diff --git a/apps/admin_audit/lib/Actions/UserManagement.php b/apps/admin_audit/lib/Actions/UserManagement.php index 45250d4e70..5cf1494df6 100644 --- a/apps/admin_audit/lib/Actions/UserManagement.php +++ b/apps/admin_audit/lib/Actions/UserManagement.php @@ -50,6 +50,19 @@ class UserManagement extends Action { ); } + /** + * Log assignments of users (typically user backends) + * + * @param string $uid + */ + public function assign(string $uid) { + $this->log( + 'UserID assigned: "%s"', + [ 'uid' => $uid ], + [ 'uid' ] + ); + } + /** * Log deletion of users * @@ -65,6 +78,19 @@ class UserManagement extends Action { ); } + /** + * Log unassignments of users (typically user backends, no data removed) + * + * @param string $uid + */ + public function unassign(string $uid) { + $this->log( + 'UserID unassigned: "%s"', + [ 'uid' => $uid ], + [ 'uid' ] + ); + } + /** * Log enabling of users * diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php index 5634a4a67b..df39e3eb11 100644 --- a/apps/admin_audit/lib/AppInfo/Application.php +++ b/apps/admin_audit/lib/AppInfo/Application.php @@ -93,6 +93,8 @@ class Application extends App { /** @var IUserSession|Session $userSession */ $userSession = $this->getContainer()->getServer()->getUserSession(); $userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']); + $userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']); + $userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']); } protected function groupHooks(ILogger $logger) { diff --git a/apps/dav/lib/HookManager.php b/apps/dav/lib/HookManager.php index 57b176213e..b1bd039c65 100644 --- a/apps/dav/lib/HookManager.php +++ b/apps/dav/lib/HookManager.php @@ -77,14 +77,22 @@ class HookManager { 'post_createUser', $this, 'postCreateUser'); + \OC::$server->getUserManager()->listen('\OC\User', 'assignedUserId', function ($uid) { + $this->postCreateUser(['uid' => $uid]); + }); Util::connectHook('OC_User', 'pre_deleteUser', $this, 'preDeleteUser'); + \OC::$server->getUserManager()->listen('\OC\User', 'preUnassignedUserId', [$this, 'preUnassignedUserId']); Util::connectHook('OC_User', 'post_deleteUser', $this, 'postDeleteUser'); + \OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', function ($uid) { + $this->postDeleteUser(['uid' => $uid]); + }); + \OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', [$this, 'postUnassignedUserId']); Util::connectHook('OC_User', 'changeUser', $this, @@ -103,6 +111,10 @@ class HookManager { $this->addressBooksToDelete = $this->cardDav->getUsersOwnAddressBooks('principals/users/' . $uid); } + public function preUnassignedUserId($uid) { + $this->usersToDelete[$uid] = $this->userManager->get($uid); + } + public function postDeleteUser($params) { $uid = $params['uid']; if (isset($this->usersToDelete[$uid])){ @@ -119,6 +131,12 @@ class HookManager { } } + public function postUnassignedUserId($uid) { + if (isset($this->usersToDelete[$uid])){ + $this->syncService->deleteUser($this->usersToDelete[$uid]); + } + } + public function changeUser($params) { $user = $params['user']; $this->syncService->updateUser($user); diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php index 01b6b7f0ef..8e2d63e3eb 100644 --- a/apps/user_ldap/ajax/clearMappings.php +++ b/apps/user_ldap/ajax/clearMappings.php @@ -33,13 +33,23 @@ use OCA\User_LDAP\Mapping\GroupMapping; $subject = (string)$_POST['ldap_clear_mapping']; $mapping = null; -if($subject === 'user') { - $mapping = new UserMapping(\OC::$server->getDatabaseConnection()); -} else if($subject === 'group') { - $mapping = new GroupMapping(\OC::$server->getDatabaseConnection()); -} try { - if(is_null($mapping) || !$mapping->clear()) { + if($subject === 'user') { + $mapping = new UserMapping(\OC::$server->getDatabaseConnection()); + $result = $mapping->clearCb( + function ($uid) { + \OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]); + }, + function ($uid) { + \OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]); + } + ); + } else if($subject === 'group') { + $mapping = new GroupMapping(\OC::$server->getDatabaseConnection()); + $result = $mapping->clear(); + } + + if($mapping === null || !$result) { $l = \OC::$server->getL10N('user_ldap'); throw new \Exception($l->t('Failed to clear the mappings.')); } diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 9fb3709027..2395da1ec9 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -44,6 +44,7 @@ namespace OCA\User_LDAP; use OC\HintException; +use OC\Hooks\PublicEmitter; use OCA\User_LDAP\Exceptions\ConstraintViolationException; use OCA\User_LDAP\User\IUserTools; use OCA\User_LDAP\User\Manager; @@ -52,6 +53,7 @@ use OCA\User_LDAP\Mapping\AbstractMapping; use OC\ServerNotAvailableException; use OCP\IConfig; +use OCP\IUserManager; use OCP\Util; /** @@ -95,13 +97,16 @@ class Access extends LDAPUtility implements IUserTools { private $helper; /** @var IConfig */ private $config; + /** @var IUserManager */ + private $ncUserManager; public function __construct( Connection $connection, ILDAPWrapper $ldap, Manager $userManager, Helper $helper, - IConfig $config + IConfig $config, + IUserManager $ncUserManager ) { parent::__construct($ldap); $this->connection = $connection; @@ -109,6 +114,7 @@ class Access extends LDAPUtility implements IUserTools { $this->userManager->setLdapAccess($this); $this->helper = $helper; $this->config = $config; + $this->ncUserManager = $ncUserManager; } /** @@ -605,10 +611,13 @@ class Access extends LDAPUtility implements IUserTools { // outside of core user management will still cache the user as non-existing. $originalTTL = $this->connection->ldapCacheTTL; $this->connection->setConfiguration(array('ldapCacheTTL' => 0)); - if(($isUser && $intName !== '' && !\OC::$server->getUserManager()->userExists($intName)) + if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName)) || (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) { if($mapper->map($fdn, $intName, $uuid)) { $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); + if($this->ncUserManager instanceof PublicEmitter) { + $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]); + } $newlyMapped = true; return $intName; } @@ -617,6 +626,9 @@ class Access extends LDAPUtility implements IUserTools { $altName = $this->createAltInternalOwnCloudName($intName, $isUser); if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) { + if($this->ncUserManager instanceof PublicEmitter) { + $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]); + } $newlyMapped = true; return $altName; } @@ -738,7 +750,7 @@ class Access extends LDAPUtility implements IUserTools { //20 attempts, something else is very wrong. Avoids infinite loop. while($attempts < 20){ $altName = $name . '_' . rand(1000,9999); - if(!\OC::$server->getUserManager()->userExists($altName)) { + if(!$this->ncUserManager->userExists($altName)) { return $altName; } $attempts++; diff --git a/apps/user_ldap/lib/AccessFactory.php b/apps/user_ldap/lib/AccessFactory.php index 45ff779bb0..f03f7f7420 100644 --- a/apps/user_ldap/lib/AccessFactory.php +++ b/apps/user_ldap/lib/AccessFactory.php @@ -26,6 +26,7 @@ namespace OCA\User_LDAP; use OCA\User_LDAP\User\Manager; use OCP\IConfig; +use OCP\IUserManager; class AccessFactory { /** @var ILDAPWrapper */ @@ -36,17 +37,21 @@ class AccessFactory { protected $helper; /** @var IConfig */ protected $config; + /** @var IUserManager */ + private $ncUserManager; public function __construct( ILDAPWrapper $ldap, Manager $userManager, Helper $helper, - IConfig $config) + IConfig $config, + IUserManager $ncUserManager) { $this->ldap = $ldap; $this->userManager = $userManager; $this->helper = $helper; $this->config = $config; + $this->ncUserManager = $ncUserManager; } public function get(Connection $connection) { @@ -55,7 +60,8 @@ class AccessFactory { $this->ldap, $this->userManager, $this->helper, - $this->config + $this->config, + $this->ncUserManager ); } } diff --git a/apps/user_ldap/lib/Jobs/Sync.php b/apps/user_ldap/lib/Jobs/Sync.php index 4ef0636a2e..0abb9331a2 100644 --- a/apps/user_ldap/lib/Jobs/Sync.php +++ b/apps/user_ldap/lib/Jobs/Sync.php @@ -376,7 +376,8 @@ class Sync extends TimedJob { $this->ldap, $this->userManager, $this->ldapHelper, - $this->config + $this->config, + $this->ncUserManager ); } } diff --git a/apps/user_ldap/lib/Jobs/UpdateGroups.php b/apps/user_ldap/lib/Jobs/UpdateGroups.php index 2b57874c62..c36ec80b93 100644 --- a/apps/user_ldap/lib/Jobs/UpdateGroups.php +++ b/apps/user_ldap/lib/Jobs/UpdateGroups.php @@ -192,7 +192,7 @@ class UpdateGroups extends \OC\BackgroundJob\TimedJob { \OC::$server->getUserManager(), \OC::$server->getNotificationManager()); $connector = new Connection($ldapWrapper, $configPrefixes[0]); - $ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig()); + $ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig(), \OC::$server->getUserManager()); $groupMapper = new GroupMapping($dbc); $userMapper = new UserMapping($dbc); $ldapAccess->setGroupMapper($groupMapper); diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index f5f56ce03d..c7d737a763 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -278,6 +278,32 @@ abstract class AbstractMapping { return $this->dbc->prepare($sql)->execute(); } + /** + * clears the mapping table one by one and executing a callback with + * each row's id (=owncloud_name col) + * + * @param callable $preCallback + * @param callable $postCallback + * @return bool true on success, false when at least one row was not + * deleted + */ + public function clearCb(Callable $preCallback, Callable $postCallback): bool { + $picker = $this->dbc->getQueryBuilder(); + $picker->select('owncloud_name') + ->from($this->getTableName()); + $cursor = $picker->execute(); + $result = true; + while($id = $cursor->fetchColumn(0)) { + $preCallback($id); + if($isUnmapped = $this->unmap($id)) { + $postCallback($id); + } + $result &= $isUnmapped; + } + $cursor->closeCursor(); + return $result; + } + /** * returns the number of entries in the mappings table * diff --git a/apps/user_ldap/lib/Proxy.php b/apps/user_ldap/lib/Proxy.php index ab5434f9fe..8b5ff99608 100644 --- a/apps/user_ldap/lib/Proxy.php +++ b/apps/user_ldap/lib/Proxy.php @@ -82,7 +82,7 @@ abstract class Proxy { new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db, $coreUserManager, $coreNotificationManager); $connector = new Connection($this->ldap, $configPrefix); - $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig); + $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager); $access->setUserMapper($userMap); $access->setGroupMapper($groupMap); self::$accesses[$configPrefix] = $access; diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index 5a2b993c33..e56e4675e3 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -396,7 +396,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn \OC::$server->getLogger()->info('Cleaning up after user ' . $uid, array('app' => 'user_ldap')); - $this->access->getUserMapper()->unmap($uid); + $this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core $this->access->userManager->invalidate($uid); return true; } diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php index 336b92af04..43a34959c5 100644 --- a/apps/user_ldap/tests/AccessTest.php +++ b/apps/user_ldap/tests/AccessTest.php @@ -72,6 +72,8 @@ class AccessTest extends TestCase { private $helper; /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */ private $config; + /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */ + private $ncUserManager; /** @var Access */ private $access; @@ -82,13 +84,15 @@ class AccessTest extends TestCase { $this->helper = $this->createMock(Helper::class); $this->config = $this->createMock(IConfig::class); $this->userMapper = $this->createMock(UserMapping::class); + $this->ncUserManager = $this->createMock(IUserManager::class); $this->access = new Access( $this->connection, $this->ldap, $this->userManager, $this->helper, - $this->config + $this->config, + $this->ncUserManager ); $this->access->setUserMapper($this->userMapper); } @@ -227,7 +231,7 @@ class AccessTest extends TestCase { list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock(); /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */ $config = $this->createMock(IConfig::class); - $access = new Access($con, $lw, $um, $helper, $config); + $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager); $lw->expects($this->exactly(1)) ->method('explodeDN') @@ -250,7 +254,7 @@ class AccessTest extends TestCase { /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */ $config = $this->createMock(IConfig::class); $lw = new LDAP(); - $access = new Access($con, $lw, $um, $helper, $config); + $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager); if(!function_exists('ldap_explode_dn')) { $this->markTestSkipped('LDAP Module not available'); @@ -431,7 +435,7 @@ class AccessTest extends TestCase { $attribute => array('count' => 1, $dnFromServer) ))); - $access = new Access($con, $lw, $um, $helper, $config); + $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager); $values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute); $this->assertSame($values[0], strtolower($dnFromServer)); } diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php index d3d33a82da..54d8b49cdc 100644 --- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php +++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php @@ -234,6 +234,29 @@ abstract class AbstractMappingTest extends \Test\TestCase { } } + /** + * tests clear() for successful update. + */ + public function testClearCb() { + list($mapper, $data) = $this->initTest(); + + $callbackCalls = 0; + $test = $this; + + $callback = function (string $id) use ($test, &$callbackCalls) { + $test->assertTrue(trim($id) !== ''); + $callbackCalls++; + }; + + $done = $mapper->clearCb($callback, $callback); + $this->assertTrue($done); + $this->assertSame(count($data) * 2, $callbackCalls); + foreach($data as $entry) { + $name = $mapper->getNameByUUID($entry['uuid']); + $this->assertFalse($name); + } + } + /** * tests getList() method */ diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index abc7a45e6b..b5054bd185 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -50,6 +50,9 @@ use OCP\UserInterface; * - preCreateUser(string $uid, string $password) * - postCreateUser(\OC\User\User $user, string $password) * - change(\OC\User\User $user) + * - assignedUserId(string $uid) + * - preUnassignedUserId(string $uid) + * - postUnassignedUserId(string $uid) * * @package OC\User */ diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 4ac8888cee..5d8455fb5f 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -72,6 +72,9 @@ use Symfony\Component\EventDispatcher\GenericEvent; * - postDelete(\OC\User\User $user) * - preCreateUser(string $uid, string $password) * - postCreateUser(\OC\User\User $user) + * - assignedUserId(string $uid) + * - preUnassignedUserId(string $uid) + * - postUnassignedUserId(string $uid) * - preLogin(string $user, string $password) * - postLogin(\OC\User\User $user, string $password) * - preRememberedLogin(string $uid) diff --git a/lib/public/IUserManager.php b/lib/public/IUserManager.php index 163e8b5e73..d20b4a3fa9 100644 --- a/lib/public/IUserManager.php +++ b/lib/public/IUserManager.php @@ -40,6 +40,9 @@ namespace OCP; * - postDelete(\OC\User\User $user) * - preCreateUser(string $uid, string $password) * - postCreateUser(\OC\User\User $user, string $password) + * - assignedUserId(string $uid) + * - preUnassignedUserId(string $uid) + * - postUnassignedUserId(string $uid) * * @package OC\User * @since 8.0.0