Merge pull request #8538 from nextcloud/8522-stable11

[stable11] Fix retrieval of group members with numerical uids from LDAP
This commit is contained in:
Roeland Jago Douma 2018-02-26 16:22:21 +01:00 committed by GitHub
commit 257fbf9bf3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 91 additions and 7 deletions

View File

@ -198,6 +198,7 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface {
* @param string $dnGroup
* @param array|null &$seen
* @return array|mixed|null
* @throws \OC\ServerNotAvailableException
*/
private function _groupMembers($dnGroup, &$seen = null) {
if ($seen === null) {
@ -211,26 +212,26 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface {
// used extensively in cron job, caching makes sense for nested groups
$cacheKey = '_groupMembers'.$dnGroup;
$groupMembers = $this->access->connection->getFromCache($cacheKey);
if(!is_null($groupMembers)) {
if($groupMembers !== null) {
return $groupMembers;
}
$seen[$dnGroup] = 1;
$members = $this->access->readAttribute($dnGroup, $this->access->connection->ldapGroupMemberAssocAttr,
$this->access->connection->ldapGroupFilter);
if (is_array($members)) {
foreach ($members as $memberDN) {
$allMembers[$memberDN] = 1;
foreach ($members as $member) {
$allMembers[$member] = 1;
$nestedGroups = $this->access->connection->ldapNestedGroups;
if (!empty($nestedGroups)) {
$subMembers = $this->_groupMembers($memberDN, $seen);
$subMembers = $this->_groupMembers($member, $seen);
if ($subMembers) {
$allMembers = array_merge($allMembers, $subMembers);
$allMembers += $subMembers;
}
}
}
}
$allMembers = array_merge($allMembers, $this->getDynamicGroupMembers($dnGroup));
$allMembers += $this->getDynamicGroupMembers($dnGroup);
$this->access->connection->writeToCache($cacheKey, $allMembers);
return $allMembers;

View File

@ -30,6 +30,7 @@ namespace OCA\User_LDAP\Tests;
use OCA\User_LDAP\Group_LDAP as GroupLDAP;
use OCA\User_LDAP\ILDAPWrapper;
use Test\TestCase;
/**
* Class GroupLDAPTest
@ -38,7 +39,7 @@ use OCA\User_LDAP\ILDAPWrapper;
*
* @package OCA\User_LDAP\Tests
*/
class Group_LDAPTest extends \Test\TestCase {
class Group_LDAPTest extends TestCase {
private function getAccessMock() {
static $conMethods;
static $accMethods;
@ -511,4 +512,86 @@ class Group_LDAPTest extends \Test\TestCase {
$groupsAgain = $groupBackend->getUserGroups('userX');
$this->assertEquals(['group1', 'group2'], $groupsAgain);
}
public function groupMemberProvider() {
$base = 'dc=species,dc=earth';
$groups0 = [
'uid=3723,' . $base,
'uid=8372,' . $base,
'uid=8427,' . $base,
'uid=2333,' . $base,
'uid=4754,' . $base,
];
$groups1 = [
'3723',
'8372',
'8427',
'2333',
'4754',
];
$groups2Nested = ['6642', '1424'];
$expGroups2 = array_merge($groups1, $groups2Nested);
return [
[ #0 test DNs
'cn=Birds,' . $base,
$groups0,
['cn=Birds,' . $base => $groups0]
],
[ #1 test uids
'cn=Birds,' . $base,
$groups1,
['cn=Birds,' . $base => $groups1]
],
[ #2 test uids with nested groups
'cn=Birds,' . $base,
$expGroups2,
[
'cn=Birds,' . $base => $groups1,
'8427' => $groups2Nested, // simplified - nested groups would work with DNs
],
],
];
}
/**
* @param string $groupDN
* @param string[] $expectedMembers
* @param array $groupsInfo
* @dataProvider groupMemberProvider
*/
public function testGroupMembers($groupDN, $expectedMembers, $groupsInfo = null) {
$access = $this->getAccessMock();
$access->expects($this->any())
->method('readAttribute')
->willReturnCallback(function($group) use ($groupDN, $expectedMembers, $groupsInfo) {
if(isset($groupsInfo[$group])) {
return $groupsInfo[$group];
}
return [];
});
$access->connection = $this->createMock(Connection::class);
if(count($groupsInfo) > 1) {
$access->connection->expects($this->any())
->method('__get')
->willReturnCallback(function($name) {
if($name === 'ldapNestedGroups') {
return 1;
}
return null;
});
}
/** @var GroupPluginManager $pluginManager */
$pluginManager = $this->createMock(GroupPluginManager::class);
$ldap = new GroupLDAP($access, $pluginManager);
$resultingMembers = $this->invokePrivate($ldap, '_groupMembers', [$groupDN]);
$expected = array_keys(array_flip($expectedMembers));
$this->assertEquals($expected, array_keys($resultingMembers), '', 0.0, 10, true);
}
}