mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72553 Commits
420 Branches
Tree: f53ba4b8e4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f53ba4b8e4'
${ noResults }
nextcloud/apps/user_ldap/lib/Command/UpdateUUID.php

UpdateUUID.php 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>

  7.  *

  8.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  9.  * @author Côme Chilliet <come.chilliet@nextcloud.com>

  10.  *

  11.  * @license GNU AGPL version 3 or any later version

  12.  *

  13.  * This program is free software: you can redistribute it and/or modify

  14.  * it under the terms of the GNU Affero General Public License as

  15.  * published by the Free Software Foundation, either version 3 of the

  16.  * License, or (at your option) any later version.

  17.  *

  18.  * This program is distributed in the hope that it will be useful,

  19.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  20.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  21.  * GNU Affero General Public License for more details.

  22.  *

  23.  * You should have received a copy of the GNU Affero General Public License

  24.  * along with this program.  If not, see <https://www.gnu.org/licenses/>.

  25.  *

  26.  */

  27. 

  28. namespace OCA\User_LDAP\Command;

  29. 

  30. use OCA\User_LDAP\Access;

  31. use OCA\User_LDAP\Group_Proxy;

  32. use OCA\User_LDAP\Mapping\AbstractMapping;

  33. use OCA\User_LDAP\Mapping\GroupMapping;

  34. use OCA\User_LDAP\Mapping\UserMapping;

  35. use OCA\User_LDAP\User_Proxy;

  36. use Psr\Log\LoggerInterface;

  37. use Symfony\Component\Console\Command\Command;

  38. use Symfony\Component\Console\Helper\ProgressBar;

  39. use Symfony\Component\Console\Input\InputInterface;

  40. use Symfony\Component\Console\Input\InputOption;

  41. use Symfony\Component\Console\Output\OutputInterface;

  42. use function sprintf;

  43. 

  44. class UuidUpdateReport {

  45. 	public const UNCHANGED = 0;

  46. 	public const UNKNOWN = 1;

  47. 	public const UNREADABLE = 2;

  48. 	public const UPDATED = 3;

  49. 	public const UNWRITABLE = 4;

  50. 	public const UNMAPPED = 5;

  51. 

  52. 	public function __construct(

  53. 		public string $id,

  54. 		public string $dn,

  55. 		public bool $isUser,

  56. 		public int $state,

  57. 		public string $oldUuid = '',

  58. 		public string $newUuid = '',

  59. 	) {

  60. 	}

  61. }

  62. 

  63. class UpdateUUID extends Command {

  64. 	/** @var array<UuidUpdateReport[]> */

  65. 	protected array $reports = [];

  66. 	private bool $dryRun = false;

  67. 

  68. 	public function __construct(

  69. 		private UserMapping $userMapping,

  70. 		private GroupMapping $groupMapping,

  71. 		private User_Proxy $userProxy,

  72. 		private Group_Proxy $groupProxy,

  73. 		private LoggerInterface $logger,

  74. 	) {

  75. 		$this->reports = [

  76. 			UuidUpdateReport::UPDATED => [],

  77. 			UuidUpdateReport::UNKNOWN => [],

  78. 			UuidUpdateReport::UNREADABLE => [],

  79. 			UuidUpdateReport::UNWRITABLE => [],

  80. 			UuidUpdateReport::UNMAPPED => [],

  81. 		];

  82. 		parent::__construct();

  83. 	}

  84. 

  85. 	protected function configure(): void {

  86. 		$this

  87. 			->setName('ldap:update-uuid')

  88. 			->setDescription('Attempts to update UUIDs of user and group entries. By default, the command attempts to update UUIDs that have been invalidated by a migration step.')

  89. 			->addOption(

  90. 				'all',

  91. 				null,

  92. 				InputOption::VALUE_NONE,

  93. 				'updates every user and group. All other options are ignored.'

  94. 			)

  95. 			->addOption(

  96. 				'userId',

  97. 				null,

  98. 				InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY,

  99. 				'a user ID to update'

  100. 			)

  101. 			->addOption(

  102. 				'groupId',

  103. 				null,

  104. 				InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY,

  105. 				'a group ID to update'

  106. 			)

  107. 			->addOption(

  108. 				'dn',

  109. 				null,

  110. 				InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY,

  111. 				'a DN to update'

  112. 			)

  113. 			->addOption(

  114. 				'dry-run',

  115. 				null,

  116. 				InputOption::VALUE_NONE,

  117. 				'UUIDs will not be updated in the database'

  118. 			)

  119. 		;

  120. 	}

  121. 

  122. 	protected function execute(InputInterface $input, OutputInterface $output): int {

  123. 		$this->dryRun = $input->getOption('dry-run');

  124. 		$entriesToUpdate = $this->estimateNumberOfUpdates($input);

  125. 		$progress = new ProgressBar($output);

  126. 		$progress->start($entriesToUpdate);

  127. 		foreach ($this->handleUpdates($input) as $_) {

  128. 			$progress->advance();

  129. 		}

  130. 		$progress->finish();

  131. 		$output->writeln('');

  132. 		$this->printReport($output);

  133. 		return count($this->reports[UuidUpdateReport::UNMAPPED]) === 0

  134. 			&& count($this->reports[UuidUpdateReport::UNREADABLE]) === 0

  135. 			&& count($this->reports[UuidUpdateReport::UNWRITABLE]) === 0

  136. 			? self::SUCCESS

  137. 			: self::FAILURE;

  138. 	}

  139. 

  140. 	protected function printReport(OutputInterface $output): void {

  141. 		if ($output->isQuiet()) {

  142. 			return;

  143. 		}

  144. 

  145. 		if (count($this->reports[UuidUpdateReport::UPDATED]) === 0) {

  146. 			$output->writeln('<info>No record was updated.</info>');

  147. 		} else {

  148. 			$output->writeln(sprintf('<info>%d record(s) were updated.</info>', count($this->reports[UuidUpdateReport::UPDATED])));

  149. 			if ($output->isVerbose()) {

  150. 				/** @var UuidUpdateReport $report */

  151. 				foreach ($this->reports[UuidUpdateReport::UPDATED] as $report) {

  152. 					$output->writeln(sprintf('  %s had their old UUID %s updated to %s', $report->id, $report->oldUuid, $report->newUuid));

  153. 				}

  154. 				$output->writeln('');

  155. 			}

  156. 		}

  157. 

  158. 		if (count($this->reports[UuidUpdateReport::UNMAPPED]) > 0) {

  159. 			$output->writeln(sprintf('<error>%d provided IDs were not mapped. These were:</error>', count($this->reports[UuidUpdateReport::UNMAPPED])));

  160. 			/** @var UuidUpdateReport $report */

  161. 			foreach ($this->reports[UuidUpdateReport::UNMAPPED] as $report) {

  162. 				if (!empty($report->id)) {

  163. 					$output->writeln(sprintf('  %s: %s',

  164. 						$report->isUser ? 'User' : 'Group', $report->id));

  165. 				} elseif (!empty($report->dn)) {

  166. 					$output->writeln(sprintf('  DN: %s', $report->dn));

  167. 				}

  168. 			}

  169. 			$output->writeln('');

  170. 		}

  171. 

  172. 		if (count($this->reports[UuidUpdateReport::UNKNOWN]) > 0) {

  173. 			$output->writeln(sprintf('<info>%d provided IDs were unknown on LDAP.</info>', count($this->reports[UuidUpdateReport::UNKNOWN])));

  174. 			if ($output->isVerbose()) {

  175. 				/** @var UuidUpdateReport $report */

  176. 				foreach ($this->reports[UuidUpdateReport::UNKNOWN] as $report) {

  177. 					$output->writeln(sprintf('  %s: %s', $report->isUser ? 'User' : 'Group', $report->id));

  178. 				}

  179. 				$output->writeln(PHP_EOL . 'Old users can be removed along with their data per occ user:delete.' . PHP_EOL);

  180. 			}

  181. 		}

  182. 

  183. 		if (count($this->reports[UuidUpdateReport::UNREADABLE]) > 0) {

  184. 			$output->writeln(sprintf('<error>For %d records, the UUID could not be read. Double-check your configuration.</error>', count($this->reports[UuidUpdateReport::UNREADABLE])));

  185. 			if ($output->isVerbose()) {

  186. 				/** @var UuidUpdateReport $report */

  187. 				foreach ($this->reports[UuidUpdateReport::UNREADABLE] as $report) {

  188. 					$output->writeln(sprintf('  %s: %s', $report->isUser ? 'User' : 'Group', $report->id));

  189. 				}

  190. 			}

  191. 		}

  192. 

  193. 		if (count($this->reports[UuidUpdateReport::UNWRITABLE]) > 0) {

  194. 			$output->writeln(sprintf('<error>For %d records, the UUID could not be saved to database. Double-check your configuration.</error>', count($this->reports[UuidUpdateReport::UNWRITABLE])));

  195. 			if ($output->isVerbose()) {

  196. 				/** @var UuidUpdateReport $report */

  197. 				foreach ($this->reports[UuidUpdateReport::UNWRITABLE] as $report) {

  198. 					$output->writeln(sprintf('  %s: %s', $report->isUser ? 'User' : 'Group', $report->id));

  199. 				}

  200. 			}

  201. 		}

  202. 	}

  203. 

  204. 	protected function handleUpdates(InputInterface $input): \Generator {

  205. 		if ($input->getOption('all')) {

  206. 			foreach ($this->handleMappingBasedUpdates(false) as $_) {

  207. 				yield;

  208. 			}

  209. 		} elseif ($input->getOption('userId')

  210. 			|| $input->getOption('groupId')

  211. 			|| $input->getOption('dn')

  212. 		) {

  213. 			foreach ($this->handleUpdatesByUserId($input->getOption('userId')) as $_) {

  214. 				yield;

  215. 			}

  216. 			foreach ($this->handleUpdatesByGroupId($input->getOption('groupId')) as $_) {

  217. 				yield;

  218. 			}

  219. 			foreach ($this->handleUpdatesByDN($input->getOption('dn')) as $_) {

  220. 				yield;

  221. 			}

  222. 		} else {

  223. 			foreach ($this->handleMappingBasedUpdates(true) as $_) {

  224. 				yield;

  225. 			}

  226. 		}

  227. 	}

  228. 

  229. 	protected function handleUpdatesByUserId(array $userIds): \Generator {

  230. 		foreach ($this->handleUpdatesByEntryId($userIds, $this->userMapping) as $_) {

  231. 			yield;

  232. 		}

  233. 	}

  234. 

  235. 	protected function handleUpdatesByGroupId(array $groupIds): \Generator {

  236. 		foreach ($this->handleUpdatesByEntryId($groupIds, $this->groupMapping) as $_) {

  237. 			yield;

  238. 		}

  239. 	}

  240. 

  241. 	protected function handleUpdatesByDN(array $dns): \Generator {

  242. 		$userList = $groupList = [];

  243. 		while ($dn = array_pop($dns)) {

  244. 			$uuid = $this->userMapping->getUUIDByDN($dn);

  245. 			if ($uuid) {

  246. 				$id = $this->userMapping->getNameByDN($dn);

  247. 				$userList[] = ['name' => $id, 'uuid' => $uuid];

  248. 				continue;

  249. 			}

  250. 			$uuid = $this->groupMapping->getUUIDByDN($dn);

  251. 			if ($uuid) {

  252. 				$id = $this->groupMapping->getNameByDN($dn);

  253. 				$groupList[] = ['name' => $id, 'uuid' => $uuid];

  254. 				continue;

  255. 			}

  256. 			$this->reports[UuidUpdateReport::UNMAPPED][] = new UuidUpdateReport('', $dn, true, UuidUpdateReport::UNMAPPED);

  257. 			yield;

  258. 		}

  259. 		foreach ($this->handleUpdatesByList($this->userMapping, $userList) as $_) {

  260. 			yield;

  261. 		}

  262. 		foreach ($this->handleUpdatesByList($this->groupMapping, $groupList) as $_) {

  263. 			yield;

  264. 		}

  265. 	}

  266. 

  267. 	protected function handleUpdatesByEntryId(array $ids, AbstractMapping $mapping): \Generator {

  268. 		$isUser = $mapping instanceof UserMapping;

  269. 		$list = [];

  270. 		while ($id = array_pop($ids)) {

  271. 			if (!$dn = $mapping->getDNByName($id)) {

  272. 				$this->reports[UuidUpdateReport::UNMAPPED][] = new UuidUpdateReport($id, '', $isUser, UuidUpdateReport::UNMAPPED);

  273. 				yield;

  274. 				continue;

  275. 			}

  276. 			// Since we know it was mapped the UUID is populated

  277. 			$uuid = $mapping->getUUIDByDN($dn);

  278. 			$list[] = ['name' => $id, 'uuid' => $uuid];

  279. 		}

  280. 		foreach ($this->handleUpdatesByList($mapping, $list) as $_) {

  281. 			yield;

  282. 		}

  283. 	}

  284. 

  285. 	protected function handleMappingBasedUpdates(bool $invalidatedOnly): \Generator {

  286. 		$limit = 1000;

  287. 		/** @var AbstractMapping $mapping*/

  288. 		foreach ([$this->userMapping, $this->groupMapping] as $mapping) {

  289. 			$offset = 0;

  290. 			do {

  291. 				$list = $mapping->getList($offset, $limit, $invalidatedOnly);

  292. 				$offset += $limit;

  293. 

  294. 				foreach ($this->handleUpdatesByList($mapping, $list) as $tick) {

  295. 					yield; // null, for it only advances progress counter

  296. 				}

  297. 			} while (count($list) === $limit);

  298. 		}

  299. 	}

  300. 

  301. 	protected function handleUpdatesByList(AbstractMapping $mapping, array $list): \Generator {

  302. 		if ($mapping instanceof UserMapping) {

  303. 			$isUser = true;

  304. 			$backendProxy = $this->userProxy;

  305. 		} else {

  306. 			$isUser = false;

  307. 			$backendProxy = $this->groupProxy;

  308. 		}

  309. 

  310. 		foreach ($list as $row) {

  311. 			$access = $backendProxy->getLDAPAccess($row['name']);

  312. 			if ($access instanceof Access

  313. 				&& $dn = $mapping->getDNByName($row['name'])) {

  314. 				if ($uuid = $access->getUUID($dn, $isUser)) {

  315. 					if ($uuid !== $row['uuid']) {

  316. 						if ($this->dryRun || $mapping->setUUIDbyDN($uuid, $dn)) {

  317. 							$this->reports[UuidUpdateReport::UPDATED][]

  318. 								= new UuidUpdateReport($row['name'], $dn, $isUser, UuidUpdateReport::UPDATED, $row['uuid'], $uuid);

  319. 						} else {

  320. 							$this->reports[UuidUpdateReport::UNWRITABLE][]

  321. 								= new UuidUpdateReport($row['name'], $dn, $isUser, UuidUpdateReport::UNWRITABLE, $row['uuid'], $uuid);

  322. 						}

  323. 						$this->logger->info('UUID of {id} was updated from {from} to {to}',

  324. 							[

  325. 								'appid' => 'user_ldap',

  326. 								'id' => $row['name'],

  327. 								'from' => $row['uuid'],

  328. 								'to' => $uuid,

  329. 							]

  330. 						);

  331. 					}

  332. 				} else {

  333. 					$this->reports[UuidUpdateReport::UNREADABLE][] = new UuidUpdateReport($row['name'], $dn, $isUser, UuidUpdateReport::UNREADABLE);

  334. 				}

  335. 			} else {

  336. 				$this->reports[UuidUpdateReport::UNKNOWN][] = new UuidUpdateReport($row['name'], '', $isUser, UuidUpdateReport::UNKNOWN);

  337. 			}

  338. 			yield; // null, for it only advances progress counter

  339. 		}

  340. 	}

  341. 

  342. 	protected function estimateNumberOfUpdates(InputInterface $input): int {

  343. 		if ($input->getOption('all')) {

  344. 			return $this->userMapping->count() + $this->groupMapping->count();

  345. 		} elseif ($input->getOption('userId')

  346. 			|| $input->getOption('groupId')

  347. 			|| $input->getOption('dn')

  348. 		) {

  349. 			return count($input->getOption('userId'))

  350. 				+ count($input->getOption('groupId'))

  351. 				+ count($input->getOption('dn'));

  352. 		} else {

  353. 			return $this->userMapping->countInvalidated() + $this->groupMapping->countInvalidated();

  354. 		}

  355. 	}

  356. }