mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49631 Commits
365 Branches
Tree: 3174012adf
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3174012adf'
${ noResults }
nextcloud/lib/private/User/Database.php

Database.php 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478 
  1. <?php

  2. declare(strict_types=1);

  3. /**

  4.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  5.  *

  6.  * @author adrien <adrien.waksberg@believedigital.com>

  7.  * @author Aldo "xoen" Giambelluca <xoen@xoen.org>

  8.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  9.  * @author Bart Visscher <bartv@thisnet.nl>

  10.  * @author Bjoern Schiessle <bjoern@schiessle.org>

  11.  * @author Björn Schießle <bjoern@schiessle.org>

  12.  * @author fabian <fabian@web2.0-apps.de>

  13.  * @author Georg Ehrke <oc.list@georgehrke.com>

  14.  * @author Jakob Sack <mail@jakobsack.de>

  15.  * @author Joas Schilling <coding@schilljs.com>

  16.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  17.  * @author Loki3000 <github@labcms.ru>

  18.  * @author Lukas Reschke <lukas@statuscode.ch>

  19.  * @author Michael Gapczynski <GapczynskiM@gmail.com>

  20.  * @author michag86 <micha_g@arcor.de>

  21.  * @author Morris Jobke <hey@morrisjobke.de>

  22.  * @author nishiki <nishiki@yaegashi.fr>

  23.  * @author Robin Appelman <robin@icewind.nl>

  24.  * @author Robin McCorkell <robin@mccorkell.me.uk>

  25.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  26.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  27.  * @author Vincent Petry <pvince81@owncloud.com>

  28.  *

  29.  * @license AGPL-3.0

  30.  *

  31.  * This code is free software: you can redistribute it and/or modify

  32.  * it under the terms of the GNU Affero General Public License, version 3,

  33.  * as published by the Free Software Foundation.

  34.  *

  35.  * This program is distributed in the hope that it will be useful,

  36.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  37.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  38.  * GNU Affero General Public License for more details.

  39.  *

  40.  * You should have received a copy of the GNU Affero General Public License, version 3,

  41.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  42.  *

  43.  */

  44. 

  45. /*

  46.  *

  47.  * The following SQL statement is just a help for developers and will not be

  48.  * executed!

  49.  *

  50.  * CREATE TABLE `users` (

  51.  *   `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,

  52.  *   `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,

  53.  *   PRIMARY KEY (`uid`)

  54.  * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

  55.  *

  56.  */

  57. 

  58. namespace OC\User;

  59. 

  60. use OC\Cache\CappedMemoryCache;

  61. use OCP\IDBConnection;

  62. use OCP\User\Backend\ABackend;

  63. use OCP\User\Backend\ICheckPasswordBackend;

  64. use OCP\User\Backend\ICountUsersBackend;

  65. use OCP\User\Backend\ICreateUserBackend;

  66. use OCP\User\Backend\IGetDisplayNameBackend;

  67. use OCP\User\Backend\IGetHomeBackend;

  68. use OCP\User\Backend\ISetDisplayNameBackend;

  69. use OCP\User\Backend\ISetPasswordBackend;

  70. use Symfony\Component\EventDispatcher\EventDispatcherInterface;

  71. use Symfony\Component\EventDispatcher\GenericEvent;

  72. 

  73. /**

  74.  * Class for user management in a SQL Database (e.g. MySQL, SQLite)

  75.  */

  76. class Database extends ABackend

  77. 	implements ICreateUserBackend,

  78. 	           ISetPasswordBackend,

  79. 	           ISetDisplayNameBackend,

  80. 	           IGetDisplayNameBackend,

  81. 	           ICheckPasswordBackend,

  82. 	           IGetHomeBackend,

  83. 	           ICountUsersBackend {

  84. 	/** @var CappedMemoryCache */

  85. 	private $cache;

  86. 

  87. 	/** @var EventDispatcherInterface */

  88. 	private $eventDispatcher;

  89. 

  90. 	/** @var IDBConnection */

  91. 	private $dbConn;

  92. 

  93. 	/** @var string */

  94. 	private $table;

  95. 

  96. 	/**

  97. 	 * \OC\User\Database constructor.

  98. 	 *

  99. 	 * @param EventDispatcherInterface $eventDispatcher

  100. 	 * @param string $table

  101. 	 */

  102. 	public function __construct($eventDispatcher = null, $table = 'users') {

  103. 		$this->cache = new CappedMemoryCache();

  104. 		$this->table = $table;

  105. 		$this->eventDispatcher = $eventDispatcher ? $eventDispatcher : \OC::$server->getEventDispatcher();

  106. 	}

  107. 

  108. 	/**

  109. 	 * FIXME: This function should not be required!

  110. 	 */

  111. 	private function fixDI() {

  112. 		if ($this->dbConn === null) {

  113. 			$this->dbConn = \OC::$server->getDatabaseConnection();

  114. 		}

  115. 	}

  116. 

  117. 	/**

  118. 	 * Create a new user

  119. 	 *

  120. 	 * @param string $uid The username of the user to create

  121. 	 * @param string $password The password of the new user

  122. 	 * @return bool

  123. 	 *

  124. 	 * Creates a new user. Basic checking of username is done in OC_User

  125. 	 * itself, not in its subclasses.

  126. 	 */

  127. 	public function createUser(string $uid, string $password): bool {

  128. 		$this->fixDI();

  129. 

  130. 		if (!$this->userExists($uid)) {

  131. 			$event = new GenericEvent($password);

  132. 			$this->eventDispatcher->dispatch('OCP\PasswordPolicy::validate', $event);

  133. 

  134. 			$qb = $this->dbConn->getQueryBuilder();

  135. 			$qb->insert($this->table)

  136. 				->values([

  137. 					'uid' => $qb->createNamedParameter($uid),

  138. 					'password' => $qb->createNamedParameter(\OC::$server->getHasher()->hash($password)),

  139. 					'uid_lower' => $qb->createNamedParameter(mb_strtolower($uid)),

  140. 				]);

  141. 

  142. 			$result = $qb->execute();

  143. 

  144. 			// Clear cache

  145. 			unset($this->cache[$uid]);

  146. 

  147. 			return $result ? true : false;

  148. 		}

  149. 

  150. 		return false;

  151. 	}

  152. 

  153. 	/**

  154. 	 * delete a user

  155. 	 *

  156. 	 * @param string $uid The username of the user to delete

  157. 	 * @return bool

  158. 	 *

  159. 	 * Deletes a user

  160. 	 */

  161. 	public function deleteUser($uid) {

  162. 		$this->fixDI();

  163. 

  164. 		// Delete user-group-relation

  165. 		$query = $this->dbConn->getQueryBuilder();

  166. 		$query->delete($this->table)

  167. 			->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));

  168. 		$result = $query->execute();

  169. 

  170. 		if (isset($this->cache[$uid])) {

  171. 			unset($this->cache[$uid]);

  172. 		}

  173. 

  174. 		return $result ? true : false;

  175. 	}

  176. 

  177. 	private function updatePassword(string $uid, string $passwordHash): bool {

  178. 		$query = $this->dbConn->getQueryBuilder();

  179. 		$query->update($this->table)

  180. 			->set('password', $query->createNamedParameter($passwordHash))

  181. 			->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));

  182. 		$result = $query->execute();

  183. 

  184. 		return $result ? true : false;

  185. 	}

  186. 

  187. 	/**

  188. 	 * Set password

  189. 	 *

  190. 	 * @param string $uid The username

  191. 	 * @param string $password The new password

  192. 	 * @return bool

  193. 	 *

  194. 	 * Change the password of a user

  195. 	 */

  196. 	public function setPassword(string $uid, string $password): bool {

  197. 		$this->fixDI();

  198. 

  199. 		if ($this->userExists($uid)) {

  200. 			$event = new GenericEvent($password);

  201. 			$this->eventDispatcher->dispatch('OCP\PasswordPolicy::validate', $event);

  202. 

  203. 			$hasher = \OC::$server->getHasher();

  204. 			$hashedPassword = $hasher->hash($password);

  205. 

  206. 			return $this->updatePassword($uid, $hashedPassword);

  207. 		}

  208. 

  209. 		return false;

  210. 	}

  211. 

  212. 	/**

  213. 	 * Set display name

  214. 	 *

  215. 	 * @param string $uid The username

  216. 	 * @param string $displayName The new display name

  217. 	 * @return bool

  218. 	 *

  219. 	 * Change the display name of a user

  220. 	 */

  221. 	public function setDisplayName(string $uid, string $displayName): bool {

  222. 		$this->fixDI();

  223. 

  224. 		if ($this->userExists($uid)) {

  225. 			$query = $this->dbConn->getQueryBuilder();

  226. 			$query->update($this->table)

  227. 				->set('displayname', $query->createNamedParameter($displayName))

  228. 				->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));

  229. 			$query->execute();

  230. 

  231. 			$this->cache[$uid]['displayname'] = $displayName;

  232. 

  233. 			return true;

  234. 		}

  235. 

  236. 		return false;

  237. 	}

  238. 

  239. 	/**

  240. 	 * get display name of the user

  241. 	 *

  242. 	 * @param string $uid user ID of the user

  243. 	 * @return string display name

  244. 	 */

  245. 	public function getDisplayName($uid): string {

  246. 		$uid = (string)$uid;

  247. 		$this->loadUser($uid);

  248. 		return empty($this->cache[$uid]['displayname']) ? $uid : $this->cache[$uid]['displayname'];

  249. 	}

  250. 

  251. 	/**

  252. 	 * Get a list of all display names and user ids.

  253. 	 *

  254. 	 * @param string $search

  255. 	 * @param string|null $limit

  256. 	 * @param string|null $offset

  257. 	 * @return array an array of all displayNames (value) and the corresponding uids (key)

  258. 	 */

  259. 	public function getDisplayNames($search = '', $limit = null, $offset = null) {

  260. 		$this->fixDI();

  261. 

  262. 		$query = $this->dbConn->getQueryBuilder();

  263. 

  264. 		$query->select('uid', 'displayname')

  265. 			->from($this->table, 'u')

  266. 			->leftJoin('u', 'preferences', 'p', $query->expr()->andX(

  267. 				$query->expr()->eq('userid', 'uid'),

  268. 				$query->expr()->eq('appid', $query->expr()->literal('settings')),

  269. 				$query->expr()->eq('configkey', $query->expr()->literal('email')))

  270. 			)

  271. 			// sqlite doesn't like re-using a single named parameter here

  272. 			->where($query->expr()->iLike('uid', $query->createPositionalParameter('%' . $this->dbConn->escapeLikeParameter($search) . '%')))

  273. 			->orWhere($query->expr()->iLike('displayname', $query->createPositionalParameter('%' . $this->dbConn->escapeLikeParameter($search) . '%')))

  274. 			->orWhere($query->expr()->iLike('configvalue', $query->createPositionalParameter('%' . $this->dbConn->escapeLikeParameter($search) . '%')))

  275. 			->orderBy($query->func()->lower('displayname'), 'ASC')

  276. 			->orderBy('uid_lower', 'ASC')

  277. 			->setMaxResults($limit)

  278. 			->setFirstResult($offset);

  279. 

  280. 		$result = $query->execute();

  281. 		$displayNames = [];

  282. 		while ($row = $result->fetch()) {

  283. 			$displayNames[(string)$row['uid']] = (string)$row['displayname'];

  284. 		}

  285. 

  286. 		return $displayNames;

  287. 	}

  288. 

  289. 	/**

  290. 	 * Check if the password is correct

  291. 	 *

  292. 	 * @param string $uid The username

  293. 	 * @param string $password The password

  294. 	 * @return string

  295. 	 *

  296. 	 * Check if the password is correct without logging in the user

  297. 	 * returns the user id or false

  298. 	 */

  299. 	public function checkPassword(string $uid, string $password) {

  300. 		$this->fixDI();

  301. 

  302. 		$qb = $this->dbConn->getQueryBuilder();

  303. 		$qb->select('uid', 'password')

  304. 			->from($this->table)

  305. 			->where(

  306. 				$qb->expr()->eq(

  307. 					'uid_lower', $qb->createNamedParameter(mb_strtolower($uid))

  308. 				)

  309. 			);

  310. 		$result = $qb->execute();

  311. 		$row = $result->fetch();

  312. 		$result->closeCursor();

  313. 

  314. 		if ($row) {

  315. 			$storedHash = $row['password'];

  316. 			$newHash = '';

  317. 			if (\OC::$server->getHasher()->verify($password, $storedHash, $newHash)) {

  318. 				if (!empty($newHash)) {

  319. 					$this->updatePassword($uid, $newHash);

  320. 				}

  321. 				return (string)$row['uid'];

  322. 			}

  323. 

  324. 		}

  325. 

  326. 		return false;

  327. 	}

  328. 

  329. 	/**

  330. 	 * Load an user in the cache

  331. 	 *

  332. 	 * @param string $uid the username

  333. 	 * @return boolean true if user was found, false otherwise

  334. 	 */

  335. 	private function loadUser($uid) {

  336. 		$this->fixDI();

  337. 

  338. 		$uid = (string)$uid;

  339. 		if (!isset($this->cache[$uid])) {

  340. 			//guests $uid could be NULL or ''

  341. 			if ($uid === '') {

  342. 				$this->cache[$uid] = false;

  343. 				return true;

  344. 			}

  345. 

  346. 			$qb = $this->dbConn->getQueryBuilder();

  347. 			$qb->select('uid', 'displayname')

  348. 				->from($this->table)

  349. 				->where(

  350. 					$qb->expr()->eq(

  351. 						'uid_lower', $qb->createNamedParameter(mb_strtolower($uid))

  352. 					)

  353. 				);

  354. 			$result = $qb->execute();

  355. 			$row = $result->fetch();

  356. 			$result->closeCursor();

  357. 

  358. 			$this->cache[$uid] = false;

  359. 

  360. 			// "uid" is primary key, so there can only be a single result

  361. 			if ($row !== false) {

  362. 				$this->cache[$uid]['uid'] = (string)$row['uid'];

  363. 				$this->cache[$uid]['displayname'] = (string)$row['displayname'];

  364. 			} else {

  365. 				return false;

  366. 			}

  367. 		}

  368. 

  369. 		return true;

  370. 	}

  371. 

  372. 	/**

  373. 	 * Get a list of all users

  374. 	 *

  375. 	 * @param string $search

  376. 	 * @param null|int $limit

  377. 	 * @param null|int $offset

  378. 	 * @return string[] an array of all uids

  379. 	 */

  380. 	public function getUsers($search = '', $limit = null, $offset = null) {

  381. 		$users = $this->getDisplayNames($search, $limit, $offset);

  382. 		$userIds = array_map(function ($uid) {

  383. 			return (string)$uid;

  384. 		}, array_keys($users));

  385. 		sort($userIds, SORT_STRING | SORT_FLAG_CASE);

  386. 		return $userIds;

  387. 	}

  388. 

  389. 	/**

  390. 	 * check if a user exists

  391. 	 *

  392. 	 * @param string $uid the username

  393. 	 * @return boolean

  394. 	 */

  395. 	public function userExists($uid) {

  396. 		$this->loadUser($uid);

  397. 		return $this->cache[$uid] !== false;

  398. 	}

  399. 

  400. 	/**

  401. 	 * get the user's home directory

  402. 	 *

  403. 	 * @param string $uid the username

  404. 	 * @return string|false

  405. 	 */

  406. 	public function getHome(string $uid) {

  407. 		if ($this->userExists($uid)) {

  408. 			return \OC::$server->getConfig()->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') . '/' . $uid;

  409. 		}

  410. 

  411. 		return false;

  412. 	}

  413. 

  414. 	/**

  415. 	 * @return bool

  416. 	 */

  417. 	public function hasUserListings() {

  418. 		return true;

  419. 	}

  420. 

  421. 	/**

  422. 	 * counts the users in the database

  423. 	 *

  424. 	 * @return int|bool

  425. 	 */

  426. 	public function countUsers() {

  427. 		$this->fixDI();

  428. 

  429. 		$query = $this->dbConn->getQueryBuilder();

  430. 		$query->select($query->func()->count('uid'))

  431. 			->from($this->table);

  432. 		$result = $query->execute();

  433. 

  434. 		return $result->fetchColumn();

  435. 	}

  436. 

  437. 	/**

  438. 	 * returns the username for the given login name in the correct casing

  439. 	 *

  440. 	 * @param string $loginName

  441. 	 * @return string|false

  442. 	 */

  443. 	public function loginName2UserName($loginName) {

  444. 		if ($this->userExists($loginName)) {

  445. 			return $this->cache[$loginName]['uid'];

  446. 		}

  447. 

  448. 		return false;

  449. 	}

  450. 

  451. 	/**

  452. 	 * Backend name to be shown in user management

  453. 	 *

  454. 	 * @return string the name of the backend to be shown

  455. 	 */

  456. 	public function getBackendName() {

  457. 		return 'Database';

  458. 	}

  459. 

  460. 	public static function preLoginNameUsedAsUserName($param) {

  461. 		if (!isset($param['uid'])) {

  462. 			throw new \Exception('key uid is expected to be set in $param');

  463. 		}

  464. 

  465. 		$backends = \OC::$server->getUserManager()->getBackends();

  466. 		foreach ($backends as $backend) {

  467. 			if ($backend instanceof Database) {

  468. 				/** @var \OC\User\Database $backend */

  469. 				$uid = $backend->loginName2UserName($param['uid']);

  470. 				if ($uid !== false) {

  471. 					$param['uid'] = $uid;

  472. 					return;

  473. 				}

  474. 			}

  475. 		}

  476. 

  477. 	}

  478. }