2014-03-27 17:01:14 +00:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-21 14:49:16 +00:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
*
|
2016-05-26 17:56:05 +00:00
|
|
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
2016-07-21 14:49:16 +00:00
|
|
|
* @author Joas Schilling <coding@schilljs.com>
|
2015-06-25 09:43:55 +00:00
|
|
|
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
2016-03-01 16:25:15 +00:00
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
2014-03-27 17:01:14 +00:00
|
|
|
*
|
2015-03-26 10:44:34 +00:00
|
|
|
* @license AGPL-3.0
|
2014-03-27 17:01:14 +00:00
|
|
|
*
|
2015-03-26 10:44:34 +00:00
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
2014-03-27 17:01:14 +00:00
|
|
|
*
|
2015-03-26 10:44:34 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
2014-03-27 17:01:14 +00:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2015-03-26 10:44:34 +00:00
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
2014-03-27 17:01:14 +00:00
|
|
|
*
|
2015-03-26 10:44:34 +00:00
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
2014-03-27 17:01:14 +00:00
|
|
|
*
|
|
|
|
*/
|
2015-02-26 10:37:37 +00:00
|
|
|
|
2016-05-12 09:25:50 +00:00
|
|
|
namespace OCA\User_LDAP\User;
|
2014-03-27 17:01:14 +00:00
|
|
|
|
2016-07-04 11:57:15 +00:00
|
|
|
use OC\Cache\CappedMemoryCache;
|
2016-05-12 14:16:06 +00:00
|
|
|
use OCA\User_LDAP\LogWrapper;
|
2016-05-12 14:31:35 +00:00
|
|
|
use OCA\User_LDAP\FilesystemHelper;
|
2016-01-19 14:48:38 +00:00
|
|
|
use OCP\IAvatarManager;
|
|
|
|
use OCP\IConfig;
|
|
|
|
use OCP\IDBConnection;
|
|
|
|
use OCP\Image;
|
|
|
|
use OCP\IUserManager;
|
2014-03-27 17:01:14 +00:00
|
|
|
|
2014-04-24 11:44:25 +00:00
|
|
|
/**
|
|
|
|
* Manager
|
|
|
|
*
|
|
|
|
* upon request, returns an LDAP user object either by creating or from run-time
|
|
|
|
* cache
|
|
|
|
*/
|
2014-03-27 17:01:14 +00:00
|
|
|
class Manager {
|
2015-01-06 23:52:18 +00:00
|
|
|
/** @var IUserTools */
|
2014-03-27 17:01:14 +00:00
|
|
|
protected $access;
|
2015-01-06 23:52:18 +00:00
|
|
|
|
2016-01-19 14:48:38 +00:00
|
|
|
/** @var IConfig */
|
2014-03-27 17:01:14 +00:00
|
|
|
protected $ocConfig;
|
2015-01-06 23:52:18 +00:00
|
|
|
|
2016-01-19 14:48:38 +00:00
|
|
|
/** @var IDBConnection */
|
2015-01-06 23:52:18 +00:00
|
|
|
protected $db;
|
|
|
|
|
|
|
|
/** @var FilesystemHelper */
|
2014-03-27 17:01:14 +00:00
|
|
|
protected $ocFilesystem;
|
2015-01-06 23:52:18 +00:00
|
|
|
|
|
|
|
/** @var LogWrapper */
|
2014-03-27 17:01:14 +00:00
|
|
|
protected $ocLog;
|
2015-01-06 23:52:18 +00:00
|
|
|
|
2016-01-19 14:48:38 +00:00
|
|
|
/** @var Image */
|
2014-03-27 17:01:14 +00:00
|
|
|
protected $image;
|
2015-01-06 23:52:18 +00:00
|
|
|
|
|
|
|
/** @param \OCP\IAvatarManager */
|
2014-03-27 17:01:14 +00:00
|
|
|
protected $avatarManager;
|
2015-01-06 23:52:18 +00:00
|
|
|
|
2014-03-27 17:01:14 +00:00
|
|
|
/**
|
2016-07-04 11:57:15 +00:00
|
|
|
* @var CappedMemoryCache $usersByDN
|
2014-03-27 17:01:14 +00:00
|
|
|
*/
|
2016-07-04 11:57:15 +00:00
|
|
|
protected $usersByDN;
|
|
|
|
/**
|
|
|
|
* @var CappedMemoryCache $usersByUid
|
|
|
|
*/
|
|
|
|
protected $usersByUid;
|
2014-03-27 17:01:14 +00:00
|
|
|
|
|
|
|
/**
|
2016-01-19 14:48:38 +00:00
|
|
|
* @param IConfig $ocConfig
|
2016-05-12 14:31:35 +00:00
|
|
|
* @param \OCA\User_LDAP\FilesystemHelper $ocFilesystem object that
|
2015-01-06 23:52:18 +00:00
|
|
|
* gives access to necessary functions from the OC filesystem
|
2016-05-12 14:16:06 +00:00
|
|
|
* @param \OCA\User_LDAP\LogWrapper $ocLog
|
2016-01-19 14:48:38 +00:00
|
|
|
* @param IAvatarManager $avatarManager
|
|
|
|
* @param Image $image an empty image instance
|
|
|
|
* @param IDBConnection $db
|
2015-10-15 06:27:24 +00:00
|
|
|
* @throws \Exception when the methods mentioned above do not exist
|
2014-03-27 17:01:14 +00:00
|
|
|
*/
|
2016-01-19 14:48:38 +00:00
|
|
|
public function __construct(IConfig $ocConfig,
|
|
|
|
FilesystemHelper $ocFilesystem, LogWrapper $ocLog,
|
|
|
|
IAvatarManager $avatarManager, Image $image,
|
|
|
|
IDBConnection $db, IUserManager $userManager) {
|
2014-03-27 17:01:14 +00:00
|
|
|
|
|
|
|
$this->ocConfig = $ocConfig;
|
|
|
|
$this->ocFilesystem = $ocFilesystem;
|
|
|
|
$this->ocLog = $ocLog;
|
|
|
|
$this->avatarManager = $avatarManager;
|
|
|
|
$this->image = $image;
|
2015-01-06 23:52:18 +00:00
|
|
|
$this->db = $db;
|
2016-01-19 14:48:38 +00:00
|
|
|
$this->userManager = $userManager;
|
2016-07-04 11:57:15 +00:00
|
|
|
$this->usersByDN = new CappedMemoryCache();
|
|
|
|
$this->usersByUid = new CappedMemoryCache();
|
2014-03-27 17:01:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief binds manager to an instance of IUserTools (implemented by
|
|
|
|
* Access). It needs to be assigned first before the manager can be used.
|
|
|
|
* @param IUserTools
|
|
|
|
*/
|
|
|
|
public function setLdapAccess(IUserTools $access) {
|
|
|
|
$this->access = $access;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief creates an instance of User and caches (just runtime) it in the
|
|
|
|
* property array
|
2015-10-15 06:27:24 +00:00
|
|
|
* @param string $dn the DN of the user
|
|
|
|
* @param string $uid the internal (owncloud) username
|
2016-05-12 09:25:50 +00:00
|
|
|
* @return \OCA\User_LDAP\User\User
|
2014-03-27 17:01:14 +00:00
|
|
|
*/
|
|
|
|
private function createAndCache($dn, $uid) {
|
|
|
|
$this->checkAccess();
|
|
|
|
$user = new User($uid, $dn, $this->access, $this->ocConfig,
|
|
|
|
$this->ocFilesystem, clone $this->image, $this->ocLog,
|
2016-01-19 14:48:38 +00:00
|
|
|
$this->avatarManager, $this->userManager);
|
2016-07-04 11:57:15 +00:00
|
|
|
$this->usersByDN[$dn] = $user;
|
|
|
|
$this->usersByUid[$uid] = $user;
|
2014-03-27 17:01:14 +00:00
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief checks whether the Access instance has been set
|
2015-10-15 06:27:24 +00:00
|
|
|
* @throws \Exception if Access has not been set
|
2014-03-27 17:01:14 +00:00
|
|
|
* @return null
|
|
|
|
*/
|
|
|
|
private function checkAccess() {
|
|
|
|
if(is_null($this->access)) {
|
|
|
|
throw new \Exception('LDAP Access instance must be set first');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-08-20 22:55:42 +00:00
|
|
|
/**
|
|
|
|
* returns a list of attributes that will be processed further, e.g. quota,
|
|
|
|
* email, displayname, or others.
|
|
|
|
* @param bool $minimal - optional, set to true to skip attributes with big
|
|
|
|
* payload
|
|
|
|
* @return string[]
|
|
|
|
*/
|
|
|
|
public function getAttributes($minimal = false) {
|
|
|
|
$attributes = array('dn', 'uid', 'samaccountname', 'memberof');
|
|
|
|
$possible = array(
|
|
|
|
$this->access->getConnection()->ldapQuotaAttribute,
|
|
|
|
$this->access->getConnection()->ldapEmailAttribute,
|
|
|
|
$this->access->getConnection()->ldapUserDisplayName,
|
2016-02-03 12:16:55 +00:00
|
|
|
$this->access->getConnection()->ldapUserDisplayName2,
|
2015-08-20 22:55:42 +00:00
|
|
|
);
|
|
|
|
foreach($possible as $attr) {
|
|
|
|
if(!is_null($attr)) {
|
|
|
|
$attributes[] = $attr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$homeRule = $this->access->getConnection()->homeFolderNamingRule;
|
|
|
|
if(strpos($homeRule, 'attr:') === 0) {
|
|
|
|
$attributes[] = substr($homeRule, strlen('attr:'));
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!$minimal) {
|
|
|
|
// attributes that are not really important but may come with big
|
|
|
|
// payload.
|
|
|
|
$attributes = array_merge($attributes, array(
|
|
|
|
'jpegphoto',
|
|
|
|
'thumbnailphoto'
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
return $attributes;
|
|
|
|
}
|
|
|
|
|
2014-08-21 15:59:13 +00:00
|
|
|
/**
|
|
|
|
* Checks whether the specified user is marked as deleted
|
2017-04-12 04:16:27 +00:00
|
|
|
* @param string $id the Nextcloud user name
|
2014-08-21 15:59:13 +00:00
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function isDeletedUser($id) {
|
|
|
|
$isDeleted = $this->ocConfig->getUserValue(
|
|
|
|
$id, 'user_ldap', 'isDeleted', 0);
|
|
|
|
return intval($isDeleted) === 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* creates and returns an instance of OfflineUser for the specified user
|
|
|
|
* @param string $id
|
2016-05-12 09:25:50 +00:00
|
|
|
* @return \OCA\User_LDAP\User\OfflineUser
|
2014-08-21 15:59:13 +00:00
|
|
|
*/
|
|
|
|
public function getDeletedUser($id) {
|
|
|
|
return new OfflineUser(
|
|
|
|
$id,
|
2014-12-20 15:33:37 +00:00
|
|
|
$this->ocConfig,
|
2015-01-06 23:52:18 +00:00
|
|
|
$this->db,
|
2014-12-20 15:09:04 +00:00
|
|
|
$this->access->getUserMapper());
|
2014-08-21 15:59:13 +00:00
|
|
|
}
|
|
|
|
|
2015-03-31 13:33:44 +00:00
|
|
|
/**
|
2017-04-12 04:16:27 +00:00
|
|
|
* @brief returns a User object by it's Nextcloud username
|
2015-10-15 06:27:24 +00:00
|
|
|
* @param string $id the DN or username of the user
|
2016-05-12 09:25:50 +00:00
|
|
|
* @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
|
2015-03-31 13:33:44 +00:00
|
|
|
*/
|
2014-08-21 15:59:13 +00:00
|
|
|
protected function createInstancyByUserName($id) {
|
|
|
|
//most likely a uid. Check whether it is a deleted user
|
|
|
|
if($this->isDeletedUser($id)) {
|
|
|
|
return $this->getDeletedUser($id);
|
|
|
|
}
|
|
|
|
$dn = $this->access->username2dn($id);
|
|
|
|
if($dn !== false) {
|
|
|
|
return $this->createAndCache($dn, $id);
|
|
|
|
}
|
2015-03-31 13:33:44 +00:00
|
|
|
return null;
|
2014-08-21 15:59:13 +00:00
|
|
|
}
|
|
|
|
|
2014-03-27 17:01:14 +00:00
|
|
|
/**
|
2017-04-12 04:16:27 +00:00
|
|
|
* @brief returns a User object by it's DN or Nextcloud username
|
2015-10-15 06:27:24 +00:00
|
|
|
* @param string $id the DN or username of the user
|
2016-05-12 09:25:50 +00:00
|
|
|
* @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
|
2015-03-31 11:42:23 +00:00
|
|
|
* @throws \Exception when connection could not be established
|
2014-03-27 17:01:14 +00:00
|
|
|
*/
|
|
|
|
public function get($id) {
|
|
|
|
$this->checkAccess();
|
2016-07-04 11:57:15 +00:00
|
|
|
if(isset($this->usersByDN[$id])) {
|
|
|
|
return $this->usersByDN[$id];
|
|
|
|
} else if(isset($this->usersByUid[$id])) {
|
|
|
|
return $this->usersByUid[$id];
|
2014-03-27 17:01:14 +00:00
|
|
|
}
|
|
|
|
|
2014-08-21 15:59:13 +00:00
|
|
|
if($this->access->stringResemblesDN($id) ) {
|
2014-03-27 17:01:14 +00:00
|
|
|
$uid = $this->access->dn2username($id);
|
|
|
|
if($uid !== false) {
|
|
|
|
return $this->createAndCache($id, $uid);
|
|
|
|
}
|
|
|
|
}
|
2014-08-21 15:59:13 +00:00
|
|
|
|
2015-03-31 11:42:23 +00:00
|
|
|
return $this->createInstancyByUserName($id);
|
2014-03-27 17:01:14 +00:00
|
|
|
}
|
|
|
|
|
2014-04-24 11:32:50 +00:00
|
|
|
}
|