allow using any ldap property as login name when using external storage login credentials
Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
parent
188bc07869
commit
592d6d5ebc
|
@ -36,6 +36,8 @@ use OCP\EventDispatcher\IEventDispatcher;
|
||||||
use OCP\IL10N;
|
use OCP\IL10N;
|
||||||
use OCP\ISession;
|
use OCP\ISession;
|
||||||
use OCP\IUser;
|
use OCP\IUser;
|
||||||
|
use OCP\IUserBackend;
|
||||||
|
use OCP\LDAP\ILDAPProviderFactory;
|
||||||
use OCP\Security\ICredentialsManager;
|
use OCP\Security\ICredentialsManager;
|
||||||
use OCP\User\Events\PasswordUpdatedEvent;
|
use OCP\User\Events\PasswordUpdatedEvent;
|
||||||
use OCP\User\Events\UserLoggedInEvent;
|
use OCP\User\Events\UserLoggedInEvent;
|
||||||
|
@ -55,10 +57,21 @@ class LoginCredentials extends AuthMechanism {
|
||||||
/** @var CredentialsStore */
|
/** @var CredentialsStore */
|
||||||
private $credentialsStore;
|
private $credentialsStore;
|
||||||
|
|
||||||
public function __construct(IL10N $l, ISession $session, ICredentialsManager $credentialsManager, CredentialsStore $credentialsStore, IEventDispatcher $eventDispatcher) {
|
/** @var ILDAPProviderFactory */
|
||||||
|
private $ldapFactory;
|
||||||
|
|
||||||
|
public function __construct(
|
||||||
|
IL10N $l,
|
||||||
|
ISession $session,
|
||||||
|
ICredentialsManager $credentialsManager,
|
||||||
|
CredentialsStore $credentialsStore,
|
||||||
|
IEventDispatcher $eventDispatcher,
|
||||||
|
ILDAPProviderFactory $ldapFactory
|
||||||
|
) {
|
||||||
$this->session = $session;
|
$this->session = $session;
|
||||||
$this->credentialsManager = $credentialsManager;
|
$this->credentialsManager = $credentialsManager;
|
||||||
$this->credentialsStore = $credentialsStore;
|
$this->credentialsStore = $credentialsStore;
|
||||||
|
$this->ldapFactory = $ldapFactory;
|
||||||
|
|
||||||
$this
|
$this
|
||||||
->setIdentifier('password::logincredentials')
|
->setIdentifier('password::logincredentials')
|
||||||
|
@ -86,7 +99,7 @@ class LoginCredentials extends AuthMechanism {
|
||||||
|
|
||||||
$credentials = [
|
$credentials = [
|
||||||
'user' => $sessionCredentials->getLoginName(),
|
'user' => $sessionCredentials->getLoginName(),
|
||||||
'password' => $sessionCredentials->getPassword()
|
'password' => $sessionCredentials->getPassword(),
|
||||||
];
|
];
|
||||||
|
|
||||||
$this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials);
|
$this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials);
|
||||||
|
@ -104,7 +117,25 @@ class LoginCredentials extends AuthMechanism {
|
||||||
}
|
}
|
||||||
$credentials = $this->getCredentials($user);
|
$credentials = $this->getCredentials($user);
|
||||||
|
|
||||||
|
$loginKey = $storage->getBackendOption("login_ldap_attr");
|
||||||
|
if ($loginKey) {
|
||||||
|
$backend = $user->getBackend();
|
||||||
|
if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') {
|
||||||
|
$value = $this->getLdapPropertyForUser($user, $loginKey);
|
||||||
|
if ($value === null) {
|
||||||
|
throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID());
|
||||||
|
}
|
||||||
|
$storage->setBackendOption('user', $value);
|
||||||
|
} else {
|
||||||
|
throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
$storage->setBackendOption('user', $credentials['user']);
|
$storage->setBackendOption('user', $credentials['user']);
|
||||||
|
}
|
||||||
$storage->setBackendOption('password', $credentials['password']);
|
$storage->setBackendOption('password', $credentials['password']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function getLdapPropertyForUser(IUser $user, string $property): ?string {
|
||||||
|
return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue