Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks
add anounce- and (pre/|post)RevokeUser signals for non-native backends
This commit is contained in:
commit
38961a725f
16 changed files with 156 additions and 19 deletions
|
@ -50,6 +50,19 @@ class UserManagement extends Action {
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log assignments of users (typically user backends)
|
||||
*
|
||||
* @param string $uid
|
||||
*/
|
||||
public function assign(string $uid) {
|
||||
$this->log(
|
||||
'UserID assigned: "%s"',
|
||||
[ 'uid' => $uid ],
|
||||
[ 'uid' ]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log deletion of users
|
||||
*
|
||||
|
@ -65,6 +78,19 @@ class UserManagement extends Action {
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log unassignments of users (typically user backends, no data removed)
|
||||
*
|
||||
* @param string $uid
|
||||
*/
|
||||
public function unassign(string $uid) {
|
||||
$this->log(
|
||||
'UserID unassigned: "%s"',
|
||||
[ 'uid' => $uid ],
|
||||
[ 'uid' ]
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log enabling of users
|
||||
*
|
||||
|
|
|
@ -93,6 +93,8 @@ class Application extends App {
|
|||
/** @var IUserSession|Session $userSession */
|
||||
$userSession = $this->getContainer()->getServer()->getUserSession();
|
||||
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
|
||||
$userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']);
|
||||
$userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']);
|
||||
}
|
||||
|
||||
protected function groupHooks(ILogger $logger) {
|
||||
|
|
|
@ -77,14 +77,22 @@ class HookManager {
|
|||
'post_createUser',
|
||||
$this,
|
||||
'postCreateUser');
|
||||
\OC::$server->getUserManager()->listen('\OC\User', 'assignedUserId', function ($uid) {
|
||||
$this->postCreateUser(['uid' => $uid]);
|
||||
});
|
||||
Util::connectHook('OC_User',
|
||||
'pre_deleteUser',
|
||||
$this,
|
||||
'preDeleteUser');
|
||||
\OC::$server->getUserManager()->listen('\OC\User', 'preUnassignedUserId', [$this, 'preUnassignedUserId']);
|
||||
Util::connectHook('OC_User',
|
||||
'post_deleteUser',
|
||||
$this,
|
||||
'postDeleteUser');
|
||||
\OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', function ($uid) {
|
||||
$this->postDeleteUser(['uid' => $uid]);
|
||||
});
|
||||
\OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', [$this, 'postUnassignedUserId']);
|
||||
Util::connectHook('OC_User',
|
||||
'changeUser',
|
||||
$this,
|
||||
|
@ -103,6 +111,10 @@ class HookManager {
|
|||
$this->addressBooksToDelete = $this->cardDav->getUsersOwnAddressBooks('principals/users/' . $uid);
|
||||
}
|
||||
|
||||
public function preUnassignedUserId($uid) {
|
||||
$this->usersToDelete[$uid] = $this->userManager->get($uid);
|
||||
}
|
||||
|
||||
public function postDeleteUser($params) {
|
||||
$uid = $params['uid'];
|
||||
if (isset($this->usersToDelete[$uid])){
|
||||
|
@ -119,6 +131,12 @@ class HookManager {
|
|||
}
|
||||
}
|
||||
|
||||
public function postUnassignedUserId($uid) {
|
||||
if (isset($this->usersToDelete[$uid])){
|
||||
$this->syncService->deleteUser($this->usersToDelete[$uid]);
|
||||
}
|
||||
}
|
||||
|
||||
public function changeUser($params) {
|
||||
$user = $params['user'];
|
||||
$this->syncService->updateUser($user);
|
||||
|
|
|
@ -33,13 +33,23 @@ use OCA\User_LDAP\Mapping\GroupMapping;
|
|||
|
||||
$subject = (string)$_POST['ldap_clear_mapping'];
|
||||
$mapping = null;
|
||||
if($subject === 'user') {
|
||||
$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
|
||||
} else if($subject === 'group') {
|
||||
$mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
|
||||
}
|
||||
try {
|
||||
if(is_null($mapping) || !$mapping->clear()) {
|
||||
if($subject === 'user') {
|
||||
$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
|
||||
$result = $mapping->clearCb(
|
||||
function ($uid) {
|
||||
\OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
|
||||
},
|
||||
function ($uid) {
|
||||
\OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
|
||||
}
|
||||
);
|
||||
} else if($subject === 'group') {
|
||||
$mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
|
||||
$result = $mapping->clear();
|
||||
}
|
||||
|
||||
if($mapping === null || !$result) {
|
||||
$l = \OC::$server->getL10N('user_ldap');
|
||||
throw new \Exception($l->t('Failed to clear the mappings.'));
|
||||
}
|
||||
|
|
|
@ -44,6 +44,7 @@
|
|||
namespace OCA\User_LDAP;
|
||||
|
||||
use OC\HintException;
|
||||
use OC\Hooks\PublicEmitter;
|
||||
use OCA\User_LDAP\Exceptions\ConstraintViolationException;
|
||||
use OCA\User_LDAP\User\IUserTools;
|
||||
use OCA\User_LDAP\User\Manager;
|
||||
|
@ -52,6 +53,7 @@ use OCA\User_LDAP\Mapping\AbstractMapping;
|
|||
|
||||
use OC\ServerNotAvailableException;
|
||||
use OCP\IConfig;
|
||||
use OCP\IUserManager;
|
||||
use OCP\Util;
|
||||
|
||||
/**
|
||||
|
@ -95,13 +97,16 @@ class Access extends LDAPUtility implements IUserTools {
|
|||
private $helper;
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
/** @var IUserManager */
|
||||
private $ncUserManager;
|
||||
|
||||
public function __construct(
|
||||
Connection $connection,
|
||||
ILDAPWrapper $ldap,
|
||||
Manager $userManager,
|
||||
Helper $helper,
|
||||
IConfig $config
|
||||
IConfig $config,
|
||||
IUserManager $ncUserManager
|
||||
) {
|
||||
parent::__construct($ldap);
|
||||
$this->connection = $connection;
|
||||
|
@ -109,6 +114,7 @@ class Access extends LDAPUtility implements IUserTools {
|
|||
$this->userManager->setLdapAccess($this);
|
||||
$this->helper = $helper;
|
||||
$this->config = $config;
|
||||
$this->ncUserManager = $ncUserManager;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -605,10 +611,13 @@ class Access extends LDAPUtility implements IUserTools {
|
|||
// outside of core user management will still cache the user as non-existing.
|
||||
$originalTTL = $this->connection->ldapCacheTTL;
|
||||
$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
|
||||
if(($isUser && $intName !== '' && !\OC::$server->getUserManager()->userExists($intName))
|
||||
if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName))
|
||||
|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) {
|
||||
if($mapper->map($fdn, $intName, $uuid)) {
|
||||
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
|
||||
if($this->ncUserManager instanceof PublicEmitter) {
|
||||
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
|
||||
}
|
||||
$newlyMapped = true;
|
||||
return $intName;
|
||||
}
|
||||
|
@ -617,6 +626,9 @@ class Access extends LDAPUtility implements IUserTools {
|
|||
|
||||
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
|
||||
if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
|
||||
if($this->ncUserManager instanceof PublicEmitter) {
|
||||
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
|
||||
}
|
||||
$newlyMapped = true;
|
||||
return $altName;
|
||||
}
|
||||
|
@ -738,7 +750,7 @@ class Access extends LDAPUtility implements IUserTools {
|
|||
//20 attempts, something else is very wrong. Avoids infinite loop.
|
||||
while($attempts < 20){
|
||||
$altName = $name . '_' . rand(1000,9999);
|
||||
if(!\OC::$server->getUserManager()->userExists($altName)) {
|
||||
if(!$this->ncUserManager->userExists($altName)) {
|
||||
return $altName;
|
||||
}
|
||||
$attempts++;
|
||||
|
|
|
@ -26,6 +26,7 @@ namespace OCA\User_LDAP;
|
|||
|
||||
use OCA\User_LDAP\User\Manager;
|
||||
use OCP\IConfig;
|
||||
use OCP\IUserManager;
|
||||
|
||||
class AccessFactory {
|
||||
/** @var ILDAPWrapper */
|
||||
|
@ -36,17 +37,21 @@ class AccessFactory {
|
|||
protected $helper;
|
||||
/** @var IConfig */
|
||||
protected $config;
|
||||
/** @var IUserManager */
|
||||
private $ncUserManager;
|
||||
|
||||
public function __construct(
|
||||
ILDAPWrapper $ldap,
|
||||
Manager $userManager,
|
||||
Helper $helper,
|
||||
IConfig $config)
|
||||
IConfig $config,
|
||||
IUserManager $ncUserManager)
|
||||
{
|
||||
$this->ldap = $ldap;
|
||||
$this->userManager = $userManager;
|
||||
$this->helper = $helper;
|
||||
$this->config = $config;
|
||||
$this->ncUserManager = $ncUserManager;
|
||||
}
|
||||
|
||||
public function get(Connection $connection) {
|
||||
|
@ -55,7 +60,8 @@ class AccessFactory {
|
|||
$this->ldap,
|
||||
$this->userManager,
|
||||
$this->helper,
|
||||
$this->config
|
||||
$this->config,
|
||||
$this->ncUserManager
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -376,7 +376,8 @@ class Sync extends TimedJob {
|
|||
$this->ldap,
|
||||
$this->userManager,
|
||||
$this->ldapHelper,
|
||||
$this->config
|
||||
$this->config,
|
||||
$this->ncUserManager
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -192,7 +192,7 @@ class UpdateGroups extends \OC\BackgroundJob\TimedJob {
|
|||
\OC::$server->getUserManager(),
|
||||
\OC::$server->getNotificationManager());
|
||||
$connector = new Connection($ldapWrapper, $configPrefixes[0]);
|
||||
$ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig());
|
||||
$ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig(), \OC::$server->getUserManager());
|
||||
$groupMapper = new GroupMapping($dbc);
|
||||
$userMapper = new UserMapping($dbc);
|
||||
$ldapAccess->setGroupMapper($groupMapper);
|
||||
|
|
|
@ -278,6 +278,32 @@ abstract class AbstractMapping {
|
|||
return $this->dbc->prepare($sql)->execute();
|
||||
}
|
||||
|
||||
/**
|
||||
* clears the mapping table one by one and executing a callback with
|
||||
* each row's id (=owncloud_name col)
|
||||
*
|
||||
* @param callable $preCallback
|
||||
* @param callable $postCallback
|
||||
* @return bool true on success, false when at least one row was not
|
||||
* deleted
|
||||
*/
|
||||
public function clearCb(Callable $preCallback, Callable $postCallback): bool {
|
||||
$picker = $this->dbc->getQueryBuilder();
|
||||
$picker->select('owncloud_name')
|
||||
->from($this->getTableName());
|
||||
$cursor = $picker->execute();
|
||||
$result = true;
|
||||
while($id = $cursor->fetchColumn(0)) {
|
||||
$preCallback($id);
|
||||
if($isUnmapped = $this->unmap($id)) {
|
||||
$postCallback($id);
|
||||
}
|
||||
$result &= $isUnmapped;
|
||||
}
|
||||
$cursor->closeCursor();
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the number of entries in the mappings table
|
||||
*
|
||||
|
|
|
@ -82,7 +82,7 @@ abstract class Proxy {
|
|||
new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db,
|
||||
$coreUserManager, $coreNotificationManager);
|
||||
$connector = new Connection($this->ldap, $configPrefix);
|
||||
$access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig);
|
||||
$access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager);
|
||||
$access->setUserMapper($userMap);
|
||||
$access->setGroupMapper($groupMap);
|
||||
self::$accesses[$configPrefix] = $access;
|
||||
|
|
|
@ -396,7 +396,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
|||
\OC::$server->getLogger()->info('Cleaning up after user ' . $uid,
|
||||
array('app' => 'user_ldap'));
|
||||
|
||||
$this->access->getUserMapper()->unmap($uid);
|
||||
$this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
|
||||
$this->access->userManager->invalidate($uid);
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -72,6 +72,8 @@ class AccessTest extends TestCase {
|
|||
private $helper;
|
||||
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $config;
|
||||
/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
|
||||
private $ncUserManager;
|
||||
/** @var Access */
|
||||
private $access;
|
||||
|
||||
|
@ -82,13 +84,15 @@ class AccessTest extends TestCase {
|
|||
$this->helper = $this->createMock(Helper::class);
|
||||
$this->config = $this->createMock(IConfig::class);
|
||||
$this->userMapper = $this->createMock(UserMapping::class);
|
||||
$this->ncUserManager = $this->createMock(IUserManager::class);
|
||||
|
||||
$this->access = new Access(
|
||||
$this->connection,
|
||||
$this->ldap,
|
||||
$this->userManager,
|
||||
$this->helper,
|
||||
$this->config
|
||||
$this->config,
|
||||
$this->ncUserManager
|
||||
);
|
||||
$this->access->setUserMapper($this->userMapper);
|
||||
}
|
||||
|
@ -227,7 +231,7 @@ class AccessTest extends TestCase {
|
|||
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
|
||||
$config = $this->createMock(IConfig::class);
|
||||
$access = new Access($con, $lw, $um, $helper, $config);
|
||||
$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
|
||||
|
||||
$lw->expects($this->exactly(1))
|
||||
->method('explodeDN')
|
||||
|
@ -250,7 +254,7 @@ class AccessTest extends TestCase {
|
|||
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
|
||||
$config = $this->createMock(IConfig::class);
|
||||
$lw = new LDAP();
|
||||
$access = new Access($con, $lw, $um, $helper, $config);
|
||||
$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
|
||||
|
||||
if(!function_exists('ldap_explode_dn')) {
|
||||
$this->markTestSkipped('LDAP Module not available');
|
||||
|
@ -431,7 +435,7 @@ class AccessTest extends TestCase {
|
|||
$attribute => array('count' => 1, $dnFromServer)
|
||||
)));
|
||||
|
||||
$access = new Access($con, $lw, $um, $helper, $config);
|
||||
$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
|
||||
$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
|
||||
$this->assertSame($values[0], strtolower($dnFromServer));
|
||||
}
|
||||
|
|
|
@ -234,6 +234,29 @@ abstract class AbstractMappingTest extends \Test\TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* tests clear() for successful update.
|
||||
*/
|
||||
public function testClearCb() {
|
||||
list($mapper, $data) = $this->initTest();
|
||||
|
||||
$callbackCalls = 0;
|
||||
$test = $this;
|
||||
|
||||
$callback = function (string $id) use ($test, &$callbackCalls) {
|
||||
$test->assertTrue(trim($id) !== '');
|
||||
$callbackCalls++;
|
||||
};
|
||||
|
||||
$done = $mapper->clearCb($callback, $callback);
|
||||
$this->assertTrue($done);
|
||||
$this->assertSame(count($data) * 2, $callbackCalls);
|
||||
foreach($data as $entry) {
|
||||
$name = $mapper->getNameByUUID($entry['uuid']);
|
||||
$this->assertFalse($name);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* tests getList() method
|
||||
*/
|
||||
|
|
|
@ -50,6 +50,9 @@ use OCP\UserInterface;
|
|||
* - preCreateUser(string $uid, string $password)
|
||||
* - postCreateUser(\OC\User\User $user, string $password)
|
||||
* - change(\OC\User\User $user)
|
||||
* - assignedUserId(string $uid)
|
||||
* - preUnassignedUserId(string $uid)
|
||||
* - postUnassignedUserId(string $uid)
|
||||
*
|
||||
* @package OC\User
|
||||
*/
|
||||
|
|
|
@ -72,6 +72,9 @@ use Symfony\Component\EventDispatcher\GenericEvent;
|
|||
* - postDelete(\OC\User\User $user)
|
||||
* - preCreateUser(string $uid, string $password)
|
||||
* - postCreateUser(\OC\User\User $user)
|
||||
* - assignedUserId(string $uid)
|
||||
* - preUnassignedUserId(string $uid)
|
||||
* - postUnassignedUserId(string $uid)
|
||||
* - preLogin(string $user, string $password)
|
||||
* - postLogin(\OC\User\User $user, string $password)
|
||||
* - preRememberedLogin(string $uid)
|
||||
|
|
|
@ -40,6 +40,9 @@ namespace OCP;
|
|||
* - postDelete(\OC\User\User $user)
|
||||
* - preCreateUser(string $uid, string $password)
|
||||
* - postCreateUser(\OC\User\User $user, string $password)
|
||||
* - assignedUserId(string $uid)
|
||||
* - preUnassignedUserId(string $uid)
|
||||
* - postUnassignedUserId(string $uid)
|
||||
*
|
||||
* @package OC\User
|
||||
* @since 8.0.0
|
||||
|
|
Loading…
Reference in a new issue