From 592d6d5ebc20b604d387b8c362cf11022ccf79e7 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Mon, 4 Jan 2021 19:11:29 +0100 Subject: [PATCH] allow using any ldap property as login name when using external storage login credentials Signed-off-by: Robin Appelman --- .../Lib/Auth/Password/LoginCredentials.php | 37 +++++++++++++++++-- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php index b8279f5ca6..1faf9b590a 100644 --- a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php @@ -36,6 +36,8 @@ use OCP\EventDispatcher\IEventDispatcher; use OCP\IL10N; use OCP\ISession; use OCP\IUser; +use OCP\IUserBackend; +use OCP\LDAP\ILDAPProviderFactory; use OCP\Security\ICredentialsManager; use OCP\User\Events\PasswordUpdatedEvent; use OCP\User\Events\UserLoggedInEvent; @@ -55,10 +57,21 @@ class LoginCredentials extends AuthMechanism { /** @var CredentialsStore */ private $credentialsStore; - public function __construct(IL10N $l, ISession $session, ICredentialsManager $credentialsManager, CredentialsStore $credentialsStore, IEventDispatcher $eventDispatcher) { + /** @var ILDAPProviderFactory */ + private $ldapFactory; + + public function __construct( + IL10N $l, + ISession $session, + ICredentialsManager $credentialsManager, + CredentialsStore $credentialsStore, + IEventDispatcher $eventDispatcher, + ILDAPProviderFactory $ldapFactory + ) { $this->session = $session; $this->credentialsManager = $credentialsManager; $this->credentialsStore = $credentialsStore; + $this->ldapFactory = $ldapFactory; $this ->setIdentifier('password::logincredentials') @@ -86,7 +99,7 @@ class LoginCredentials extends AuthMechanism { $credentials = [ 'user' => $sessionCredentials->getLoginName(), - 'password' => $sessionCredentials->getPassword() + 'password' => $sessionCredentials->getPassword(), ]; $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); @@ -104,7 +117,25 @@ class LoginCredentials extends AuthMechanism { } $credentials = $this->getCredentials($user); - $storage->setBackendOption('user', $credentials['user']); + $loginKey = $storage->getBackendOption("login_ldap_attr"); + if ($loginKey) { + $backend = $user->getBackend(); + if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') { + $value = $this->getLdapPropertyForUser($user, $loginKey); + if ($value === null) { + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID()); + } + $storage->setBackendOption('user', $value); + } else { + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user'); + } + } else { + $storage->setBackendOption('user', $credentials['user']); + } $storage->setBackendOption('password', $credentials['password']); } + + private function getLdapPropertyForUser(IUser $user, string $property): ?string { + return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property); + } }