single squashed commit for bug fix
Signed-off-by: Philipp Staiger <philipp@staiger.it>
This commit is contained in:
parent
d72927da67
commit
41337a70ce
|
@ -683,7 +683,7 @@ class User {
|
||||||
* @throws \OC\ServerNotAvailableException
|
* @throws \OC\ServerNotAvailableException
|
||||||
*/
|
*/
|
||||||
public function updateExtStorageHome(string $valueFromLDAP = null):string {
|
public function updateExtStorageHome(string $valueFromLDAP = null):string {
|
||||||
if($valueFromLDAP === null) {
|
if ($valueFromLDAP === null) {
|
||||||
$extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute);
|
$extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute);
|
||||||
} else {
|
} else {
|
||||||
$extHomeValues = [$valueFromLDAP];
|
$extHomeValues = [$valueFromLDAP];
|
||||||
|
@ -709,20 +709,20 @@ class User {
|
||||||
return;//password expiry handling disabled
|
return;//password expiry handling disabled
|
||||||
}
|
}
|
||||||
$uid = $params['uid'];
|
$uid = $params['uid'];
|
||||||
if(isset($uid) && $uid === $this->getUsername()) {
|
if (isset($uid) && $uid === $this->getUsername()) {
|
||||||
//retrieve relevant user attributes
|
//retrieve relevant user attributes
|
||||||
$result = $this->access->search('objectclass=*', array($this->dn), ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
|
$result = $this->access->search('objectclass=*', array($this->dn), ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
|
||||||
|
|
||||||
if(array_key_exists('pwdpolicysubentry', $result[0])) {
|
if (array_key_exists('pwdpolicysubentry', $result[0])) {
|
||||||
$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
|
$pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
|
||||||
if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
|
if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
|
||||||
$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
|
$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : null;
|
$pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : [];
|
||||||
$pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : null;
|
$pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : [];
|
||||||
$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null;
|
$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : [];
|
||||||
|
|
||||||
//retrieve relevant password policy attributes
|
//retrieve relevant password policy attributes
|
||||||
$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
|
$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
|
||||||
|
@ -732,16 +732,14 @@ class User {
|
||||||
$this->connection->writeToCache($cacheKey, $result);
|
$this->connection->writeToCache($cacheKey, $result);
|
||||||
}
|
}
|
||||||
|
|
||||||
$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : null;
|
$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : [];
|
||||||
$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : null;
|
$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : [];
|
||||||
$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : null;
|
$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : [];
|
||||||
|
|
||||||
//handle grace login
|
//handle grace login
|
||||||
$pwdGraceUseTimeCount = count($pwdGraceUseTime);
|
if (!empty($pwdGraceUseTime)) { //was this a grace login?
|
||||||
if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login?
|
if (!empty($pwdGraceAuthNLimit)
|
||||||
if($pwdGraceAuthNLimit
|
&& count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available?
|
||||||
&& (count($pwdGraceAuthNLimit) > 0)
|
|
||||||
&&($pwdGraceUseTimeCount < (int)$pwdGraceAuthNLimit[0])) { //at least one more grace login available?
|
|
||||||
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
|
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
|
||||||
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
|
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
|
||||||
'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
|
'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
|
||||||
|
@ -752,24 +750,24 @@ class User {
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
//handle pwdReset attribute
|
//handle pwdReset attribute
|
||||||
if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password
|
if (!empty($pwdReset) && $pwdReset[0] === 'TRUE') { //user must change his password
|
||||||
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
|
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
|
||||||
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
|
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
|
||||||
'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
|
'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid)));
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
//handle password expiry warning
|
//handle password expiry warning
|
||||||
if($pwdChangedTime && (count($pwdChangedTime) > 0)) {
|
if (!empty($pwdChangedTime)) {
|
||||||
if($pwdMaxAge && (count($pwdMaxAge) > 0)
|
if (!empty($pwdMaxAge)
|
||||||
&& $pwdExpireWarning && (count($pwdExpireWarning) > 0)) {
|
&& !empty($pwdExpireWarning)) {
|
||||||
$pwdMaxAgeInt = (int)$pwdMaxAge[0];
|
$pwdMaxAgeInt = (int)$pwdMaxAge[0];
|
||||||
$pwdExpireWarningInt = (int)$pwdExpireWarning[0];
|
$pwdExpireWarningInt = (int)$pwdExpireWarning[0];
|
||||||
if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
|
if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
|
||||||
$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
|
$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
|
||||||
$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
|
$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));
|
||||||
$currentDateTime = new \DateTime();
|
$currentDateTime = new \DateTime();
|
||||||
$secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
|
$secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp();
|
||||||
if($secondsToExpiry <= $pwdExpireWarningInt) {
|
if ($secondsToExpiry <= $pwdExpireWarningInt) {
|
||||||
//remove last password expiry warning if any
|
//remove last password expiry warning if any
|
||||||
$notification = $this->notificationManager->createNotification();
|
$notification = $this->notificationManager->createNotification();
|
||||||
$notification->setApp('user_ldap')
|
$notification->setApp('user_ldap')
|
||||||
|
|
Loading…
Reference in New Issue