mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks 

add anounce- and (pre/|post)RevokeUser signals for non-native backends
This commit is contained in:
Morris Jobke 2018-04-11 00:44:39 +02:00 committed by GitHub
parent a3c2035674 f1565336bd
commit 38961a725f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 156 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apps/admin_audit/lib/Actions/UserManagement.php
View File

@ -50,6 +50,19 @@ class UserManagement extends Action {
);
}
/**
* Log assignments of users (typically user backends)
*
* @param string $uid
*/
public function assign(string $uid) {
$this->log(
'UserID assigned: "%s"',
[ 'uid' => $uid ],
[ 'uid' ]
);
}
/**
* Log deletion of users
*
@ -65,6 +78,19 @@ class UserManagement extends Action {
);
}
/**
* Log unassignments of users (typically user backends, no data removed)
*
* @param string $uid
*/
public function unassign(string $uid) {
$this->log(
'UserID unassigned: "%s"',
[ 'uid' => $uid ],
[ 'uid' ]
);
}
/**
* Log enabling of users
*

2
apps/admin_audit/lib/AppInfo/Application.php
View File

@ -93,6 +93,8 @@ class Application extends App {
/** @var IUserSession|Session $userSession */
$userSession = $this->getContainer()->getServer()->getUserSession();
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
$userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']);
$userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']);
}
protected function groupHooks(ILogger $logger) {

18
apps/dav/lib/HookManager.php
View File

@ -77,14 +77,22 @@ class HookManager {
'post_createUser',
$this,
'postCreateUser');
\OC::$server->getUserManager()->listen('\OC\User', 'assignedUserId', function ($uid) {
$this->postCreateUser(['uid' => $uid]);
});
Util::connectHook('OC_User',
'pre_deleteUser',
$this,
'preDeleteUser');
\OC::$server->getUserManager()->listen('\OC\User', 'preUnassignedUserId', [$this, 'preUnassignedUserId']);
Util::connectHook('OC_User',
'post_deleteUser',
$this,
'postDeleteUser');
\OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', function ($uid) {
$this->postDeleteUser(['uid' => $uid]);
});
\OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', [$this, 'postUnassignedUserId']);
Util::connectHook('OC_User',
'changeUser',
$this,
@ -103,6 +111,10 @@ class HookManager {
$this->addressBooksToDelete = $this->cardDav->getUsersOwnAddressBooks('principals/users/' . $uid);
}
public function preUnassignedUserId($uid) {
$this->usersToDelete[$uid] = $this->userManager->get($uid);
}
public function postDeleteUser($params) {
$uid = $params['uid'];
if (isset($this->usersToDelete[$uid])){
@ -119,6 +131,12 @@ class HookManager {
}
}
public function postUnassignedUserId($uid) {
if (isset($this->usersToDelete[$uid])){
$this->syncService->deleteUser($this->usersToDelete[$uid]);
}
}
public function changeUser($params) {
$user = $params['user'];
$this->syncService->updateUser($user);

22
apps/user_ldap/ajax/clearMappings.php
View File

@ -33,13 +33,23 @@ use OCA\User_LDAP\Mapping\GroupMapping;
$subject = (string)$_POST['ldap_clear_mapping'];
$mapping = null;
if($subject === 'user') {
$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
} else if($subject === 'group') {
$mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
}
try {
if(is_null($mapping) || !$mapping->clear()) {
if($subject === 'user') {
$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
$result = $mapping->clearCb(
function ($uid) {
\OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
},
function ($uid) {
\OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
}
);
} else if($subject === 'group') {
$mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
$result = $mapping->clear();
}
if($mapping === null || !$result) {
$l = \OC::$server->getL10N('user_ldap');
throw new \Exception($l->t('Failed to clear the mappings.'));
}

18
apps/user_ldap/lib/Access.php
View File

@ -44,6 +44,7 @@
namespace OCA\User_LDAP;
use OC\HintException;
use OC\Hooks\PublicEmitter;
use OCA\User_LDAP\Exceptions\ConstraintViolationException;
use OCA\User_LDAP\User\IUserTools;
use OCA\User_LDAP\User\Manager;
@ -52,6 +53,7 @@ use OCA\User_LDAP\Mapping\AbstractMapping;
use OC\ServerNotAvailableException;
use OCP\IConfig;
use OCP\IUserManager;
use OCP\Util;
/**
@ -95,13 +97,16 @@ class Access extends LDAPUtility implements IUserTools {
private $helper;
/** @var IConfig */
private $config;
/** @var IUserManager */
private $ncUserManager;
public function __construct(
Connection $connection,
ILDAPWrapper $ldap,
Manager $userManager,
Helper $helper,
IConfig $config
IConfig $config,
IUserManager $ncUserManager
) {
parent::__construct($ldap);
$this->connection = $connection;
@ -109,6 +114,7 @@ class Access extends LDAPUtility implements IUserTools {
$this->userManager->setLdapAccess($this);
$this->helper = $helper;
$this->config = $config;
$this->ncUserManager = $ncUserManager;
}
/**
@ -605,10 +611,13 @@ class Access extends LDAPUtility implements IUserTools {
// outside of core user management will still cache the user as non-existing.
$originalTTL = $this->connection->ldapCacheTTL;
$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
if(($isUser && $intName !== '' && !\OC::$server->getUserManager()->userExists($intName))
if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName))
|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) {
if($mapper->map($fdn, $intName, $uuid)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
if($this->ncUserManager instanceof PublicEmitter) {
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
}
$newlyMapped = true;
return $intName;
}
@ -617,6 +626,9 @@ class Access extends LDAPUtility implements IUserTools {
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
if($this->ncUserManager instanceof PublicEmitter) {
$this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
}
$newlyMapped = true;
return $altName;
}
@ -738,7 +750,7 @@ class Access extends LDAPUtility implements IUserTools {
//20 attempts, something else is very wrong. Avoids infinite loop.
while($attempts < 20){
$altName = $name . '_' . rand(1000,9999);
if(!\OC::$server->getUserManager()->userExists($altName)) {
if(!$this->ncUserManager->userExists($altName)) {
return $altName;
}
$attempts++;

10
apps/user_ldap/lib/AccessFactory.php
View File

@ -26,6 +26,7 @@ namespace OCA\User_LDAP;
use OCA\User_LDAP\User\Manager;
use OCP\IConfig;
use OCP\IUserManager;
class AccessFactory {
/** @var ILDAPWrapper */
@ -36,17 +37,21 @@ class AccessFactory {
protected $helper;
/** @var IConfig */
protected $config;
/** @var IUserManager */
private $ncUserManager;
public function __construct(
ILDAPWrapper $ldap,
Manager $userManager,
Helper $helper,
IConfig $config)
IConfig $config,
IUserManager $ncUserManager)
{
$this->ldap = $ldap;
$this->userManager = $userManager;
$this->helper = $helper;
$this->config = $config;
$this->ncUserManager = $ncUserManager;
}
public function get(Connection $connection) {
@ -55,7 +60,8 @@ class AccessFactory {
$this->ldap,
$this->userManager,
$this->helper,
$this->config
$this->config,
$this->ncUserManager
);
}
}

3
apps/user_ldap/lib/Jobs/Sync.php
View File

@ -376,7 +376,8 @@ class Sync extends TimedJob {
$this->ldap,
$this->userManager,
$this->ldapHelper,
$this->config
$this->config,
$this->ncUserManager
);
}
}

2
apps/user_ldap/lib/Jobs/UpdateGroups.php
View File

@ -192,7 +192,7 @@ class UpdateGroups extends \OC\BackgroundJob\TimedJob {
\OC::$server->getUserManager(),
\OC::$server->getNotificationManager());
$connector = new Connection($ldapWrapper, $configPrefixes[0]);
$ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig());
$ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig(), \OC::$server->getUserManager());
$groupMapper = new GroupMapping($dbc);
$userMapper = new UserMapping($dbc);
$ldapAccess->setGroupMapper($groupMapper);

26
apps/user_ldap/lib/Mapping/AbstractMapping.php
View File

@ -278,6 +278,32 @@ abstract class AbstractMapping {
return $this->dbc->prepare($sql)->execute();
}
/**
* clears the mapping table one by one and executing a callback with
* each row's id (=owncloud_name col)
*
* @param callable $preCallback
* @param callable $postCallback
* @return bool true on success, false when at least one row was not
* deleted
*/
public function clearCb(Callable $preCallback, Callable $postCallback): bool {
$picker = $this->dbc->getQueryBuilder();
$picker->select('owncloud_name')
->from($this->getTableName());
$cursor = $picker->execute();
$result = true;
while($id = $cursor->fetchColumn(0)) {
$preCallback($id);
if($isUnmapped = $this->unmap($id)) {
$postCallback($id);
}
$result &= $isUnmapped;
}
$cursor->closeCursor();
return $result;
}
/**
* returns the number of entries in the mappings table
*

2
apps/user_ldap/lib/Proxy.php
View File

@ -82,7 +82,7 @@ abstract class Proxy {
new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db,
$coreUserManager, $coreNotificationManager);
$connector = new Connection($this->ldap, $configPrefix);
$access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig);
$access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager);
$access->setUserMapper($userMap);
$access->setGroupMapper($groupMap);
self::$accesses[$configPrefix] = $access;

2
apps/user_ldap/lib/User_LDAP.php
View File

@ -396,7 +396,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
\OC::$server->getLogger()->info('Cleaning up after user ' . $uid,
array('app' => 'user_ldap'));
$this->access->getUserMapper()->unmap($uid);
$this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
$this->access->userManager->invalidate($uid);
return true;
}

12
apps/user_ldap/tests/AccessTest.php
View File

@ -72,6 +72,8 @@ class AccessTest extends TestCase {
private $helper;
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
private $config;
/** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
private $ncUserManager;
/** @var Access */
private $access;
@ -82,13 +84,15 @@ class AccessTest extends TestCase {
$this->helper = $this->createMock(Helper::class);
$this->config = $this->createMock(IConfig::class);
$this->userMapper = $this->createMock(UserMapping::class);
$this->ncUserManager = $this->createMock(IUserManager::class);
$this->access = new Access(
$this->connection,
$this->ldap,
$this->userManager,
$this->helper,
$this->config
$this->config,
$this->ncUserManager
);
$this->access->setUserMapper($this->userMapper);
}
@ -227,7 +231,7 @@ class AccessTest extends TestCase {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
$config = $this->createMock(IConfig::class);
$access = new Access($con, $lw, $um, $helper, $config);
$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
$lw->expects($this->exactly(1))
->method('explodeDN')
@ -250,7 +254,7 @@ class AccessTest extends TestCase {
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
$config = $this->createMock(IConfig::class);
$lw = new LDAP();
$access = new Access($con, $lw, $um, $helper, $config);
$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
if(!function_exists('ldap_explode_dn')) {
$this->markTestSkipped('LDAP Module not available');
@ -431,7 +435,7 @@ class AccessTest extends TestCase {
$attribute => array('count' => 1, $dnFromServer)
)));
$access = new Access($con, $lw, $um, $helper, $config);
$access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
$this->assertSame($values[0], strtolower($dnFromServer));
}

23
apps/user_ldap/tests/Mapping/AbstractMappingTest.php
View File

@ -234,6 +234,29 @@ abstract class AbstractMappingTest extends \Test\TestCase {
}
}
/**
* tests clear() for successful update.
*/
public function testClearCb() {
list($mapper, $data) = $this->initTest();
$callbackCalls = 0;
$test = $this;
$callback = function (string $id) use ($test, &$callbackCalls) {
$test->assertTrue(trim($id) !== '');
$callbackCalls++;
};
$done = $mapper->clearCb($callback, $callback);
$this->assertTrue($done);
$this->assertSame(count($data) * 2, $callbackCalls);
foreach($data as $entry) {
$name = $mapper->getNameByUUID($entry['uuid']);
$this->assertFalse($name);
}
}
/**
* tests getList() method
*/

3
lib/private/User/Manager.php
View File

@ -50,6 +50,9 @@ use OCP\UserInterface;
* - preCreateUser(string $uid, string $password)
* - postCreateUser(\OC\User\User $user, string $password)
* - change(\OC\User\User $user)
* - assignedUserId(string $uid)
* - preUnassignedUserId(string $uid)
* - postUnassignedUserId(string $uid)
*
* @package OC\User
*/

3
lib/private/User/Session.php
View File

@ -72,6 +72,9 @@ use Symfony\Component\EventDispatcher\GenericEvent;
* - postDelete(\OC\User\User $user)
* - preCreateUser(string $uid, string $password)
* - postCreateUser(\OC\User\User $user)
* - assignedUserId(string $uid)
* - preUnassignedUserId(string $uid)
* - postUnassignedUserId(string $uid)
* - preLogin(string $user, string $password)
* - postLogin(\OC\User\User $user, string $password)
* - preRememberedLogin(string $uid)

3
lib/public/IUserManager.php
View File

@ -40,6 +40,9 @@ namespace OCP;
* - postDelete(\OC\User\User $user)
* - preCreateUser(string $uid, string $password)
* - postCreateUser(\OC\User\User $user, string $password)
* - assignedUserId(string $uid)
* - preUnassignedUserId(string $uid)
* - postUnassignedUserId(string $uid)
*
* @package OC\User
* @since 8.0.0