Merge pull request #618 from nextcloud/backport-519-stable10
Backport LDAPProvider to Nextcloud 10
This commit is contained in:
commit
51be4bf2f0
|
@ -60,7 +60,7 @@ $userManager = new \OCA\User_LDAP\User\Manager(
|
||||||
\OC::$server->getDatabaseConnection(),
|
\OC::$server->getDatabaseConnection(),
|
||||||
\OC::$server->getUserManager());
|
\OC::$server->getUserManager());
|
||||||
|
|
||||||
$access = new \OCA\User_LDAP\Access($con, $ldapWrapper, $userManager);
|
$access = new \OCA\User_LDAP\Access($con, $ldapWrapper, $userManager, new \OCA\User_LDAP\Helper());
|
||||||
|
|
||||||
$wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
|
$wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,7 @@ if(count($configPrefixes) === 1) {
|
||||||
\OC::$server->getUserManager()
|
\OC::$server->getUserManager()
|
||||||
);
|
);
|
||||||
$connector = new OCA\User_LDAP\Connection($ldapWrapper, $configPrefixes[0]);
|
$connector = new OCA\User_LDAP\Connection($ldapWrapper, $configPrefixes[0]);
|
||||||
$ldapAccess = new OCA\User_LDAP\Access($connector, $ldapWrapper, $userManager);
|
$ldapAccess = new OCA\User_LDAP\Access($connector, $ldapWrapper, $userManager, $helper);
|
||||||
|
|
||||||
$ldapAccess->setUserMapper(new OCA\User_LDAP\Mapping\UserMapping($dbc));
|
$ldapAccess->setUserMapper(new OCA\User_LDAP\Mapping\UserMapping($dbc));
|
||||||
$ldapAccess->setGroupMapper(new OCA\User_LDAP\Mapping\GroupMapping($dbc));
|
$ldapAccess->setGroupMapper(new OCA\User_LDAP\Mapping\GroupMapping($dbc));
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
*
|
*
|
||||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||||
* @author Christopher Schäpers <kondou@ts.unde.re>
|
* @author Christopher Schäpers <kondou@ts.unde.re>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -24,3 +25,6 @@ $state = OCP\Config::getSystemValue('ldapIgnoreNamingRules', 'doSet');
|
||||||
if($state === 'doSet') {
|
if($state === 'doSet') {
|
||||||
OCP\Config::setSystemValue('ldapIgnoreNamingRules', false);
|
OCP\Config::setSystemValue('ldapIgnoreNamingRules', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
|
$helper->setLDAPProvider();
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
|
$helper->setLDAPProvider();
|
|
@ -20,6 +20,7 @@
|
||||||
* @author Ralph Krimmel <rkrimme1@gwdg.de>
|
* @author Ralph Krimmel <rkrimme1@gwdg.de>
|
||||||
* @author Renaud Fortier <Renaud.Fortier@fsaa.ulaval.ca>
|
* @author Renaud Fortier <Renaud.Fortier@fsaa.ulaval.ca>
|
||||||
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -77,13 +78,19 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
* @var AbstractMapping $userMapper
|
* @var AbstractMapping $userMapper
|
||||||
*/
|
*/
|
||||||
protected $groupMapper;
|
protected $groupMapper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var \OCA\User_LDAP\Helper
|
||||||
|
*/
|
||||||
|
private $helper;
|
||||||
|
|
||||||
public function __construct(Connection $connection, ILDAPWrapper $ldap,
|
public function __construct(Connection $connection, ILDAPWrapper $ldap,
|
||||||
Manager $userManager) {
|
Manager $userManager, Helper $helper) {
|
||||||
parent::__construct($ldap);
|
parent::__construct($ldap);
|
||||||
$this->connection = $connection;
|
$this->connection = $connection;
|
||||||
$this->userManager = $userManager;
|
$this->userManager = $userManager;
|
||||||
$this->userManager->setLdapAccess($this);
|
$this->userManager->setLdapAccess($this);
|
||||||
|
$this->helper = $helper;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -173,7 +180,7 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
// (cf. #12306), 500 is default for paging and should work everywhere.
|
// (cf. #12306), 500 is default for paging and should work everywhere.
|
||||||
$maxResults = $pagingSize > 20 ? $pagingSize : 500;
|
$maxResults = $pagingSize > 20 ? $pagingSize : 500;
|
||||||
$this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
|
$this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
|
||||||
$dn = $this->DNasBaseParameter($dn);
|
$dn = $this->helper->DNasBaseParameter($dn);
|
||||||
$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
|
$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
|
||||||
if(!$this->ldap->isResource($rr)) {
|
if(!$this->ldap->isResource($rr)) {
|
||||||
if(!empty($attr)) {
|
if(!empty($attr)) {
|
||||||
|
@ -201,7 +208,7 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
$values = array();
|
$values = array();
|
||||||
for($i=0;$i<$result[$attr]['count'];$i++) {
|
for($i=0;$i<$result[$attr]['count'];$i++) {
|
||||||
if($this->resemblesDN($attr)) {
|
if($this->resemblesDN($attr)) {
|
||||||
$values[] = $this->sanitizeDN($result[$attr][$i]);
|
$values[] = $this->helper->sanitizeDN($result[$attr][$i]);
|
||||||
} elseif(strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
|
} elseif(strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
|
||||||
$values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
|
$values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
|
||||||
} else {
|
} else {
|
||||||
|
@ -242,49 +249,6 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
return (is_array($r) && count($r) > 1);
|
return (is_array($r) && count($r) > 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* sanitizes a DN received from the LDAP server
|
|
||||||
* @param array $dn the DN in question
|
|
||||||
* @return array the sanitized DN
|
|
||||||
*/
|
|
||||||
private function sanitizeDN($dn) {
|
|
||||||
//treating multiple base DNs
|
|
||||||
if(is_array($dn)) {
|
|
||||||
$result = array();
|
|
||||||
foreach($dn as $singleDN) {
|
|
||||||
$result[] = $this->sanitizeDN($singleDN);
|
|
||||||
}
|
|
||||||
return $result;
|
|
||||||
}
|
|
||||||
|
|
||||||
//OID sometimes gives back DNs with whitespace after the comma
|
|
||||||
// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
|
|
||||||
$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
|
|
||||||
|
|
||||||
//make comparisons and everything work
|
|
||||||
$dn = mb_strtolower($dn, 'UTF-8');
|
|
||||||
|
|
||||||
//escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
|
|
||||||
//to use the DN in search filters, \ needs to be escaped to \5c additionally
|
|
||||||
//to use them in bases, we convert them back to simple backslashes in readAttribute()
|
|
||||||
$replacements = array(
|
|
||||||
'\,' => '\5c2C',
|
|
||||||
'\=' => '\5c3D',
|
|
||||||
'\+' => '\5c2B',
|
|
||||||
'\<' => '\5c3C',
|
|
||||||
'\>' => '\5c3E',
|
|
||||||
'\;' => '\5c3B',
|
|
||||||
'\"' => '\5c22',
|
|
||||||
'\#' => '\5c23',
|
|
||||||
'(' => '\28',
|
|
||||||
')' => '\29',
|
|
||||||
'*' => '\2A',
|
|
||||||
);
|
|
||||||
$dn = str_replace(array_keys($replacements), array_values($replacements), $dn);
|
|
||||||
|
|
||||||
return $dn;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* returns a DN-string that is cleaned from not domain parts, e.g.
|
* returns a DN-string that is cleaned from not domain parts, e.g.
|
||||||
* cn=foo,cn=bar,dc=foobar,dc=server,dc=org
|
* cn=foo,cn=bar,dc=foobar,dc=server,dc=org
|
||||||
|
@ -1071,10 +1035,10 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
}
|
}
|
||||||
if($key !== 'dn') {
|
if($key !== 'dn') {
|
||||||
$selection[$i][$key] = $this->resemblesDN($key) ?
|
$selection[$i][$key] = $this->resemblesDN($key) ?
|
||||||
$this->sanitizeDN($item[$key])
|
$this->helper->sanitizeDN($item[$key])
|
||||||
: $item[$key];
|
: $item[$key];
|
||||||
} else {
|
} else {
|
||||||
$selection[$i][$key] = [$this->sanitizeDN($item[$key])];
|
$selection[$i][$key] = [$this->helper->sanitizeDN($item[$key])];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1298,7 +1262,7 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function areCredentialsValid($name, $password) {
|
public function areCredentialsValid($name, $password) {
|
||||||
$name = $this->DNasBaseParameter($name);
|
$name = $this->helper->DNasBaseParameter($name);
|
||||||
$testConnection = clone $this->connection;
|
$testConnection = clone $this->connection;
|
||||||
$credentials = array(
|
$credentials = array(
|
||||||
'ldapAgentName' => $name,
|
'ldapAgentName' => $name,
|
||||||
|
@ -1569,15 +1533,6 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
|
return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
|
|
||||||
* @param string $dn the DN
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
private function DNasBaseParameter($dn) {
|
|
||||||
return str_ireplace('\\5c', '\\', $dn);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* checks if the given DN is part of the given base DN(s)
|
* checks if the given DN is part of the given base DN(s)
|
||||||
* @param string $dn the DN
|
* @param string $dn the DN
|
||||||
|
@ -1586,7 +1541,7 @@ class Access extends LDAPUtility implements IUserTools {
|
||||||
*/
|
*/
|
||||||
public function isDNPartOfBase($dn, $bases) {
|
public function isDNPartOfBase($dn, $bases) {
|
||||||
$belongsToBase = false;
|
$belongsToBase = false;
|
||||||
$bases = $this->sanitizeDN($bases);
|
$bases = $this->helper->sanitizeDN($bases);
|
||||||
|
|
||||||
foreach($bases as $base) {
|
foreach($bases as $base) {
|
||||||
$belongsToBase = true;
|
$belongsToBase = true;
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
* @author Morris Jobke <hey@morrisjobke.de>
|
* @author Morris Jobke <hey@morrisjobke.de>
|
||||||
* @author Robin Appelman <robin@icewind.nl>
|
* @author Robin Appelman <robin@icewind.nl>
|
||||||
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -52,6 +53,8 @@ class Connection extends LDAPUtility {
|
||||||
private $configID;
|
private $configID;
|
||||||
private $configured = false;
|
private $configured = false;
|
||||||
private $hasPagedResultSupport = true;
|
private $hasPagedResultSupport = true;
|
||||||
|
//whether connection should be kept on __destruct
|
||||||
|
private $dontDestruct = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var bool runtime flag that indicates whether supported primary groups are available
|
* @var bool runtime flag that indicates whether supported primary groups are available
|
||||||
|
@ -93,7 +96,7 @@ class Connection extends LDAPUtility {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function __destruct() {
|
public function __destruct() {
|
||||||
if($this->ldap->isResource($this->ldapConnectionRes)) {
|
if(!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
|
||||||
@$this->ldap->unbind($this->ldapConnectionRes);
|
@$this->ldap->unbind($this->ldapConnectionRes);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -105,6 +108,7 @@ class Connection extends LDAPUtility {
|
||||||
$this->configuration = new Configuration($this->configPrefix,
|
$this->configuration = new Configuration($this->configPrefix,
|
||||||
!is_null($this->configID));
|
!is_null($this->configID));
|
||||||
$this->ldapConnectionRes = null;
|
$this->ldapConnectionRes = null;
|
||||||
|
$this->dontDestruct = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
* @author Morris Jobke <hey@morrisjobke.de>
|
* @author Morris Jobke <hey@morrisjobke.de>
|
||||||
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
||||||
* @author Vincent Petry <pvince81@owncloud.com>
|
* @author Vincent Petry <pvince81@owncloud.com>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -183,6 +184,70 @@ class Helper {
|
||||||
|
|
||||||
return $domain;
|
return $domain;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* Set the LDAPProvider in the config
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public function setLDAPProvider() {
|
||||||
|
$current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null);
|
||||||
|
if(is_null($current)) {
|
||||||
|
\OC::$server->getConfig()->setSystemValue('ldapProviderFactory', '\\OCA\\User_LDAP\\LDAPProviderFactory');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* sanitizes a DN received from the LDAP server
|
||||||
|
* @param array $dn the DN in question
|
||||||
|
* @return array the sanitized DN
|
||||||
|
*/
|
||||||
|
public function sanitizeDN($dn) {
|
||||||
|
//treating multiple base DNs
|
||||||
|
if(is_array($dn)) {
|
||||||
|
$result = array();
|
||||||
|
foreach($dn as $singleDN) {
|
||||||
|
$result[] = $this->sanitizeDN($singleDN);
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
//OID sometimes gives back DNs with whitespace after the comma
|
||||||
|
// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
|
||||||
|
$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
|
||||||
|
|
||||||
|
//make comparisons and everything work
|
||||||
|
$dn = mb_strtolower($dn, 'UTF-8');
|
||||||
|
|
||||||
|
//escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
|
||||||
|
//to use the DN in search filters, \ needs to be escaped to \5c additionally
|
||||||
|
//to use them in bases, we convert them back to simple backslashes in readAttribute()
|
||||||
|
$replacements = array(
|
||||||
|
'\,' => '\5c2C',
|
||||||
|
'\=' => '\5c3D',
|
||||||
|
'\+' => '\5c2B',
|
||||||
|
'\<' => '\5c3C',
|
||||||
|
'\>' => '\5c3E',
|
||||||
|
'\;' => '\5c3B',
|
||||||
|
'\"' => '\5c22',
|
||||||
|
'\#' => '\5c23',
|
||||||
|
'(' => '\28',
|
||||||
|
')' => '\29',
|
||||||
|
'*' => '\2A',
|
||||||
|
);
|
||||||
|
$dn = str_replace(array_keys($replacements), array_values($replacements), $dn);
|
||||||
|
|
||||||
|
return $dn;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
|
||||||
|
* @param string $dn the DN
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function DNasBaseParameter($dn) {
|
||||||
|
return str_ireplace('\\5c', '\\', $dn);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* listens to a hook thrown by server2server sharing and replaces the given
|
* listens to a hook thrown by server2server sharing and replaces the given
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\User_LDAP;
|
||||||
|
|
||||||
|
interface IUserLDAP {
|
||||||
|
|
||||||
|
//Functions used by LDAPProvider
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return access for LDAP interaction.
|
||||||
|
* @param string $uid
|
||||||
|
* @return Access instance of Access for LDAP interaction
|
||||||
|
*/
|
||||||
|
public function getLDAPAccess($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a new LDAP connection for the specified user.
|
||||||
|
* @param string $uid
|
||||||
|
* @return resource of the LDAP connection
|
||||||
|
*/
|
||||||
|
public function getNewLDAPConnection($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the username for the given LDAP DN, if available.
|
||||||
|
* @param string $dn
|
||||||
|
* @return string|false with the username
|
||||||
|
*/
|
||||||
|
public function dn2UserName($dn);
|
||||||
|
}
|
|
@ -188,7 +188,7 @@ class UpdateGroups extends \OC\BackgroundJob\TimedJob {
|
||||||
$dbc,
|
$dbc,
|
||||||
\OC::$server->getUserManager());
|
\OC::$server->getUserManager());
|
||||||
$connector = new Connection($ldapWrapper, $configPrefixes[0]);
|
$connector = new Connection($ldapWrapper, $configPrefixes[0]);
|
||||||
$ldapAccess = new Access($connector, $ldapWrapper, $userManager);
|
$ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper);
|
||||||
$groupMapper = new GroupMapping($dbc);
|
$groupMapper = new GroupMapping($dbc);
|
||||||
$userMapper = new UserMapping($dbc);
|
$userMapper = new UserMapping($dbc);
|
||||||
$ldapAccess->setGroupMapper($groupMapper);
|
$ldapAccess->setGroupMapper($groupMapper);
|
||||||
|
|
|
@ -0,0 +1,188 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\User_LDAP;
|
||||||
|
|
||||||
|
use OCP\IUserBackend;
|
||||||
|
use OCP\LDAP\ILDAPProvider;
|
||||||
|
use OCP\LDAP\IDeletionFlagSupport;
|
||||||
|
use OCP\IServerContainer;
|
||||||
|
use OCA\User_LDAP\User\DeletedUsersIndex;
|
||||||
|
use OCA\User_LDAP\Mapping\UserMapping;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* LDAP provider for pulic access to the LDAP backend.
|
||||||
|
*/
|
||||||
|
class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
|
|
||||||
|
private $backend;
|
||||||
|
private $logger;
|
||||||
|
private $helper;
|
||||||
|
private $deletedUsersIndex;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create new LDAPProvider
|
||||||
|
* @param \OCP\IServerContainer $serverContainer
|
||||||
|
* @throws \Exception if user_ldap app was not enabled
|
||||||
|
*/
|
||||||
|
public function __construct(IServerContainer $serverContainer, Helper $helper, DeletedUsersIndex $deletedUsersIndex) {
|
||||||
|
$this->logger = $serverContainer->getLogger();
|
||||||
|
$this->helper = $helper;
|
||||||
|
$this->deletedUsersIndex = $deletedUsersIndex;
|
||||||
|
foreach ($serverContainer->getUserManager()->getBackends() as $backend){
|
||||||
|
$this->logger->debug('instance '.get_class($backend).' backend.', ['app' => 'user_ldap']);
|
||||||
|
if ($backend instanceof IUserLDAP) {
|
||||||
|
$this->backend = $backend;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Translate an user id to LDAP DN
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return string with the LDAP DN
|
||||||
|
* @throws \Exception if translation was unsuccessful
|
||||||
|
*/
|
||||||
|
public function getUserDN($uid) {
|
||||||
|
if(!$this->backend->userExists($uid)){
|
||||||
|
throw new \Exception('User id not found in LDAP');
|
||||||
|
}
|
||||||
|
$result = $this->backend->getLDAPAccess($uid)->username2dn($uid);
|
||||||
|
if(!$result){
|
||||||
|
throw new \Exception('Translation to LDAP DN unsuccessful');
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Translate a LDAP DN to an internal user name. If there is no mapping between
|
||||||
|
* the DN and the user name, a new one will be created.
|
||||||
|
* @param string $dn LDAP DN
|
||||||
|
* @return string with the internal user name
|
||||||
|
* @throws \Exception if translation was unsuccessful
|
||||||
|
*/
|
||||||
|
public function getUserName($dn) {
|
||||||
|
$result = $this->backend->dn2UserName($dn);
|
||||||
|
if(!$result){
|
||||||
|
throw new \Exception('Translation to internal user name unsuccessful');
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Convert a stored DN so it can be used as base parameter for LDAP queries.
|
||||||
|
* @param string $dn the DN in question
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function DNasBaseParameter($dn) {
|
||||||
|
return $this->helper->DNasBaseParameter($dn);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize a DN received from the LDAP server.
|
||||||
|
* @param array $dn the DN in question
|
||||||
|
* @return array the sanitized DN
|
||||||
|
*/
|
||||||
|
public function sanitizeDN($dn) {
|
||||||
|
return $this->helper->sanitizeDN($dn);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a new LDAP connection resource for the specified user.
|
||||||
|
* The connection must be closed manually.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return resource of the LDAP connection
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
*/
|
||||||
|
public function getLDAPConnection($uid) {
|
||||||
|
if(!$this->backend->userExists($uid)){
|
||||||
|
throw new \Exception('User id not found in LDAP');
|
||||||
|
}
|
||||||
|
return $this->backend->getNewLDAPConnection($uid);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the LDAP base for users.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return string the base for users
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
*/
|
||||||
|
public function getLDAPBaseUsers($uid) {
|
||||||
|
if(!$this->backend->userExists($uid)){
|
||||||
|
throw new \Exception('User id not found in LDAP');
|
||||||
|
}
|
||||||
|
return $this->backend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_users'];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the LDAP base for groups.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return string the base for groups
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
*/
|
||||||
|
public function getLDAPBaseGroups($uid) {
|
||||||
|
if(!$this->backend->userExists($uid)){
|
||||||
|
throw new \Exception('User id not found in LDAP');
|
||||||
|
}
|
||||||
|
return $this->backend->getLDAPAccess($uid)->getConnection()->getConfiguration()['ldap_base_groups'];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Clear the cache if a cache is used, otherwise do nothing.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
*/
|
||||||
|
public function clearCache($uid) {
|
||||||
|
if(!$this->backend->userExists($uid)){
|
||||||
|
throw new \Exception('User id not found in LDAP');
|
||||||
|
}
|
||||||
|
$this->backend->getLDAPAccess($uid)->getConnection()->clearCache();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether a LDAP DN exists
|
||||||
|
* @param string $dn LDAP DN
|
||||||
|
* @return bool whether the DN exists
|
||||||
|
*/
|
||||||
|
public function dnExists($dn) {
|
||||||
|
$result = $this->backend->dn2UserName($dn);
|
||||||
|
return !$result ? false : true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Flag record for deletion.
|
||||||
|
* @param string $uid user id
|
||||||
|
*/
|
||||||
|
public function flagRecord($uid) {
|
||||||
|
$this->deletedUsersIndex->markUser($uid);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unflag record for deletion.
|
||||||
|
* @param string $uid user id
|
||||||
|
*/
|
||||||
|
public function unflagRecord($uid) {
|
||||||
|
//do nothing
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,59 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\User_LDAP;
|
||||||
|
|
||||||
|
use OCP\LDAP\ILDAPProviderFactory;
|
||||||
|
use OCP\IServerContainer;
|
||||||
|
use OCA\User_LDAP\User\DeletedUsersIndex;
|
||||||
|
use OCA\User_LDAP\Mapping\UserMapping;
|
||||||
|
|
||||||
|
class LDAPProviderFactory implements ILDAPProviderFactory {
|
||||||
|
/**
|
||||||
|
* Server container
|
||||||
|
*
|
||||||
|
* @var IServerContainer
|
||||||
|
*/
|
||||||
|
private $serverContainer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructor for the LDAP provider factory
|
||||||
|
*
|
||||||
|
* @param IServerContainer $serverContainer server container
|
||||||
|
*/
|
||||||
|
public function __construct(IServerContainer $serverContainer) {
|
||||||
|
$this->serverContainer = $serverContainer;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* creates and returns an instance of the ILDAPProvider
|
||||||
|
*
|
||||||
|
* @return OCP\LDAP\ILDAPProvider
|
||||||
|
*/
|
||||||
|
public function getLDAPProvider() {
|
||||||
|
$dbConnection = $this->serverContainer->getDatabaseConnection();
|
||||||
|
$userMapping = new UserMapping($dbConnection);
|
||||||
|
return new LDAPProvider($this->serverContainer, new Helper(),
|
||||||
|
new DeletedUsersIndex($this->serverContainer->getConfig(),
|
||||||
|
$dbConnection, $userMapping));
|
||||||
|
}
|
||||||
|
}
|
|
@ -77,7 +77,7 @@ abstract class Proxy {
|
||||||
$userManager =
|
$userManager =
|
||||||
new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db, $coreUserManager);
|
new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db, $coreUserManager);
|
||||||
$connector = new Connection($this->ldap, $configPrefix);
|
$connector = new Connection($this->ldap, $configPrefix);
|
||||||
$access = new Access($connector, $this->ldap, $userManager);
|
$access = new Access($connector, $this->ldap, $userManager, new Helper());
|
||||||
$access->setUserMapper($userMap);
|
$access->setUserMapper($userMap);
|
||||||
$access->setGroupMapper($groupMap);
|
$access->setGroupMapper($groupMap);
|
||||||
self::$accesses[$configPrefix] = $access;
|
self::$accesses[$configPrefix] = $access;
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
||||||
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
||||||
* @author Tom Needham <tom@owncloud.com>
|
* @author Tom Needham <tom@owncloud.com>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -39,7 +40,7 @@ use OCA\User_LDAP\User\OfflineUser;
|
||||||
use OCA\User_LDAP\User\User;
|
use OCA\User_LDAP\User\User;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
|
|
||||||
class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserInterface {
|
class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP {
|
||||||
/** @var string[] $homesToKill */
|
/** @var string[] $homesToKill */
|
||||||
protected $homesToKill = array();
|
protected $homesToKill = array();
|
||||||
|
|
||||||
|
@ -90,6 +91,16 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns the username for the given LDAP DN, if available
|
||||||
|
*
|
||||||
|
* @param string $dn
|
||||||
|
* @return string|false with the username
|
||||||
|
*/
|
||||||
|
public function dn2UserName($dn) {
|
||||||
|
return $this->access->dn2username($dn);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* returns an LDAP record based on a given login name
|
* returns an LDAP record based on a given login name
|
||||||
|
@ -468,5 +479,25 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
||||||
public function getBackendName(){
|
public function getBackendName(){
|
||||||
return 'LDAP';
|
return 'LDAP';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return access for LDAP interaction.
|
||||||
|
* @param string $uid
|
||||||
|
* @return Access instance of Access for LDAP interaction
|
||||||
|
*/
|
||||||
|
public function getLDAPAccess($uid) {
|
||||||
|
return $this->access;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return LDAP connection resource from a cloned connection.
|
||||||
|
* The cloned connection needs to be closed manually.
|
||||||
|
* of the current access.
|
||||||
|
* @param string $uid
|
||||||
|
* @return resource of the LDAP connection
|
||||||
|
*/
|
||||||
|
public function getNewLDAPConnection($uid) {
|
||||||
|
$connection = clone $this->access->getConnection();
|
||||||
|
return $connection->getConnectionResource();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
* @author Morris Jobke <hey@morrisjobke.de>
|
* @author Morris Jobke <hey@morrisjobke.de>
|
||||||
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
* @author Robin McCorkell <robin@mccorkell.me.uk>
|
||||||
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -31,7 +32,7 @@ namespace OCA\User_LDAP;
|
||||||
use OCA\User_LDAP\User\User;
|
use OCA\User_LDAP\User\User;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
|
|
||||||
class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface {
|
class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP {
|
||||||
private $backends = array();
|
private $backends = array();
|
||||||
private $refBackend = null;
|
private $refBackend = null;
|
||||||
|
|
||||||
|
@ -193,6 +194,17 @@ class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface
|
||||||
$id = 'LOGINNAME,' . $loginName;
|
$id = 'LOGINNAME,' . $loginName;
|
||||||
return $this->handleRequest($id, 'loginName2UserName', array($loginName));
|
return $this->handleRequest($id, 'loginName2UserName', array($loginName));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns the username for the given LDAP DN, if available
|
||||||
|
*
|
||||||
|
* @param string $dn
|
||||||
|
* @return string|false with the username
|
||||||
|
*/
|
||||||
|
public function dn2UserName($dn) {
|
||||||
|
$id = 'DN,' . $dn;
|
||||||
|
return $this->handleRequest($id, 'dn2UserName', array($dn));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* get the user's home directory
|
* get the user's home directory
|
||||||
|
@ -273,4 +285,22 @@ class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface
|
||||||
return $users;
|
return $users;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return access for LDAP interaction.
|
||||||
|
* @param string $uid
|
||||||
|
* @return Access instance of Access for LDAP interaction
|
||||||
|
*/
|
||||||
|
public function getLDAPAccess($uid) {
|
||||||
|
return $this->handleRequest($uid, 'getLDAPAccess', array($uid));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a new LDAP connection for the specified user.
|
||||||
|
* The connection needs to be closed manually.
|
||||||
|
* @param string $uid
|
||||||
|
* @return resource of the LDAP connection
|
||||||
|
*/
|
||||||
|
public function getNewLDAPConnection($uid) {
|
||||||
|
return $this->handleRequest($uid, 'getNewLDAPConnection', array($uid));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,21 +60,22 @@ class AccessTest extends \Test\TestCase {
|
||||||
$this->getMock('\OCP\Image'),
|
$this->getMock('\OCP\Image'),
|
||||||
$this->getMock('\OCP\IDBConnection'),
|
$this->getMock('\OCP\IDBConnection'),
|
||||||
$this->getMock('\OCP\IUserManager')));
|
$this->getMock('\OCP\IUserManager')));
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
|
|
||||||
return array($lw, $connector, $um);
|
return array($lw, $connector, $um, $helper);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testEscapeFilterPartValidChars() {
|
public function testEscapeFilterPartValidChars() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$input = 'okay';
|
$input = 'okay';
|
||||||
$this->assertTrue($input === $access->escapeFilterPart($input));
|
$this->assertTrue($input === $access->escapeFilterPart($input));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testEscapeFilterPartEscapeWildcard() {
|
public function testEscapeFilterPartEscapeWildcard() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$input = '*';
|
$input = '*';
|
||||||
$expected = '\\\\*';
|
$expected = '\\\\*';
|
||||||
|
@ -82,8 +83,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testEscapeFilterPartEscapeWildcard2() {
|
public function testEscapeFilterPartEscapeWildcard2() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$input = 'foo*bar';
|
$input = 'foo*bar';
|
||||||
$expected = 'foo\\\\*bar';
|
$expected = 'foo\\\\*bar';
|
||||||
|
@ -92,8 +93,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
|
|
||||||
/** @dataProvider convertSID2StrSuccessData */
|
/** @dataProvider convertSID2StrSuccessData */
|
||||||
public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
|
public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$sidBinary = implode('', $sidArray);
|
$sidBinary = implode('', $sidArray);
|
||||||
$this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
|
$this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
|
||||||
|
@ -127,8 +128,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testConvertSID2StrInputError() {
|
public function testConvertSID2StrInputError() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$sidIllegal = 'foobar';
|
$sidIllegal = 'foobar';
|
||||||
$sidExpected = '';
|
$sidExpected = '';
|
||||||
|
@ -137,8 +138,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetDomainDNFromDNSuccess() {
|
public function testGetDomainDNFromDNSuccess() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
|
$inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
|
||||||
$domainDN = 'dc=my,dc=server,dc=com';
|
$domainDN = 'dc=my,dc=server,dc=com';
|
||||||
|
@ -152,8 +153,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetDomainDNFromDNError() {
|
public function testGetDomainDNFromDNError() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$inputDN = 'foobar';
|
$inputDN = 'foobar';
|
||||||
$expected = '';
|
$expected = '';
|
||||||
|
@ -187,8 +188,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testStringResemblesDN() {
|
public function testStringResemblesDN() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$cases = $this->getResemblesDNInputData();
|
$cases = $this->getResemblesDNInputData();
|
||||||
|
|
||||||
|
@ -208,9 +209,9 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testStringResemblesDNLDAPmod() {
|
public function testStringResemblesDNLDAPmod() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$lw = new \OCA\User_LDAP\LDAP();
|
$lw = new \OCA\User_LDAP\LDAP();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
if(!function_exists('ldap_explode_dn')) {
|
if(!function_exists('ldap_explode_dn')) {
|
||||||
$this->markTestSkipped('LDAP Module not available');
|
$this->markTestSkipped('LDAP Module not available');
|
||||||
|
@ -224,8 +225,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testCacheUserHome() {
|
public function testCacheUserHome() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
|
|
||||||
$con->expects($this->once())
|
$con->expects($this->once())
|
||||||
->method('writeToCache');
|
->method('writeToCache');
|
||||||
|
@ -234,8 +235,8 @@ class AccessTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testBatchApplyUserAttributes() {
|
public function testBatchApplyUserAttributes() {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
$mapperMock = $this->getMockBuilder('\OCA\User_LDAP\Mapping\UserMapping')
|
$mapperMock = $this->getMockBuilder('\OCA\User_LDAP\Mapping\UserMapping')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
@ -294,7 +295,7 @@ class AccessTest extends \Test\TestCase {
|
||||||
* @dataProvider dNAttributeProvider
|
* @dataProvider dNAttributeProvider
|
||||||
*/
|
*/
|
||||||
public function testSanitizeDN($attribute) {
|
public function testSanitizeDN($attribute) {
|
||||||
list($lw, $con, $um) = $this->getConnectorAndLdapMock();
|
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
|
||||||
|
|
||||||
|
|
||||||
$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
|
$dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
|
||||||
|
@ -309,7 +310,7 @@ class AccessTest extends \Test\TestCase {
|
||||||
$attribute => array('count' => 1, $dnFromServer)
|
$attribute => array('count' => 1, $dnFromServer)
|
||||||
)));
|
)));
|
||||||
|
|
||||||
$access = new Access($con, $lw, $um);
|
$access = new Access($con, $lw, $um, $helper);
|
||||||
$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
|
$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
|
||||||
$this->assertSame($values[0], strtolower($dnFromServer));
|
$this->assertSame($values[0], strtolower($dnFromServer));
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,9 +55,10 @@ class Group_LDAPTest extends \Test\TestCase {
|
||||||
$um = $this->getMockBuilder('\OCA\User_LDAP\User\Manager')
|
$um = $this->getMockBuilder('\OCA\User_LDAP\User\Manager')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
$access = $this->getMock('\OCA\User_LDAP\Access',
|
$access = $this->getMock('\OCA\User_LDAP\Access',
|
||||||
$accMethods,
|
$accMethods,
|
||||||
array($connector, $lw, $um));
|
array($connector, $lw, $um, $helper));
|
||||||
|
|
||||||
$access->expects($this->any())
|
$access->expects($this->any())
|
||||||
->method('getConnection')
|
->method('getConnection')
|
||||||
|
|
|
@ -26,6 +26,7 @@ namespace OCA\User_LDAP\Tests\Integration;
|
||||||
use OCA\User_LDAP\Access;
|
use OCA\User_LDAP\Access;
|
||||||
use OCA\User_LDAP\Connection;
|
use OCA\User_LDAP\Connection;
|
||||||
use OCA\User_LDAP\LDAP;
|
use OCA\User_LDAP\LDAP;
|
||||||
|
use OCA\User_LDAP\Helper;
|
||||||
use OCA\User_LDAP\User\Manager;
|
use OCA\User_LDAP\User\Manager;
|
||||||
|
|
||||||
abstract class AbstractIntegrationTest {
|
abstract class AbstractIntegrationTest {
|
||||||
|
@ -40,6 +41,9 @@ abstract class AbstractIntegrationTest {
|
||||||
|
|
||||||
/** @var Manager */
|
/** @var Manager */
|
||||||
protected $userManager;
|
protected $userManager;
|
||||||
|
|
||||||
|
/** @var Helper */
|
||||||
|
protected $helper;
|
||||||
|
|
||||||
/** @var string */
|
/** @var string */
|
||||||
protected $base;
|
protected $base;
|
||||||
|
@ -65,6 +69,7 @@ abstract class AbstractIntegrationTest {
|
||||||
$this->initLDAPWrapper();
|
$this->initLDAPWrapper();
|
||||||
$this->initConnection();
|
$this->initConnection();
|
||||||
$this->initUserManager();
|
$this->initUserManager();
|
||||||
|
$this->initHelper();
|
||||||
$this->initAccess();
|
$this->initAccess();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -103,12 +108,19 @@ abstract class AbstractIntegrationTest {
|
||||||
protected function initUserManager() {
|
protected function initUserManager() {
|
||||||
$this->userManager = new FakeManager();
|
$this->userManager = new FakeManager();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* initializes the test Helper
|
||||||
|
*/
|
||||||
|
protected function initHelper() {
|
||||||
|
$this->helper = new Helper();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* initializes the Access test instance
|
* initializes the Access test instance
|
||||||
*/
|
*/
|
||||||
protected function initAccess() {
|
protected function initAccess() {
|
||||||
$this->access = new Access($this->connection, $this->ldap, $this->userManager);
|
$this->access = new Access($this->connection, $this->ldap, $this->userManager, $this->helper);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -0,0 +1,338 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\User_LDAP\Tests;
|
||||||
|
|
||||||
|
use OCP\IServerContainer;
|
||||||
|
use OCA\User_LDAP\IUserLDAP;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class LDAPProviderTest
|
||||||
|
*
|
||||||
|
* @group DB
|
||||||
|
*
|
||||||
|
* @package OCA\User_LDAP\Tests
|
||||||
|
*/
|
||||||
|
class LDAPProviderTest extends \Test\TestCase {
|
||||||
|
|
||||||
|
protected function setUp() {
|
||||||
|
parent::setUp();
|
||||||
|
}
|
||||||
|
|
||||||
|
private function getServerMock(IUserLDAP $backend) {
|
||||||
|
$server = $this->getMockBuilder('OC\Server')
|
||||||
|
->setMethods(['getUserManager', 'getBackends'])
|
||||||
|
->setConstructorArgs(['', new \OC\Config(\OC::$configDir)])
|
||||||
|
->getMock();
|
||||||
|
$server->expects($this->at(1))
|
||||||
|
->method('getBackends')
|
||||||
|
->willReturn([$backend]);
|
||||||
|
$server->expects($this->any())
|
||||||
|
->method($this->anything())
|
||||||
|
->willReturnSelf();
|
||||||
|
|
||||||
|
return $server;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function getLDAPProvider(IServerContainer $serverContainer) {
|
||||||
|
$factory = new \OCA\User_LDAP\LDAPProviderFactory($serverContainer);
|
||||||
|
return $factory->getLDAPProvider();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Exception
|
||||||
|
* @expectedExceptionMessage User id not found in LDAP
|
||||||
|
*/
|
||||||
|
public function testGetUserDNUserIDNotFound() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())->method('userExists')->willReturn(false);
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->getUserDN('nonexisting_user');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetUserDN() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists', 'getLDAPAccess', 'username2dn'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->at(0))
|
||||||
|
->method('userExists')
|
||||||
|
->willReturn(true);
|
||||||
|
$backend->expects($this->at(2))
|
||||||
|
->method('username2dn')
|
||||||
|
->willReturn('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org');
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method($this->anything())
|
||||||
|
->willReturnSelf();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertEquals('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org',
|
||||||
|
$ldapProvider->getUserDN('existing_user'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetUserName() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['dn2UserName'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method('dn2UserName')
|
||||||
|
->willReturn('existing_user');
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertEquals('existing_user',
|
||||||
|
$ldapProvider->getUserName('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDNasBaseParameter() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods([])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertEquals(
|
||||||
|
$helper->DNasBaseParameter('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org'),
|
||||||
|
$ldapProvider->DNasBaseParameter('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testSanitizeDN() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods([])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertEquals(
|
||||||
|
$helper->sanitizeDN('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org'),
|
||||||
|
$ldapProvider->sanitizeDN('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Exception
|
||||||
|
* @expectedExceptionMessage User id not found in LDAP
|
||||||
|
*/
|
||||||
|
public function testGetLDAPConnectionUserIDNotFound() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())->method('userExists')->willReturn(false);
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->getLDAPConnection('nonexisting_user');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetLDAPConnection() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists', 'getNewLDAPConnection'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method('userExists')
|
||||||
|
->willReturn(true);
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method('getNewLDAPConnection')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertTrue($ldapProvider->getLDAPConnection('existing_user'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Exception
|
||||||
|
* @expectedExceptionMessage User id not found in LDAP
|
||||||
|
*/
|
||||||
|
public function testGetLDAPBaseUsersUserIDNotFound() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())->method('userExists')->willReturn(false);
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->getLDAPBaseUsers('nonexisting_user');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetLDAPBaseUsers() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists', 'getLDAPAccess', 'getConnection', 'getConfiguration'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->at(0))
|
||||||
|
->method('userExists')
|
||||||
|
->willReturn(true);
|
||||||
|
$backend->expects($this->at(3))
|
||||||
|
->method('getConfiguration')
|
||||||
|
->willReturn(array('ldap_base_users'=>'ou=users,dc=example,dc=org'));
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method($this->anything())
|
||||||
|
->willReturnSelf();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertEquals('ou=users,dc=example,dc=org', $ldapProvider->getLDAPBaseUsers('existing_user'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Exception
|
||||||
|
* @expectedExceptionMessage User id not found in LDAP
|
||||||
|
*/
|
||||||
|
public function testGetLDAPBaseGroupsUserIDNotFound() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())->method('userExists')->willReturn(false);
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->getLDAPBaseGroups('nonexisting_user');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetLDAPBaseGroups() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists', 'getLDAPAccess', 'getConnection', 'getConfiguration'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->at(0))
|
||||||
|
->method('userExists')
|
||||||
|
->willReturn(true);
|
||||||
|
$backend->expects($this->at(3))
|
||||||
|
->method('getConfiguration')
|
||||||
|
->willReturn(array('ldap_base_groups'=>'ou=groups,dc=example,dc=org'));
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method($this->anything())
|
||||||
|
->willReturnSelf();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertEquals('ou=groups,dc=example,dc=org', $ldapProvider->getLDAPBaseGroups('existing_user'));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Exception
|
||||||
|
* @expectedExceptionMessage User id not found in LDAP
|
||||||
|
*/
|
||||||
|
public function testClearCacheUserIDNotFound() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())->method('userExists')->willReturn(false);
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->clearCache('nonexisting_user');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testClearCache() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['userExists', 'getLDAPAccess', 'getConnection', 'clearCache'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->at(0))
|
||||||
|
->method('userExists')
|
||||||
|
->willReturn(true);
|
||||||
|
$backend->expects($this->at(3))
|
||||||
|
->method('clearCache')
|
||||||
|
->willReturn(true);
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method($this->anything())
|
||||||
|
->willReturnSelf();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->clearCache('existing_user');
|
||||||
|
$this->assertTrue(TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDnExists() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods(['dn2UserName'])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$backend->expects($this->any())
|
||||||
|
->method('dn2UserName')
|
||||||
|
->willReturn('existing_user');
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$this->assertTrue($ldapProvider->dnExists('cn=existing_user,ou=Are Sufficient To,ou=Test,dc=example,dc=org'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testFlagRecord() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods([])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->flagRecord('existing_user');
|
||||||
|
$this->assertTrue(TRUE);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testUnflagRecord() {
|
||||||
|
$backend = $this->getMockBuilder('OCA\User_LDAP\User_LDAP')
|
||||||
|
->setMethods([])
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$server = $this->getServerMock($backend);
|
||||||
|
|
||||||
|
$ldapProvider = $this->getLDAPProvider($server);
|
||||||
|
$ldapProvider->unflagRecord('existing_user');
|
||||||
|
$this->assertTrue(TRUE);
|
||||||
|
}
|
||||||
|
}
|
|
@ -71,8 +71,9 @@ class UserTest extends \Test\TestCase {
|
||||||
$umMethods, array($cfMock, $fsMock, $logMock, $avaMgr, $im, $dbc, $userMgr));
|
$umMethods, array($cfMock, $fsMock, $logMock, $avaMgr, $im, $dbc, $userMgr));
|
||||||
$connector = $this->getMock('\OCA\User_LDAP\Connection',
|
$connector = $this->getMock('\OCA\User_LDAP\Connection',
|
||||||
$conMethods, array($lw, null, null));
|
$conMethods, array($lw, null, null));
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
$access = $this->getMock('\OCA\User_LDAP\Access',
|
$access = $this->getMock('\OCA\User_LDAP\Access',
|
||||||
$accMethods, array($connector, $lw, $um));
|
$accMethods, array($connector, $lw, $um, $helper));
|
||||||
|
|
||||||
return array($access, $connector);
|
return array($access, $connector);
|
||||||
}
|
}
|
||||||
|
|
|
@ -93,9 +93,11 @@ class User_LDAPTest extends \Test\TestCase {
|
||||||
->method('getDeletedUser')
|
->method('getDeletedUser')
|
||||||
->will($this->returnValue($offlineUser));
|
->will($this->returnValue($offlineUser));
|
||||||
|
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
|
|
||||||
$access = $this->getMock('\OCA\User_LDAP\Access',
|
$access = $this->getMock('\OCA\User_LDAP\Access',
|
||||||
$accMethods,
|
$accMethods,
|
||||||
array($connector, $lw, $um));
|
array($connector, $lw, $um, $helper));
|
||||||
|
|
||||||
$um->setLdapAccess($access);
|
$um->setLdapAccess($access);
|
||||||
|
|
||||||
|
|
|
@ -69,8 +69,9 @@ class WizardTest extends \Test\TestCase {
|
||||||
$um = $this->getMockBuilder('\OCA\User_LDAP\User\Manager')
|
$um = $this->getMockBuilder('\OCA\User_LDAP\User\Manager')
|
||||||
->disableOriginalConstructor()
|
->disableOriginalConstructor()
|
||||||
->getMock();
|
->getMock();
|
||||||
|
$helper = new \OCA\User_LDAP\Helper();
|
||||||
$access = $this->getMock('\OCA\User_LDAP\Access',
|
$access = $this->getMock('\OCA\User_LDAP\Access',
|
||||||
$accMethods, array($connector, $lw, $um));
|
$accMethods, array($connector, $lw, $um, $helper));
|
||||||
|
|
||||||
return array(new Wizard($conf, $lw, $access), $conf, $lw, $access);
|
return array(new Wizard($conf, $lw, $access), $conf, $lw, $access);
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
||||||
* @author Thomas Tanghus <thomas@tanghus.net>
|
* @author Thomas Tanghus <thomas@tanghus.net>
|
||||||
* @author Vincent Petry <pvince81@owncloud.com>
|
* @author Vincent Petry <pvince81@owncloud.com>
|
||||||
|
* @author Roger Szabo <roger.szabo@web.de>
|
||||||
*
|
*
|
||||||
* @license AGPL-3.0
|
* @license AGPL-3.0
|
||||||
*
|
*
|
||||||
|
@ -583,6 +584,16 @@ class Server extends ServerContainer implements IServerContainer {
|
||||||
$this->getLogger()
|
$this->getLogger()
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
$this->registerService('LDAPProvider', function(Server $c) {
|
||||||
|
$config = $c->getConfig();
|
||||||
|
$factoryClass = $config->getSystemValue('ldapProviderFactory', null);
|
||||||
|
if(is_null($factoryClass)) {
|
||||||
|
throw new \Exception('ldapProviderFactory not set');
|
||||||
|
}
|
||||||
|
/** @var \OCP\LDAP\ILDAPProviderFactory $factory */
|
||||||
|
$factory = new $factoryClass($this);
|
||||||
|
return $factory->getLDAPProvider();
|
||||||
|
});
|
||||||
$this->registerService('LockingProvider', function (Server $c) {
|
$this->registerService('LockingProvider', function (Server $c) {
|
||||||
$ini = $c->getIniWrapper();
|
$ini = $c->getIniWrapper();
|
||||||
$config = $c->getConfig();
|
$config = $c->getConfig();
|
||||||
|
@ -1405,4 +1416,12 @@ class Server extends ServerContainer implements IServerContainer {
|
||||||
return $this->query('ShareManager');
|
return $this->query('ShareManager');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the LDAP Provider
|
||||||
|
*
|
||||||
|
* @return \OCP\LDAP\ILDAPProvider
|
||||||
|
*/
|
||||||
|
public function getLDAPProvider() {
|
||||||
|
return $this->query('LDAPProvider');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCP\LDAP;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface IDeletionFlagSupport
|
||||||
|
*
|
||||||
|
* @package OCP\LDAP
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
interface IDeletionFlagSupport {
|
||||||
|
/**
|
||||||
|
* Flag record for deletion.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function flagRecord($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unflag record for deletion.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function unflagRecord($uid);
|
||||||
|
}
|
|
@ -0,0 +1,105 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCP\LDAP;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface ILDAPProvider
|
||||||
|
*
|
||||||
|
* @package OCP\LDAP
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
interface ILDAPProvider {
|
||||||
|
/**
|
||||||
|
* Translate a user id to LDAP DN.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return string
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function getUserDN($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Translate a LDAP DN to an internal user name.
|
||||||
|
* @param string $dn LDAP DN
|
||||||
|
* @return string with the internal user name
|
||||||
|
* @throws \Exception if translation was unsuccessful
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function getUserName($dn);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Convert a stored DN so it can be used as base parameter for LDAP queries.
|
||||||
|
* @param string $dn the DN
|
||||||
|
* @return string
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function DNasBaseParameter($dn);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize a DN received from the LDAP server.
|
||||||
|
* @param array $dn the DN in question
|
||||||
|
* @return array the sanitized DN
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function sanitizeDN($dn);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a new LDAP connection resource for the specified user.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return resource of the LDAP connection
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function getLDAPConnection($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the LDAP base for users.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return string the base for users
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function getLDAPBaseUsers($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the LDAP base for groups.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @return string the base for groups
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function getLDAPBaseGroups($uid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether a LDAP DN exists
|
||||||
|
* @param string $dn LDAP DN
|
||||||
|
* @return bool whether the DN exists
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function dnExists($dn);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Clear the cache if a cache is used, otherwise do nothing.
|
||||||
|
* @param string $uid user id
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function clearCache($uid);
|
||||||
|
}
|
|
@ -0,0 +1,53 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCP\LDAP;
|
||||||
|
|
||||||
|
use OCP\IServerContainer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Interface ILDAPProviderFactory
|
||||||
|
*
|
||||||
|
* This class is responsible for instantiating and returning an ILDAPProvider
|
||||||
|
* instance.
|
||||||
|
*
|
||||||
|
* @package OCP\LDAP
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
interface ILDAPProviderFactory {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructor for the LDAP provider factory
|
||||||
|
*
|
||||||
|
* @param IServerContainer $serverContainer server container
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function __construct(IServerContainer $serverContainer);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* creates and returns an instance of the ILDAPProvider
|
||||||
|
*
|
||||||
|
* @return ILDAPProvider
|
||||||
|
* @since 9.2.0
|
||||||
|
*/
|
||||||
|
public function getLDAPProvider();
|
||||||
|
}
|
Loading…
Reference in New Issue