Compare commits

...

1 Commits

Author SHA1 Message Date
Robin Appelman 592d6d5ebc
allow using any ldap property as login name when using external storage login credentials
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-06-03 18:55:25 +02:00
1 changed files with 34 additions and 3 deletions

View File

@ -36,6 +36,8 @@ use OCP\EventDispatcher\IEventDispatcher;
use OCP\IL10N; use OCP\IL10N;
use OCP\ISession; use OCP\ISession;
use OCP\IUser; use OCP\IUser;
use OCP\IUserBackend;
use OCP\LDAP\ILDAPProviderFactory;
use OCP\Security\ICredentialsManager; use OCP\Security\ICredentialsManager;
use OCP\User\Events\PasswordUpdatedEvent; use OCP\User\Events\PasswordUpdatedEvent;
use OCP\User\Events\UserLoggedInEvent; use OCP\User\Events\UserLoggedInEvent;
@ -55,10 +57,21 @@ class LoginCredentials extends AuthMechanism {
/** @var CredentialsStore */ /** @var CredentialsStore */
private $credentialsStore; private $credentialsStore;
public function __construct(IL10N $l, ISession $session, ICredentialsManager $credentialsManager, CredentialsStore $credentialsStore, IEventDispatcher $eventDispatcher) { /** @var ILDAPProviderFactory */
private $ldapFactory;
public function __construct(
IL10N $l,
ISession $session,
ICredentialsManager $credentialsManager,
CredentialsStore $credentialsStore,
IEventDispatcher $eventDispatcher,
ILDAPProviderFactory $ldapFactory
) {
$this->session = $session; $this->session = $session;
$this->credentialsManager = $credentialsManager; $this->credentialsManager = $credentialsManager;
$this->credentialsStore = $credentialsStore; $this->credentialsStore = $credentialsStore;
$this->ldapFactory = $ldapFactory;
$this $this
->setIdentifier('password::logincredentials') ->setIdentifier('password::logincredentials')
@ -86,7 +99,7 @@ class LoginCredentials extends AuthMechanism {
$credentials = [ $credentials = [
'user' => $sessionCredentials->getLoginName(), 'user' => $sessionCredentials->getLoginName(),
'password' => $sessionCredentials->getPassword() 'password' => $sessionCredentials->getPassword(),
]; ];
$this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials);
@ -104,7 +117,25 @@ class LoginCredentials extends AuthMechanism {
} }
$credentials = $this->getCredentials($user); $credentials = $this->getCredentials($user);
$loginKey = $storage->getBackendOption("login_ldap_attr");
if ($loginKey) {
$backend = $user->getBackend();
if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') {
$value = $this->getLdapPropertyForUser($user, $loginKey);
if ($value === null) {
throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID());
}
$storage->setBackendOption('user', $value);
} else {
throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user');
}
} else {
$storage->setBackendOption('user', $credentials['user']); $storage->setBackendOption('user', $credentials['user']);
}
$storage->setBackendOption('password', $credentials['password']); $storage->setBackendOption('password', $credentials['password']);
} }
private function getLdapPropertyForUser(IUser $user, string $property): ?string {
return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property);
}
} }