . '=' . $gid
-		]);
-		$result = $this->access->searchGroups($filter, ['dn'], 1);
-		if(empty($result)) {
-			return false;
-		}
-		$dn = $result[0]['dn'][0];
-
-		//and now the group name
-		//NOTE once we have separate ownCloud group IDs and group names we can
-		//directly read the display name attribute instead of the DN
-		$name = $this->access->dn2groupname($dn);
-
-		$this->access->connection->writeToCache($cacheKey, $name);
-
-		return $name;
-	}
-
-	/**
-	 * returns the entry's gidNumber
-	 * @param string $dn
-	 * @param string $attribute
-	 * @return string|bool
-	 */
-	private function getEntryGidNumber($dn, $attribute) {
-		$value = $this->access->readAttribute($dn, $attribute);
-		if(is_array($value) && !empty($value)) {
-			return $value[0];
-		}
-		return false;
-	}
-
-	/**
-	 * returns the group's primary ID
-	 * @param string $dn
-	 * @return string|bool
-	 */
-	public function getGroupGidNumber($dn) {
-		return $this->getEntryGidNumber($dn, 'gidNumber');
-	}
-
-	/**
-	 * returns the user's gidNumber
-	 * @param string $dn
-	 * @return string|bool
-	 */
-	public function getUserGidNumber($dn) {
-		$gidNumber = false;
-		if($this->access->connection->hasGidNumber) {
-			$gidNumber = $this->getEntryGidNumber($dn, $this->access->connection->ldapGidNumber);
-			if($gidNumber === false) {
-				$this->access->connection->hasGidNumber = false;
-			}
-		}
-		return $gidNumber;
-	}
-
-	/**
-	 * returns a filter for a "users has specific gid" search or count operation
-	 *
-	 * @param string $groupDN
-	 * @param string $search
-	 * @return string
-	 * @throws \Exception
-	 */
-	private function prepareFilterForUsersHasGidNumber($groupDN, $search = '') {
-		$groupID = $this->getGroupGidNumber($groupDN);
-		if($groupID === false) {
-			throw new \Exception('Not a valid group');
-		}
-
-		$filterParts = [];
-		$filterParts[] = $this->access->getFilterForUserCount();
-		if ($search !== '') {
-			$filterParts[] = $this->access->getFilterPartForUserSearch($search);
-		}
-		$filterParts[] = $this->access->connection->ldapGidNumber .'=' . $groupID;
-
-		return $this->access->combineFilterWithAnd($filterParts);
-	}
-
-	/**
-	 * returns a list of users that have the given group as gid number
-	 *
-	 * @param string $groupDN
-	 * @param string $search
-	 * @param int $limit
-	 * @param int $offset
-	 * @return string[]
-	 */
-	public function getUsersInGidNumber($groupDN, $search = '', $limit = -1, $offset = 0) {
-		try {
-			$filter = $this->prepareFilterForUsersHasGidNumber($groupDN, $search);
-			$users = $this->access->fetchListOfUsers(
-				$filter,
-				[$this->access->connection->ldapUserDisplayName, 'dn'],
-				$limit,
-				$offset
-			);
-			return $this->access->nextcloudUserNames($users);
-		} catch (\Exception $e) {
-			return [];
-		}
-	}
-
-	/**
-	 * returns the number of users that have the given group as gid number
-	 *
-	 * @param string $groupDN
-	 * @param string $search
-	 * @param int $limit
-	 * @param int $offset
-	 * @return int
-	 */
-	public function countUsersInGidNumber($groupDN, $search = '', $limit = -1, $offset = 0) {
-		try {
-			$filter = $this->prepareFilterForUsersHasGidNumber($groupDN, $search);
-			$users = $this->access->countUsers($filter, ['dn'], $limit, $offset);
-			return (int)$users;
-		} catch (\Exception $e) {
-			return 0;
-		}
-	}
-
-	/**
-	 * gets the gidNumber of a user
-	 * @param string $dn
-	 * @return string
-	 */
-	public function getUserGroupByGid($dn) {
-		$groupID = $this->getUserGidNumber($dn);
-		if($groupID !== false) {
-			$groupName = $this->gidNumber2Name($groupID, $dn);
-			if($groupName !== false) {
-				return $groupName;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * translates a primary group ID into an Nextcloud internal name
-	 * @param string $gid as given by primaryGroupID on AD
-	 * @param string $dn a DN that belongs to the same domain as the group
-	 * @return string|bool
-	 */
-	public function primaryGroupID2Name($gid, $dn) {
-		$cacheKey = 'primaryGroupIDtoName';
-		$groupNames = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupNames) && isset($groupNames[$gid])) {
-			return $groupNames[$gid];
-		}
-
-		$domainObjectSid = $this->access->getSID($dn);
-		if($domainObjectSid === false) {
-			return false;
-		}
-
-		//we need to get the DN from LDAP
-		$filter = $this->access->combineFilterWithAnd([
-			$this->access->connection->ldapGroupFilter,
-			'objectsid=' . $domainObjectSid . '-' . $gid
-		]);
-		$result = $this->access->searchGroups($filter, ['dn'], 1);
-		if(empty($result)) {
-			return false;
-		}
-		$dn = $result[0]['dn'][0];
-
-		//and now the group name
-		//NOTE once we have separate Nextcloud group IDs and group names we can
-		//directly read the display name attribute instead of the DN
-		$name = $this->access->dn2groupname($dn);
-
-		$this->access->connection->writeToCache($cacheKey, $name);
-
-		return $name;
-	}
-
-	/**
-	 * returns the entry's primary group ID
-	 * @param string $dn
-	 * @param string $attribute
-	 * @return string|bool
-	 */
-	private function getEntryGroupID($dn, $attribute) {
-		$value = $this->access->readAttribute($dn, $attribute);
-		if(is_array($value) && !empty($value)) {
-			return $value[0];
-		}
-		return false;
-	}
-
-	/**
-	 * returns the group's primary ID
-	 * @param string $dn
-	 * @return string|bool
-	 */
-	public function getGroupPrimaryGroupID($dn) {
-		return $this->getEntryGroupID($dn, 'primaryGroupToken');
-	}
-
-	/**
-	 * returns the user's primary group ID
-	 * @param string $dn
-	 * @return string|bool
-	 */
-	public function getUserPrimaryGroupIDs($dn) {
-		$primaryGroupID = false;
-		if($this->access->connection->hasPrimaryGroups) {
-			$primaryGroupID = $this->getEntryGroupID($dn, 'primaryGroupID');
-			if($primaryGroupID === false) {
-				$this->access->connection->hasPrimaryGroups = false;
-			}
-		}
-		return $primaryGroupID;
-	}
-
-	/**
-	 * returns a filter for a "users in primary group" search or count operation
-	 *
-	 * @param string $groupDN
-	 * @param string $search
-	 * @return string
-	 * @throws \Exception
-	 */
-	private function prepareFilterForUsersInPrimaryGroup($groupDN, $search = '') {
-		$groupID = $this->getGroupPrimaryGroupID($groupDN);
-		if($groupID === false) {
-			throw new \Exception('Not a valid group');
-		}
-
-		$filterParts = [];
-		$filterParts[] = $this->access->getFilterForUserCount();
-		if ($search !== '') {
-			$filterParts[] = $this->access->getFilterPartForUserSearch($search);
-		}
-		$filterParts[] = 'primaryGroupID=' . $groupID;
-
-		return $this->access->combineFilterWithAnd($filterParts);
-	}
-
-	/**
-	 * returns a list of users that have the given group as primary group
-	 *
-	 * @param string $groupDN
-	 * @param string $search
-	 * @param int $limit
-	 * @param int $offset
-	 * @return string[]
-	 */
-	public function getUsersInPrimaryGroup($groupDN, $search = '', $limit = -1, $offset = 0) {
-		try {
-			$filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
-			$users = $this->access->fetchListOfUsers(
-				$filter,
-				[$this->access->connection->ldapUserDisplayName, 'dn'],
-				$limit,
-				$offset
-			);
-			return $this->access->nextcloudUserNames($users);
-		} catch (\Exception $e) {
-			return [];
-		}
-	}
-
-	/**
-	 * returns the number of users that have the given group as primary group
-	 *
-	 * @param string $groupDN
-	 * @param string $search
-	 * @param int $limit
-	 * @param int $offset
-	 * @return int
-	 */
-	public function countUsersInPrimaryGroup($groupDN, $search = '', $limit = -1, $offset = 0) {
-		try {
-			$filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
-			$users = $this->access->countUsers($filter, ['dn'], $limit, $offset);
-			return (int)$users;
-		} catch (\Exception $e) {
-			return 0;
-		}
-	}
-
-	/**
-	 * gets the primary group of a user
-	 * @param string $dn
-	 * @return string
-	 */
-	public function getUserPrimaryGroup($dn) {
-		$groupID = $this->getUserPrimaryGroupIDs($dn);
-		if($groupID !== false) {
-			$groupName = $this->primaryGroupID2Name($groupID, $dn);
-			if($groupName !== false) {
-				return $groupName;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Get all groups a user belongs to
-	 * @param string $uid Name of the user
-	 * @return array with group names
-	 *
-	 * This function fetches all groups a user belongs to. It does not check
-	 * if the user exists at all.
-	 *
-	 * This function includes groups based on dynamic group membership.
-	 */
-	public function getUserGroups($uid) {
-		if(!$this->enabled) {
-			return [];
-		}
-		$cacheKey = 'getUserGroups'.$uid;
-		$userGroups = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($userGroups)) {
-			return $userGroups;
-		}
-		$userDN = $this->access->username2dn($uid);
-		if(!$userDN) {
-			$this->access->connection->writeToCache($cacheKey, []);
-			return [];
-		}
-
-		$groups = [];
-		$primaryGroup = $this->getUserPrimaryGroup($userDN);
-		$gidGroupName = $this->getUserGroupByGid($userDN);
-
-		$dynamicGroupMemberURL = strtolower($this->access->connection->ldapDynamicGroupMemberURL);
-
-		if (!empty($dynamicGroupMemberURL)) {
-			// look through dynamic groups to add them to the result array if needed
-			$groupsToMatch = $this->access->fetchListOfGroups(
-				$this->access->connection->ldapGroupFilter,['dn',$dynamicGroupMemberURL]);
-			foreach($groupsToMatch as $dynamicGroup) {
-				if (!array_key_exists($dynamicGroupMemberURL, $dynamicGroup)) {
-					continue;
-				}
-				$pos = strpos($dynamicGroup[$dynamicGroupMemberURL][0], '(');
-				if ($pos !== false) {
-					$memberUrlFilter = substr($dynamicGroup[$dynamicGroupMemberURL][0],$pos);
-					// apply filter via ldap search to see if this user is in this
-					// dynamic group
-					$userMatch = $this->access->readAttribute(
-						$userDN,
-						$this->access->connection->ldapUserDisplayName,
-						$memberUrlFilter
-					);
-					if ($userMatch !== false) {
-						// match found so this user is in this group
-						$groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]);
-						if(is_string($groupName)) {
-							// be sure to never return false if the dn could not be
-							// resolved to a name, for whatever reason.
-							$groups[] = $groupName;
-						}
-					}
-				} else {
-					\OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
-						'of group ' . print_r($dynamicGroup, true), ILogger::DEBUG);
-				}
-			}
-		}
-
-		// if possible, read out membership via memberOf. It's far faster than
-		// performing a search, which still is a fallback later.
-		// memberof doesn't support memberuid, so skip it here.
-		if((int)$this->access->connection->hasMemberOfFilterSupport === 1
-			&& (int)$this->access->connection->useMemberOfToDetectMembership === 1
-		    && strtolower($this->access->connection->ldapGroupMemberAssocAttr) !== 'memberuid'
-		    ) {
-			$groupDNs = $this->_getGroupDNsFromMemberOf($userDN);
-			if (is_array($groupDNs)) {
-				foreach ($groupDNs as $dn) {
-					$groupName = $this->access->dn2groupname($dn);
-					if(is_string($groupName)) {
-						// be sure to never return false if the dn could not be
-						// resolved to a name, for whatever reason.
-						$groups[] = $groupName;
-					}
-				}
-			}
-
-			if($primaryGroup !== false) {
-				$groups[] = $primaryGroup;
-			}
-			if($gidGroupName !== false) {
-				$groups[] = $gidGroupName;
-			}
-			$this->access->connection->writeToCache($cacheKey, $groups);
-			return $groups;
-		}
-
-		//uniqueMember takes DN, memberuid the uid, so we need to distinguish
-		if((strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'uniquemember')
-			|| (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'member')
-		) {
-			$uid = $userDN;
-		} else if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
-			$result = $this->access->readAttribute($userDN, 'uid');
-			if ($result === false) {
-				\OCP\Util::writeLog('user_ldap', 'No uid attribute found for DN ' . $userDN . ' on '.
-					$this->access->connection->ldapHost, ILogger::DEBUG);
-				$uid = false;
-			} else {
-				$uid = $result[0];
-			}
-		} else {
-			// just in case
-			$uid = $userDN;
-		}
-
-		if($uid !== false) {
-			if (isset($this->cachedGroupsByMember[$uid])) {
-				$groups = array_merge($groups, $this->cachedGroupsByMember[$uid]);
-			} else {
-				$groupsByMember = array_values($this->getGroupsByMember($uid));
-				$groupsByMember = $this->access->nextcloudGroupNames($groupsByMember);
-				$this->cachedGroupsByMember[$uid] = $groupsByMember;
-				$groups = array_merge($groups, $groupsByMember);
-			}
-		}
-
-		if($primaryGroup !== false) {
-			$groups[] = $primaryGroup;
-		}
-		if($gidGroupName !== false) {
-			$groups[] = $gidGroupName;
-		}
-
-		$groups = array_unique($groups, SORT_LOCALE_STRING);
-		$this->access->connection->writeToCache($cacheKey, $groups);
-
-		return $groups;
-	}
-
-	/**
-	 * @param string $dn
-	 * @param array|null &$seen
-	 * @return array
-	 */
-	private function getGroupsByMember($dn, &$seen = null) {
-		if ($seen === null) {
-			$seen = [];
-		}
-		if (array_key_exists($dn, $seen)) {
-			// avoid loops
-			return [];
-		}
-		$allGroups = [];
-		$seen[$dn] = true;
-		$filter = $this->access->connection->ldapGroupMemberAssocAttr.'='.$dn;
-		$groups = $this->access->fetchListOfGroups($filter,
-			[$this->access->connection->ldapGroupDisplayName, 'dn']);
-		if (is_array($groups)) {
-			$fetcher = function ($dn, &$seen) {
-				if(is_array($dn) && isset($dn['dn'][0])) {
-					$dn = $dn['dn'][0];
-				}
-				return $this->getGroupsByMember($dn, $seen);
-			};
-			$allGroups = $this->walkNestedGroups($dn, $fetcher, $groups);
-		}
-		$visibleGroups = $this->access->groupsMatchFilter(array_keys($allGroups));
-		return array_intersect_key($allGroups, array_flip($visibleGroups));
-	}
-
-	/**
-	 * get a list of all users in a group
-	 *
-	 * @param string $gid
-	 * @param string $search
-	 * @param int $limit
-	 * @param int $offset
-	 * @return array with user ids
-	 * @throws \Exception
-	 */
-	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
-		if(!$this->enabled) {
-			return [];
-		}
-		if(!$this->groupExists($gid)) {
-			return [];
-		}
-		$search = $this->access->escapeFilterPart($search, true);
-		$cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
-		// check for cache of the exact query
-		$groupUsers = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupUsers)) {
-			return $groupUsers;
-		}
-
-		// check for cache of the query without limit and offset
-		$groupUsers = $this->access->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
-		if(!is_null($groupUsers)) {
-			$groupUsers = array_slice($groupUsers, $offset, $limit);
-			$this->access->connection->writeToCache($cacheKey, $groupUsers);
-			return $groupUsers;
-		}
-
-		if($limit === -1) {
-			$limit = null;
-		}
-		$groupDN = $this->access->groupname2dn($gid);
-		if(!$groupDN) {
-			// group couldn't be found, return empty resultset
-			$this->access->connection->writeToCache($cacheKey, []);
-			return [];
-		}
-
-		$primaryUsers = $this->getUsersInPrimaryGroup($groupDN, $search, $limit, $offset);
-		$posixGroupUsers = $this->getUsersInGidNumber($groupDN, $search, $limit, $offset);
-		$members = $this->_groupMembers($groupDN);
-		if(!$members && empty($posixGroupUsers) && empty($primaryUsers)) {
-			//in case users could not be retrieved, return empty result set
-			$this->access->connection->writeToCache($cacheKey, []);
-			return [];
-		}
-
-		$groupUsers = [];
-		$isMemberUid = (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid');
-		$attrs = $this->access->userManager->getAttributes(true);
-		foreach($members as $member) {
-			if($isMemberUid) {
-				//we got uids, need to get their DNs to 'translate' them to user names
-				$filter = $this->access->combineFilterWithAnd([
-					str_replace('%uid', trim($member), $this->access->connection->ldapLoginFilter),
-					$this->access->combineFilterWithAnd([
-						$this->access->getFilterPartForUserSearch($search),
-						$this->access->connection->ldapUserFilter
-					])
-				]);
-				$ldap_users = $this->access->fetchListOfUsers($filter, $attrs, 1);
-				if(count($ldap_users) < 1) {
-					continue;
-				}
-				$groupUsers[] = $this->access->dn2username($ldap_users[0]['dn'][0]);
-			} else {
-				//we got DNs, check if we need to filter by search or we can give back all of them
-				$uid = $this->access->dn2username($member);
-				if(!$uid) {
-					continue;
-				}
-
-				$cacheKey = 'userExistsOnLDAP' . $uid;
-				$userExists = $this->access->connection->getFromCache($cacheKey);
-				if($userExists === false) {
-					continue;
-				}
-				if($userExists === null || $search !== '') {
-					if (!$this->access->readAttribute($member,
-						$this->access->connection->ldapUserDisplayName,
-						$this->access->combineFilterWithAnd([
-							$this->access->getFilterPartForUserSearch($search),
-							$this->access->connection->ldapUserFilter
-						])))
-					{
-						if($search === '') {
-							$this->access->connection->writeToCache($cacheKey, false);
-						}
-						continue;
-					}
-					$this->access->connection->writeToCache($cacheKey, true);
-				}
-				$groupUsers[] = $uid;
-			}
-		}
-
-		$groupUsers = array_unique(array_merge($groupUsers, $primaryUsers, $posixGroupUsers));
-		natsort($groupUsers);
-		$this->access->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
-		$groupUsers = array_slice($groupUsers, $offset, $limit);
-
-		$this->access->connection->writeToCache($cacheKey, $groupUsers);
-
-		return $groupUsers;
-	}
-
-	/**
-	 * returns the number of users in a group, who match the search term
-	 * @param string $gid the internal group name
-	 * @param string $search optional, a search string
-	 * @return int|bool
-	 */
-	public function countUsersInGroup($gid, $search = '') {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::COUNT_USERS)) {
-			return $this->groupPluginManager->countUsersInGroup($gid, $search);
-		}
-
-		$cacheKey = 'countUsersInGroup-'.$gid.'-'.$search;
-		if(!$this->enabled || !$this->groupExists($gid)) {
-			return false;
-		}
-		$groupUsers = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupUsers)) {
-			return $groupUsers;
-		}
-
-		$groupDN = $this->access->groupname2dn($gid);
-		if(!$groupDN) {
-			// group couldn't be found, return empty result set
-			$this->access->connection->writeToCache($cacheKey, false);
-			return false;
-		}
-
-		$members = $this->_groupMembers($groupDN);
-		$primaryUserCount = $this->countUsersInPrimaryGroup($groupDN, '');
-		if(!$members && $primaryUserCount === 0) {
-			//in case users could not be retrieved, return empty result set
-			$this->access->connection->writeToCache($cacheKey, false);
-			return false;
-		}
-
-		if ($search === '') {
-			$groupUsers = count($members) + $primaryUserCount;
-			$this->access->connection->writeToCache($cacheKey, $groupUsers);
-			return $groupUsers;
-		}
-		$search = $this->access->escapeFilterPart($search, true);
-		$isMemberUid =
-			(strtolower($this->access->connection->ldapGroupMemberAssocAttr)
-			=== 'memberuid');
-
-		//we need to apply the search filter
-		//alternatives that need to be checked:
-		//a) get all users by search filter and array_intersect them
-		//b) a, but only when less than 1k 10k ?k users like it is
-		//c) put all DNs|uids in a LDAP filter, combine with the search string
-		//   and let it count.
-		//For now this is not important, because the only use of this method
-		//does not supply a search string
-		$groupUsers = [];
-		foreach($members as $member) {
-			if($isMemberUid) {
-				//we got uids, need to get their DNs to 'translate' them to user names
-				$filter = $this->access->combineFilterWithAnd([
-					str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
-					$this->access->getFilterPartForUserSearch($search)
-				]);
-				$ldap_users = $this->access->fetchListOfUsers($filter, 'dn', 1);
-				if(count($ldap_users) < 1) {
-					continue;
-				}
-				$groupUsers[] = $this->access->dn2username($ldap_users[0]);
-			} else {
-				//we need to apply the search filter now
-				if(!$this->access->readAttribute($member,
-					$this->access->connection->ldapUserDisplayName,
-					$this->access->getFilterPartForUserSearch($search))) {
-					continue;
-				}
-				// dn2username will also check if the users belong to the allowed base
-				if($ocname = $this->access->dn2username($member)) {
-					$groupUsers[] = $ocname;
-				}
-			}
-		}
-
-		//and get users that have the group as primary
-		$primaryUsers = $this->countUsersInPrimaryGroup($groupDN, $search);
-
-		return count($groupUsers) + $primaryUsers;
-	}
-
-	/**
-	 * get a list of all groups
-	 *
-	 * @param string $search
-	 * @param $limit
-	 * @param int $offset
-	 * @return array with group names
-	 *
-	 * Returns a list with all groups (used by getGroups)
-	 */
-	protected function getGroupsChunk($search = '', $limit = -1, $offset = 0) {
-		if(!$this->enabled) {
-			return [];
-		}
-		$cacheKey = 'getGroups-'.$search.'-'.$limit.'-'.$offset;
-
-		//Check cache before driving unnecessary searches
-		\OCP\Util::writeLog('user_ldap', 'getGroups '.$cacheKey, ILogger::DEBUG);
-		$ldap_groups = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($ldap_groups)) {
-			return $ldap_groups;
-		}
-
-		// if we'd pass -1 to LDAP search, we'd end up in a Protocol
-		// error. With a limit of 0, we get 0 results. So we pass null.
-		if($limit <= 0) {
-			$limit = null;
-		}
-		$filter = $this->access->combineFilterWithAnd([
-			$this->access->connection->ldapGroupFilter,
-			$this->access->getFilterPartForGroupSearch($search)
-		]);
-		\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, ILogger::DEBUG);
-		$ldap_groups = $this->access->fetchListOfGroups($filter,
-				[$this->access->connection->ldapGroupDisplayName, 'dn'],
-				$limit,
-				$offset);
-		$ldap_groups = $this->access->nextcloudGroupNames($ldap_groups);
-
-		$this->access->connection->writeToCache($cacheKey, $ldap_groups);
-		return $ldap_groups;
-	}
-
-	/**
-	 * get a list of all groups using a paged search
-	 *
-	 * @param string $search
-	 * @param int $limit
-	 * @param int $offset
-	 * @return array with group names
-	 *
-	 * Returns a list with all groups
-	 * Uses a paged search if available to override a
-	 * server side search limit.
-	 * (active directory has a limit of 1000 by default)
-	 */
-	public function getGroups($search = '', $limit = -1, $offset = 0) {
-		if(!$this->enabled) {
-			return [];
-		}
-		$search = $this->access->escapeFilterPart($search, true);
-		$pagingSize = (int)$this->access->connection->ldapPagingSize;
-		if ($pagingSize <= 0) {
-			return $this->getGroupsChunk($search, $limit, $offset);
-		}
-		$maxGroups = 100000; // limit max results (just for safety reasons)
-		if ($limit > -1) {
-		   $overallLimit = min($limit + $offset, $maxGroups);
-		} else {
-		   $overallLimit = $maxGroups;
-		}
-		$chunkOffset = $offset;
-		$allGroups = [];
-		while ($chunkOffset < $overallLimit) {
-			$chunkLimit = min($pagingSize, $overallLimit - $chunkOffset);
-			$ldapGroups = $this->getGroupsChunk($search, $chunkLimit, $chunkOffset);
-			$nread = count($ldapGroups);
-			\OCP\Util::writeLog('user_ldap', 'getGroups('.$search.'): read '.$nread.' at offset '.$chunkOffset.' (limit: '.$chunkLimit.')', ILogger::DEBUG);
-			if ($nread) {
-				$allGroups = array_merge($allGroups, $ldapGroups);
-				$chunkOffset += $nread;
-			}
-			if ($nread < $chunkLimit) {
-				break;
-			}
-		}
-		return $allGroups;
-	}
-
-	/**
-	 * @param string $group
-	 * @return bool
-	 */
-	public function groupMatchesFilter($group) {
-		return (strripos($group, $this->groupSearch) !== false);
-	}
-
-	/**
-	 * check if a group exists
-	 * @param string $gid
-	 * @return bool
-	 */
-	public function groupExists($gid) {
-		$groupExists = $this->access->connection->getFromCache('groupExists'.$gid);
-		if(!is_null($groupExists)) {
-			return (bool)$groupExists;
-		}
-
-		//getting dn, if false the group does not exist. If dn, it may be mapped
-		//only, requires more checking.
-		$dn = $this->access->groupname2dn($gid);
-		if(!$dn) {
-			$this->access->connection->writeToCache('groupExists'.$gid, false);
-			return false;
-		}
-
-		//if group really still exists, we will be able to read its objectclass
-		if(!is_array($this->access->readAttribute($dn, ''))) {
-			$this->access->connection->writeToCache('groupExists'.$gid, false);
-			return false;
-		}
-
-		$this->access->connection->writeToCache('groupExists'.$gid, true);
-		return true;
-	}
-
-	/**
-	* Check if backend implements actions
-	* @param int $actions bitwise-or'ed actions
-	* @return boolean
-	*
-	* Returns the supported actions as int to be
-	* compared with GroupInterface::CREATE_GROUP etc.
-	*/
-	public function implementsActions($actions) {
-		return (bool)((GroupInterface::COUNT_USERS |
-				$this->groupPluginManager->getImplementedActions()) & $actions);
-	}
-
-	/**
-	 * Return access for LDAP interaction.
-	 * @return Access instance of Access for LDAP interaction
-	 */
-	public function getLDAPAccess($gid) {
-		return $this->access;
-	}
-
-	/**
-	 * create a group
-	 * @param string $gid
-	 * @return bool
-	 * @throws \Exception
-	 */
-	public function createGroup($gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::CREATE_GROUP)) {
-			if ($dn = $this->groupPluginManager->createGroup($gid)) {
-				//updates group mapping
-				$uuid = $this->access->getUUID($dn, false);
-				if(is_string($uuid)) {
-					$this->access->mapAndAnnounceIfApplicable(
-						$this->access->getGroupMapper(),
-						$dn,
-						$gid,
-						$uuid,
-						false
-					);
-					$this->access->cacheGroupExists($gid);
-				}
-			}
-			return $dn != null;
-		}
-		throw new \Exception('Could not create group in LDAP backend.');
-	}
-
-	/**
-	 * delete a group
-	 * @param string $gid gid of the group to delete
-	 * @return bool
-	 * @throws \Exception
-	 */
-	public function deleteGroup($gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::DELETE_GROUP)) {
-			if ($ret = $this->groupPluginManager->deleteGroup($gid)) {
-				#delete group in nextcloud internal db
-				$this->access->getGroupMapper()->unmap($gid);
-				$this->access->connection->writeToCache("groupExists".$gid, false);
-			}
-			return $ret;
-		}
-		throw new \Exception('Could not delete group in LDAP backend.');
-	}
-
-	/**
-	 * Add a user to a group
-	 * @param string $uid Name of the user to add to group
-	 * @param string $gid Name of the group in which add the user
-	 * @return bool
-	 * @throws \Exception
-	 */
-	public function addToGroup($uid, $gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::ADD_TO_GROUP)) {
-			if ($ret = $this->groupPluginManager->addToGroup($uid, $gid)) {
-				$this->access->connection->clearCache();
-				unset($this->cachedGroupMembers[$gid]);
-			}
-			return $ret;
-		}
-		throw new \Exception('Could not add user to group in LDAP backend.');
-	}
-
-	/**
-	 * Removes a user from a group
-	 * @param string $uid Name of the user to remove from group
-	 * @param string $gid Name of the group from which remove the user
-	 * @return bool
-	 * @throws \Exception
-	 */
-	public function removeFromGroup($uid, $gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::REMOVE_FROM_GROUP)) {
-			if ($ret = $this->groupPluginManager->removeFromGroup($uid, $gid)) {
-				$this->access->connection->clearCache();
-				unset($this->cachedGroupMembers[$gid]);
-			}
-			return $ret;
-		}
-		throw new \Exception('Could not remove user from group in LDAP backend.');
-	}
-
-	/**
-	 * Gets group details
-	 * @param string $gid Name of the group
-	 * @return array | false
-	 * @throws \Exception
-	 */
-	public function getGroupDetails($gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::GROUP_DETAILS)) {
-			return $this->groupPluginManager->getGroupDetails($gid);
-		}
-		throw new \Exception('Could not get group details in LDAP backend.');
-	}
-
-	/**
-	 * Return LDAP connection resource from a cloned connection.
-	 * The cloned connection needs to be closed manually.
-	 * of the current access.
-	 * @param string $gid
-	 * @return resource of the LDAP connection
-	 */
-	public function getNewLDAPConnection($gid) {
-		$connection = clone $this->access->getConnection();
-		return $connection->getConnectionResource();
-	}
-
-	/**
-	 * @throws \OC\ServerNotAvailableException
-	 */
-	public function getDisplayName(string $gid): string {
-		if ($this->groupPluginManager instanceof IGetDisplayNameBackend) {
-			return $this->groupPluginManager->getDisplayName($gid);
-		}
-
-		$cacheKey = 'group_getDisplayName' . $gid;
-		if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
-			return $displayName;
-		}
-
-		$displayName = $this->access->readAttribute(
-			$this->access->groupname2dn($gid),
-			$this->access->connection->ldapGroupDisplayName);
-
-		if ($displayName && (count($displayName) > 0)) {
-			$displayName = $displayName[0];
-			$this->access->connection->writeToCache($cacheKey, $displayName);
-			return $displayName;
-		}
-
-		return '';
-	}
+    protected $enabled = false;
+
+    /**
+     * @var string[] $cachedGroupMembers array of users with gid as key
+     */
+    protected $cachedGroupMembers;
+
+    /**
+     * @var string[] $cachedGroupsByMember array of groups with uid as key
+     */
+    protected $cachedGroupsByMember;
+
+    /**
+     * @var string[] $cachedNestedGroups array of groups with gid (DN) as key
+     */
+    protected $cachedNestedGroups;
+
+    /** @var GroupPluginManager */
+    protected $groupPluginManager;
+
+    public function __construct(Access $access, GroupPluginManager $groupPluginManager) {
+        parent::__construct($access);
+        $filter = $this->access->connection->ldapGroupFilter;
+        $gassoc = $this->access->connection->ldapGroupMemberAssocAttr;
+        if(!empty($filter) && !empty($gassoc)) {
+            $this->enabled = true;
+        }
+
+        $this->cachedGroupMembers = new CappedMemoryCache();
+        $this->cachedGroupsByMember = new CappedMemoryCache();
+        $this->cachedNestedGroups = new CappedMemoryCache();
+        $this->groupPluginManager = $groupPluginManager;
+    }
+
+    /**
+     * is user in group?
+     * @param string $uid uid of the user
+     * @param string $gid gid of the group
+     * @return bool
+     *
+     * Checks whether the user is member of a group or not.
+     */
+    public function inGroup($uid, $gid) {
+        if(!$this->enabled) {
+            return false;
+        }
+        $cacheKey = 'inGroup'.$uid.':'.$gid;
+        $inGroup = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($inGroup)) {
+            return (bool)$inGroup;
+        }
+
+        $userDN = $this->access->username2dn($uid);
+
+        if(isset($this->cachedGroupMembers[$gid])) {
+            $isInGroup = in_array($userDN, $this->cachedGroupMembers[$gid]);
+            return $isInGroup;
+        }
+
+        $cacheKeyMembers = 'inGroup-members:'.$gid;
+        $members = $this->access->connection->getFromCache($cacheKeyMembers);
+        if(!is_null($members)) {
+            $this->cachedGroupMembers[$gid] = $members;
+            $isInGroup = in_array($userDN, $members, true);
+            $this->access->connection->writeToCache($cacheKey, $isInGroup);
+            return $isInGroup;
+        }
+
+        $groupDN = $this->access->groupname2dn($gid);
+        // just in case
+        if(!$groupDN || !$userDN) {
+            $this->access->connection->writeToCache($cacheKey, false);
+            return false;
+        }
+
+        //check primary group first
+        if($gid === $this->getUserPrimaryGroup($userDN)) {
+            $this->access->connection->writeToCache($cacheKey, true);
+            return true;
+        }
+
+        //usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
+        $members = $this->_groupMembers($groupDN);
+        if(!is_array($members) || count($members) === 0) {
+            $this->access->connection->writeToCache($cacheKey, false);
+            return false;
+        }
+
+        //extra work if we don't get back user DNs
+        if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
+            $dns = [];
+            $filterParts = [];
+            $bytes = 0;
+            foreach($members as $mid) {
+                $filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
+                $filterParts[] = $filter;
+                $bytes += strlen($filter);
+                if($bytes >= 9000000) {
+                    // AD has a default input buffer of 10 MB, we do not want
+                    // to take even the chance to exceed it
+                    $filter = $this->access->combineFilterWithOr($filterParts);
+                    $bytes = 0;
+                    $filterParts = [];
+                    $users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
+                    $dns = array_merge($dns, $users);
+                }
+            }
+            if(count($filterParts) > 0) {
+                $filter = $this->access->combineFilterWithOr($filterParts);
+                $users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
+                $dns = array_merge($dns, $users);
+            }
+            $members = $dns;
+        }
+
+        $isInGroup = in_array($userDN, $members);
+        $this->access->connection->writeToCache($cacheKey, $isInGroup);
+        $this->access->connection->writeToCache($cacheKeyMembers, $members);
+        $this->cachedGroupMembers[$gid] = $members;
+
+        return $isInGroup;
+    }
+
+    /**
+     * @param string $dnGroup
+     * @return array
+     *
+     * For a group that has user membership defined by an LDAP search url attribute returns the users
+     * that match the search url otherwise returns an empty array.
+     */
+    public function getDynamicGroupMembers($dnGroup) {
+        $dynamicGroupMemberURL = strtolower($this->access->connection->ldapDynamicGroupMemberURL);
+
+        if (empty($dynamicGroupMemberURL)) {
+            return [];
+        }
+
+        $dynamicMembers = [];
+        $memberURLs = $this->access->readAttribute(
+            $dnGroup,
+            $dynamicGroupMemberURL,
+            $this->access->connection->ldapGroupFilter
+        );
+        if ($memberURLs !== false) {
+            // this group has the 'memberURL' attribute so this is a dynamic group
+            // example 1: ldap:///cn=users,cn=accounts,dc=dcsubbase,dc=dcbase??one?(o=HeadOffice)
+            // example 2: ldap:///cn=users,cn=accounts,dc=dcsubbase,dc=dcbase??one?(&(o=HeadOffice)(uidNumber>=500))
+            $pos = strpos($memberURLs[0], '(');
+            if ($pos !== false) {
+                $memberUrlFilter = substr($memberURLs[0], $pos);
+                $foundMembers = $this->access->searchUsers($memberUrlFilter,'dn');
+                $dynamicMembers = [];
+                foreach($foundMembers as $value) {
+                    $dynamicMembers[$value['dn'][0]] = 1;
+                }
+            } else {
+                \OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
+                    'of group ' . $dnGroup, ILogger::DEBUG);
+            }
+        }
+        return $dynamicMembers;
+    }
+
+    /**
+     * @param string $dnGroup
+     * @param array|null &$seen
+     * @return array|mixed|null
+     * @throws \OC\ServerNotAvailableException
+     */
+    private function _groupMembers($dnGroup, &$seen = null) {
+        if ($seen === null) {
+            $seen = [];
+        }
+        $allMembers = [];
+        if (array_key_exists($dnGroup, $seen)) {
+            // avoid loops
+            return [];
+        }
+        // used extensively in cron job, caching makes sense for nested groups
+        $cacheKey = '_groupMembers'.$dnGroup;
+        $groupMembers = $this->access->connection->getFromCache($cacheKey);
+        if($groupMembers !== null) {
+            return $groupMembers;
+        }
+        $seen[$dnGroup] = 1;
+        $members = $this->access->readAttribute($dnGroup, $this->access->connection->ldapGroupMemberAssocAttr);
+        if (is_array($members)) {
+            $fetcher = function($memberDN, &$seen) {
+                return $this->_groupMembers($memberDN, $seen);
+            };
+            $allMembers = $this->walkNestedGroups($dnGroup, $fetcher, $members);
+        }
+
+        $allMembers += $this->getDynamicGroupMembers($dnGroup);
+
+        $this->access->connection->writeToCache($cacheKey, $allMembers);
+        return $allMembers;
+    }
+
+    /**
+     * @param string $DN
+     * @param array|null &$seen
+     * @return array
+     * @throws \OC\ServerNotAvailableException
+     */
+    private function _getGroupDNsFromMemberOf($DN) {
+        $groups = $this->access->readAttribute($DN, 'memberOf');
+        if (!is_array($groups)) {
+            return [];
+        }
+
+        $fetcher = function($groupDN) {
+            if (isset($this->cachedNestedGroups[$groupDN])) {
+                $nestedGroups = $this->cachedNestedGroups[$groupDN];
+            } else {
+                $nestedGroups = $this->access->readAttribute($groupDN, 'memberOf');
+                if (!is_array($nestedGroups)) {
+                    $nestedGroups = [];
+                }
+                $this->cachedNestedGroups[$groupDN] = $nestedGroups;
+            }
+            return $nestedGroups;
+        };
+
+        $groups = $this->walkNestedGroups($DN, $fetcher, $groups);
+        return $this->access->groupsMatchFilter($groups);
+    }
+
+    /**
+     * @param string $dn
+     * @param \Closure $fetcher args: string $dn, array $seen, returns: string[] of dns
+     * @param array $list
+     * @return array
+     */
+    private function walkNestedGroups(string $dn, \Closure $fetcher, array $list): array {
+        $nesting = (int) $this->access->connection->ldapNestedGroups;
+        // depending on the input, we either have a list of DNs or a list of LDAP records
+        // also, the output expects either DNs or records. Testing the first element should suffice.
+        $recordMode = is_array($list) && isset($list[0]) && is_array($list[0]) && isset($list[0]['dn'][0]);
+
+        if ($nesting !== 1) {
+            if($recordMode) {
+                // the keys are numeric, but should hold the DN
+                return array_reduce($list, function ($transformed, $record) use ($dn) {
+                    if($record['dn'][0] != $dn) {
+                        $transformed[$record['dn'][0]] = $record;
+                    }
+                    return $transformed;
+                }, []);
+            }
+            return $list;
+        }
+
+        $seen = [];
+        while ($record = array_pop($list)) {
+            $recordDN = $recordMode ? $record['dn'][0] : $record;
+            if ($recordDN === $dn || array_key_exists($recordDN, $seen)) {
+                // Prevent loops
+                continue;
+            }
+            $fetched = $fetcher($record, $seen);
+            $list = array_merge($list, $fetched);
+            $seen[$recordDN] = $record;
+        }
+
+        return $recordMode ? $seen : array_keys($seen);
+    }
+
+    /**
+     * translates a gidNumber into an ownCloud internal name
+     * @param string $gid as given by gidNumber on POSIX LDAP
+     * @param string $dn a DN that belongs to the same domain as the group
+     * @return string|bool
+     */
+    public function gidNumber2Name($gid, $dn) {
+        $cacheKey = 'gidNumberToName' . $gid;
+        $groupName = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($groupName) && isset($groupName)) {
+            return $groupName;
+        }
+
+        //we need to get the DN from LDAP
+        $filter = $this->access->combineFilterWithAnd([
+            $this->access->connection->ldapGroupFilter,
+            'objectClass=posixGroup',
+            $this->access->connection->ldapGidNumber . '=' . $gid
+        ]);
+        $result = $this->access->searchGroups($filter, ['dn'], 1);
+        if(empty($result)) {
+            return false;
+        }
+        $dn = $result[0]['dn'][0];
+
+        //and now the group name
+        //NOTE once we have separate ownCloud group IDs and group names we can
+        //directly read the display name attribute instead of the DN
+        $name = $this->access->dn2groupname($dn);
+
+        $this->access->connection->writeToCache($cacheKey, $name);
+
+        return $name;
+    }
+
+    /**
+     * returns the entry's gidNumber
+     * @param string $dn
+     * @param string $attribute
+     * @return string|bool
+     */
+    private function getEntryGidNumber($dn, $attribute) {
+        $value = $this->access->readAttribute($dn, $attribute);
+        if(is_array($value) && !empty($value)) {
+            return $value[0];
+        }
+        return false;
+    }
+
+    /**
+     * returns the group's primary ID
+     * @param string $dn
+     * @return string|bool
+     */
+    public function getGroupGidNumber($dn) {
+        return $this->getEntryGidNumber($dn, 'gidNumber');
+    }
+
+    /**
+     * returns the user's gidNumber
+     * @param string $dn
+     * @return string|bool
+     */
+    public function getUserGidNumber($dn) {
+        $gidNumber = false;
+        if($this->access->connection->hasGidNumber) {
+            $gidNumber = $this->getEntryGidNumber($dn, $this->access->connection->ldapGidNumber);
+            if($gidNumber === false) {
+                $this->access->connection->hasGidNumber = false;
+            }
+        }
+        return $gidNumber;
+    }
+
+    /**
+     * returns a filter for a "users has specific gid" search or count operation
+     *
+     * @param string $groupDN
+     * @param string $search
+     * @return string
+     * @throws \Exception
+     */
+    private function prepareFilterForUsersHasGidNumber($groupDN, $search = '') {
+        $groupID = $this->getGroupGidNumber($groupDN);
+        if($groupID === false) {
+            throw new \Exception('Not a valid group');
+        }
+
+        $filterParts = [];
+        $filterParts[] = $this->access->getFilterForUserCount();
+        if ($search !== '') {
+            $filterParts[] = $this->access->getFilterPartForUserSearch($search);
+        }
+        $filterParts[] = $this->access->connection->ldapGidNumber .'=' . $groupID;
+
+        return $this->access->combineFilterWithAnd($filterParts);
+    }
+
+    /**
+     * returns a list of users that have the given group as gid number
+     *
+     * @param string $groupDN
+     * @param string $search
+     * @param int $limit
+     * @param int $offset
+     * @return string[]
+     */
+    public function getUsersInGidNumber($groupDN, $search = '', $limit = -1, $offset = 0) {
+        try {
+            $filter = $this->prepareFilterForUsersHasGidNumber($groupDN, $search);
+            $users = $this->access->fetchListOfUsers(
+                $filter,
+                [$this->access->connection->ldapUserDisplayName, 'dn'],
+                $limit,
+                $offset
+            );
+            return $this->access->nextcloudUserNames($users);
+        } catch (\Exception $e) {
+            return [];
+        }
+    }
+
+    /**
+     * returns the number of users that have the given group as gid number
+     *
+     * @param string $groupDN
+     * @param string $search
+     * @param int $limit
+     * @param int $offset
+     * @return int
+     */
+    public function countUsersInGidNumber($groupDN, $search = '', $limit = -1, $offset = 0) {
+        try {
+            $filter = $this->prepareFilterForUsersHasGidNumber($groupDN, $search);
+            $users = $this->access->countUsers($filter, ['dn'], $limit, $offset);
+            return (int)$users;
+        } catch (\Exception $e) {
+            return 0;
+        }
+    }
+
+    /**
+     * gets the gidNumber of a user
+     * @param string $dn
+     * @return string
+     */
+    public function getUserGroupByGid($dn) {
+        $groupID = $this->getUserGidNumber($dn);
+        if($groupID !== false) {
+            $groupName = $this->gidNumber2Name($groupID, $dn);
+            if($groupName !== false) {
+                return $groupName;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * translates a primary group ID into an Nextcloud internal name
+     * @param string $gid as given by primaryGroupID on AD
+     * @param string $dn a DN that belongs to the same domain as the group
+     * @return string|bool
+     */
+    public function primaryGroupID2Name($gid, $dn) {
+        $cacheKey = 'primaryGroupIDtoName';
+        $groupNames = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($groupNames) && isset($groupNames[$gid])) {
+            return $groupNames[$gid];
+        }
+
+        $domainObjectSid = $this->access->getSID($dn);
+        if($domainObjectSid === false) {
+            return false;
+        }
+
+        //we need to get the DN from LDAP
+        $filter = $this->access->combineFilterWithAnd([
+            $this->access->connection->ldapGroupFilter,
+            'objectsid=' . $domainObjectSid . '-' . $gid
+        ]);
+        $result = $this->access->searchGroups($filter, ['dn'], 1);
+        if(empty($result)) {
+            return false;
+        }
+        $dn = $result[0]['dn'][0];
+
+        //and now the group name
+        //NOTE once we have separate Nextcloud group IDs and group names we can
+        //directly read the display name attribute instead of the DN
+        $name = $this->access->dn2groupname($dn);
+
+        $this->access->connection->writeToCache($cacheKey, $name);
+
+        return $name;
+    }
+
+    /**
+     * returns the entry's primary group ID
+     * @param string $dn
+     * @param string $attribute
+     * @return string|bool
+     */
+    private function getEntryGroupID($dn, $attribute) {
+        $value = $this->access->readAttribute($dn, $attribute);
+        if(is_array($value) && !empty($value)) {
+            return $value[0];
+        }
+        return false;
+    }
+
+    /**
+     * returns the group's primary ID
+     * @param string $dn
+     * @return string|bool
+     */
+    public function getGroupPrimaryGroupID($dn) {
+        return $this->getEntryGroupID($dn, 'primaryGroupToken');
+    }
+
+    /**
+     * returns the user's primary group ID
+     * @param string $dn
+     * @return string|bool
+     */
+    public function getUserPrimaryGroupIDs($dn) {
+        $primaryGroupID = false;
+        if($this->access->connection->hasPrimaryGroups) {
+            $primaryGroupID = $this->getEntryGroupID($dn, 'primaryGroupID');
+            if($primaryGroupID === false) {
+                $this->access->connection->hasPrimaryGroups = false;
+            }
+        }
+        return $primaryGroupID;
+    }
+
+    /**
+     * returns a filter for a "users in primary group" search or count operation
+     *
+     * @param string $groupDN
+     * @param string $search
+     * @return string
+     * @throws \Exception
+     */
+    private function prepareFilterForUsersInPrimaryGroup($groupDN, $search = '') {
+        $groupID = $this->getGroupPrimaryGroupID($groupDN);
+        if($groupID === false) {
+            throw new \Exception('Not a valid group');
+        }
+
+        $filterParts = [];
+        $filterParts[] = $this->access->getFilterForUserCount();
+        if ($search !== '') {
+            $filterParts[] = $this->access->getFilterPartForUserSearch($search);
+        }
+        $filterParts[] = 'primaryGroupID=' . $groupID;
+
+        return $this->access->combineFilterWithAnd($filterParts);
+    }
+
+    /**
+     * returns a list of users that have the given group as primary group
+     *
+     * @param string $groupDN
+     * @param string $search
+     * @param int $limit
+     * @param int $offset
+     * @return string[]
+     */
+    public function getUsersInPrimaryGroup($groupDN, $search = '', $limit = -1, $offset = 0) {
+        try {
+            $filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
+            $users = $this->access->fetchListOfUsers(
+                $filter,
+                [$this->access->connection->ldapUserDisplayName, 'dn'],
+                $limit,
+                $offset
+            );
+            return $this->access->nextcloudUserNames($users);
+        } catch (\Exception $e) {
+            return [];
+        }
+    }
+
+    /**
+     * returns the number of users that have the given group as primary group
+     *
+     * @param string $groupDN
+     * @param string $search
+     * @param int $limit
+     * @param int $offset
+     * @return int
+     */
+    public function countUsersInPrimaryGroup($groupDN, $search = '', $limit = -1, $offset = 0) {
+        try {
+            $filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
+            $users = $this->access->countUsers($filter, ['dn'], $limit, $offset);
+            return (int)$users;
+        } catch (\Exception $e) {
+            return 0;
+        }
+    }
+
+    /**
+     * gets the primary group of a user
+     * @param string $dn
+     * @return string
+     */
+    public function getUserPrimaryGroup($dn) {
+        $groupID = $this->getUserPrimaryGroupIDs($dn);
+        if($groupID !== false) {
+            $groupName = $this->primaryGroupID2Name($groupID, $dn);
+            if($groupName !== false) {
+                return $groupName;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Get all groups a user belongs to
+     * @param string $uid Name of the user
+     * @return array with group names
+     *
+     * This function fetches all groups a user belongs to. It does not check
+     * if the user exists at all.
+     *
+     * This function includes groups based on dynamic group membership.
+     */
+    public function getUserGroups($uid) {
+        if(!$this->enabled) {
+            return [];
+        }
+        $cacheKey = 'getUserGroups'.$uid;
+        $userGroups = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($userGroups)) {
+            return $userGroups;
+        }
+        $userDN = $this->access->username2dn($uid);
+        if(!$userDN) {
+            $this->access->connection->writeToCache($cacheKey, []);
+            return [];
+        }
+
+        $groups = [];
+        $primaryGroup = $this->getUserPrimaryGroup($userDN);
+        $gidGroupName = $this->getUserGroupByGid($userDN);
+
+        $dynamicGroupMemberURL = strtolower($this->access->connection->ldapDynamicGroupMemberURL);
+
+        if (!empty($dynamicGroupMemberURL)) {
+            // look through dynamic groups to add them to the result array if needed
+            $groupsToMatch = $this->access->fetchListOfGroups(
+                $this->access->connection->ldapGroupFilter,['dn',$dynamicGroupMemberURL]);
+            foreach($groupsToMatch as $dynamicGroup) {
+                if (!array_key_exists($dynamicGroupMemberURL, $dynamicGroup)) {
+                    continue;
+                }
+                $pos = strpos($dynamicGroup[$dynamicGroupMemberURL][0], '(');
+                if ($pos !== false) {
+                    $memberUrlFilter = substr($dynamicGroup[$dynamicGroupMemberURL][0],$pos);
+                    // apply filter via ldap search to see if this user is in this
+                    // dynamic group
+                    $userMatch = $this->access->readAttribute(
+                        $userDN,
+                        $this->access->connection->ldapUserDisplayName,
+                        $memberUrlFilter
+                    );
+                    if ($userMatch !== false) {
+                        // match found so this user is in this group
+                        $groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]);
+                        if(is_string($groupName)) {
+                            // be sure to never return false if the dn could not be
+                            // resolved to a name, for whatever reason.
+                            $groups[] = $groupName;
+                        }
+                    }
+                } else {
+                    \OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
+                        'of group ' . print_r($dynamicGroup, true), ILogger::DEBUG);
+                }
+            }
+        }
+
+        // if possible, read out membership via memberOf. It's far faster than
+        // performing a search, which still is a fallback later.
+        // memberof doesn't support memberuid, so skip it here.
+        if((int)$this->access->connection->hasMemberOfFilterSupport === 1
+            && (int)$this->access->connection->useMemberOfToDetectMembership === 1
+            && strtolower($this->access->connection->ldapGroupMemberAssocAttr) !== 'memberuid'
+            ) {
+            $groupDNs = $this->_getGroupDNsFromMemberOf($userDN);
+            if (is_array($groupDNs)) {
+                foreach ($groupDNs as $dn) {
+                    $groupName = $this->access->dn2groupname($dn);
+                    if(is_string($groupName)) {
+                        // be sure to never return false if the dn could not be
+                        // resolved to a name, for whatever reason.
+                        $groups[] = $groupName;
+                    }
+                }
+            }
+
+            if($primaryGroup !== false) {
+                $groups[] = $primaryGroup;
+            }
+            if($gidGroupName !== false) {
+                $groups[] = $gidGroupName;
+            }
+            $this->access->connection->writeToCache($cacheKey, $groups);
+            return $groups;
+        }
+
+        //uniqueMember takes DN, memberuid the uid, so we need to distinguish
+        if((strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'uniquemember')
+            || (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'member')
+        ) {
+            $uid = $userDN;
+        } else if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
+            $result = $this->access->readAttribute($userDN, 'uid');
+            if ($result === false) {
+                \OCP\Util::writeLog('user_ldap', 'No uid attribute found for DN ' . $userDN . ' on '.
+                    $this->access->connection->ldapHost, ILogger::DEBUG);
+                $uid = false;
+            } else {
+                $uid = $result[0];
+            }
+        } else {
+            // just in case
+            $uid = $userDN;
+        }
+
+        if($uid !== false) {
+            if (isset($this->cachedGroupsByMember[$uid])) {
+                $groups = array_merge($groups, $this->cachedGroupsByMember[$uid]);
+            } else {
+                $groupsByMember = array_values($this->getGroupsByMember($uid));
+                $groupsByMember = $this->access->nextcloudGroupNames($groupsByMember);
+                $this->cachedGroupsByMember[$uid] = $groupsByMember;
+                $groups = array_merge($groups, $groupsByMember);
+            }
+        }
+
+        if($primaryGroup !== false) {
+            $groups[] = $primaryGroup;
+        }
+        if($gidGroupName !== false) {
+            $groups[] = $gidGroupName;
+        }
+
+        $groups = array_unique($groups, SORT_LOCALE_STRING);
+        $this->access->connection->writeToCache($cacheKey, $groups);
+
+        return $groups;
+    }
+
+    /**
+     * @param string $dn
+     * @param array|null &$seen
+     * @return array
+     */
+    private function getGroupsByMember($dn, &$seen = null) {
+        if ($seen === null) {
+            $seen = [];
+        }
+        if (array_key_exists($dn, $seen)) {
+            // avoid loops
+            return [];
+        }
+        $allGroups = [];
+        $seen[$dn] = true;
+        $filter = $this->access->connection->ldapGroupMemberAssocAttr.'='.$dn;
+        $groups = $this->access->fetchListOfGroups($filter,
+            [$this->access->connection->ldapGroupDisplayName, 'dn']);
+        if (is_array($groups)) {
+            $fetcher = function ($dn, &$seen) {
+                if(is_array($dn) && isset($dn['dn'][0])) {
+                    $dn = $dn['dn'][0];
+                }
+                return $this->getGroupsByMember($dn, $seen);
+            };
+            $allGroups = $this->walkNestedGroups($dn, $fetcher, $groups);
+        }
+        $visibleGroups = $this->access->groupsMatchFilter(array_keys($allGroups));
+        return array_intersect_key($allGroups, array_flip($visibleGroups));
+    }
+
+    /**
+     * get a list of all users in a group
+     *
+     * @param string $gid
+     * @param string $search
+     * @param int $limit
+     * @param int $offset
+     * @return array with user ids
+     * @throws \Exception
+     */
+    public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
+        if(!$this->enabled) {
+            return [];
+        }
+        if(!$this->groupExists($gid)) {
+            return [];
+        }
+        $search = $this->access->escapeFilterPart($search, true);
+        $cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
+        // check for cache of the exact query
+        $groupUsers = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($groupUsers)) {
+            return $groupUsers;
+        }
+
+        // check for cache of the query without limit and offset
+        $groupUsers = $this->access->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
+        if(!is_null($groupUsers)) {
+            $groupUsers = array_slice($groupUsers, $offset, $limit);
+            $this->access->connection->writeToCache($cacheKey, $groupUsers);
+            return $groupUsers;
+        }
+
+        if($limit === -1) {
+            $limit = null;
+        }
+        $groupDN = $this->access->groupname2dn($gid);
+        if(!$groupDN) {
+            // group couldn't be found, return empty resultset
+            $this->access->connection->writeToCache($cacheKey, []);
+            return [];
+        }
+
+        $primaryUsers = $this->getUsersInPrimaryGroup($groupDN, $search, $limit, $offset);
+        $posixGroupUsers = $this->getUsersInGidNumber($groupDN, $search, $limit, $offset);
+        $members = $this->_groupMembers($groupDN);
+        if(!$members && empty($posixGroupUsers) && empty($primaryUsers)) {
+            //in case users could not be retrieved, return empty result set
+            $this->access->connection->writeToCache($cacheKey, []);
+            return [];
+        }
+
+        $groupUsers = [];
+        $isMemberUid = (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid');
+        $attrs = $this->access->userManager->getAttributes(true);
+        foreach($members as $member) {
+            if($isMemberUid) {
+                //we got uids, need to get their DNs to 'translate' them to user names
+                $filter = $this->access->combineFilterWithAnd([
+                    str_replace('%uid', trim($member), $this->access->connection->ldapLoginFilter),
+                    $this->access->combineFilterWithAnd([
+                        $this->access->getFilterPartForUserSearch($search),
+                        $this->access->connection->ldapUserFilter
+                    ])
+                ]);
+                $ldap_users = $this->access->fetchListOfUsers($filter, $attrs, 1);
+                if(count($ldap_users) < 1) {
+                    continue;
+                }
+                $groupUsers[] = $this->access->dn2username($ldap_users[0]['dn'][0]);
+            } else {
+                //we got DNs, check if we need to filter by search or we can give back all of them
+                $uid = $this->access->dn2username($member);
+                if(!$uid) {
+                    continue;
+                }
+
+                $cacheKey = 'userExistsOnLDAP' . $uid;
+                $userExists = $this->access->connection->getFromCache($cacheKey);
+                if($userExists === false) {
+                    continue;
+                }
+                if($userExists === null || $search !== '') {
+                    if (!$this->access->readAttribute($member,
+                        $this->access->connection->ldapUserDisplayName,
+                        $this->access->combineFilterWithAnd([
+                            $this->access->getFilterPartForUserSearch($search),
+                            $this->access->connection->ldapUserFilter
+                        ])))
+                    {
+                        if($search === '') {
+                            $this->access->connection->writeToCache($cacheKey, false);
+                        }
+                        continue;
+                    }
+                    $this->access->connection->writeToCache($cacheKey, true);
+                }
+                $groupUsers[] = $uid;
+            }
+        }
+
+        $groupUsers = array_unique(array_merge($groupUsers, $primaryUsers, $posixGroupUsers));
+        natsort($groupUsers);
+        $this->access->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
+        $groupUsers = array_slice($groupUsers, $offset, $limit);
+
+        $this->access->connection->writeToCache($cacheKey, $groupUsers);
+
+        return $groupUsers;
+    }
+
+    /**
+     * returns the number of users in a group, who match the search term
+     * @param string $gid the internal group name
+     * @param string $search optional, a search string
+     * @return int|bool
+     */
+    public function countUsersInGroup($gid, $search = '') {
+        if ($this->groupPluginManager->implementsActions(GroupInterface::COUNT_USERS)) {
+            return $this->groupPluginManager->countUsersInGroup($gid, $search);
+        }
+
+        $cacheKey = 'countUsersInGroup-'.$gid.'-'.$search;
+        if(!$this->enabled || !$this->groupExists($gid)) {
+            return false;
+        }
+        $groupUsers = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($groupUsers)) {
+            return $groupUsers;
+        }
+
+        $groupDN = $this->access->groupname2dn($gid);
+        if(!$groupDN) {
+            // group couldn't be found, return empty result set
+            $this->access->connection->writeToCache($cacheKey, false);
+            return false;
+        }
+
+        $members = $this->_groupMembers($groupDN);
+        $primaryUserCount = $this->countUsersInPrimaryGroup($groupDN, '');
+        if(!$members && $primaryUserCount === 0) {
+            //in case users could not be retrieved, return empty result set
+            $this->access->connection->writeToCache($cacheKey, false);
+            return false;
+        }
+
+        if ($search === '') {
+            $groupUsers = count($members) + $primaryUserCount;
+            $this->access->connection->writeToCache($cacheKey, $groupUsers);
+            return $groupUsers;
+        }
+        $search = $this->access->escapeFilterPart($search, true);
+        $isMemberUid =
+            (strtolower($this->access->connection->ldapGroupMemberAssocAttr)
+            === 'memberuid');
+
+        //we need to apply the search filter
+        //alternatives that need to be checked:
+        //a) get all users by search filter and array_intersect them
+        //b) a, but only when less than 1k 10k ?k users like it is
+        //c) put all DNs|uids in a LDAP filter, combine with the search string
+        //   and let it count.
+        //For now this is not important, because the only use of this method
+        //does not supply a search string
+        $groupUsers = [];
+        foreach($members as $member) {
+            if($isMemberUid) {
+                //we got uids, need to get their DNs to 'translate' them to user names
+                $filter = $this->access->combineFilterWithAnd([
+                    str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
+                    $this->access->getFilterPartForUserSearch($search)
+                ]);
+                $ldap_users = $this->access->fetchListOfUsers($filter, 'dn', 1);
+                if(count($ldap_users) < 1) {
+                    continue;
+                }
+                $groupUsers[] = $this->access->dn2username($ldap_users[0]);
+            } else {
+                //we need to apply the search filter now
+                if(!$this->access->readAttribute($member,
+                    $this->access->connection->ldapUserDisplayName,
+                    $this->access->getFilterPartForUserSearch($search))) {
+                    continue;
+                }
+                // dn2username will also check if the users belong to the allowed base
+                if($ocname = $this->access->dn2username($member)) {
+                    $groupUsers[] = $ocname;
+                }
+            }
+        }
+
+        //and get users that have the group as primary
+        $primaryUsers = $this->countUsersInPrimaryGroup($groupDN, $search);
+
+        return count($groupUsers) + $primaryUsers;
+    }
+
+    /**
+     * get a list of all groups
+     *
+     * @param string $search
+     * @param $limit
+     * @param int $offset
+     * @return array with group names
+     *
+     * Returns a list with all groups (used by getGroups)
+     */
+    protected function getGroupsChunk($search = '', $limit = -1, $offset = 0) {
+        if(!$this->enabled) {
+            return [];
+        }
+        $cacheKey = 'getGroups-'.$search.'-'.$limit.'-'.$offset;
+
+        //Check cache before driving unnecessary searches
+        \OCP\Util::writeLog('user_ldap', 'getGroups '.$cacheKey, ILogger::DEBUG);
+        $ldap_groups = $this->access->connection->getFromCache($cacheKey);
+        if(!is_null($ldap_groups)) {
+            return $ldap_groups;
+        }
+
+        // if we'd pass -1 to LDAP search, we'd end up in a Protocol
+        // error. With a limit of 0, we get 0 results. So we pass null.
+        if($limit <= 0) {
+            $limit = null;
+        }
+        $filter = $this->access->combineFilterWithAnd([
+            $this->access->connection->ldapGroupFilter,
+            $this->access->getFilterPartForGroupSearch($search)
+        ]);
+        \OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, ILogger::DEBUG);
+        $ldap_groups = $this->access->fetchListOfGroups($filter,
+                [$this->access->connection->ldapGroupDisplayName, 'dn'],
+                $limit,
+                $offset);
+        $ldap_groups = $this->access->nextcloudGroupNames($ldap_groups);
+
+        $this->access->connection->writeToCache($cacheKey, $ldap_groups);
+        return $ldap_groups;
+    }
+
+    /**
+     * get a list of all groups using a paged search
+     *
+     * @param string $search
+     * @param int $limit
+     * @param int $offset
+     * @return array with group names
+     *
+     * Returns a list with all groups
+     * Uses a paged search if available to override a
+     * server side search limit.
+     * (active directory has a limit of 1000 by default)
+     */
+    public function getGroups($search = '', $limit = -1, $offset = 0) {
+        if(!$this->enabled) {
+            return [];
+        }
+        $search = $this->access->escapeFilterPart($search, true);
+        $pagingSize = (int)$this->access->connection->ldapPagingSize;
+        if ($pagingSize <= 0) {
+            return $this->getGroupsChunk($search, $limit, $offset);
+        }
+        $maxGroups = 100000; // limit max results (just for safety reasons)
+        if ($limit > -1) {
+            $overallLimit = min($limit + $offset, $maxGroups);
+        } else {
+            $overallLimit = $maxGroups;
+        }
+        $chunkOffset = $offset;
+        $allGroups = [];
+        while ($chunkOffset < $overallLimit) {
+            $chunkLimit = min($pagingSize, $overallLimit - $chunkOffset);
+            $ldapGroups = $this->getGroupsChunk($search, $chunkLimit, $chunkOffset);
+            $nread = count($ldapGroups);
+            \OCP\Util::writeLog('user_ldap', 'getGroups('.$search.'): read '.$nread.' at offset '.$chunkOffset.' (limit: '.$chunkLimit.')', ILogger::DEBUG);
+            if ($nread) {
+                $allGroups = array_merge($allGroups, $ldapGroups);
+                $chunkOffset += $nread;
+            }
+            if ($nread < $chunkLimit) {
+                break;
+            }
+        }
+        return $allGroups;
+    }
+
+    /**
+     * @param string $group
+     * @return bool
+     */
+    public function groupMatchesFilter($group) {
+        return (strripos($group, $this->groupSearch) !== false);
+    }
+
+    /**
+     * check if a group exists
+     * @param string $gid
+     * @return bool
+     */
+    public function groupExists($gid) {
+        $groupExists = $this->access->connection->getFromCache('groupExists'.$gid);
+        if(!is_null($groupExists)) {
+            return (bool)$groupExists;
+        }
+
+        //getting dn, if false the group does not exist. If dn, it may be mapped
+        //only, requires more checking.
+        $dn = $this->access->groupname2dn($gid);
+        if(!$dn) {
+            $this->access->connection->writeToCache('groupExists'.$gid, false);
+            return false;
+        }
+
+        //if group really still exists, we will be able to read its objectclass
+        if(!is_array($this->access->readAttribute($dn, ''))) {
+            $this->access->connection->writeToCache('groupExists'.$gid, false);
+            return false;
+        }
+
+        $this->access->connection->writeToCache('groupExists'.$gid, true);
+        return true;
+    }
+
+    /**
+     * Check if backend implements actions
+     * @param int $actions bitwise-or'ed actions
+     * @return boolean
+     *
+     * Returns the supported actions as int to be
+     * compared with GroupInterface::CREATE_GROUP etc.
+     */
+    public function implementsActions($actions) {
+        return (bool)((GroupInterface::COUNT_USERS |
+                $this->groupPluginManager->getImplementedActions()) & $actions);
+    }
+
+    /**
+     * Return access for LDAP interaction.
+     * @return Access instance of Access for LDAP interaction
+     */
+    public function getLDAPAccess($gid) {
+        return $this->access;
+    }
+
+    /**
+     * create a group
+     * @param string $gid
+     * @return bool
+     * @throws \Exception
+     */
+    public function createGroup($gid) {
+        if ($this->groupPluginManager->implementsActions(GroupInterface::CREATE_GROUP)) {
+            if ($dn = $this->groupPluginManager->createGroup($gid)) {
+                //updates group mapping
+                $uuid = $this->access->getUUID($dn, false);
+                if(is_string($uuid)) {
+                    $this->access->mapAndAnnounceIfApplicable(
+                        $this->access->getGroupMapper(),
+                        $dn,
+                        $gid,
+                        $uuid,
+                        false
+                    );
+                    $this->access->cacheGroupExists($gid);
+                }
+            }
+            return $dn != null;
+        }
+        throw new \Exception('Could not create group in LDAP backend.');
+    }
+
+    /**
+     * delete a group
+     * @param string $gid gid of the group to delete
+     * @return bool
+     * @throws \Exception
+     */
+    public function deleteGroup($gid) {
+        if ($this->groupPluginManager->implementsActions(GroupInterface::DELETE_GROUP)) {
+            if ($ret = $this->groupPluginManager->deleteGroup($gid)) {
+                #delete group in nextcloud internal db
+                $this->access->getGroupMapper()->unmap($gid);
+                $this->access->connection->writeToCache("groupExists".$gid, false);
+            }
+            return $ret;
+        }
+        throw new \Exception('Could not delete group in LDAP backend.');
+    }
+
+    /**
+     * Add a user to a group
+     * @param string $uid Name of the user to add to group
+     * @param string $gid Name of the group in which add the user
+     * @return bool
+     * @throws \Exception
+     */
+    public function addToGroup($uid, $gid) {
+        if ($this->groupPluginManager->implementsActions(GroupInterface::ADD_TO_GROUP)) {
+            if ($ret = $this->groupPluginManager->addToGroup($uid, $gid)) {
+                $this->access->connection->clearCache();
+                unset($this->cachedGroupMembers[$gid]);
+            }
+            return $ret;
+        }
+        throw new \Exception('Could not add user to group in LDAP backend.');
+    }
+
+    /**
+     * Removes a user from a group
+     * @param string $uid Name of the user to remove from group
+     * @param string $gid Name of the group from which remove the user
+     * @return bool
+     * @throws \Exception
+     */
+    public function removeFromGroup($uid, $gid) {
+        if ($this->groupPluginManager->implementsActions(GroupInterface::REMOVE_FROM_GROUP)) {
+            if ($ret = $this->groupPluginManager->removeFromGroup($uid, $gid)) {
+                $this->access->connection->clearCache();
+                unset($this->cachedGroupMembers[$gid]);
+            }
+            return $ret;
+        }
+        throw new \Exception('Could not remove user from group in LDAP backend.');
+    }
+
+    /**
+     * Gets group details
+     * @param string $gid Name of the group
+     * @return array | false
+     * @throws \Exception
+     */
+    public function getGroupDetails($gid) {
+        if ($this->groupPluginManager->implementsActions(GroupInterface::GROUP_DETAILS)) {
+            return $this->groupPluginManager->getGroupDetails($gid);
+        }
+        throw new \Exception('Could not get group details in LDAP backend.');
+    }
+
+    /**
+     * Return LDAP connection resource from a cloned connection.
+     * The cloned connection needs to be closed manually.
+     * of the current access.
+     * @param string $gid
+     * @return resource of the LDAP connection
+     */
+    public function getNewLDAPConnection($gid) {
+        $connection = clone $this->access->getConnection();
+        return $connection->getConnectionResource();
+    }
+
+    /**
+     * @throws \OC\ServerNotAvailableException
+     */
+    public function getDisplayName(string $gid): string {
+        if ($this->groupPluginManager instanceof IGetDisplayNameBackend) {
+            return $this->groupPluginManager->getDisplayName($gid);
+        }
+
+        $cacheKey = 'group_getDisplayName' . $gid;
+        if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
+            return $displayName;
+        }
+
+        $displayName = $this->access->readAttribute(
+            $this->access->groupname2dn($gid),
+            $this->access->connection->ldapGroupDisplayName);
+
+        if ($displayName && (count($displayName) > 0)) {
+            $displayName = $displayName[0];
+            $this->access->connection->writeToCache($cacheKey, $displayName);
+            return $displayName;
+        }
+
+        return '';
+    }
 }

Please login to merge, or discard this patch.

Spacing +101 added lines, -101 removed lines patch added patch discarded remove patch

@@ -72,7 +72,7 @@  discard block
 block discarded – undo
 		parent::__construct($access);
 		$filter = $this->access->connection->ldapGroupFilter;
 		$gassoc = $this->access->connection->ldapGroupMemberAssocAttr;
-		if(!empty($filter) && !empty($gassoc)) {
+		if (!empty($filter) && !empty($gassoc)) {
 			$this->enabled = true;
 		}
 
@@ -91,25 +91,25 @@  discard block
 block discarded – undo
 	 * Checks whether the user is member of a group or not.
 	 */
 	public function inGroup($uid, $gid) {
-		if(!$this->enabled) {
+		if (!$this->enabled) {
 			return false;
 		}
 		$cacheKey = 'inGroup'.$uid.':'.$gid;
 		$inGroup = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($inGroup)) {
-			return (bool)$inGroup;
+		if (!is_null($inGroup)) {
+			return (bool) $inGroup;
 		}
 
 		$userDN = $this->access->username2dn($uid);
 
-		if(isset($this->cachedGroupMembers[$gid])) {
+		if (isset($this->cachedGroupMembers[$gid])) {
 			$isInGroup = in_array($userDN, $this->cachedGroupMembers[$gid]);
 			return $isInGroup;
 		}
 
 		$cacheKeyMembers = 'inGroup-members:'.$gid;
 		$members = $this->access->connection->getFromCache($cacheKeyMembers);
-		if(!is_null($members)) {
+		if (!is_null($members)) {
 			$this->cachedGroupMembers[$gid] = $members;
 			$isInGroup = in_array($userDN, $members, true);
 			$this->access->connection->writeToCache($cacheKey, $isInGroup);
@@ -118,34 +118,34 @@  discard block
 block discarded – undo
 
 		$groupDN = $this->access->groupname2dn($gid);
 		// just in case
-		if(!$groupDN || !$userDN) {
+		if (!$groupDN || !$userDN) {
 			$this->access->connection->writeToCache($cacheKey, false);
 			return false;
 		}
 
 		//check primary group first
-		if($gid === $this->getUserPrimaryGroup($userDN)) {
+		if ($gid === $this->getUserPrimaryGroup($userDN)) {
 			$this->access->connection->writeToCache($cacheKey, true);
 			return true;
 		}
 
 		//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
 		$members = $this->_groupMembers($groupDN);
-		if(!is_array($members) || count($members) === 0) {
+		if (!is_array($members) || count($members) === 0) {
 			$this->access->connection->writeToCache($cacheKey, false);
 			return false;
 		}
 
 		//extra work if we don't get back user DNs
-		if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
+		if (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
 			$dns = [];
 			$filterParts = [];
 			$bytes = 0;
-			foreach($members as $mid) {
+			foreach ($members as $mid) {
 				$filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
 				$filterParts[] = $filter;
 				$bytes += strlen($filter);
-				if($bytes >= 9000000) {
+				if ($bytes >= 9000000) {
 					// AD has a default input buffer of 10 MB, we do not want
 					// to take even the chance to exceed it
 					$filter = $this->access->combineFilterWithOr($filterParts);
@@ -155,7 +155,7 @@  discard block
 block discarded – undo
 					$dns = array_merge($dns, $users);
 				}
 			}
-			if(count($filterParts) > 0) {
+			if (count($filterParts) > 0) {
 				$filter = $this->access->combineFilterWithOr($filterParts);
 				$users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
 				$dns = array_merge($dns, $users);
@@ -198,14 +198,14 @@  discard block
 block discarded – undo
 			$pos = strpos($memberURLs[0], '(');
 			if ($pos !== false) {
 				$memberUrlFilter = substr($memberURLs[0], $pos);
-				$foundMembers = $this->access->searchUsers($memberUrlFilter,'dn');
+				$foundMembers = $this->access->searchUsers($memberUrlFilter, 'dn');
 				$dynamicMembers = [];
-				foreach($foundMembers as $value) {
+				foreach ($foundMembers as $value) {
 					$dynamicMembers[$value['dn'][0]] = 1;
 				}
 			} else {
 				\OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
-					'of group ' . $dnGroup, ILogger::DEBUG);
+					'of group '.$dnGroup, ILogger::DEBUG);
 			}
 		}
 		return $dynamicMembers;
@@ -229,7 +229,7 @@  discard block
 block discarded – undo
 		// used extensively in cron job, caching makes sense for nested groups
 		$cacheKey = '_groupMembers'.$dnGroup;
 		$groupMembers = $this->access->connection->getFromCache($cacheKey);
-		if($groupMembers !== null) {
+		if ($groupMembers !== null) {
 			return $groupMembers;
 		}
 		$seen[$dnGroup] = 1;
@@ -289,10 +289,10 @@  discard block
 block discarded – undo
 		$recordMode = is_array($list) && isset($list[0]) && is_array($list[0]) && isset($list[0]['dn'][0]);
 
 		if ($nesting !== 1) {
-			if($recordMode) {
+			if ($recordMode) {
 				// the keys are numeric, but should hold the DN
-				return array_reduce($list, function ($transformed, $record) use ($dn) {
-					if($record['dn'][0] != $dn) {
+				return array_reduce($list, function($transformed, $record) use ($dn) {
+					if ($record['dn'][0] != $dn) {
 						$transformed[$record['dn'][0]] = $record;
 					}
 					return $transformed;
@@ -323,9 +323,9 @@  discard block
 block discarded – undo
 	 * @return string|bool
 	 */
 	public function gidNumber2Name($gid, $dn) {
-		$cacheKey = 'gidNumberToName' . $gid;
+		$cacheKey = 'gidNumberToName'.$gid;
 		$groupName = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupName) && isset($groupName)) {
+		if (!is_null($groupName) && isset($groupName)) {
 			return $groupName;
 		}
 
@@ -333,10 +333,10 @@  discard block
 block discarded – undo
 		$filter = $this->access->combineFilterWithAnd([
 			$this->access->connection->ldapGroupFilter,
 			'objectClass=posixGroup',
-			$this->access->connection->ldapGidNumber . '=' . $gid
+			$this->access->connection->ldapGidNumber.'='.$gid
 		]);
 		$result = $this->access->searchGroups($filter, ['dn'], 1);
-		if(empty($result)) {
+		if (empty($result)) {
 			return false;
 		}
 		$dn = $result[0]['dn'][0];
@@ -359,7 +359,7 @@  discard block
 block discarded – undo
 	 */
 	private function getEntryGidNumber($dn, $attribute) {
 		$value = $this->access->readAttribute($dn, $attribute);
-		if(is_array($value) && !empty($value)) {
+		if (is_array($value) && !empty($value)) {
 			return $value[0];
 		}
 		return false;
@@ -381,9 +381,9 @@  discard block
 block discarded – undo
 	 */
 	public function getUserGidNumber($dn) {
 		$gidNumber = false;
-		if($this->access->connection->hasGidNumber) {
+		if ($this->access->connection->hasGidNumber) {
 			$gidNumber = $this->getEntryGidNumber($dn, $this->access->connection->ldapGidNumber);
-			if($gidNumber === false) {
+			if ($gidNumber === false) {
 				$this->access->connection->hasGidNumber = false;
 			}
 		}
@@ -400,7 +400,7 @@  discard block
 block discarded – undo
 	 */
 	private function prepareFilterForUsersHasGidNumber($groupDN, $search = '') {
 		$groupID = $this->getGroupGidNumber($groupDN);
-		if($groupID === false) {
+		if ($groupID === false) {
 			throw new \Exception('Not a valid group');
 		}
 
@@ -409,7 +409,7 @@  discard block
 block discarded – undo
 		if ($search !== '') {
 			$filterParts[] = $this->access->getFilterPartForUserSearch($search);
 		}
-		$filterParts[] = $this->access->connection->ldapGidNumber .'=' . $groupID;
+		$filterParts[] = $this->access->connection->ldapGidNumber.'='.$groupID;
 
 		return $this->access->combineFilterWithAnd($filterParts);
 	}
@@ -451,7 +451,7 @@  discard block
 block discarded – undo
 		try {
 			$filter = $this->prepareFilterForUsersHasGidNumber($groupDN, $search);
 			$users = $this->access->countUsers($filter, ['dn'], $limit, $offset);
-			return (int)$users;
+			return (int) $users;
 		} catch (\Exception $e) {
 			return 0;
 		}
@@ -464,9 +464,9 @@  discard block
 block discarded – undo
 	 */
 	public function getUserGroupByGid($dn) {
 		$groupID = $this->getUserGidNumber($dn);
-		if($groupID !== false) {
+		if ($groupID !== false) {
 			$groupName = $this->gidNumber2Name($groupID, $dn);
-			if($groupName !== false) {
+			if ($groupName !== false) {
 				return $groupName;
 			}
 		}
@@ -483,22 +483,22 @@  discard block
 block discarded – undo
 	public function primaryGroupID2Name($gid, $dn) {
 		$cacheKey = 'primaryGroupIDtoName';
 		$groupNames = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupNames) && isset($groupNames[$gid])) {
+		if (!is_null($groupNames) && isset($groupNames[$gid])) {
 			return $groupNames[$gid];
 		}
 
 		$domainObjectSid = $this->access->getSID($dn);
-		if($domainObjectSid === false) {
+		if ($domainObjectSid === false) {
 			return false;
 		}
 
 		//we need to get the DN from LDAP
 		$filter = $this->access->combineFilterWithAnd([
 			$this->access->connection->ldapGroupFilter,
-			'objectsid=' . $domainObjectSid . '-' . $gid
+			'objectsid='.$domainObjectSid.'-'.$gid
 		]);
 		$result = $this->access->searchGroups($filter, ['dn'], 1);
-		if(empty($result)) {
+		if (empty($result)) {
 			return false;
 		}
 		$dn = $result[0]['dn'][0];
@@ -521,7 +521,7 @@  discard block
 block discarded – undo
 	 */
 	private function getEntryGroupID($dn, $attribute) {
 		$value = $this->access->readAttribute($dn, $attribute);
-		if(is_array($value) && !empty($value)) {
+		if (is_array($value) && !empty($value)) {
 			return $value[0];
 		}
 		return false;
@@ -543,9 +543,9 @@  discard block
 block discarded – undo
 	 */
 	public function getUserPrimaryGroupIDs($dn) {
 		$primaryGroupID = false;
-		if($this->access->connection->hasPrimaryGroups) {
+		if ($this->access->connection->hasPrimaryGroups) {
 			$primaryGroupID = $this->getEntryGroupID($dn, 'primaryGroupID');
-			if($primaryGroupID === false) {
+			if ($primaryGroupID === false) {
 				$this->access->connection->hasPrimaryGroups = false;
 			}
 		}
@@ -562,7 +562,7 @@  discard block
 block discarded – undo
 	 */
 	private function prepareFilterForUsersInPrimaryGroup($groupDN, $search = '') {
 		$groupID = $this->getGroupPrimaryGroupID($groupDN);
-		if($groupID === false) {
+		if ($groupID === false) {
 			throw new \Exception('Not a valid group');
 		}
 
@@ -571,7 +571,7 @@  discard block
 block discarded – undo
 		if ($search !== '') {
 			$filterParts[] = $this->access->getFilterPartForUserSearch($search);
 		}
-		$filterParts[] = 'primaryGroupID=' . $groupID;
+		$filterParts[] = 'primaryGroupID='.$groupID;
 
 		return $this->access->combineFilterWithAnd($filterParts);
 	}
@@ -613,7 +613,7 @@  discard block
 block discarded – undo
 		try {
 			$filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
 			$users = $this->access->countUsers($filter, ['dn'], $limit, $offset);
-			return (int)$users;
+			return (int) $users;
 		} catch (\Exception $e) {
 			return 0;
 		}
@@ -626,9 +626,9 @@  discard block
 block discarded – undo
 	 */
 	public function getUserPrimaryGroup($dn) {
 		$groupID = $this->getUserPrimaryGroupIDs($dn);
-		if($groupID !== false) {
+		if ($groupID !== false) {
 			$groupName = $this->primaryGroupID2Name($groupID, $dn);
-			if($groupName !== false) {
+			if ($groupName !== false) {
 				return $groupName;
 			}
 		}
@@ -647,16 +647,16 @@  discard block
 block discarded – undo
 	 * This function includes groups based on dynamic group membership.
 	 */
 	public function getUserGroups($uid) {
-		if(!$this->enabled) {
+		if (!$this->enabled) {
 			return [];
 		}
 		$cacheKey = 'getUserGroups'.$uid;
 		$userGroups = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($userGroups)) {
+		if (!is_null($userGroups)) {
 			return $userGroups;
 		}
 		$userDN = $this->access->username2dn($uid);
-		if(!$userDN) {
+		if (!$userDN) {
 			$this->access->connection->writeToCache($cacheKey, []);
 			return [];
 		}
@@ -670,14 +670,14 @@  discard block
 block discarded – undo
 		if (!empty($dynamicGroupMemberURL)) {
 			// look through dynamic groups to add them to the result array if needed
 			$groupsToMatch = $this->access->fetchListOfGroups(
-				$this->access->connection->ldapGroupFilter,['dn',$dynamicGroupMemberURL]);
-			foreach($groupsToMatch as $dynamicGroup) {
+				$this->access->connection->ldapGroupFilter, ['dn', $dynamicGroupMemberURL]);
+			foreach ($groupsToMatch as $dynamicGroup) {
 				if (!array_key_exists($dynamicGroupMemberURL, $dynamicGroup)) {
 					continue;
 				}
 				$pos = strpos($dynamicGroup[$dynamicGroupMemberURL][0], '(');
 				if ($pos !== false) {
-					$memberUrlFilter = substr($dynamicGroup[$dynamicGroupMemberURL][0],$pos);
+					$memberUrlFilter = substr($dynamicGroup[$dynamicGroupMemberURL][0], $pos);
 					// apply filter via ldap search to see if this user is in this
 					// dynamic group
 					$userMatch = $this->access->readAttribute(
@@ -688,7 +688,7 @@  discard block
 block discarded – undo
 					if ($userMatch !== false) {
 						// match found so this user is in this group
 						$groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]);
-						if(is_string($groupName)) {
+						if (is_string($groupName)) {
 							// be sure to never return false if the dn could not be
 							// resolved to a name, for whatever reason.
 							$groups[] = $groupName;
@@ -696,7 +696,7 @@  discard block
 block discarded – undo
 					}
 				} else {
 					\OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
-						'of group ' . print_r($dynamicGroup, true), ILogger::DEBUG);
+						'of group '.print_r($dynamicGroup, true), ILogger::DEBUG);
 				}
 			}
 		}
@@ -704,15 +704,15 @@  discard block
 block discarded – undo
 		// if possible, read out membership via memberOf. It's far faster than
 		// performing a search, which still is a fallback later.
 		// memberof doesn't support memberuid, so skip it here.
-		if((int)$this->access->connection->hasMemberOfFilterSupport === 1
-			&& (int)$this->access->connection->useMemberOfToDetectMembership === 1
+		if ((int) $this->access->connection->hasMemberOfFilterSupport === 1
+			&& (int) $this->access->connection->useMemberOfToDetectMembership === 1
 		    && strtolower($this->access->connection->ldapGroupMemberAssocAttr) !== 'memberuid'
 		    ) {
 			$groupDNs = $this->_getGroupDNsFromMemberOf($userDN);
 			if (is_array($groupDNs)) {
 				foreach ($groupDNs as $dn) {
 					$groupName = $this->access->dn2groupname($dn);
-					if(is_string($groupName)) {
+					if (is_string($groupName)) {
 						// be sure to never return false if the dn could not be
 						// resolved to a name, for whatever reason.
 						$groups[] = $groupName;
@@ -720,10 +720,10 @@  discard block
 block discarded – undo
 				}
 			}
 
-			if($primaryGroup !== false) {
+			if ($primaryGroup !== false) {
 				$groups[] = $primaryGroup;
 			}
-			if($gidGroupName !== false) {
+			if ($gidGroupName !== false) {
 				$groups[] = $gidGroupName;
 			}
 			$this->access->connection->writeToCache($cacheKey, $groups);
@@ -731,14 +731,14 @@  discard block
 block discarded – undo
 		}
 
 		//uniqueMember takes DN, memberuid the uid, so we need to distinguish
-		if((strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'uniquemember')
+		if ((strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'uniquemember')
 			|| (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'member')
 		) {
 			$uid = $userDN;
-		} else if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
+		} else if (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
 			$result = $this->access->readAttribute($userDN, 'uid');
 			if ($result === false) {
-				\OCP\Util::writeLog('user_ldap', 'No uid attribute found for DN ' . $userDN . ' on '.
+				\OCP\Util::writeLog('user_ldap', 'No uid attribute found for DN '.$userDN.' on '.
 					$this->access->connection->ldapHost, ILogger::DEBUG);
 				$uid = false;
 			} else {
@@ -749,7 +749,7 @@  discard block
 block discarded – undo
 			$uid = $userDN;
 		}
 
-		if($uid !== false) {
+		if ($uid !== false) {
 			if (isset($this->cachedGroupsByMember[$uid])) {
 				$groups = array_merge($groups, $this->cachedGroupsByMember[$uid]);
 			} else {
@@ -760,10 +760,10 @@  discard block
 block discarded – undo
 			}
 		}
 
-		if($primaryGroup !== false) {
+		if ($primaryGroup !== false) {
 			$groups[] = $primaryGroup;
 		}
-		if($gidGroupName !== false) {
+		if ($gidGroupName !== false) {
 			$groups[] = $gidGroupName;
 		}
 
@@ -792,8 +792,8 @@  discard block
 block discarded – undo
 		$groups = $this->access->fetchListOfGroups($filter,
 			[$this->access->connection->ldapGroupDisplayName, 'dn']);
 		if (is_array($groups)) {
-			$fetcher = function ($dn, &$seen) {
-				if(is_array($dn) && isset($dn['dn'][0])) {
+			$fetcher = function($dn, &$seen) {
+				if (is_array($dn) && isset($dn['dn'][0])) {
 					$dn = $dn['dn'][0];
 				}
 				return $this->getGroupsByMember($dn, $seen);
@@ -815,33 +815,33 @@  discard block
 block discarded – undo
 	 * @throws \Exception
 	 */
 	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
-		if(!$this->enabled) {
+		if (!$this->enabled) {
 			return [];
 		}
-		if(!$this->groupExists($gid)) {
+		if (!$this->groupExists($gid)) {
 			return [];
 		}
 		$search = $this->access->escapeFilterPart($search, true);
 		$cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
 		// check for cache of the exact query
 		$groupUsers = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupUsers)) {
+		if (!is_null($groupUsers)) {
 			return $groupUsers;
 		}
 
 		// check for cache of the query without limit and offset
 		$groupUsers = $this->access->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
-		if(!is_null($groupUsers)) {
+		if (!is_null($groupUsers)) {
 			$groupUsers = array_slice($groupUsers, $offset, $limit);
 			$this->access->connection->writeToCache($cacheKey, $groupUsers);
 			return $groupUsers;
 		}
 
-		if($limit === -1) {
+		if ($limit === -1) {
 			$limit = null;
 		}
 		$groupDN = $this->access->groupname2dn($gid);
-		if(!$groupDN) {
+		if (!$groupDN) {
 			// group couldn't be found, return empty resultset
 			$this->access->connection->writeToCache($cacheKey, []);
 			return [];
@@ -850,7 +850,7 @@  discard block
 block discarded – undo
 		$primaryUsers = $this->getUsersInPrimaryGroup($groupDN, $search, $limit, $offset);
 		$posixGroupUsers = $this->getUsersInGidNumber($groupDN, $search, $limit, $offset);
 		$members = $this->_groupMembers($groupDN);
-		if(!$members && empty($posixGroupUsers) && empty($primaryUsers)) {
+		if (!$members && empty($posixGroupUsers) && empty($primaryUsers)) {
 			//in case users could not be retrieved, return empty result set
 			$this->access->connection->writeToCache($cacheKey, []);
 			return [];
@@ -859,8 +859,8 @@  discard block
 block discarded – undo
 		$groupUsers = [];
 		$isMemberUid = (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid');
 		$attrs = $this->access->userManager->getAttributes(true);
-		foreach($members as $member) {
-			if($isMemberUid) {
+		foreach ($members as $member) {
+			if ($isMemberUid) {
 				//we got uids, need to get their DNs to 'translate' them to user names
 				$filter = $this->access->combineFilterWithAnd([
 					str_replace('%uid', trim($member), $this->access->connection->ldapLoginFilter),
@@ -870,23 +870,23 @@  discard block
 block discarded – undo
 					])
 				]);
 				$ldap_users = $this->access->fetchListOfUsers($filter, $attrs, 1);
-				if(count($ldap_users) < 1) {
+				if (count($ldap_users) < 1) {
 					continue;
 				}
 				$groupUsers[] = $this->access->dn2username($ldap_users[0]['dn'][0]);
 			} else {
 				//we got DNs, check if we need to filter by search or we can give back all of them
 				$uid = $this->access->dn2username($member);
-				if(!$uid) {
+				if (!$uid) {
 					continue;
 				}
 
-				$cacheKey = 'userExistsOnLDAP' . $uid;
+				$cacheKey = 'userExistsOnLDAP'.$uid;
 				$userExists = $this->access->connection->getFromCache($cacheKey);
-				if($userExists === false) {
+				if ($userExists === false) {
 					continue;
 				}
-				if($userExists === null || $search !== '') {
+				if ($userExists === null || $search !== '') {
 					if (!$this->access->readAttribute($member,
 						$this->access->connection->ldapUserDisplayName,
 						$this->access->combineFilterWithAnd([
@@ -894,7 +894,7 @@  discard block
 block discarded – undo
 							$this->access->connection->ldapUserFilter
 						])))
 					{
-						if($search === '') {
+						if ($search === '') {
 							$this->access->connection->writeToCache($cacheKey, false);
 						}
 						continue;
@@ -927,16 +927,16 @@  discard block
 block discarded – undo
 		}
 
 		$cacheKey = 'countUsersInGroup-'.$gid.'-'.$search;
-		if(!$this->enabled || !$this->groupExists($gid)) {
+		if (!$this->enabled || !$this->groupExists($gid)) {
 			return false;
 		}
 		$groupUsers = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($groupUsers)) {
+		if (!is_null($groupUsers)) {
 			return $groupUsers;
 		}
 
 		$groupDN = $this->access->groupname2dn($gid);
-		if(!$groupDN) {
+		if (!$groupDN) {
 			// group couldn't be found, return empty result set
 			$this->access->connection->writeToCache($cacheKey, false);
 			return false;
@@ -944,7 +944,7 @@  discard block
 block discarded – undo
 
 		$members = $this->_groupMembers($groupDN);
 		$primaryUserCount = $this->countUsersInPrimaryGroup($groupDN, '');
-		if(!$members && $primaryUserCount === 0) {
+		if (!$members && $primaryUserCount === 0) {
 			//in case users could not be retrieved, return empty result set
 			$this->access->connection->writeToCache($cacheKey, false);
 			return false;
@@ -969,27 +969,27 @@  discard block
 block discarded – undo
 		//For now this is not important, because the only use of this method
 		//does not supply a search string
 		$groupUsers = [];
-		foreach($members as $member) {
-			if($isMemberUid) {
+		foreach ($members as $member) {
+			if ($isMemberUid) {
 				//we got uids, need to get their DNs to 'translate' them to user names
 				$filter = $this->access->combineFilterWithAnd([
 					str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
 					$this->access->getFilterPartForUserSearch($search)
 				]);
 				$ldap_users = $this->access->fetchListOfUsers($filter, 'dn', 1);
-				if(count($ldap_users) < 1) {
+				if (count($ldap_users) < 1) {
 					continue;
 				}
 				$groupUsers[] = $this->access->dn2username($ldap_users[0]);
 			} else {
 				//we need to apply the search filter now
-				if(!$this->access->readAttribute($member,
+				if (!$this->access->readAttribute($member,
 					$this->access->connection->ldapUserDisplayName,
 					$this->access->getFilterPartForUserSearch($search))) {
 					continue;
 				}
 				// dn2username will also check if the users belong to the allowed base
-				if($ocname = $this->access->dn2username($member)) {
+				if ($ocname = $this->access->dn2username($member)) {
 					$groupUsers[] = $ocname;
 				}
 			}
@@ -1012,7 +1012,7 @@  discard block
 block discarded – undo
 	 * Returns a list with all groups (used by getGroups)
 	 */
 	protected function getGroupsChunk($search = '', $limit = -1, $offset = 0) {
-		if(!$this->enabled) {
+		if (!$this->enabled) {
 			return [];
 		}
 		$cacheKey = 'getGroups-'.$search.'-'.$limit.'-'.$offset;
@@ -1020,13 +1020,13 @@  discard block
 block discarded – undo
 		//Check cache before driving unnecessary searches
 		\OCP\Util::writeLog('user_ldap', 'getGroups '.$cacheKey, ILogger::DEBUG);
 		$ldap_groups = $this->access->connection->getFromCache($cacheKey);
-		if(!is_null($ldap_groups)) {
+		if (!is_null($ldap_groups)) {
 			return $ldap_groups;
 		}
 
 		// if we'd pass -1 to LDAP search, we'd end up in a Protocol
 		// error. With a limit of 0, we get 0 results. So we pass null.
-		if($limit <= 0) {
+		if ($limit <= 0) {
 			$limit = null;
 		}
 		$filter = $this->access->combineFilterWithAnd([
@@ -1058,11 +1058,11 @@  discard block
 block discarded – undo
 	 * (active directory has a limit of 1000 by default)
 	 */
 	public function getGroups($search = '', $limit = -1, $offset = 0) {
-		if(!$this->enabled) {
+		if (!$this->enabled) {
 			return [];
 		}
 		$search = $this->access->escapeFilterPart($search, true);
-		$pagingSize = (int)$this->access->connection->ldapPagingSize;
+		$pagingSize = (int) $this->access->connection->ldapPagingSize;
 		if ($pagingSize <= 0) {
 			return $this->getGroupsChunk($search, $limit, $offset);
 		}
@@ -1105,20 +1105,20 @@  discard block
 block discarded – undo
 	 */
 	public function groupExists($gid) {
 		$groupExists = $this->access->connection->getFromCache('groupExists'.$gid);
-		if(!is_null($groupExists)) {
-			return (bool)$groupExists;
+		if (!is_null($groupExists)) {
+			return (bool) $groupExists;
 		}
 
 		//getting dn, if false the group does not exist. If dn, it may be mapped
 		//only, requires more checking.
 		$dn = $this->access->groupname2dn($gid);
-		if(!$dn) {
+		if (!$dn) {
 			$this->access->connection->writeToCache('groupExists'.$gid, false);
 			return false;
 		}
 
 		//if group really still exists, we will be able to read its objectclass
-		if(!is_array($this->access->readAttribute($dn, ''))) {
+		if (!is_array($this->access->readAttribute($dn, ''))) {
 			$this->access->connection->writeToCache('groupExists'.$gid, false);
 			return false;
 		}
@@ -1136,7 +1136,7 @@  discard block
 block discarded – undo
 	* compared with GroupInterface::CREATE_GROUP etc.
 	*/
 	public function implementsActions($actions) {
-		return (bool)((GroupInterface::COUNT_USERS |
+		return (bool) ((GroupInterface::COUNT_USERS |
 				$this->groupPluginManager->getImplementedActions()) & $actions);
 	}
 
@@ -1159,7 +1159,7 @@  discard block
 block discarded – undo
 			if ($dn = $this->groupPluginManager->createGroup($gid)) {
 				//updates group mapping
 				$uuid = $this->access->getUUID($dn, false);
-				if(is_string($uuid)) {
+				if (is_string($uuid)) {
 					$this->access->mapAndAnnounceIfApplicable(
 						$this->access->getGroupMapper(),
 						$dn,
@@ -1262,7 +1262,7 @@  discard block
 block discarded – undo
 			return $this->groupPluginManager->getDisplayName($gid);
 		}
 
-		$cacheKey = 'group_getDisplayName' . $gid;
+		$cacheKey = 'group_getDisplayName'.$gid;
 		if (!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
 			return $displayName;
 		}

Please login to merge, or discard this patch.

		@@ -35,26 +35,26 @@
		block discarded – undo
35	35	$subject = (string)$_POST['ldap_clear_mapping'];
36	36	$mapping = null;
37	37	try {
38		- if($subject === 'user') {
39		- $mapping = new UserMapping(\OC::$server->getDatabaseConnection());
40		- $result = $mapping->clearCb(
41		- function ($uid) {
42		- \OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
43		- },
44		- function ($uid) {
45		- \OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
46		- }
47		- );
48		- } else if($subject === 'group') {
49		- $mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
50		- $result = $mapping->clear();
51		- }
	38	+ if($subject === 'user') {
	39	+ $mapping = new UserMapping(\OC::$server->getDatabaseConnection());
	40	+ $result = $mapping->clearCb(
	41	+ function ($uid) {
	42	+ \OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
	43	+ },
	44	+ function ($uid) {
	45	+ \OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
	46	+ }
	47	+ );
	48	+ } else if($subject === 'group') {
	49	+ $mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
	50	+ $result = $mapping->clear();
	51	+ }
52	52
53		- if($mapping === null \|\| !$result) {
54		- $l = \OC::$server->getL10N('user_ldap');
55		- throw new \Exception($l->t('Failed to clear the mappings.'));
56		- }
57		- \OC_JSON::success();
	53	+ if($mapping === null \|\| !$result) {
	54	+ $l = \OC::$server->getL10N('user_ldap');
	55	+ throw new \Exception($l->t('Failed to clear the mappings.'));
	56	+ }
	57	+ \OC_JSON::success();
58	58	} catch (\Exception $e) {
59		- \OC_JSON::error(['message' => $e->getMessage()]);
	59	+ \OC_JSON::error(['message' => $e->getMessage()]);
60	60	}

		@@ -32,13 +32,13 @@
		block discarded – undo
32	32	$serverConnections = $helper->getServerConfigurationPrefixes();
33	33	sort($serverConnections);
34	34	$lk = array_pop($serverConnections);
35		-$ln = (int)str_replace('s', '', $lk);
36		-$nk = 's'.str_pad($ln+1, 2, '0', STR_PAD_LEFT);
	35	+$ln = (int) str_replace('s', '', $lk);
	36	+$nk = 's'.str_pad($ln + 1, 2, '0', STR_PAD_LEFT);
37	37
38	38	$resultData = ['configPrefix' => $nk];
39	39
40	40	$newConfig = new \OCA\User_LDAP\Configuration($nk, false);
41		-if(isset($_POST['copyConfig'])) {
	41	+if (isset($_POST['copyConfig'])) {
42	42	$originalConfig = new \OCA\User_LDAP\Configuration($_POST['copyConfig']);
43	43	$newConfig->setConfiguration($originalConfig->getConfiguration());
44	44	} else {

		@@ -2,14 +2,14 @@
		block discarded – undo
2	2	<p>
3	3	<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
4	4	<?php
5		- $i = 1;
6		- $sel = ' selected';
7		- foreach($_['serverConfigurationPrefixes'] as $prefix) {
8		- ?>
	5	+ $i = 1;
	6	+ $sel = ' selected';
	7	+ foreach($_['serverConfigurationPrefixes'] as $prefix) {
	8	+ ?>
9	9	<option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($l->t('%s. Server:', [$i++]));?> <?php p(' '.$_['serverConfigurationHosts'][$prefix]); ?></option>
10	10	<?php
11		- }
12		- ?>
	11	+ }
	12	+ ?>
13	13	</select>
14	14	<button type="button" id="ldap_action_add_configuration"
15	15	name="ldap_action_add_configuration" class="icon-add icon-default-style"

		@@ -4,23 +4,23 @@ discard block
		block discarded – undo
4	4	<?php
5	5	$i = 1;
6	6	$sel = ' selected';
7		- foreach($_['serverConfigurationPrefixes'] as $prefix) {
	7	+ foreach ($_['serverConfigurationPrefixes'] as $prefix) {
8	8	?>
9		- <option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($l->t('%s. Server:', [$i++]));?> <?php p(' '.$_['serverConfigurationHosts'][$prefix]); ?></option>
	9	+ <option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($l->t('%s. Server:', [$i++])); ?> <?php p(' '.$_['serverConfigurationHosts'][$prefix]); ?></option>
10	10	<?php
11	11	}
12	12	?>
13	13	</select>
14	14	<button type="button" id="ldap_action_add_configuration"
15	15	name="ldap_action_add_configuration" class="icon-add icon-default-style"
16		- title="<?php p($l->t('Add a new configuration'));?>"> </button>
	16	+ title="<?php p($l->t('Add a new configuration')); ?>"> </button>
17	17	<button type="button" id="ldap_action_copy_configuration"
18	18	name="ldap_action_copy_configuration"
19	19	class="ldapIconCopy icon-default-style"
20		- title="<?php p($l->t('Copy current configuration into new directory binding'));?>"> </button>
	20	+ title="<?php p($l->t('Copy current configuration into new directory binding')); ?>"> </button>
21	21	<button type="button" id="ldap_action_delete_configuration"
22	22	name="ldap_action_delete_configuration" class="icon-delete icon-default-style"
23		- title="<?php p($l->t('Delete the current configuration'));?>"> </button>
	23	+ title="<?php p($l->t('Delete the current configuration')); ?>"> </button>
24	24	</p>
25	25
26	26	<div class="hostPortCombinator">
		@@ -29,14 +29,14 @@ discard block
		block discarded – undo
29	29	<div class="table">
30	30	<input type="text" class="host" id="ldap_host"
31	31	name="ldap_host"
32		- placeholder="<?php p($l->t('Host'));?>"
33		- title="<?php p($l->t('You can omit the protocol, unless you require SSL. If so, start with ldaps://'));?>"
	32	+ placeholder="<?php p($l->t('Host')); ?>"
	33	+ title="<?php p($l->t('You can omit the protocol, unless you require SSL. If so, start with ldaps://')); ?>"
34	34	/>
35	35	<span class="hostPortCombinatorSpan">
36	36	<input type="number" id="ldap_port" name="ldap_port"
37		- placeholder="<?php p($l->t('Port'));?>" />
	37	+ placeholder="<?php p($l->t('Port')); ?>" />
38	38	<button class="ldapDetectPort" name="ldapDetectPort" type="button">
39		- <?php p($l->t('Detect Port'));?>
	39	+ <?php p($l->t('Detect Port')); ?>
40	40	</button>
41	41	</span>
42	42	</div>
		@@ -46,19 +46,19 @@ discard block
		block discarded – undo
46	46	<div class="tablerow">
47	47	<input type="text" id="ldap_dn" name="ldap_dn"
48	48	class="tablecell"
49		- placeholder="<?php p($l->t('User DN'));?>" autocomplete="off"
50		- title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.'));?>"
	49	+ placeholder="<?php p($l->t('User DN')); ?>" autocomplete="off"
	50	+ title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.')); ?>"
51	51	/>
52	52	</div>
53	53
54	54	<div class="tablerow">
55	55	<input type="password" id="ldap_agent_password"
56	56	class="tablecell" name="ldap_agent_password"
57		- placeholder="<?php p($l->t('Password'));?>" autocomplete="off"
58		- title="<?php p($l->t('For anonymous access, leave DN and Password empty.'));?>"
	57	+ placeholder="<?php p($l->t('Password')); ?>" autocomplete="off"
	58	+ title="<?php p($l->t('For anonymous access, leave DN and Password empty.')); ?>"
59	59	/>
60	60	<button class="ldapSaveAgentCredentials" name="ldapSaveAgentCredentials" type="button">
61		- <?php p($l->t('Save Credentials'));?>
	61	+ <?php p($l->t('Save Credentials')); ?>
62	62	</button>
63	63	</div>
64	64	<div class="tablerow"> </div>
		@@ -66,24 +66,24 @@ discard block
		block discarded – undo
66	66	<div class="tablerow">
67	67	<textarea id="ldap_base" name="ldap_base"
68	68	class="tablecell"
69		- placeholder="<?php p($l->t('One Base DN per line'));?>"
70		- title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>">
	69	+ placeholder="<?php p($l->t('One Base DN per line')); ?>"
	70	+ title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab')); ?>">
71	71	</textarea>
72	72	<button class="ldapDetectBase" name="ldapDetectBase" type="button">
73		- <?php p($l->t('Detect Base DN'));?>
	73	+ <?php p($l->t('Detect Base DN')); ?>
74	74	</button>
75	75	<button class="ldapTestBase" name="ldapTestBase" type="button">
76		- <?php p($l->t('Test Base DN'));?>
	76	+ <?php p($l->t('Test Base DN')); ?>
77	77	</button>
78	78	</div>
79	79
80	80	<div class="tablerow left">
81	81	<input type="checkbox" id="ldap_experienced_admin" value="1"
82	82	name="ldap_experienced_admin" class="tablecell"
83		- title="<?php p($l->t('Avoids automatic LDAP requests. Better for bigger setups, but requires some LDAP knowledge.'));?>"
	83	+ title="<?php p($l->t('Avoids automatic LDAP requests. Better for bigger setups, but requires some LDAP knowledge.')); ?>"
84	84	/>
85	85	<label for="ldap_experienced_admin" class="tablecell">
86		- <?php p($l->t('Manually enter LDAP filters (recommended for large directories)'));?>
	86	+ <?php p($l->t('Manually enter LDAP filters (recommended for large directories)')); ?>
87	87	</label>
88	88	</div>
89	89

		@@ -30,251 +30,251 @@
		block discarded – undo
30	30	use OCP\Group\Backend\IGetDisplayNameBackend;
31	31
32	32	class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend {
33		- private $backends = [];
34		- private $refBackend = null;
	33	+ private $backends = [];
	34	+ private $refBackend = null;
35	35
36		- /**
37		- * Constructor
38		- * @param string[] $serverConfigPrefixes array containing the config Prefixes
39		- */
40		- public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
41		- parent::__construct($ldap);
42		- foreach($serverConfigPrefixes as $configPrefix) {
43		- $this->backends[$configPrefix] =
44		- new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
45		- if(is_null($this->refBackend)) {
46		- $this->refBackend = &$this->backends[$configPrefix];
47		- }
48		- }
49		- }
	36	+ /**
	37	+ * Constructor
	38	+ * @param string[] $serverConfigPrefixes array containing the config Prefixes
	39	+ */
	40	+ public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
	41	+ parent::__construct($ldap);
	42	+ foreach($serverConfigPrefixes as $configPrefix) {
	43	+ $this->backends[$configPrefix] =
	44	+ new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
	45	+ if(is_null($this->refBackend)) {
	46	+ $this->refBackend = &$this->backends[$configPrefix];
	47	+ }
	48	+ }
	49	+ }
50	50
51		- /**
52		- * Tries the backends one after the other until a positive result is returned from the specified method
53		- * @param string $gid the gid connected to the request
54		- * @param string $method the method of the group backend that shall be called
55		- * @param array $parameters an array of parameters to be passed
56		- * @return mixed, the result of the method or false
57		- */
58		- protected function walkBackends($gid, $method, $parameters) {
59		- $cacheKey = $this->getGroupCacheKey($gid);
60		- foreach($this->backends as $configPrefix => $backend) {
61		- if($result = call_user_func_array([$backend, $method], $parameters)) {
62		- $this->writeToCache($cacheKey, $configPrefix);
63		- return $result;
64		- }
65		- }
66		- return false;
67		- }
	51	+ /**
	52	+ * Tries the backends one after the other until a positive result is returned from the specified method
	53	+ * @param string $gid the gid connected to the request
	54	+ * @param string $method the method of the group backend that shall be called
	55	+ * @param array $parameters an array of parameters to be passed
	56	+ * @return mixed, the result of the method or false
	57	+ */
	58	+ protected function walkBackends($gid, $method, $parameters) {
	59	+ $cacheKey = $this->getGroupCacheKey($gid);
	60	+ foreach($this->backends as $configPrefix => $backend) {
	61	+ if($result = call_user_func_array([$backend, $method], $parameters)) {
	62	+ $this->writeToCache($cacheKey, $configPrefix);
	63	+ return $result;
	64	+ }
	65	+ }
	66	+ return false;
	67	+ }
68	68
69		- /**
70		- * Asks the backend connected to the server that supposely takes care of the gid from the request.
71		- * @param string $gid the gid connected to the request
72		- * @param string $method the method of the group backend that shall be called
73		- * @param array $parameters an array of parameters to be passed
74		- * @param mixed $passOnWhen the result matches this variable
75		- * @return mixed, the result of the method or false
76		- */
77		- protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
78		- $cacheKey = $this->getGroupCacheKey($gid);
79		- $prefix = $this->getFromCache($cacheKey);
80		- //in case the uid has been found in the past, try this stored connection first
81		- if(!is_null($prefix)) {
82		- if(isset($this->backends[$prefix])) {
83		- $result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
84		- if($result === $passOnWhen) {
85		- //not found here, reset cache to null if group vanished
86		- //because sometimes methods return false with a reason
87		- $groupExists = call_user_func_array(
88		- [$this->backends[$prefix], 'groupExists'],
89		- [$gid]
90		- );
91		- if(!$groupExists) {
92		- $this->writeToCache($cacheKey, null);
93		- }
94		- }
95		- return $result;
96		- }
97		- }
98		- return false;
99		- }
	69	+ /**
	70	+ * Asks the backend connected to the server that supposely takes care of the gid from the request.
	71	+ * @param string $gid the gid connected to the request
	72	+ * @param string $method the method of the group backend that shall be called
	73	+ * @param array $parameters an array of parameters to be passed
	74	+ * @param mixed $passOnWhen the result matches this variable
	75	+ * @return mixed, the result of the method or false
	76	+ */
	77	+ protected function callOnLastSeenOn($gid, $method, $parameters, $passOnWhen) {
	78	+ $cacheKey = $this->getGroupCacheKey($gid);
	79	+ $prefix = $this->getFromCache($cacheKey);
	80	+ //in case the uid has been found in the past, try this stored connection first
	81	+ if(!is_null($prefix)) {
	82	+ if(isset($this->backends[$prefix])) {
	83	+ $result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
	84	+ if($result === $passOnWhen) {
	85	+ //not found here, reset cache to null if group vanished
	86	+ //because sometimes methods return false with a reason
	87	+ $groupExists = call_user_func_array(
	88	+ [$this->backends[$prefix], 'groupExists'],
	89	+ [$gid]
	90	+ );
	91	+ if(!$groupExists) {
	92	+ $this->writeToCache($cacheKey, null);
	93	+ }
	94	+ }
	95	+ return $result;
	96	+ }
	97	+ }
	98	+ return false;
	99	+ }
100	100
101		- /**
102		- * is user in group?
103		- * @param string $uid uid of the user
104		- * @param string $gid gid of the group
105		- * @return bool
106		- *
107		- * Checks whether the user is member of a group or not.
108		- */
109		- public function inGroup($uid, $gid) {
110		- return $this->handleRequest($gid, 'inGroup', [$uid, $gid]);
111		- }
	101	+ /**
	102	+ * is user in group?
	103	+ * @param string $uid uid of the user
	104	+ * @param string $gid gid of the group
	105	+ * @return bool
	106	+ *
	107	+ * Checks whether the user is member of a group or not.
	108	+ */
	109	+ public function inGroup($uid, $gid) {
	110	+ return $this->handleRequest($gid, 'inGroup', [$uid, $gid]);
	111	+ }
112	112
113		- /**
114		- * Get all groups a user belongs to
115		- * @param string $uid Name of the user
116		- * @return string[] with group names
117		- *
118		- * This function fetches all groups a user belongs to. It does not check
119		- * if the user exists at all.
120		- */
121		- public function getUserGroups($uid) {
122		- $groups = [];
	113	+ /**
	114	+ * Get all groups a user belongs to
	115	+ * @param string $uid Name of the user
	116	+ * @return string[] with group names
	117	+ *
	118	+ * This function fetches all groups a user belongs to. It does not check
	119	+ * if the user exists at all.
	120	+ */
	121	+ public function getUserGroups($uid) {
	122	+ $groups = [];
123	123
124		- foreach($this->backends as $backend) {
125		- $backendGroups = $backend->getUserGroups($uid);
126		- if (is_array($backendGroups)) {
127		- $groups = array_merge($groups, $backendGroups);
128		- }
129		- }
	124	+ foreach($this->backends as $backend) {
	125	+ $backendGroups = $backend->getUserGroups($uid);
	126	+ if (is_array($backendGroups)) {
	127	+ $groups = array_merge($groups, $backendGroups);
	128	+ }
	129	+ }
130	130
131		- return $groups;
132		- }
	131	+ return $groups;
	132	+ }
133	133
134		- /**
135		- * get a list of all users in a group
136		- * @return string[] with user ids
137		- */
138		- public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
139		- $users = [];
	134	+ /**
	135	+ * get a list of all users in a group
	136	+ * @return string[] with user ids
	137	+ */
	138	+ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
	139	+ $users = [];
140	140
141		- foreach($this->backends as $backend) {
142		- $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
143		- if (is_array($backendUsers)) {
144		- $users = array_merge($users, $backendUsers);
145		- }
146		- }
	141	+ foreach($this->backends as $backend) {
	142	+ $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
	143	+ if (is_array($backendUsers)) {
	144	+ $users = array_merge($users, $backendUsers);
	145	+ }
	146	+ }
147	147
148		- return $users;
149		- }
	148	+ return $users;
	149	+ }
150	150
151		- /**
152		- * @param string $gid
153		- * @return bool
154		- */
155		- public function createGroup($gid) {
156		- return $this->handleRequest(
157		- $gid, 'createGroup', [$gid]);
158		- }
	151	+ /**
	152	+ * @param string $gid
	153	+ * @return bool
	154	+ */
	155	+ public function createGroup($gid) {
	156	+ return $this->handleRequest(
	157	+ $gid, 'createGroup', [$gid]);
	158	+ }
159	159
160		- /**
161		- * delete a group
162		- * @param string $gid gid of the group to delete
163		- * @return bool
164		- */
165		- public function deleteGroup($gid) {
166		- return $this->handleRequest(
167		- $gid, 'deleteGroup', [$gid]);
168		- }
	160	+ /**
	161	+ * delete a group
	162	+ * @param string $gid gid of the group to delete
	163	+ * @return bool
	164	+ */
	165	+ public function deleteGroup($gid) {
	166	+ return $this->handleRequest(
	167	+ $gid, 'deleteGroup', [$gid]);
	168	+ }
169	169
170		- /**
171		- * Add a user to a group
172		- * @param string $uid Name of the user to add to group
173		- * @param string $gid Name of the group in which add the user
174		- * @return bool
175		- *
176		- * Adds a user to a group.
177		- */
178		- public function addToGroup($uid, $gid) {
179		- return $this->handleRequest(
180		- $gid, 'addToGroup', [$uid, $gid]);
181		- }
	170	+ /**
	171	+ * Add a user to a group
	172	+ * @param string $uid Name of the user to add to group
	173	+ * @param string $gid Name of the group in which add the user
	174	+ * @return bool
	175	+ *
	176	+ * Adds a user to a group.
	177	+ */
	178	+ public function addToGroup($uid, $gid) {
	179	+ return $this->handleRequest(
	180	+ $gid, 'addToGroup', [$uid, $gid]);
	181	+ }
182	182
183		- /**
184		- * Removes a user from a group
185		- * @param string $uid Name of the user to remove from group
186		- * @param string $gid Name of the group from which remove the user
187		- * @return bool
188		- *
189		- * removes the user from a group.
190		- */
191		- public function removeFromGroup($uid, $gid) {
192		- return $this->handleRequest(
193		- $gid, 'removeFromGroup', [$uid, $gid]);
194		- }
	183	+ /**
	184	+ * Removes a user from a group
	185	+ * @param string $uid Name of the user to remove from group
	186	+ * @param string $gid Name of the group from which remove the user
	187	+ * @return bool
	188	+ *
	189	+ * removes the user from a group.
	190	+ */
	191	+ public function removeFromGroup($uid, $gid) {
	192	+ return $this->handleRequest(
	193	+ $gid, 'removeFromGroup', [$uid, $gid]);
	194	+ }
195	195
196		- /**
197		- * returns the number of users in a group, who match the search term
198		- * @param string $gid the internal group name
199		- * @param string $search optional, a search string
200		- * @return int\|bool
201		- */
202		- public function countUsersInGroup($gid, $search = '') {
203		- return $this->handleRequest(
204		- $gid, 'countUsersInGroup', [$gid, $search]);
205		- }
	196	+ /**
	197	+ * returns the number of users in a group, who match the search term
	198	+ * @param string $gid the internal group name
	199	+ * @param string $search optional, a search string
	200	+ * @return int\|bool
	201	+ */
	202	+ public function countUsersInGroup($gid, $search = '') {
	203	+ return $this->handleRequest(
	204	+ $gid, 'countUsersInGroup', [$gid, $search]);
	205	+ }
206	206
207		- /**
208		- * get an array with group details
209		- * @param string $gid
210		- * @return array\|false
211		- */
212		- public function getGroupDetails($gid) {
213		- return $this->handleRequest(
214		- $gid, 'getGroupDetails', [$gid]);
215		- }
	207	+ /**
	208	+ * get an array with group details
	209	+ * @param string $gid
	210	+ * @return array\|false
	211	+ */
	212	+ public function getGroupDetails($gid) {
	213	+ return $this->handleRequest(
	214	+ $gid, 'getGroupDetails', [$gid]);
	215	+ }
216	216
217		- /**
218		- * get a list of all groups
219		- * @return string[] with group names
220		- *
221		- * Returns a list with all groups
222		- */
223		- public function getGroups($search = '', $limit = -1, $offset = 0) {
224		- $groups = [];
	217	+ /**
	218	+ * get a list of all groups
	219	+ * @return string[] with group names
	220	+ *
	221	+ * Returns a list with all groups
	222	+ */
	223	+ public function getGroups($search = '', $limit = -1, $offset = 0) {
	224	+ $groups = [];
225	225
226		- foreach($this->backends as $backend) {
227		- $backendGroups = $backend->getGroups($search, $limit, $offset);
228		- if (is_array($backendGroups)) {
229		- $groups = array_merge($groups, $backendGroups);
230		- }
231		- }
	226	+ foreach($this->backends as $backend) {
	227	+ $backendGroups = $backend->getGroups($search, $limit, $offset);
	228	+ if (is_array($backendGroups)) {
	229	+ $groups = array_merge($groups, $backendGroups);
	230	+ }
	231	+ }
232	232
233		- return $groups;
234		- }
	233	+ return $groups;
	234	+ }
235	235
236		- /**
237		- * check if a group exists
238		- * @param string $gid
239		- * @return bool
240		- */
241		- public function groupExists($gid) {
242		- return $this->handleRequest($gid, 'groupExists', [$gid]);
243		- }
	236	+ /**
	237	+ * check if a group exists
	238	+ * @param string $gid
	239	+ * @return bool
	240	+ */
	241	+ public function groupExists($gid) {
	242	+ return $this->handleRequest($gid, 'groupExists', [$gid]);
	243	+ }
244	244
245		- /**
246		- * Check if backend implements actions
247		- * @param int $actions bitwise-or'ed actions
248		- * @return boolean
249		- *
250		- * Returns the supported actions as int to be
251		- * compared with \OCP\GroupInterface::CREATE_GROUP etc.
252		- */
253		- public function implementsActions($actions) {
254		- //it's the same across all our user backends obviously
255		- return $this->refBackend->implementsActions($actions);
256		- }
	245	+ /**
	246	+ * Check if backend implements actions
	247	+ * @param int $actions bitwise-or'ed actions
	248	+ * @return boolean
	249	+ *
	250	+ * Returns the supported actions as int to be
	251	+ * compared with \OCP\GroupInterface::CREATE_GROUP etc.
	252	+ */
	253	+ public function implementsActions($actions) {
	254	+ //it's the same across all our user backends obviously
	255	+ return $this->refBackend->implementsActions($actions);
	256	+ }
257	257
258		- /**
259		- * Return access for LDAP interaction.
260		- * @param string $gid
261		- * @return Access instance of Access for LDAP interaction
262		- */
263		- public function getLDAPAccess($gid) {
264		- return $this->handleRequest($gid, 'getLDAPAccess', [$gid]);
265		- }
	258	+ /**
	259	+ * Return access for LDAP interaction.
	260	+ * @param string $gid
	261	+ * @return Access instance of Access for LDAP interaction
	262	+ */
	263	+ public function getLDAPAccess($gid) {
	264	+ return $this->handleRequest($gid, 'getLDAPAccess', [$gid]);
	265	+ }
266	266
267		- /**
268		- * Return a new LDAP connection for the specified group.
269		- * The connection needs to be closed manually.
270		- * @param string $gid
271		- * @return resource of the LDAP connection
272		- */
273		- public function getNewLDAPConnection($gid) {
274		- return $this->handleRequest($gid, 'getNewLDAPConnection', [$gid]);
275		- }
	267	+ /**
	268	+ * Return a new LDAP connection for the specified group.
	269	+ * The connection needs to be closed manually.
	270	+ * @param string $gid
	271	+ * @return resource of the LDAP connection
	272	+ */
	273	+ public function getNewLDAPConnection($gid) {
	274	+ return $this->handleRequest($gid, 'getNewLDAPConnection', [$gid]);
	275	+ }
276	276
277		- public function getDisplayName(string $gid): string {
278		- return $this->handleRequest($gid, 'getDisplayName', [$gid]);
279		- }
	277	+ public function getDisplayName(string $gid): string {
	278	+ return $this->handleRequest($gid, 'getDisplayName', [$gid]);
	279	+ }
280	280	}

		@@ -39,10 +39,10 @@ discard block
		block discarded – undo
39	39	*/
40	40	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
41	41	parent::__construct($ldap);
42		- foreach($serverConfigPrefixes as $configPrefix) {
	42	+ foreach ($serverConfigPrefixes as $configPrefix) {
43	43	$this->backends[$configPrefix] =
44	44	new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
45		- if(is_null($this->refBackend)) {
	45	+ if (is_null($this->refBackend)) {
46	46	$this->refBackend = &$this->backends[$configPrefix];
47	47	}
48	48	}
		@@ -57,8 +57,8 @@ discard block
		block discarded – undo
57	57	*/
58	58	protected function walkBackends($gid, $method, $parameters) {
59	59	$cacheKey = $this->getGroupCacheKey($gid);
60		- foreach($this->backends as $configPrefix => $backend) {
61		- if($result = call_user_func_array([$backend, $method], $parameters)) {
	60	+ foreach ($this->backends as $configPrefix => $backend) {
	61	+ if ($result = call_user_func_array([$backend, $method], $parameters)) {
62	62	$this->writeToCache($cacheKey, $configPrefix);
63	63	return $result;
64	64	}
		@@ -78,17 +78,17 @@ discard block
		block discarded – undo
78	78	$cacheKey = $this->getGroupCacheKey($gid);
79	79	$prefix = $this->getFromCache($cacheKey);
80	80	//in case the uid has been found in the past, try this stored connection first
81		- if(!is_null($prefix)) {
82		- if(isset($this->backends[$prefix])) {
	81	+ if (!is_null($prefix)) {
	82	+ if (isset($this->backends[$prefix])) {
83	83	$result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
84		- if($result === $passOnWhen) {
	84	+ if ($result === $passOnWhen) {
85	85	//not found here, reset cache to null if group vanished
86	86	//because sometimes methods return false with a reason
87	87	$groupExists = call_user_func_array(
88	88	[$this->backends[$prefix], 'groupExists'],
89	89	[$gid]
90	90	);
91		- if(!$groupExists) {
	91	+ if (!$groupExists) {
92	92	$this->writeToCache($cacheKey, null);
93	93	}
94	94	}
		@@ -121,7 +121,7 @@ discard block
		block discarded – undo
121	121	public function getUserGroups($uid) {
122	122	$groups = [];
123	123
124		- foreach($this->backends as $backend) {
	124	+ foreach ($this->backends as $backend) {
125	125	$backendGroups = $backend->getUserGroups($uid);
126	126	if (is_array($backendGroups)) {
127	127	$groups = array_merge($groups, $backendGroups);
		@@ -138,7 +138,7 @@ discard block
		block discarded – undo
138	138	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
139	139	$users = [];
140	140
141		- foreach($this->backends as $backend) {
	141	+ foreach ($this->backends as $backend) {
142	142	$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
143	143	if (is_array($backendUsers)) {
144	144	$users = array_merge($users, $backendUsers);
		@@ -223,7 +223,7 @@ discard block
		block discarded – undo
223	223	public function getGroups($search = '', $limit = -1, $offset = 0) {
224	224	$groups = [];
225	225
226		- foreach($this->backends as $backend) {
	226	+ foreach ($this->backends as $backend) {
227	227	$backendGroups = $backend->getGroups($search, $limit, $offset);
228	228	if (is_array($backendGroups)) {
229	229	$groups = array_merge($groups, $backendGroups);

		@@ -36,77 +36,77 @@
		block discarded – undo
36	36	use Symfony\Component\Console\Output\OutputInterface;
37	37
38	38	class ShowConfig extends Command {
39		- /** @var \OCA\User_LDAP\Helper */
40		- protected $helper;
	39	+ /** @var \OCA\User_LDAP\Helper */
	40	+ protected $helper;
41	41
42		- /**
43		- * @param Helper $helper
44		- */
45		- public function __construct(Helper $helper) {
46		- $this->helper = $helper;
47		- parent::__construct();
48		- }
	42	+ /**
	43	+ * @param Helper $helper
	44	+ */
	45	+ public function __construct(Helper $helper) {
	46	+ $this->helper = $helper;
	47	+ parent::__construct();
	48	+ }
49	49
50		- protected function configure() {
51		- $this
52		- ->setName('ldap:show-config')
53		- ->setDescription('shows the LDAP configuration')
54		- ->addArgument(
55		- 'configID',
56		- InputArgument::OPTIONAL,
57		- 'will show the configuration of the specified id'
58		- )
59		- ->addOption(
60		- 'show-password',
61		- null,
62		- InputOption::VALUE_NONE,
63		- 'show ldap bind password'
64		- )
65		- ;
66		- }
	50	+ protected function configure() {
	51	+ $this
	52	+ ->setName('ldap:show-config')
	53	+ ->setDescription('shows the LDAP configuration')
	54	+ ->addArgument(
	55	+ 'configID',
	56	+ InputArgument::OPTIONAL,
	57	+ 'will show the configuration of the specified id'
	58	+ )
	59	+ ->addOption(
	60	+ 'show-password',
	61	+ null,
	62	+ InputOption::VALUE_NONE,
	63	+ 'show ldap bind password'
	64	+ )
	65	+ ;
	66	+ }
67	67
68		- protected function execute(InputInterface $input, OutputInterface $output) {
69		- $availableConfigs = $this->helper->getServerConfigurationPrefixes();
70		- $configID = $input->getArgument('configID');
71		- if(!is_null($configID)) {
72		- $configIDs[] = $configID;
73		- if(!in_array($configIDs[0], $availableConfigs)) {
74		- $output->writeln("Invalid configID");
75		- return;
76		- }
77		- } else {
78		- $configIDs = $availableConfigs;
79		- }
	68	+ protected function execute(InputInterface $input, OutputInterface $output) {
	69	+ $availableConfigs = $this->helper->getServerConfigurationPrefixes();
	70	+ $configID = $input->getArgument('configID');
	71	+ if(!is_null($configID)) {
	72	+ $configIDs[] = $configID;
	73	+ if(!in_array($configIDs[0], $availableConfigs)) {
	74	+ $output->writeln("Invalid configID");
	75	+ return;
	76	+ }
	77	+ } else {
	78	+ $configIDs = $availableConfigs;
	79	+ }
80	80
81		- $this->renderConfigs($configIDs, $output, $input->getOption('show-password'));
82		- }
	81	+ $this->renderConfigs($configIDs, $output, $input->getOption('show-password'));
	82	+ }
83	83
84		- /**
85		- * prints the LDAP configuration(s)
86		- * @param string[] configID(s)
87		- * @param OutputInterface $output
88		- * @param bool $withPassword Set to TRUE to show plaintext passwords in output
89		- */
90		- protected function renderConfigs($configIDs, $output, $withPassword) {
91		- foreach($configIDs as $id) {
92		- $configHolder = new Configuration($id);
93		- $configuration = $configHolder->getConfiguration();
94		- ksort($configuration);
	84	+ /**
	85	+ * prints the LDAP configuration(s)
	86	+ * @param string[] configID(s)
	87	+ * @param OutputInterface $output
	88	+ * @param bool $withPassword Set to TRUE to show plaintext passwords in output
	89	+ */
	90	+ protected function renderConfigs($configIDs, $output, $withPassword) {
	91	+ foreach($configIDs as $id) {
	92	+ $configHolder = new Configuration($id);
	93	+ $configuration = $configHolder->getConfiguration();
	94	+ ksort($configuration);
95	95
96		- $table = new Table($output);
97		- $table->setHeaders(['Configuration', $id]);
98		- $rows = [];
99		- foreach($configuration as $key => $value) {
100		- if($key === 'ldapAgentPassword' && !$withPassword) {
101		- $value = '***';
102		- }
103		- if(is_array($value)) {
104		- $value = implode(';', $value);
105		- }
106		- $rows[] = [$key, $value];
107		- }
108		- $table->setRows($rows);
109		- $table->render($output);
110		- }
111		- }
	96	+ $table = new Table($output);
	97	+ $table->setHeaders(['Configuration', $id]);
	98	+ $rows = [];
	99	+ foreach($configuration as $key => $value) {
	100	+ if($key === 'ldapAgentPassword' && !$withPassword) {
	101	+ $value = '***';
	102	+ }
	103	+ if(is_array($value)) {
	104	+ $value = implode(';', $value);
	105	+ }
	106	+ $rows[] = [$key, $value];
	107	+ }
	108	+ $table->setRows($rows);
	109	+ $table->render($output);
	110	+ }
	111	+ }
112	112	}

		@@ -68,9 +68,9 @@ discard block
		block discarded – undo
68	68	protected function execute(InputInterface $input, OutputInterface $output) {
69	69	$availableConfigs = $this->helper->getServerConfigurationPrefixes();
70	70	$configID = $input->getArgument('configID');
71		- if(!is_null($configID)) {
	71	+ if (!is_null($configID)) {
72	72	$configIDs[] = $configID;
73		- if(!in_array($configIDs[0], $availableConfigs)) {
	73	+ if (!in_array($configIDs[0], $availableConfigs)) {
74	74	$output->writeln("Invalid configID");
75	75	return;
76	76	}
		@@ -88,7 +88,7 @@ discard block
		block discarded – undo
88	88	* @param bool $withPassword Set to TRUE to show plaintext passwords in output
89	89	*/
90	90	protected function renderConfigs($configIDs, $output, $withPassword) {
91		- foreach($configIDs as $id) {
	91	+ foreach ($configIDs as $id) {
92	92	$configHolder = new Configuration($id);
93	93	$configuration = $configHolder->getConfiguration();
94	94	ksort($configuration);
		@@ -96,11 +96,11 @@ discard block
		block discarded – undo
96	96	$table = new Table($output);
97	97	$table->setHeaders(['Configuration', $id]);
98	98	$rows = [];
99		- foreach($configuration as $key => $value) {
100		- if($key === 'ldapAgentPassword' && !$withPassword) {
	99	+ foreach ($configuration as $key => $value) {
	100	+ if ($key === 'ldapAgentPassword' && !$withPassword) {
101	101	$value = '***';
102	102	}
103		- if(is_array($value)) {
	103	+ if (is_array($value)) {
104	104	$value = implode(';', $value);
105	105	}
106	106	$rows[] = [$key, $value];

		@@ -35,59 +35,59 @@
		block discarded – undo
35	35
36	36	class TestConfig extends Command {
37	37
38		- protected function configure() {
39		- $this
40		- ->setName('ldap:test-config')
41		- ->setDescription('tests an LDAP configuration')
42		- ->addArgument(
43		- 'configID',
44		- InputArgument::REQUIRED,
45		- 'the configuration ID'
46		- )
47		- ;
48		- }
	38	+ protected function configure() {
	39	+ $this
	40	+ ->setName('ldap:test-config')
	41	+ ->setDescription('tests an LDAP configuration')
	42	+ ->addArgument(
	43	+ 'configID',
	44	+ InputArgument::REQUIRED,
	45	+ 'the configuration ID'
	46	+ )
	47	+ ;
	48	+ }
49	49
50		- protected function execute(InputInterface $input, OutputInterface $output) {
51		- $helper = new Helper(\OC::$server->getConfig());
52		- $availableConfigs = $helper->getServerConfigurationPrefixes();
53		- $configID = $input->getArgument('configID');
54		- if(!in_array($configID, $availableConfigs)) {
55		- $output->writeln("Invalid configID");
56		- return;
57		- }
	50	+ protected function execute(InputInterface $input, OutputInterface $output) {
	51	+ $helper = new Helper(\OC::$server->getConfig());
	52	+ $availableConfigs = $helper->getServerConfigurationPrefixes();
	53	+ $configID = $input->getArgument('configID');
	54	+ if(!in_array($configID, $availableConfigs)) {
	55	+ $output->writeln("Invalid configID");
	56	+ return;
	57	+ }
58	58
59		- $result = $this->testConfig($configID);
60		- if($result === 0) {
61		- $output->writeln('The configuration is valid and the connection could be established!');
62		- } else if($result === 1) {
63		- $output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
64		- } else if($result === 2) {
65		- $output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
66		- } else {
67		- $output->writeln('Your LDAP server was kidnapped by aliens.');
68		- }
69		- }
	59	+ $result = $this->testConfig($configID);
	60	+ if($result === 0) {
	61	+ $output->writeln('The configuration is valid and the connection could be established!');
	62	+ } else if($result === 1) {
	63	+ $output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
	64	+ } else if($result === 2) {
	65	+ $output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
	66	+ } else {
	67	+ $output->writeln('Your LDAP server was kidnapped by aliens.');
	68	+ }
	69	+ }
70	70
71		- /**
72		- * tests the specified connection
73		- * @param string $configID
74		- * @return int
75		- */
76		- protected function testConfig($configID) {
77		- $lw = new \OCA\User_LDAP\LDAP();
78		- $connection = new Connection($lw, $configID);
	71	+ /**
	72	+ * tests the specified connection
	73	+ * @param string $configID
	74	+ * @return int
	75	+ */
	76	+ protected function testConfig($configID) {
	77	+ $lw = new \OCA\User_LDAP\LDAP();
	78	+ $connection = new Connection($lw, $configID);
79	79
80		- //ensure validation is run before we attempt the bind
81		- $connection->getConfiguration();
	80	+ //ensure validation is run before we attempt the bind
	81	+ $connection->getConfiguration();
82	82
83		- if(!$connection->setConfiguration([
84		- 'ldap_configuration_active' => 1,
85		- ])) {
86		- return 1;
87		- }
88		- if($connection->bind()) {
89		- return 0;
90		- }
91		- return 2;
92		- }
	83	+ if(!$connection->setConfiguration([
	84	+ 'ldap_configuration_active' => 1,
	85	+ ])) {
	86	+ return 1;
	87	+ }
	88	+ if($connection->bind()) {
	89	+ return 0;
	90	+ }
	91	+ return 2;
	92	+ }
93	93	}

		@@ -51,17 +51,17 @@ discard block
		block discarded – undo
51	51	$helper = new Helper(\OC::$server->getConfig());
52	52	$availableConfigs = $helper->getServerConfigurationPrefixes();
53	53	$configID = $input->getArgument('configID');
54		- if(!in_array($configID, $availableConfigs)) {
	54	+ if (!in_array($configID, $availableConfigs)) {
55	55	$output->writeln("Invalid configID");
56	56	return;
57	57	}
58	58
59	59	$result = $this->testConfig($configID);
60		- if($result === 0) {
	60	+ if ($result === 0) {
61	61	$output->writeln('The configuration is valid and the connection could be established!');
62		- } else if($result === 1) {
	62	+ } else if ($result === 1) {
63	63	$output->writeln('The configuration is invalid. Please have a look at the logs for further details.');
64		- } else if($result === 2) {
	64	+ } else if ($result === 2) {
65	65	$output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.');
66	66	} else {
67	67	$output->writeln('Your LDAP server was kidnapped by aliens.');
		@@ -80,12 +80,12 @@ discard block
		block discarded – undo
80	80	//ensure validation is run before we attempt the bind
81	81	$connection->getConfiguration();
82	82
83		- if(!$connection->setConfiguration([
	83	+ if (!$connection->setConfiguration([
84	84	'ldap_configuration_active' => 1,
85	85	])) {
86	86	return 1;
87	87	}
88		- if($connection->bind()) {
	88	+ if ($connection->bind()) {
89	89	return 0;
90	90	}
91	91	return 2;

		@@ -29,219 +29,219 @@
		block discarded – undo
29	29	use OCP\IDBConnection;
30	30
31	31	class OfflineUser {
32		- /**
33		- * @var string $ocName
34		- */
35		- protected $ocName;
36		- /**
37		- * @var string $dn
38		- */
39		- protected $dn;
40		- /**
41		- * @var string $uid the UID as provided by LDAP
42		- */
43		- protected $uid;
44		- /**
45		- * @var string $displayName
46		- */
47		- protected $displayName;
48		- /**
49		- * @var string $homePath
50		- */
51		- protected $homePath;
52		- /**
53		- * @var string $lastLogin the timestamp of the last login
54		- */
55		- protected $lastLogin;
56		- /**
57		- * @var string $foundDeleted the timestamp when the user was detected as unavailable
58		- */
59		- protected $foundDeleted;
60		- /**
61		- * @var string $email
62		- */
63		- protected $email;
64		- /**
65		- * @var bool $hasActiveShares
66		- */
67		- protected $hasActiveShares;
68		- /**
69		- * @var IConfig $config
70		- */
71		- protected $config;
72		- /**
73		- * @var IDBConnection $db
74		- */
75		- protected $db;
76		- /**
77		- * @var \OCA\User_LDAP\Mapping\UserMapping
78		- */
79		- protected $mapping;
80		-
81		- /**
82		- * @param string $ocName
83		- * @param IConfig $config
84		- * @param IDBConnection $db
85		- * @param \OCA\User_LDAP\Mapping\UserMapping $mapping
86		- */
87		- public function __construct($ocName, IConfig $config, IDBConnection $db, UserMapping $mapping) {
88		- $this->ocName = $ocName;
89		- $this->config = $config;
90		- $this->db = $db;
91		- $this->mapping = $mapping;
92		- $this->fetchDetails();
93		- }
94		-
95		- /**
96		- * remove the Delete-flag from the user.
97		- */
98		- public function unmark() {
99		- $this->config->deleteUserValue($this->ocName, 'user_ldap', 'isDeleted');
100		- $this->config->deleteUserValue($this->ocName, 'user_ldap', 'foundDeleted');
101		- }
102		-
103		- /**
104		- * exports the user details in an assoc array
105		- * @return array
106		- */
107		- public function export() {
108		- $data = [];
109		- $data['ocName'] = $this->getOCName();
110		- $data['dn'] = $this->getDN();
111		- $data['uid'] = $this->getUID();
112		- $data['displayName'] = $this->getDisplayName();
113		- $data['homePath'] = $this->getHomePath();
114		- $data['lastLogin'] = $this->getLastLogin();
115		- $data['email'] = $this->getEmail();
116		- $data['hasActiveShares'] = $this->getHasActiveShares();
117		-
118		- return $data;
119		- }
120		-
121		- /**
122		- * getter for Nextcloud internal name
123		- * @return string
124		- */
125		- public function getOCName() {
126		- return $this->ocName;
127		- }
128		-
129		- /**
130		- * getter for LDAP uid
131		- * @return string
132		- */
133		- public function getUID() {
134		- return $this->uid;
135		- }
136		-
137		- /**
138		- * getter for LDAP DN
139		- * @return string
140		- */
141		- public function getDN() {
142		- return $this->dn;
143		- }
144		-
145		- /**
146		- * getter for display name
147		- * @return string
148		- */
149		- public function getDisplayName() {
150		- return $this->displayName;
151		- }
152		-
153		- /**
154		- * getter for email
155		- * @return string
156		- */
157		- public function getEmail() {
158		- return $this->email;
159		- }
160		-
161		- /**
162		- * getter for home directory path
163		- * @return string
164		- */
165		- public function getHomePath() {
166		- return $this->homePath;
167		- }
168		-
169		- /**
170		- * getter for the last login timestamp
171		- * @return int
172		- */
173		- public function getLastLogin() {
174		- return (int)$this->lastLogin;
175		- }
176		-
177		- /**
178		- * getter for the detection timestamp
179		- * @return int
180		- */
181		- public function getDetectedOn() {
182		- return (int)$this->foundDeleted;
183		- }
184		-
185		- /**
186		- * getter for having active shares
187		- * @return bool
188		- */
189		- public function getHasActiveShares() {
190		- return $this->hasActiveShares;
191		- }
192		-
193		- /**
194		- * reads the user details
195		- */
196		- protected function fetchDetails() {
197		- $properties = [
198		- 'displayName' => 'user_ldap',
199		- 'uid' => 'user_ldap',
200		- 'homePath' => 'user_ldap',
201		- 'foundDeleted' => 'user_ldap',
202		- 'email' => 'settings',
203		- 'lastLogin' => 'login',
204		- ];
205		- foreach($properties as $property => $app) {
206		- $this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
207		- }
208		-
209		- $dn = $this->mapping->getDNByName($this->ocName);
210		- $this->dn = ($dn !== false) ? $dn : '';
211		-
212		- $this->determineShares();
213		- }
214		-
215		-
216		- /**
217		- * finds out whether the user has active shares. The result is stored in
218		- * $this->hasActiveShares
219		- */
220		- protected function determineShares() {
221		- $query = $this->db->prepare('
	32	+ /**
	33	+ * @var string $ocName
	34	+ */
	35	+ protected $ocName;
	36	+ /**
	37	+ * @var string $dn
	38	+ */
	39	+ protected $dn;
	40	+ /**
	41	+ * @var string $uid the UID as provided by LDAP
	42	+ */
	43	+ protected $uid;
	44	+ /**
	45	+ * @var string $displayName
	46	+ */
	47	+ protected $displayName;
	48	+ /**
	49	+ * @var string $homePath
	50	+ */
	51	+ protected $homePath;
	52	+ /**
	53	+ * @var string $lastLogin the timestamp of the last login
	54	+ */
	55	+ protected $lastLogin;
	56	+ /**
	57	+ * @var string $foundDeleted the timestamp when the user was detected as unavailable
	58	+ */
	59	+ protected $foundDeleted;
	60	+ /**
	61	+ * @var string $email
	62	+ */
	63	+ protected $email;
	64	+ /**
	65	+ * @var bool $hasActiveShares
	66	+ */
	67	+ protected $hasActiveShares;
	68	+ /**
	69	+ * @var IConfig $config
	70	+ */
	71	+ protected $config;
	72	+ /**
	73	+ * @var IDBConnection $db
	74	+ */
	75	+ protected $db;
	76	+ /**
	77	+ * @var \OCA\User_LDAP\Mapping\UserMapping
	78	+ */
	79	+ protected $mapping;
	80	+
	81	+ /**
	82	+ * @param string $ocName
	83	+ * @param IConfig $config
	84	+ * @param IDBConnection $db
	85	+ * @param \OCA\User_LDAP\Mapping\UserMapping $mapping
	86	+ */
	87	+ public function __construct($ocName, IConfig $config, IDBConnection $db, UserMapping $mapping) {
	88	+ $this->ocName = $ocName;
	89	+ $this->config = $config;
	90	+ $this->db = $db;
	91	+ $this->mapping = $mapping;
	92	+ $this->fetchDetails();
	93	+ }
	94	+
	95	+ /**
	96	+ * remove the Delete-flag from the user.
	97	+ */
	98	+ public function unmark() {
	99	+ $this->config->deleteUserValue($this->ocName, 'user_ldap', 'isDeleted');
	100	+ $this->config->deleteUserValue($this->ocName, 'user_ldap', 'foundDeleted');
	101	+ }
	102	+
	103	+ /**
	104	+ * exports the user details in an assoc array
	105	+ * @return array
	106	+ */
	107	+ public function export() {
	108	+ $data = [];
	109	+ $data['ocName'] = $this->getOCName();
	110	+ $data['dn'] = $this->getDN();
	111	+ $data['uid'] = $this->getUID();
	112	+ $data['displayName'] = $this->getDisplayName();
	113	+ $data['homePath'] = $this->getHomePath();
	114	+ $data['lastLogin'] = $this->getLastLogin();
	115	+ $data['email'] = $this->getEmail();
	116	+ $data['hasActiveShares'] = $this->getHasActiveShares();
	117	+
	118	+ return $data;
	119	+ }
	120	+
	121	+ /**
	122	+ * getter for Nextcloud internal name
	123	+ * @return string
	124	+ */
	125	+ public function getOCName() {
	126	+ return $this->ocName;
	127	+ }
	128	+
	129	+ /**
	130	+ * getter for LDAP uid
	131	+ * @return string
	132	+ */
	133	+ public function getUID() {
	134	+ return $this->uid;
	135	+ }
	136	+
	137	+ /**
	138	+ * getter for LDAP DN
	139	+ * @return string
	140	+ */
	141	+ public function getDN() {
	142	+ return $this->dn;
	143	+ }
	144	+
	145	+ /**
	146	+ * getter for display name
	147	+ * @return string
	148	+ */
	149	+ public function getDisplayName() {
	150	+ return $this->displayName;
	151	+ }
	152	+
	153	+ /**
	154	+ * getter for email
	155	+ * @return string
	156	+ */
	157	+ public function getEmail() {
	158	+ return $this->email;
	159	+ }
	160	+
	161	+ /**
	162	+ * getter for home directory path
	163	+ * @return string
	164	+ */
	165	+ public function getHomePath() {
	166	+ return $this->homePath;
	167	+ }
	168	+
	169	+ /**
	170	+ * getter for the last login timestamp
	171	+ * @return int
	172	+ */
	173	+ public function getLastLogin() {
	174	+ return (int)$this->lastLogin;
	175	+ }
	176	+
	177	+ /**
	178	+ * getter for the detection timestamp
	179	+ * @return int
	180	+ */
	181	+ public function getDetectedOn() {
	182	+ return (int)$this->foundDeleted;
	183	+ }
	184	+
	185	+ /**
	186	+ * getter for having active shares
	187	+ * @return bool
	188	+ */
	189	+ public function getHasActiveShares() {
	190	+ return $this->hasActiveShares;
	191	+ }
	192	+
	193	+ /**
	194	+ * reads the user details
	195	+ */
	196	+ protected function fetchDetails() {
	197	+ $properties = [
	198	+ 'displayName' => 'user_ldap',
	199	+ 'uid' => 'user_ldap',
	200	+ 'homePath' => 'user_ldap',
	201	+ 'foundDeleted' => 'user_ldap',
	202	+ 'email' => 'settings',
	203	+ 'lastLogin' => 'login',
	204	+ ];
	205	+ foreach($properties as $property => $app) {
	206	+ $this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
	207	+ }
	208	+
	209	+ $dn = $this->mapping->getDNByName($this->ocName);
	210	+ $this->dn = ($dn !== false) ? $dn : '';
	211	+
	212	+ $this->determineShares();
	213	+ }
	214	+
	215	+
	216	+ /**
	217	+ * finds out whether the user has active shares. The result is stored in
	218	+ * $this->hasActiveShares
	219	+ */
	220	+ protected function determineShares() {
	221	+ $query = $this->db->prepare('
222	222	SELECT COUNT(`uid_owner`)
223	223	FROM `PREFIXshare`
224	224	WHERE `uid_owner` = ?
225	225	', 1);
226		- $query->execute([$this->ocName]);
227		- $sResult = $query->fetchColumn(0);
228		- if((int)$sResult === 1) {
229		- $this->hasActiveShares = true;
230		- return;
231		- }
232		-
233		- $query = $this->db->prepare('
	226	+ $query->execute([$this->ocName]);
	227	+ $sResult = $query->fetchColumn(0);
	228	+ if((int)$sResult === 1) {
	229	+ $this->hasActiveShares = true;
	230	+ return;
	231	+ }
	232	+
	233	+ $query = $this->db->prepare('
234	234	SELECT COUNT(`owner`)
235	235	FROM `PREFIXshare_external`
236	236	WHERE `owner` = ?
237	237	', 1);
238		- $query->execute([$this->ocName]);
239		- $sResult = $query->fetchColumn(0);
240		- if((int)$sResult === 1) {
241		- $this->hasActiveShares = true;
242		- return;
243		- }
244		-
245		- $this->hasActiveShares = false;
246		- }
	238	+ $query->execute([$this->ocName]);
	239	+ $sResult = $query->fetchColumn(0);
	240	+ if((int)$sResult === 1) {
	241	+ $this->hasActiveShares = true;
	242	+ return;
	243	+ }
	244	+
	245	+ $this->hasActiveShares = false;
	246	+ }
247	247	}

		@@ -171,7 +171,7 @@ discard block
		block discarded – undo
171	171	* @return int
172	172	*/
173	173	public function getLastLogin() {
174		- return (int)$this->lastLogin;
	174	+ return (int) $this->lastLogin;
175	175	}
176	176
177	177	/**
		@@ -179,7 +179,7 @@ discard block
		block discarded – undo
179	179	* @return int
180	180	*/
181	181	public function getDetectedOn() {
182		- return (int)$this->foundDeleted;
	182	+ return (int) $this->foundDeleted;
183	183	}
184	184
185	185	/**
		@@ -202,7 +202,7 @@ discard block
		block discarded – undo
202	202	'email' => 'settings',
203	203	'lastLogin' => 'login',
204	204	];
205		- foreach($properties as $property => $app) {
	205	+ foreach ($properties as $property => $app) {
206	206	$this->$property = $this->config->getUserValue($this->ocName, $app, $property, '');
207	207	}
208	208
		@@ -225,7 +225,7 @@ discard block
		block discarded – undo
225	225	', 1);
226	226	$query->execute([$this->ocName]);
227	227	$sResult = $query->fetchColumn(0);
228		- if((int)$sResult === 1) {
	228	+ if ((int) $sResult === 1) {
229	229	$this->hasActiveShares = true;
230	230	return;
231	231	}
		@@ -237,7 +237,7 @@ discard block
		block discarded – undo
237	237	', 1);
238	238	$query->execute([$this->ocName]);
239	239	$sResult = $query->fetchColumn(0);
240		- if((int)$sResult === 1) {
	240	+ if ((int) $sResult === 1) {
241	241	$this->hasActiveShares = true;
242	242	return;
243	243	}

		@@ -154,17 +154,17 @@ discard block
		block discarded – undo
154	154	* @return null
155	155	*/
156	156	public function update() {
157		- if(is_null($this->dn)) {
	157	+ if (is_null($this->dn)) {
158	158	return null;
159	159	}
160	160
161	161	$hasLoggedIn = $this->config->getUserValue($this->uid, 'user_ldap',
162	162	self::USER_PREFKEY_FIRSTLOGIN, 0);
163	163
164		- if($this->needsRefresh()) {
	164	+ if ($this->needsRefresh()) {
165	165	$this->updateEmail();
166	166	$this->updateQuota();
167		- if($hasLoggedIn !== 0) {
	167	+ if ($hasLoggedIn !== 0) {
168	168	//we do not need to try it, when the user has not been logged in
169	169	//before, because the file system will not be ready.
170	170	$this->updateAvatar();
		@@ -182,12 +182,12 @@ discard block
		block discarded – undo
182	182	*/
183	183	public function markUser() {
184	184	$curValue = $this->config->getUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '0');
185		- if($curValue === '1') {
	185	+ if ($curValue === '1') {
186	186	// the user is already marked, do not write to DB again
187	187	return;
188	188	}
189	189	$this->config->setUserValue($this->getUsername(), 'user_ldap', 'isDeleted', '1');
190		- $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string)time());
	190	+ $this->config->setUserValue($this->getUsername(), 'user_ldap', 'foundDeleted', (string) time());
191	191	}
192	192
193	193	/**
		@@ -198,7 +198,7 @@ discard block
		block discarded – undo
198	198	$this->markRefreshTime();
199	199	//Quota
200	200	$attr = strtolower($this->connection->ldapQuotaAttribute);
201		- if(isset($ldapEntry[$attr])) {
	201	+ if (isset($ldapEntry[$attr])) {
202	202	$this->updateQuota($ldapEntry[$attr][0]);
203	203	} else {
204	204	if ($this->connection->ldapQuotaDefault !== '') {
		@@ -210,12 +210,12 @@ discard block
		block discarded – undo
210	210	//displayName
211	211	$displayName = $displayName2 = '';
212	212	$attr = strtolower($this->connection->ldapUserDisplayName);
213		- if(isset($ldapEntry[$attr])) {
214		- $displayName = (string)$ldapEntry[$attr][0];
	213	+ if (isset($ldapEntry[$attr])) {
	214	+ $displayName = (string) $ldapEntry[$attr][0];
215	215	}
216	216	$attr = strtolower($this->connection->ldapUserDisplayName2);
217		- if(isset($ldapEntry[$attr])) {
218		- $displayName2 = (string)$ldapEntry[$attr][0];
	217	+ if (isset($ldapEntry[$attr])) {
	218	+ $displayName2 = (string) $ldapEntry[$attr][0];
219	219	}
220	220	if ($displayName !== '') {
221	221	$this->composeAndStoreDisplayName($displayName, $displayName2);
		@@ -231,22 +231,22 @@ discard block
		block discarded – undo
231	231	//email must be stored after displayname, because it would cause a user
232	232	//change event that will trigger fetching the display name again
233	233	$attr = strtolower($this->connection->ldapEmailAttribute);
234		- if(isset($ldapEntry[$attr])) {
	234	+ if (isset($ldapEntry[$attr])) {
235	235	$this->updateEmail($ldapEntry[$attr][0]);
236	236	}
237	237	unset($attr);
238	238
239	239	// LDAP Username, needed for s2s sharing
240		- if(isset($ldapEntry['uid'])) {
	240	+ if (isset($ldapEntry['uid'])) {
241	241	$this->storeLDAPUserName($ldapEntry['uid'][0]);
242		- } else if(isset($ldapEntry['samaccountname'])) {
	242	+ } else if (isset($ldapEntry['samaccountname'])) {
243	243	$this->storeLDAPUserName($ldapEntry['samaccountname'][0]);
244	244	}
245	245
246	246	//homePath
247		- if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
	247	+ if (strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
248	248	$attr = strtolower(substr($this->connection->homeFolderNamingRule, strlen('attr:')));
249		- if(isset($ldapEntry[$attr])) {
	249	+ if (isset($ldapEntry[$attr])) {
250	250	$this->access->cacheUserHome(
251	251	$this->getUsername(), $this->getHomePath($ldapEntry[$attr][0]));
252	252	}
		@@ -255,14 +255,14 @@ discard block
		block discarded – undo
255	255	//memberOf groups
256	256	$cacheKey = 'getMemberOf'.$this->getUsername();
257	257	$groups = false;
258		- if(isset($ldapEntry['memberof'])) {
	258	+ if (isset($ldapEntry['memberof'])) {
259	259	$groups = $ldapEntry['memberof'];
260	260	}
261	261	$this->connection->writeToCache($cacheKey, $groups);
262	262
263	263	//external storage var
264	264	$attr = strtolower($this->connection->ldapExtStorageHomeAttribute);
265		- if(isset($ldapEntry[$attr])) {
	265	+ if (isset($ldapEntry[$attr])) {
266	266	$this->updateExtStorageHome($ldapEntry[$attr][0]);
267	267	}
268	268	unset($attr);
		@@ -271,8 +271,8 @@ discard block
		block discarded – undo
271	271	/** @var Connection $connection */
272	272	$connection = $this->access->getConnection();
273	273	$attributes = $connection->resolveRule('avatar');
274		- foreach ($attributes as $attribute) {
275		- if(isset($ldapEntry[$attribute])) {
	274	+ foreach ($attributes as $attribute) {
	275	+ if (isset($ldapEntry[$attribute])) {
276	276	$this->avatarImage = $ldapEntry[$attribute][0];
277	277	// the call to the method that saves the avatar in the file
278	278	// system must be postponed after the login. It is to ensure
		@@ -307,7 +307,7 @@ discard block
		block discarded – undo
307	307	* @throws \Exception
308	308	*/
309	309	public function getHomePath($valueFromLDAP = null) {
310		- $path = (string)$valueFromLDAP;
	310	+ $path = (string) $valueFromLDAP;
311	311	$attr = null;
312	312
313	313	if (is_null($valueFromLDAP)
		@@ -325,12 +325,12 @@ discard block
		block discarded – undo
325	325	if ($path !== '') {
326	326	//if attribute's value is an absolute path take this, otherwise append it to data dir
327	327	//check for / at the beginning or pattern c:\ resp. c:/
328		- if( '/' !== $path[0]
	328	+ if ('/' !== $path[0]
329	329	&& !(3 < strlen($path) && ctype_alpha($path[0])
330	330	&& $path[1] === ':' && ('\\' === $path[2] \|\| '/' === $path[2]))
331	331	) {
332	332	$path = $this->config->getSystemValue('datadirectory',
333		- \OC::$SERVERROOT.'/data' ) . '/' . $path;
	333	+ \OC::$SERVERROOT.'/data').'/'.$path;
334	334	}
335	335	//we need it to store it in the DB as well in case a user gets
336	336	//deleted so we can clean up afterwards
		@@ -340,11 +340,11 @@ discard block
		block discarded – undo
340	340	return $path;
341	341	}
342	342
343		- if( !is_null($attr)
	343	+ if (!is_null($attr)
344	344	&& $this->config->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)
345	345	) {
346	346	// a naming rule attribute is defined, but it doesn't exist for that LDAP user
347		- throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $this->getUsername());
	347	+ throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: '.$this->getUsername());
348	348	}
349	349
350	350	//false will apply default behaviour as defined and done by OC_User
		@@ -355,7 +355,7 @@ discard block
		block discarded – undo
355	355	public function getMemberOfGroups() {
356	356	$cacheKey = 'getMemberOf'.$this->getUsername();
357	357	$memberOfGroups = $this->connection->getFromCache($cacheKey);
358		- if(!is_null($memberOfGroups)) {
	358	+ if (!is_null($memberOfGroups)) {
359	359	return $memberOfGroups;
360	360	}
361	361	$groupDNs = $this->access->readAttribute($this->getDN(), 'memberOf');
		@@ -368,7 +368,7 @@ discard block
		block discarded – undo
368	368	* @return string data (provided by LDAP) \| false
369	369	*/
370	370	public function getAvatarImage() {
371		- if(!is_null($this->avatarImage)) {
	371	+ if (!is_null($this->avatarImage)) {
372	372	return $this->avatarImage;
373	373	}
374	374
		@@ -376,9 +376,9 @@ discard block
		block discarded – undo
376	376	/** @var Connection $connection */
377	377	$connection = $this->access->getConnection();
378	378	$attributes = $connection->resolveRule('avatar');
379		- foreach($attributes as $attribute) {
	379	+ foreach ($attributes as $attribute) {
380	380	$result = $this->access->readAttribute($this->dn, $attribute);
381		- if($result !== false && is_array($result) && isset($result[0])) {
	381	+ if ($result !== false && is_array($result) && isset($result[0])) {
382	382	$this->avatarImage = $result[0];
383	383	break;
384	384	}
		@@ -415,7 +415,7 @@ discard block
		block discarded – undo
415	415	$lastChecked = $this->config->getUserValue($this->uid, 'user_ldap',
416	416	self::USER_PREFKEY_LASTREFRESH, 0);
417	417
418		- if((time() - (int)$lastChecked) < (int)$this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) {
	418	+ if ((time() - (int) $lastChecked) < (int) $this->config->getAppValue('user_ldap', 'updateAttributesInterval', 86400)) {
419	419	return false;
420	420	}
421	421	return true;
		@@ -440,12 +440,12 @@ discard block
		block discarded – undo
440	440	* @return string the effective display name
441	441	*/
442	442	public function composeAndStoreDisplayName($displayName, $displayName2 = '') {
443		- $displayName2 = (string)$displayName2;
444		- if($displayName2 !== '') {
445		- $displayName .= ' (' . $displayName2 . ')';
	443	+ $displayName2 = (string) $displayName2;
	444	+ if ($displayName2 !== '') {
	445	+ $displayName .= ' ('.$displayName2.')';
446	446	}
447	447	$oldName = $this->config->getUserValue($this->uid, 'user_ldap', 'displayName', null);
448		- if ($oldName !== $displayName) {
	448	+ if ($oldName !== $displayName) {
449	449	$this->store('displayName', $displayName);
450	450	$user = $this->userManager->get($this->getUsername());
451	451	if (!empty($oldName) && $user instanceof \OC\User\User) {
		@@ -473,7 +473,7 @@ discard block
		block discarded – undo
473	473	* @return bool
474	474	*/
475	475	private function wasRefreshed($feature) {
476		- if(isset($this->refreshedFeatures[$feature])) {
	476	+ if (isset($this->refreshedFeatures[$feature])) {
477	477	return true;
478	478	}
479	479	$this->refreshedFeatures[$feature] = 1;
		@@ -486,23 +486,23 @@ discard block
		block discarded – undo
486	486	* @return null
487	487	*/
488	488	public function updateEmail($valueFromLDAP = null) {
489		- if($this->wasRefreshed('email')) {
	489	+ if ($this->wasRefreshed('email')) {
490	490	return;
491	491	}
492		- $email = (string)$valueFromLDAP;
493		- if(is_null($valueFromLDAP)) {
	492	+ $email = (string) $valueFromLDAP;
	493	+ if (is_null($valueFromLDAP)) {
494	494	$emailAttribute = $this->connection->ldapEmailAttribute;
495	495	if ($emailAttribute !== '') {
496	496	$aEmail = $this->access->readAttribute($this->dn, $emailAttribute);
497		- if(is_array($aEmail) && (count($aEmail) > 0)) {
498		- $email = (string)$aEmail[0];
	497	+ if (is_array($aEmail) && (count($aEmail) > 0)) {
	498	+ $email = (string) $aEmail[0];
499	499	}
500	500	}
501	501	}
502	502	if ($email !== '') {
503	503	$user = $this->userManager->get($this->uid);
504	504	if (!is_null($user)) {
505		- $currentEmail = (string)$user->getEMailAddress();
	505	+ $currentEmail = (string) $user->getEMailAddress();
506	506	if ($currentEmail !== $email) {
507	507	$user->setEMailAddress($email);
508	508	}
		@@ -531,35 +531,35 @@ discard block
		block discarded – undo
531	531	* @return null
532	532	*/
533	533	public function updateQuota($valueFromLDAP = null) {
534		- if($this->wasRefreshed('quota')) {
	534	+ if ($this->wasRefreshed('quota')) {
535	535	return;
536	536	}
537	537
538	538	$quotaAttribute = $this->connection->ldapQuotaAttribute;
539	539	$defaultQuota = $this->connection->ldapQuotaDefault;
540		- if($quotaAttribute === '' && $defaultQuota === '') {
	540	+ if ($quotaAttribute === '' && $defaultQuota === '') {
541	541	return;
542	542	}
543	543
544	544	$quota = false;
545		- if(is_null($valueFromLDAP) && $quotaAttribute !== '') {
	545	+ if (is_null($valueFromLDAP) && $quotaAttribute !== '') {
546	546	$aQuota = $this->access->readAttribute($this->dn, $quotaAttribute);
547		- if($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) {
	547	+ if ($aQuota && (count($aQuota) > 0) && $this->verifyQuotaValue($aQuota[0])) {
548	548	$quota = $aQuota[0];
549		- } else if(is_array($aQuota) && isset($aQuota[0])) {
550		- $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $aQuota[0] . ']', ILogger::DEBUG);
	549	+ } else if (is_array($aQuota) && isset($aQuota[0])) {
	550	+ $this->log->log('no suitable LDAP quota found for user '.$this->uid.': ['.$aQuota[0].']', ILogger::DEBUG);
551	551	}
552	552	} else if ($this->verifyQuotaValue($valueFromLDAP)) {
553	553	$quota = $valueFromLDAP;
554	554	} else {
555		- $this->log->log('no suitable LDAP quota found for user ' . $this->uid . ': [' . $valueFromLDAP . ']', ILogger::DEBUG);
	555	+ $this->log->log('no suitable LDAP quota found for user '.$this->uid.': ['.$valueFromLDAP.']', ILogger::DEBUG);
556	556	}
557	557
558	558	if ($quota === false && $this->verifyQuotaValue($defaultQuota)) {
559	559	// quota not found using the LDAP attribute (or not parseable). Try the default quota
560	560	$quota = $defaultQuota;
561		- } else if($quota === false) {
562		- $this->log->log('no suitable default quota found for user ' . $this->uid . ': [' . $defaultQuota . ']', ILogger::DEBUG);
	561	+ } else if ($quota === false) {
	562	+ $this->log->log('no suitable default quota found for user '.$this->uid.': ['.$defaultQuota.']', ILogger::DEBUG);
563	563	return;
564	564	}
565	565
		@@ -567,7 +567,7 @@ discard block
		block discarded – undo
567	567	if ($targetUser instanceof IUser) {
568	568	$targetUser->setQuota($quota);
569	569	} else {
570		- $this->log->log('trying to set a quota for user ' . $this->uid . ' but the user is missing', ILogger::INFO);
	570	+ $this->log->log('trying to set a quota for user '.$this->uid.' but the user is missing', ILogger::INFO);
571	571	}
572	572	}
573	573
		@@ -581,7 +581,7 @@ discard block
		block discarded – undo
581	581	* @param array $params
582	582	*/
583	583	public function updateAvatarPostLogin($params) {
584		- if(isset($params['uid']) && $params['uid'] === $this->getUsername()) {
	584	+ if (isset($params['uid']) && $params['uid'] === $this->getUsername()) {
585	585	$this->updateAvatar();
586	586	}
587	587	}
		@@ -591,29 +591,29 @@ discard block
		block discarded – undo
591	591	* @return bool
592	592	*/
593	593	public function updateAvatar($force = false) {
594		- if(!$force && $this->wasRefreshed('avatar')) {
	594	+ if (!$force && $this->wasRefreshed('avatar')) {
595	595	return false;
596	596	}
597	597	$avatarImage = $this->getAvatarImage();
598		- if($avatarImage === false) {
	598	+ if ($avatarImage === false) {
599	599	//not set, nothing left to do;
600	600	return false;
601	601	}
602	602
603		- if(!$this->image->loadFromBase64(base64_encode($avatarImage))) {
	603	+ if (!$this->image->loadFromBase64(base64_encode($avatarImage))) {
604	604	return false;
605	605	}
606	606
607	607	// use the checksum before modifications
608	608	$checksum = md5($this->image->data());
609	609
610		- if($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) {
	610	+ if ($checksum === $this->config->getUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', '')) {
611	611	return true;
612	612	}
613	613
614	614	$isSet = $this->setOwnCloudAvatar();
615	615
616		- if($isSet) {
	616	+ if ($isSet) {
617	617	// save checksum only after successful setting
618	618	$this->config->setUserValue($this->uid, 'user_ldap', 'lastAvatarChecksum', $checksum);
619	619	}
		@@ -626,7 +626,7 @@ discard block
		block discarded – undo
626	626	* @return bool
627	627	*/
628	628	private function setOwnCloudAvatar() {
629		- if(!$this->image->valid()) {
	629	+ if (!$this->image->valid()) {
630	630	$this->log->log('avatar image data from LDAP invalid for '.$this->dn, ILogger::ERROR);
631	631	return false;
632	632	}
		@@ -634,12 +634,12 @@ discard block
		block discarded – undo
634	634
635	635	//make sure it is a square and not bigger than 128x128
636	636	$size = min([$this->image->width(), $this->image->height(), 128]);
637		- if(!$this->image->centerCrop($size)) {
	637	+ if (!$this->image->centerCrop($size)) {
638	638	$this->log->log('croping image for avatar failed for '.$this->dn, ILogger::ERROR);
639	639	return false;
640	640	}
641	641
642		- if(!$this->fs->isLoaded()) {
	642	+ if (!$this->fs->isLoaded()) {
643	643	$this->fs->setup($this->uid);
644	644	}
645	645
		@@ -649,7 +649,7 @@ discard block
		block discarded – undo
649	649	return true;
650	650	} catch (\Exception $e) {
651	651	\OC::$server->getLogger()->logException($e, [
652		- 'message' => 'Could not set avatar for ' . $this->dn,
	652	+ 'message' => 'Could not set avatar for '.$this->dn,
653	653	'level' => ILogger::INFO,
654	654	'app' => 'user_ldap',
655	655	]);
		@@ -705,8 +705,8 @@ discard block
		block discarded – undo
705	705	*/
706	706	public function handlePasswordExpiry($params) {
707	707	$ppolicyDN = $this->connection->ldapDefaultPPolicyDN;
708		- if (empty($ppolicyDN) \|\| ((int)$this->connection->turnOnPasswordChange !== 1)) {
709		- return;//password expiry handling disabled
	708	+ if (empty($ppolicyDN) \|\| ((int) $this->connection->turnOnPasswordChange !== 1)) {
	709	+ return; //password expiry handling disabled
710	710	}
711	711	$uid = $params['uid'];
712	712	if (isset($uid) && $uid === $this->getUsername()) {
		@@ -715,8 +715,8 @@ discard block
		block discarded – undo
715	715
716	716	if (array_key_exists('pwdpolicysubentry', $result[0])) {
717	717	$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
718		- if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
719		- $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
	718	+ if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)) {
	719	+ $ppolicyDN = $pwdPolicySubentry[0]; //custom ppolicy DN
720	720	}
721	721	}
722	722
		@@ -725,9 +725,9 @@ discard block
		block discarded – undo
725	725	$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : [];
726	726
727	727	//retrieve relevant password policy attributes
728		- $cacheKey = 'ppolicyAttributes' . $ppolicyDN;
	728	+ $cacheKey = 'ppolicyAttributes'.$ppolicyDN;
729	729	$result = $this->connection->getFromCache($cacheKey);
730		- if(is_null($result)) {
	730	+ if (is_null($result)) {
731	731	$result = $this->access->search('objectclass=*', [$ppolicyDN], ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
732	732	$this->connection->writeToCache($cacheKey, $result);
733	733	}
		@@ -739,7 +739,7 @@ discard block
		block discarded – undo
739	739	//handle grace login
740	740	if (!empty($pwdGraceUseTime)) { //was this a grace login?
741	741	if (!empty($pwdGraceAuthNLimit)
742		- && count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available?
	742	+ && count($pwdGraceUseTime) < (int) $pwdGraceAuthNLimit[0]) { //at least one more grace login available?
743	743	$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
744	744	header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
745	745	'user_ldap.renewPassword.showRenewPasswordForm', ['user' => $uid]));
		@@ -760,9 +760,9 @@ discard block
		block discarded – undo
760	760	if (!empty($pwdChangedTime)) {
761	761	if (!empty($pwdMaxAge)
762	762	&& !empty($pwdExpireWarning)) {
763		- $pwdMaxAgeInt = (int)$pwdMaxAge[0];
764		- $pwdExpireWarningInt = (int)$pwdExpireWarning[0];
765		- if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
	763	+ $pwdMaxAgeInt = (int) $pwdMaxAge[0];
	764	+ $pwdExpireWarningInt = (int) $pwdExpireWarning[0];
	765	+ if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0) {
766	766	$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
767	767	$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
768	768	$currentDateTime = new \DateTime();

nextcloud / server

Push — master ( 62403d...0c3e2f )

Status

Category

Indentation +20 added lines, -20 removed lines patch added patch discarded remove patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

Indentation +6 added lines, -6 removed lines patch added patch discarded remove patch

Spacing +20 added lines, -20 removed lines patch added patch discarded remove patch

Indentation +223 added lines, -223 removed lines patch added patch discarded remove patch

Spacing +11 added lines, -11 removed lines patch added patch discarded remove patch

Indentation +67 added lines, -67 removed lines patch added patch discarded remove patch

Spacing +6 added lines, -6 removed lines patch added patch discarded remove patch

Indentation +50 added lines, -50 removed lines patch added patch discarded remove patch

Spacing +6 added lines, -6 removed lines patch added patch discarded remove patch

Indentation +207 added lines, -207 removed lines patch added patch discarded remove patch

Spacing +5 added lines, -5 removed lines patch added patch discarded remove patch

Indentation +741 added lines, -741 removed lines patch added patch discarded remove patch

Spacing +70 added lines, -70 removed lines patch added patch discarded remove patch

Indentation +1231 added lines, -1231 removed lines patch added patch discarded remove patch

Spacing +101 added lines, -101 removed lines patch added patch discarded remove patch