mirrors
/
nextcloud
Mirror von https://github.com/nextcloud/server.git
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Releases 994 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
69819 Commits
364 Branches
Struktur: c2d45cb172
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „c2d45cb172“
${ noResults }
nextcloud/apps/user_ldap/lib/Controller/ConfigAPIController.php

ConfigAPIController.php 9.3KB
Originalformat Blame Verlauf

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de>

  4.  *

  5.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  6.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  7.  *

  8.  * @license GNU AGPL version 3 or any later version

  9.  *

  10.  * This program is free software: you can redistribute it and/or modify

  11.  * it under the terms of the GNU Affero General Public License as

  12.  * published by the Free Software Foundation, either version 3 of the

  13.  * License, or (at your option) any later version.

  14.  *

  15.  * This program is distributed in the hope that it will be useful,

  16.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  17.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  18.  * GNU Affero General Public License for more details.

  19.  *

  20.  * You should have received a copy of the GNU Affero General Public License

  21.  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  22.  *

  23.  */

  24. namespace OCA\User_LDAP\Controller;

  25. 

  26. use OC\CapabilitiesManager;

  27. use OC\Core\Controller\OCSController;

  28. use OC\Security\IdentityProof\Manager;

  29. use OCA\User_LDAP\Configuration;

  30. use OCA\User_LDAP\ConnectionFactory;

  31. use OCA\User_LDAP\Helper;

  32. use OCP\AppFramework\Http;

  33. use OCP\AppFramework\Http\DataResponse;

  34. use OCP\AppFramework\OCS\OCSBadRequestException;

  35. use OCP\AppFramework\OCS\OCSException;

  36. use OCP\AppFramework\OCS\OCSNotFoundException;

  37. use OCP\IRequest;

  38. use OCP\IUserManager;

  39. use OCP\IUserSession;

  40. use Psr\Log\LoggerInterface;

  41. 

  42. class ConfigAPIController extends OCSController {

  43. 	public function __construct(

  44. 		string $appName,

  45. 		IRequest $request,

  46. 		CapabilitiesManager $capabilitiesManager,

  47. 		IUserSession $userSession,

  48. 		IUserManager $userManager,

  49. 		Manager $keyManager,

  50. 		private Helper $ldapHelper,

  51. 		private LoggerInterface $logger,

  52. 		private ConnectionFactory $connectionFactory

  53. 	) {

  54. 		parent::__construct(

  55. 			$appName,

  56. 			$request,

  57. 			$capabilitiesManager,

  58. 			$userSession,

  59. 			$userManager,

  60. 			$keyManager

  61. 		);

  62. 	}

  63. 

  64. 	/**

  65. 	 * Create a new (empty) configuration and return the resulting prefix

  66. 	 *

  67. 	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)

  68. 	 * @return DataResponse<Http::STATUS_OK, array{configID: string}, array{}>

  69. 	 * @throws OCSException

  70. 	 *

  71. 	 * 200: Config created successfully

  72. 	 */

  73. 	public function create() {

  74. 		try {

  75. 			$configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();

  76. 			$configHolder = new Configuration($configPrefix);

  77. 			$configHolder->ldapConfigurationActive = false;

  78. 			$configHolder->saveConfiguration();

  79. 		} catch (\Exception $e) {

  80. 			$this->logger->error($e->getMessage(), ['exception' => $e]);

  81. 			throw new OCSException('An issue occurred when creating the new config.');

  82. 		}

  83. 		return new DataResponse(['configID' => $configPrefix]);

  84. 	}

  85. 

  86. 	/**

  87. 	 * Delete a LDAP configuration

  88. 	 *

  89. 	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)

  90. 	 * @param string $configID ID of the config

  91. 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>

  92. 	 * @throws OCSException

  93. 	 * @throws OCSNotFoundException Config not found

  94. 	 *

  95. 	 * 200: Config deleted successfully

  96. 	 */

  97. 	public function delete($configID) {

  98. 		try {

  99. 			$this->ensureConfigIDExists($configID);

  100. 			if (!$this->ldapHelper->deleteServerConfiguration($configID)) {

  101. 				throw new OCSException('Could not delete configuration');

  102. 			}

  103. 		} catch (OCSException $e) {

  104. 			throw $e;

  105. 		} catch (\Exception $e) {

  106. 			$this->logger->error($e->getMessage(), ['exception' => $e]);

  107. 			throw new OCSException('An issue occurred when deleting the config.');

  108. 		}

  109. 

  110. 		return new DataResponse();

  111. 	}

  112. 

  113. 	/**

  114. 	 * Modify a configuration

  115. 	 *

  116. 	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)

  117. 	 * @param string $configID ID of the config

  118. 	 * @param array<string, mixed> $configData New config

  119. 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>

  120. 	 * @throws OCSException

  121. 	 * @throws OCSBadRequestException Modifying config is not possible

  122. 	 * @throws OCSNotFoundException Config not found

  123. 	 *

  124. 	 * 200: Config returned

  125. 	 */

  126. 	public function modify($configID, $configData) {

  127. 		try {

  128. 			$this->ensureConfigIDExists($configID);

  129. 

  130. 			if (!is_array($configData)) {

  131. 				throw new OCSBadRequestException('configData is not properly set');

  132. 			}

  133. 

  134. 			$configuration = new Configuration($configID);

  135. 			$configKeys = $configuration->getConfigTranslationArray();

  136. 

  137. 			foreach ($configKeys as $i => $key) {

  138. 				if (isset($configData[$key])) {

  139. 					$configuration->$key = $configData[$key];

  140. 				}

  141. 			}

  142. 

  143. 			$configuration->saveConfiguration();

  144. 			$this->connectionFactory->get($configID)->clearCache();

  145. 		} catch (OCSException $e) {

  146. 			throw $e;

  147. 		} catch (\Exception $e) {

  148. 			$this->logger->error($e->getMessage(), ['exception' => $e]);

  149. 			throw new OCSException('An issue occurred when modifying the config.');

  150. 		}

  151. 

  152. 		return new DataResponse();

  153. 	}

  154. 

  155. 	/**

  156. 	 * Get a configuration

  157. 	 *

  158. 	 * Output can look like this:

  159. 	 * <?xml version="1.0"?>

  160. 	 * <ocs>

  161. 	 *   <meta>

  162. 	 *     <status>ok</status>

  163. 	 *     <statuscode>200</statuscode>

  164. 	 *     <message>OK</message>

  165. 	 *   </meta>

  166. 	 *   <data>

  167. 	 *     <ldapHost>ldaps://my.ldap.server</ldapHost>

  168. 	 *     <ldapPort>7770</ldapPort>

  169. 	 *     <ldapBackupHost></ldapBackupHost>

  170. 	 *     <ldapBackupPort></ldapBackupPort>

  171. 	 *     <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase>

  172. 	 *     <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers>

  173. 	 *     <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups>

  174. 	 *     <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName>

  175. 	 *     <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword>

  176. 	 *     <ldapTLS>1</ldapTLS>

  177. 	 *     <turnOffCertCheck>0</turnOffCertCheck>

  178. 	 *     <ldapIgnoreNamingRules/>

  179. 	 *     <ldapUserDisplayName>displayname</ldapUserDisplayName>

  180. 	 *     <ldapUserDisplayName2>uid</ldapUserDisplayName2>

  181. 	 *     <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass>

  182. 	 *     <ldapUserFilterGroups></ldapUserFilterGroups>

  183. 	 *     <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter>

  184. 	 *     <ldapUserFilterMode>1</ldapUserFilterMode>

  185. 	 *     <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter>

  186. 	 *     <ldapGroupFilterMode>0</ldapGroupFilterMode>

  187. 	 *     <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass>

  188. 	 *     <ldapGroupFilterGroups></ldapGroupFilterGroups>

  189. 	 *     <ldapGroupDisplayName>cn</ldapGroupDisplayName>

  190. 	 *     <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr>

  191. 	 *     <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter>

  192. 	 *     <ldapLoginFilterMode>0</ldapLoginFilterMode>

  193. 	 *     <ldapLoginFilterEmail>0</ldapLoginFilterEmail>

  194. 	 *     <ldapLoginFilterUsername>1</ldapLoginFilterUsername>

  195. 	 *     <ldapLoginFilterAttributes></ldapLoginFilterAttributes>

  196. 	 *     <ldapQuotaAttribute></ldapQuotaAttribute>

  197. 	 *     <ldapQuotaDefault></ldapQuotaDefault>

  198. 	 *     <ldapEmailAttribute>mail</ldapEmailAttribute>

  199. 	 *     <ldapCacheTTL>20</ldapCacheTTL>

  200. 	 *     <ldapUuidUserAttribute>auto</ldapUuidUserAttribute>

  201. 	 *     <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute>

  202. 	 *     <ldapOverrideMainServer></ldapOverrideMainServer>

  203. 	 *     <ldapConfigurationActive>1</ldapConfigurationActive>

  204. 	 *     <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch>

  205. 	 *     <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch>

  206. 	 *     <ldapExperiencedAdmin>0</ldapExperiencedAdmin>

  207. 	 *     <homeFolderNamingRule></homeFolderNamingRule>

  208. 	 *     <hasMemberOfFilterSupport></hasMemberOfFilterSupport>

  209. 	 *     <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership>

  210. 	 *     <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr>

  211. 	 *     <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr>

  212. 	 *     <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr>

  213. 	 *     <lastJpegPhotoLookup>0</lastJpegPhotoLookup>

  214. 	 *     <ldapNestedGroups>0</ldapNestedGroups>

  215. 	 *     <ldapPagingSize>500</ldapPagingSize>

  216. 	 *     <turnOnPasswordChange>1</turnOnPasswordChange>

  217. 	 *     <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL>

  218. 	 *   </data>

  219. 	 * </ocs>

  220. 	 *

  221. 	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)

  222. 	 * @param string $configID ID of the config

  223. 	 * @param bool $showPassword Whether to show the password

  224. 	 * @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}>

  225. 	 * @throws OCSException

  226. 	 * @throws OCSNotFoundException Config not found

  227. 	 *

  228. 	 * 200: Config returned

  229. 	 */

  230. 	public function show($configID, $showPassword = false) {

  231. 		try {

  232. 			$this->ensureConfigIDExists($configID);

  233. 

  234. 			$config = new Configuration($configID);

  235. 			$data = $config->getConfiguration();

  236. 			if (!$showPassword) {

  237. 				$data['ldapAgentPassword'] = '***';

  238. 			}

  239. 			foreach ($data as $key => $value) {

  240. 				if (is_array($value)) {

  241. 					$value = implode(';', $value);

  242. 					$data[$key] = $value;

  243. 				}

  244. 			}

  245. 		} catch (OCSException $e) {

  246. 			throw $e;

  247. 		} catch (\Exception $e) {

  248. 			$this->logger->error($e->getMessage(), ['exception' => $e]);

  249. 			throw new OCSException('An issue occurred when modifying the config.');

  250. 		}

  251. 

  252. 		return new DataResponse($data);

  253. 	}

  254. 

  255. 	/**

  256. 	 * If the given config ID is not available, an exception is thrown

  257. 	 *

  258. 	 * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)

  259. 	 * @param string $configID

  260. 	 * @throws OCSNotFoundException

  261. 	 */

  262. 	private function ensureConfigIDExists($configID): void {

  263. 		$prefixes = $this->ldapHelper->getServerConfigurationPrefixes();

  264. 		if (!in_array($configID, $prefixes, true)) {

  265. 			throw new OCSNotFoundException('Config ID not found');

  266. 		}

  267. 	}

  268. }