Merge pull request #24955 from nextcloud/external-storage-login-ldap
allow using any ldap property as login name when using login credentials
This commit is contained in:
commit
38e534e7c1
|
@ -30,6 +30,7 @@ use OCA\Files_External\Lib\Auth\AuthMechanism;
|
||||||
use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
|
use OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
|
||||||
use OCA\Files_External\Lib\StorageConfig;
|
use OCA\Files_External\Lib\StorageConfig;
|
||||||
use OCA\Files_External\Listener\StorePasswordListener;
|
use OCA\Files_External\Listener\StorePasswordListener;
|
||||||
|
use OCA\User_LDAP\IUserLDAP;
|
||||||
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
|
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
|
||||||
use OCP\Authentication\LoginCredentials\IStore as CredentialsStore;
|
use OCP\Authentication\LoginCredentials\IStore as CredentialsStore;
|
||||||
use OCP\EventDispatcher\IEventDispatcher;
|
use OCP\EventDispatcher\IEventDispatcher;
|
||||||
|
@ -81,7 +82,7 @@ class LoginCredentials extends AuthMechanism {
|
||||||
|
|
||||||
$credentials = [
|
$credentials = [
|
||||||
'user' => $sessionCredentials->getLoginName(),
|
'user' => $sessionCredentials->getLoginName(),
|
||||||
'password' => $sessionCredentials->getPassword()
|
'password' => $sessionCredentials->getPassword(),
|
||||||
];
|
];
|
||||||
|
|
||||||
$this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials);
|
$this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials);
|
||||||
|
@ -99,7 +100,42 @@ class LoginCredentials extends AuthMechanism {
|
||||||
}
|
}
|
||||||
$credentials = $this->getCredentials($user);
|
$credentials = $this->getCredentials($user);
|
||||||
|
|
||||||
$storage->setBackendOption('user', $credentials['user']);
|
$loginKey = $storage->getBackendOption("login_ldap_attr");
|
||||||
|
if ($loginKey) {
|
||||||
|
$backend = $user->getBackend();
|
||||||
|
if ($backend instanceof IUserLDAP) {
|
||||||
|
$value = $this->getLdapPropertyForUser($backend, $user, $loginKey);
|
||||||
|
if ($value === null) {
|
||||||
|
throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID());
|
||||||
|
}
|
||||||
|
$storage->setBackendOption('user', $value);
|
||||||
|
} else {
|
||||||
|
throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$storage->setBackendOption('user', $credentials['user']);
|
||||||
|
}
|
||||||
$storage->setBackendOption('password', $credentials['password']);
|
$storage->setBackendOption('password', $credentials['password']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function getLdapPropertyForUser(IUserLDAP $ldap, IUser $user, string $property): ?string {
|
||||||
|
$access = $ldap->getLDAPAccess($user->getUID());
|
||||||
|
$connection = $access->getConnection();
|
||||||
|
$key = "external_login::" . $user->getUID() . "::" . $property;
|
||||||
|
$cached = $connection->getFromCache($key);
|
||||||
|
|
||||||
|
if ($cached !== null) {
|
||||||
|
return $cached;
|
||||||
|
}
|
||||||
|
|
||||||
|
$value = $access->readAttribute($access->username2dn($user->getUID()), $property);
|
||||||
|
if (count($value) > 0) {
|
||||||
|
$value = current($value);
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
$connection->writeToCache($key, $value);
|
||||||
|
|
||||||
|
return $value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue