nextcloud/lib/user.php

<?php
/**
 * ownCloud
 *
 * @author Frank Karlitschek
 * @copyright 2012 Frank Karlitschek frank@owncloud.org
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

/**
 * This class provides wrapper methods for user management. Multiple backends are
 * supported. User management operations are delegated to the configured backend for
 * execution.
 *
 * Hooks provided:
 *   pre_createUser(&run, uid, password)
 *   post_createUser(uid, password)
 *   pre_deleteUser(&run, uid)
 *   post_deleteUser(uid)
 *   pre_setPassword(&run, uid, password)
 *   post_setPassword(uid, password)
 *   pre_login(&run, uid)
 *   post_login(uid)
 *   logout()
 */
class OC_User {
	// The backend used for user management
	private static $_usedBackends = array();

	private static $_setupedBackends = array();

	// Backends available (except database)
	private static $_backends = array();

	/**
	 * @brief registers backend
	 * @param $name name of the backend
	 * @returns true/false
	 *
	 * Makes a list of backends that can be used by other modules
	 */
	public static function registerBackend( $backend ) {
		self::$_backends[] = $backend;
		return true;
	}

	/**
	 * @brief gets available backends
	 * @returns array of backends
	 *
	 * Returns the names of all backends.
	 */
	public static function getBackends() {
		return self::$_backends;
	}

	/**
	 * @brief gets used backends
	 * @returns array of backends
	 *
	 * Returns the names of all used backends.
	 */
	public static function getUsedBackends() {
		return array_keys(self::$_usedBackends);
	}

	/**
	 * @brief Adds the backend to the list of used backends
	 * @param $backend default: database The backend to use for user managment
	 * @returns true/false
	 *
	 * Set the User Authentication Module
	 */
	public static function useBackend( $backend = 'database' ) {
		if($backend instanceof OC_User_Interface) {
			OC_Log::write('core', 'Adding user backend instance of '.get_class($backend).'.', OC_Log::DEBUG);
			self::$_usedBackends[get_class($backend)]=$backend;
		} else {
			// You'll never know what happens
			if( null === $backend OR !is_string( $backend )) {
				$backend = 'database';
			}

			// Load backend
			switch( $backend ) {
				case 'database':
				case 'mysql':
				case 'sqlite':
					OC_Log::write('core', 'Adding user backend '.$backend.'.', OC_Log::DEBUG);
					self::$_usedBackends[$backend] = new OC_User_Database();
					break;
				default:
					OC_Log::write('core', 'Adding default user backend '.$backend.'.', OC_Log::DEBUG);
					$className = 'OC_USER_' . strToUpper($backend);
					self::$_usedBackends[$backend] = new $className();
					break;
			}
		}
		return true;
	}

	/**
	 * remove all used backends
	 */
	public static function clearBackends() {
		self::$_usedBackends=array();
	}

	/**
	 * setup the configured backends in config.php
	 */
	public static function setupBackends() {
		$backends=OC_Config::getValue('user_backends', array());
		foreach($backends as $i=>$config) {
			$class=$config['class'];
			$arguments=$config['arguments'];
			if(class_exists($class)) {
				if(array_search($i, self::$_setupedBackends)===false) {
					// make a reflection object
					$reflectionObj = new ReflectionClass($class);

					// use Reflection to create a new instance, using the $args
					$backend = $reflectionObj->newInstanceArgs($arguments);
					self::useBackend($backend);
					$_setupedBackends[]=$i;
				} else {
					OC_Log::write('core', 'User backend '.$class.' already initialized.', OC_Log::DEBUG);
				}
			} else {
				OC_Log::write('core', 'User backend '.$class.' not found.', OC_Log::ERROR);
			}
		}
	}

	/**
	 * @brief Create a new user
	 * @param $uid The username of the user to create
	 * @param $password The password of the new user
	 * @returns true/false
	 *
	 * Creates a new user. Basic checking of username is done in OC_User
	 * itself, not in its subclasses.
	 *
	 * Allowed characters in the username are: "a-z", "A-Z", "0-9" and "_.@-"
	 */
	public static function createUser( $uid, $password ) {
		// Check the name for bad characters
		// Allowed are: "a-z", "A-Z", "0-9" and "_.@-"
		if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $uid )) {
			throw new Exception('Only the following characters are allowed in a username:'
				.' "a-z", "A-Z", "0-9", and "_.@-"');
		}
		// No empty username
		if(trim($uid) == '') {
			throw new Exception('A valid username must be provided');
		}
		// No empty password
		if(trim($password) == '') {
			throw new Exception('A valid password must be provided');
		}

		// Check if user already exists
		if( self::userExistsForCreation($uid) ) {
			throw new Exception('The username is already being used');
		}


		$run = true;
		OC_Hook::emit( "OC_User", "pre_createUser", array( "run" => &$run, "uid" => $uid, "password" => $password ));

		if( $run ) {
			//create the user in the first backend that supports creating users
			foreach(self::$_usedBackends as $backend) {
				if(!$backend->implementsActions(OC_USER_BACKEND_CREATE_USER))
					continue;

				$backend->createUser($uid, $password);
				OC_Hook::emit( "OC_User", "post_createUser", array( "uid" => $uid, "password" => $password ));

				return self::userExists($uid);
			}
		}
		return false;
	}

	/**
	 * @brief delete a user
	 * @param $uid The username of the user to delete
	 * @returns true/false
	 *
	 * Deletes a user
	 */
	public static function deleteUser( $uid ) {
		$run = true;
		OC_Hook::emit( "OC_User", "pre_deleteUser", array( "run" => &$run, "uid" => $uid ));

		if( $run ) {
			//delete the user from all backends
			foreach(self::$_usedBackends as $backend) {
				$backend->deleteUser($uid);
			}
			if (self::userExists($uid)) {
				return false;
			}
			// We have to delete the user from all groups
			foreach( OC_Group::getUserGroups( $uid ) as $i ) {
				OC_Group::removeFromGroup( $uid, $i );
			}
			// Delete the user's keys in preferences
			OC_Preferences::deleteUser($uid);

			// Delete user files in /data/
			OC_Helper::rmdirr(OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ) . '/'.$uid.'/');

			// Emit and exit
			OC_Hook::emit( "OC_User", "post_deleteUser", array( "uid" => $uid ));
			return true;
		}
		else{
			return false;
		}
	}

	/**
	 * @brief Try to login a user
	 * @param $uid The username of the user to log in
	 * @param $password The password of the user
	 * @returns true/false
	 *
	 * Log in a user and regenerate a new session - if the password is ok
	 */
	public static function login( $uid, $password ) {
		$run = true;
		OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));

		if( $run ) {
			$uid = self::checkPassword( $uid, $password );
			$enabled = self::isEnabled($uid);
			if($uid && $enabled) {
				session_regenerate_id(true);
				self::setUserId($uid);
				self::setDisplayName($uid);
				OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>$password ));
				return true;
			}
		}
		return false;
	}

	/**
	 * @brief Sets user id for session and triggers emit
	 */
	public static function setUserId($uid) {
		$_SESSION['user_id'] = $uid;
	}

	/**
	 * @brief Sets user display name for session
	 */
	public static function setDisplayName($uid, $displayName = null) {
		$result = false;
		if ($displayName ) {
			foreach(self::$_usedBackends as $backend) {
				if($backend->implementsActions(OC_USER_BACKEND_SET_DISPLAYNAME)) {
					if($backend->userExists($uid)) {
						$result |= $backend->setDisplayName($uid, $displayName);
					}
				}
			}
		} else {
			$displayName = self::determineDisplayName($uid);
			$result = true;
		}
		if (OC_User::getUser() === $uid) {
			$_SESSION['display_name'] = $displayName;
		}
		return $result;
	}


	/**
	 * @brief get display name
	 * @param $uid The username
	 * @returns string display name or uid if no display name is defined
	 *
	 */
	private static function determineDisplayName( $uid ) {
		foreach(self::$_usedBackends as $backend) {
			if($backend->implementsActions(OC_USER_BACKEND_GET_DISPLAYNAME)) {
				$result=$backend->getDisplayName( $uid );
				if($result) {
					return $result;
				}
			}
		}
		return $uid;
	}

	/**
	 * @brief Logs the current user out and kills all the session data
	 *
	 * Logout, destroys session
	 */
	public static function logout() {
		OC_Hook::emit( "OC_User", "logout", array());
		session_unset();
		session_destroy();
		OC_User::unsetMagicInCookie();
	}

	/**
	 * @brief Check if the user is logged in
	 * @returns true/false
	 *
	 * Checks if the user is logged in
	 */
	public static function isLoggedIn() {
		if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) {
			OC_App::loadApps(array('authentication'));
			self::setupBackends();
			if (self::userExists($_SESSION['user_id']) ) {
				return true;
			}
		}
		return false;
	}

	/**
	 * @brief Check if the user is an admin user
	 * @param $uid uid of the admin
	 * @returns bool
	 */
	public static function isAdminUser($uid) {
		if(OC_Group::inGroup($uid, 'admin' )) {
			return true;
		}
		return false;
	}


	/**
	 * @brief get the user id of the user currently logged in.
	 * @return string uid or false
	 */
	public static function getUser() {
		if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) {
			return $_SESSION['user_id'];
		}
		else{
			return false;
		}
	}

	/**
	 * @brief get the display name of the user currently logged in.
	 * @return string uid or false
	 */
	public static function getDisplayName($user=null) {
		if ( $user ) {
			return self::determineDisplayName($user);
		} else if( isset($_SESSION['display_name']) AND $_SESSION['display_name'] ) {
			return $_SESSION['display_name'];
		}
		else{
			return false;
		}
	}

	/**
	 * @brief Autogenerate a password
	 * @returns string
	 *
	 * generates a password
	 */
	public static function generatePassword() {
		return OC_Util::generate_random_bytes(30);
	}

	/**
	 * @brief Set password
	 * @param $uid The username
	 * @param $password The new password
	 * @returns true/false
	 *
	 * Change the password of a user
	 */
	public static function setPassword( $uid, $password ) {
		$run = true;
		OC_Hook::emit( "OC_User", "pre_setPassword", array( "run" => &$run, "uid" => $uid, "password" => $password ));

		if( $run ) {
			$success = false;
			foreach(self::$_usedBackends as $backend) {
				if($backend->implementsActions(OC_USER_BACKEND_SET_PASSWORD)) {
					if($backend->userExists($uid)) {
						$success |= $backend->setPassword($uid, $password);
					}
				}
			}
			// invalidate all login cookies
			OC_Preferences::deleteApp($uid, 'login_token');
			OC_Hook::emit( "OC_User", "post_setPassword", array( "uid" => $uid, "password" => $password ));
			return $success;
		}
		else{
			return false;
		}
	}

	/**
	 * @brief Check whether user can change his password
	 * @param $uid The username
	 * @returns true/false
	 *
	 * Check whether a specified user can change his password
	 */
	public static function canUserChangePassword($uid) {
		foreach(self::$_usedBackends as $backend) {
			if($backend->implementsActions(OC_USER_BACKEND_SET_PASSWORD)) {
				if($backend->userExists($uid)) {
					return true;
				}
			}
		}
		return false;
	}

	/**
	 * @brief Check whether user can change his display name
	 * @param $uid The username
	 * @returns true/false
	 *
	 * Check whether a specified user can change his display name
	 */
	public static function canUserChangeDisplayName($uid) {
		if (OC_Config::getValue('allow_user_to_change_display_name', true)) {
			foreach(self::$_usedBackends as $backend) {
				if($backend->implementsActions(OC_USER_BACKEND_SET_DISPLAYNAME)) {
					if($backend->userExists($uid)) {
						return true;
					}
				}
			}
		}
		return false;
	}

	/**
	 * @brief Check if the password is correct
	 * @param $uid The username
	 * @param $password The password
	 * @returns string
	 *
	 * Check if the password is correct without logging in the user
	 * returns the user id or false
	 */
	public static function checkPassword( $uid, $password ) {
		foreach(self::$_usedBackends as $backend) {
			if($backend->implementsActions(OC_USER_BACKEND_CHECK_PASSWORD)) {
				$result=$backend->checkPassword( $uid, $password );
				if($result) {
					return $result;
				}
			}
		}
	}

	/**
	 * @brief Check if the password is correct
	 * @param string $uid The username
	 * @param string $password The password
	 * @returns string
	 *
	 * returns the path to the users home directory
	 */
	public static function getHome($uid) {
		foreach(self::$_usedBackends as $backend) {
			if($backend->implementsActions(OC_USER_BACKEND_GET_HOME) && $backend->userExists($uid)) {
				$result=$backend->getHome($uid);
				if($result) {
					return $result;
				}
			}
		}
		return OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ) . '/' . $uid;
	}

	/**
	 * @brief Get a list of all users
	 * @returns array with all uids
	 *
	 * Get a list of all users.
	 */
	public static function getUsers($search = '', $limit = null, $offset = null) {
		$users = array();
		foreach (self::$_usedBackends as $backend) {
			$backendUsers = $backend->getUsers($search, $limit, $offset);
			if (is_array($backendUsers)) {
				$users = array_merge($users, $backendUsers);
			}
		}
		asort($users);
		return $users;
	}

	/**
	 * @brief Get a list of all users display name
	 * @returns associative array with all display names (value) and corresponding uids (key)
	 *
	 * Get a list of all display names and user ids.
	 */
	public static function getDisplayNames($search = '', $limit = null, $offset = null) {
		$displayNames = array();
		foreach (self::$_usedBackends as $backend) {
			$backendDisplayNames = $backend->getDisplayNames($search, $limit, $offset);
			if (is_array($backendDisplayNames)) {
				$displayNames = array_merge($displayNames, $backendDisplayNames);
			}
		}
		asort($displayNames);
		return $displayNames;
	}

	/**
	 * @brief check if a user exists
	 * @param string $uid the username
	 * @param string $excludingBackend (default none)
	 * @return boolean
	 */
	public static function userExists($uid, $excludingBackend=null) {
		foreach(self::$_usedBackends as $backend) {
			if (!is_null($excludingBackend) && !strcmp(get_class($backend), $excludingBackend)) {
				OC_Log::write('OC_User', $excludingBackend . 'excluded from user existance check.', OC_Log::DEBUG);
				continue;
			}
			$result=$backend->userExists($uid);
			if($result===true) {
				return true;
			}
		}
		return false;
	}

    public static function userExistsForCreation($uid) {
        foreach(self::$_usedBackends as $backend) {
            if(!$backend->hasUserListings())
                continue;

            $result=$backend->userExists($uid);
            if($result===true) {
                return true;
            }
        }
        return false;
    }

	/**
	 * disables a user
	 * @param string $userid the user to disable
	 */
	public static function disableUser($userid) {
		$sql = "INSERT INTO `*PREFIX*preferences` (`userid`, `appid`, `configkey`, `configvalue`) VALUES(?, ?, ?, ?)";
		$stmt = OC_DB::prepare($sql);
		if ( ! OC_DB::isError($stmt) ) {
			$result = $stmt->execute(array($userid, 'core', 'enabled', 'false'));
			if ( OC_DB::isError($result) ) {
				OC_Log::write('OC_User', 'could not enable user: '. OC_DB::getErrorMessage($result), OC_Log::ERROR);
			}
		} else {
			OC_Log::write('OC_User', 'could not disable user: '. OC_DB::getErrorMessage($stmt), OC_Log::ERROR);
		}
	}

	/**
	 * enable a user
	 * @param string $userid
	 */
	public static function enableUser($userid) {
		$sql = 'DELETE FROM `*PREFIX*preferences`'
			." WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?";
		$stmt = OC_DB::prepare($sql);
		if ( ! OC_DB::isError($stmt) ) {
			$result = $stmt->execute(array($userid, 'core', 'enabled', 'false'));
			if ( OC_DB::isError($result) ) {
				OC_Log::write('OC_User', 'could not enable user: '. OC_DB::getErrorMessage($result), OC_Log::ERROR);
			}
		} else {
			OC_Log::write('OC_User', 'could not enable user: '. OC_DB::getErrorMessage($stmt), OC_Log::ERROR);
		}
	}

	/**
	 * checks if a user is enabled
	 * @param string $userid
	 * @return bool
	 */
	public static function isEnabled($userid) {
		$sql = 'SELECT `userid` FROM `*PREFIX*preferences`'
			.' WHERE `userid` = ? AND `appid` = ? AND `configkey` = ? AND `configvalue` = ?';
		$stmt = OC_DB::prepare($sql);
		if ( ! OC_DB::isError($stmt) ) {
			$result = $stmt->execute(array($userid, 'core', 'enabled', 'false'));
			if ( ! OC_DB::isError($result) ) {
				return $result->numRows() ? false : true;
			} else {
				OC_Log::write('OC_User',
					'could not check if enabled: '. OC_DB::getErrorMessage($result),
					OC_Log::ERROR);
			}
		} else {
			OC_Log::write('OC_User', 'could not check if enabled: '. OC_DB::getErrorMessage($stmt), OC_Log::ERROR);
		}
		return false;
	}

	/**
	 * @brief Set cookie value to use in next page load
	 * @param string $username username to be set
	 */
	public static function setMagicInCookie($username, $token) {
		$secure_cookie = OC_Config::getValue("forcessl", false);
		$expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15);
		setcookie("oc_username", $username, $expires, OC::$WEBROOT, '', $secure_cookie);
		setcookie("oc_token", $token, $expires, OC::$WEBROOT, '', $secure_cookie, true);
		setcookie("oc_remember_login", true, $expires, OC::$WEBROOT, '', $secure_cookie);
	}

	/**
	 * @brief Remove cookie for "remember username"
	 */
	public static function unsetMagicInCookie() {
		unset($_COOKIE["oc_username"]);
		unset($_COOKIE["oc_token"]);
		unset($_COOKIE["oc_remember_login"]);
		setcookie("oc_username", null, -1);
		setcookie("oc_token", null, -1);
		setcookie("oc_remember_login", null, -1);
	}
}