move ldap user sync to background (WIP)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2017-10-31 12:20:44 +01:00
parent 723a25a315
commit c6f1af9896
No known key found for this signature in database
GPG key ID: 7424F1874854DF23
2 changed files with 135 additions and 106 deletions

View file

@ -57,9 +57,7 @@ use OC\ServerNotAvailableException;
* @package OCA\User_LDAP
*/
class Access extends LDAPUtility implements IUserTools {
/**
* @var \OCA\User_LDAP\Connection
*/
/** @var \OCA\User_LDAP\Connection */
public $connection;
/** @var Manager */
public $userManager;
@ -86,7 +84,7 @@ class Access extends LDAPUtility implements IUserTools {
* @var AbstractMapping $userMapper
*/
protected $groupMapper;
/**
* @var \OCA\User_LDAP\Helper
*/
@ -511,12 +509,14 @@ class Access extends LDAPUtility implements IUserTools {
/**
* returns an internal Nextcloud name for the given LDAP DN, false on DN outside of search DN
* @param string $dn the dn of the user object
* @param string $fdn the dn of the user object
* @param string $ldapName optional, the display name of the object
* @param bool $isUser optional, whether it is a user object (otherwise group assumed)
* @param bool|null $newlyMapped
* @return string|false with with the name to use in Nextcloud
*/
public function dn2ocname($fdn, $ldapName = null, $isUser = true) {
public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped = null) {
$newlyMapped = false;
if($isUser) {
$mapper = $this->getUserMapper();
$nameAttribute = $this->connection->ldapUserDisplayName;
@ -526,18 +526,18 @@ class Access extends LDAPUtility implements IUserTools {
}
//let's try to retrieve the Nextcloud name from the mappings table
$ocName = $mapper->getNameByDN($fdn);
if(is_string($ocName)) {
return $ocName;
$ncName = $mapper->getNameByDN($fdn);
if(is_string($ncName)) {
return $ncName;
}
//second try: get the UUID and check if it is known. Then, update the DN and return the name.
$uuid = $this->getUUID($fdn, $isUser);
if(is_string($uuid)) {
$ocName = $mapper->getNameByUUID($uuid);
if(is_string($ocName)) {
$ncName = $mapper->getNameByUUID($uuid);
if(is_string($ncName)) {
$mapper->setDNbyUUID($fdn, $uuid);
return $ocName;
return $ncName;
}
} else {
//If the UUID can't be detected something is foul.
@ -577,6 +577,7 @@ class Access extends LDAPUtility implements IUserTools {
|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) {
if($mapper->map($fdn, $intName, $uuid)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
$newlyMapped = true;
return $intName;
}
}
@ -584,6 +585,7 @@ class Access extends LDAPUtility implements IUserTools {
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
$newlyMapped = true;
return $altName;
}
@ -824,8 +826,9 @@ class Access extends LDAPUtility implements IUserTools {
// displayName is obligatory
continue;
}
$ocName = $this->dn2ocname($userRecord['dn'][0]);
if($ocName === false) {
$newlyMapped = false;
$ocName = $this->dn2ocname($userRecord['dn'][0], null, true, $newlyMapped);
if($ocName === false || $newlyMapped === false) {
continue;
}
$this->cacheUserExists($ocName);
@ -1572,7 +1575,8 @@ class Access extends LDAPUtility implements IUserTools {
$uuid = false;
if($this->detectUuidAttribute($dn, $isUser)) {
$uuid = $this->readAttribute($dn, $this->connection->$uuidAttr);
$attr = $this->connection->$uuidAttr;
$uuid = $this->readAttribute($dn, $attr);
if( !is_array($uuid)
&& $uuidOverride !== ''
&& $this->detectUuidAttribute($dn, $isUser, true)) {

View file

@ -41,13 +41,16 @@ use OCA\User_LDAP\Helper;
use OCA\User_LDAP\ILDAPWrapper;
use OCA\User_LDAP\LDAP;
use OCA\User_LDAP\LogWrapper;
use OCA\User_LDAP\Mapping\UserMapping;
use OCA\User_LDAP\User\Manager;
use OCA\User_LDAP\User\User;
use OCP\IAvatarManager;
use OCP\IConfig;
use OCP\IDBConnection;
use OCP\Image;
use OCP\IUserManager;
use OCP\Notification\IManager as INotificationManager;
use Test\TestCase;
/**
* Class AccessTest
@ -56,7 +59,7 @@ use OCP\Notification\IManager as INotificationManager;
*
* @package OCA\User_LDAP\Tests
*/
class AccessTest extends \Test\TestCase {
class AccessTest extends TestCase {
/** @var Connection|\PHPUnit_Framework_MockObject_MockObject */
private $connection;
/** @var LDAP|\PHPUnit_Framework_MockObject_MockObject */
@ -104,38 +107,30 @@ class AccessTest extends \Test\TestCase {
}
public function testEscapeFilterPartValidChars() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$input = 'okay';
$this->assertTrue($input === $access->escapeFilterPart($input));
$this->assertTrue($input === $this->access->escapeFilterPart($input));
}
public function testEscapeFilterPartEscapeWildcard() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$input = '*';
$expected = '\\\\*';
$this->assertTrue($expected === $access->escapeFilterPart($input));
$this->assertTrue($expected === $this->access->escapeFilterPart($input));
}
public function testEscapeFilterPartEscapeWildcard2() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$input = 'foo*bar';
$expected = 'foo\\\\*bar';
$this->assertTrue($expected === $access->escapeFilterPart($input));
$this->assertTrue($expected === $this->access->escapeFilterPart($input));
}
/** @dataProvider convertSID2StrSuccessData */
/**
* @dataProvider convertSID2StrSuccessData
* @param array $sidArray
* @param $sidExpected
*/
public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$sidBinary = implode('', $sidArray);
$this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
$this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary));
}
public function convertSID2StrSuccessData() {
@ -166,48 +161,39 @@ class AccessTest extends \Test\TestCase {
}
public function testConvertSID2StrInputError() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$sidIllegal = 'foobar';
$sidExpected = '';
$this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal));
$this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal));
}
public function testGetDomainDNFromDNSuccess() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
$domainDN = 'dc=my,dc=server,dc=com';
$lw->expects($this->once())
$this->ldap->expects($this->once())
->method('explodeDN')
->with($inputDN, 0)
->will($this->returnValue(explode(',', $inputDN)));
$this->assertSame($domainDN, $access->getDomainDNFromDN($inputDN));
$this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN));
}
public function testGetDomainDNFromDNError() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$inputDN = 'foobar';
$expected = '';
$lw->expects($this->once())
$this->ldap->expects($this->once())
->method('explodeDN')
->with($inputDN, 0)
->will($this->returnValue(false));
$this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
$this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN));
}
private function getResemblesDNInputData() {
return $cases = array(
array(
public function dnInputDataProvider() {
return [[
[
'input' => 'foo=bar,bar=foo,dc=foobar',
'interResult' => array(
'count' => 3,
@ -216,108 +202,148 @@ class AccessTest extends \Test\TestCase {
2 => 'dc=foobar'
),
'expectedResult' => true
),
array(
],
[
'input' => 'foobarbarfoodcfoobar',
'interResult' => false,
'expectedResult' => false
)
);
]
]];
}
public function testStringResemblesDN() {
/**
* @dataProvider dnInputDataProvider
*/
public function testStringResemblesDN($case) {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$cases = $this->getResemblesDNInputData();
$lw->expects($this->exactly(2))
$lw->expects($this->exactly(1))
->method('explodeDN')
->will($this->returnCallback(function ($dn) use ($cases) {
foreach($cases as $case) {
if($dn === $case['input']) {
return $case['interResult'];
}
->will($this->returnCallback(function ($dn) use ($case) {
if($dn === $case['input']) {
return $case['interResult'];
}
return null;
}));
foreach($cases as $case) {
$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
}
$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
}
public function testStringResemblesDNLDAPmod() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$lw = new \OCA\User_LDAP\LDAP();
/**
* @dataProvider dnInputDataProvider
* @param $case
*/
public function testStringResemblesDNLDAPmod($case) {
list(, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$lw = new LDAP();
$access = new Access($con, $lw, $um, $helper);
if(!function_exists('ldap_explode_dn')) {
$this->markTestSkipped('LDAP Module not available');
}
$cases = $this->getResemblesDNInputData();
foreach($cases as $case) {
$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
}
$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
}
public function testCacheUserHome() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$con->expects($this->once())
$this->connection->expects($this->once())
->method('writeToCache');
$access->cacheUserHome('foobar', '/foobars/path');
$this->access->cacheUserHome('foobar', '/foobars/path');
}
public function testBatchApplyUserAttributes() {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$access = new Access($con, $lw, $um, $helper);
$mapperMock = $this->getMockBuilder('\OCA\User_LDAP\Mapping\UserMapping')
->disableOriginalConstructor()
->getMock();
$this->ldap->expects($this->any())
->method('isResource')
->willReturn(true);
$this->ldap->expects($this->any())
->method('getAttributes')
->willReturn(['displayname' => ['bar', 'count' => 1]]);
/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
$mapperMock = $this->createMock(UserMapping::class);
$mapperMock->expects($this->any())
->method('getNameByDN')
->will($this->returnValue('a_username'));
->willReturn(false);
$mapperMock->expects($this->any())
->method('map')
->willReturn(true);
$userMock = $this->getMockBuilder('\OCA\User_LDAP\User\User')
->disableOriginalConstructor()
->getMock();
$userMock = $this->createMock(User::class);
$access->connection->expects($this->any())
// also returns for userUuidAttribute
$this->access->connection->expects($this->any())
->method('__get')
->will($this->returnValue('displayName'));
$access->setUserMapper($mapperMock);
$this->access->setUserMapper($mapperMock);
$displayNameAttribute = strtolower($access->connection->ldapUserDisplayName);
$data = array(
array(
'dn' => 'foobar',
$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
$data = [
[
'dn' => ['foobar'],
$displayNameAttribute => 'barfoo'
),
array(
'dn' => 'foo',
],
[
'dn' => ['foo'],
$displayNameAttribute => 'bar'
),
array(
'dn' => 'raboof',
],
[
'dn' => ['raboof'],
$displayNameAttribute => 'oofrab'
)
);
]
];
$userMock->expects($this->exactly(count($data)))
->method('processAttributes');
$um->expects($this->exactly(count($data)))
$this->userManager->expects($this->exactly(count($data)))
->method('get')
->will($this->returnValue($userMock));
$access->batchApplyUserAttributes($data);
$this->access->batchApplyUserAttributes($data);
}
public function testBatchApplyUserAttributesSkipped() {
/** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
$mapperMock = $this->createMock(UserMapping::class);
$mapperMock->expects($this->any())
->method('getNameByDN')
->will($this->returnValue('a_username'));
$userMock = $this->createMock(User::class);
$this->access->connection->expects($this->any())
->method('__get')
->will($this->returnValue('displayName'));
$this->access->setUserMapper($mapperMock);
$displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
$data = [
[
'dn' => ['foobar'],
$displayNameAttribute => 'barfoo'
],
[
'dn' => ['foo'],
$displayNameAttribute => 'bar'
],
[
'dn' => ['raboof'],
$displayNameAttribute => 'oofrab'
]
];
$userMock->expects($this->never())
->method('processAttributes');
$this->userManager->expects($this->never())
->method('get');
$this->access->batchApplyUserAttributes($data);
}
public function dNAttributeProvider() {
@ -332,17 +358,16 @@ class AccessTest extends \Test\TestCase {
/**
* @dataProvider dNAttributeProvider
* @param $attribute
*/
public function testSanitizeDN($attribute) {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
$lw->expects($this->any())
->method('isResource')
->will($this->returnValue(true));
$lw->expects($this->any())
->method('getAttributes')
->will($this->returnValue(array(