mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73618 Commits
432 Branches
Tree: fef9fb3bc0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fef9fb3bc0'
${ noResults }
nextcloud/lib/private/User/Database.php

Database.php 14KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  7.  *

  8.  * @author adrien <adrien.waksberg@believedigital.com>

  9.  * @author Aldo "xoen" Giambelluca <xoen@xoen.org>

  10.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  11.  * @author Bart Visscher <bartv@thisnet.nl>

  12.  * @author Bjoern Schiessle <bjoern@schiessle.org>

  13.  * @author Björn Schießle <bjoern@schiessle.org>

  14.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  15.  * @author Daniel Calviño Sánchez <danxuliu@gmail.com>

  16.  * @author fabian <fabian@web2.0-apps.de>

  17.  * @author Georg Ehrke <oc.list@georgehrke.com>

  18.  * @author Jakob Sack <mail@jakobsack.de>

  19.  * @author Joas Schilling <coding@schilljs.com>

  20.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  21.  * @author Loki3000 <github@labcms.ru>

  22.  * @author Lukas Reschke <lukas@statuscode.ch>

  23.  * @author Morris Jobke <hey@morrisjobke.de>

  24.  * @author nishiki <nishiki@yaegashi.fr>

  25.  * @author Robin Appelman <robin@icewind.nl>

  26.  * @author Robin McCorkell <robin@mccorkell.me.uk>

  27.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  28.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  29.  * @author Vincent Petry <vincent@nextcloud.com>

  30.  *

  31.  * @license AGPL-3.0

  32.  *

  33.  * This code is free software: you can redistribute it and/or modify

  34.  * it under the terms of the GNU Affero General Public License, version 3,

  35.  * as published by the Free Software Foundation.

  36.  *

  37.  * This program is distributed in the hope that it will be useful,

  38.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  39.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  40.  * GNU Affero General Public License for more details.

  41.  *

  42.  * You should have received a copy of the GNU Affero General Public License, version 3,

  43.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  44.  *

  45.  */

  46. namespace OC\User;

  47. 

  48. use OCP\AppFramework\Db\TTransactional;

  49. use OCP\Cache\CappedMemoryCache;

  50. use OCP\EventDispatcher\IEventDispatcher;

  51. use OCP\IDBConnection;

  52. use OCP\Security\Events\ValidatePasswordPolicyEvent;

  53. use OCP\Security\IHasher;

  54. use OCP\User\Backend\ABackend;

  55. use OCP\User\Backend\ICheckPasswordBackend;

  56. use OCP\User\Backend\ICountUsersBackend;

  57. use OCP\User\Backend\ICreateUserBackend;

  58. use OCP\User\Backend\IGetDisplayNameBackend;

  59. use OCP\User\Backend\IGetHomeBackend;

  60. use OCP\User\Backend\IGetRealUIDBackend;

  61. use OCP\User\Backend\ISearchKnownUsersBackend;

  62. use OCP\User\Backend\ISetDisplayNameBackend;

  63. use OCP\User\Backend\ISetPasswordBackend;

  64. 

  65. /**

  66.  * Class for user management in a SQL Database (e.g. MySQL, SQLite)

  67.  */

  68. class Database extends ABackend implements

  69. 	ICreateUserBackend,

  70. 	ISetPasswordBackend,

  71. 	ISetDisplayNameBackend,

  72. 	IGetDisplayNameBackend,

  73. 	ICheckPasswordBackend,

  74. 	IGetHomeBackend,

  75. 	ICountUsersBackend,

  76. 	ISearchKnownUsersBackend,

  77. 	IGetRealUIDBackend {

  78. 	/** @var CappedMemoryCache */

  79. 	private $cache;

  80. 

  81. 	/** @var IEventDispatcher */

  82. 	private $eventDispatcher;

  83. 

  84. 	/** @var IDBConnection */

  85. 	private $dbConn;

  86. 

  87. 	/** @var string */

  88. 	private $table;

  89. 

  90. 	use TTransactional;

  91. 

  92. 	/**

  93. 	 * \OC\User\Database constructor.

  94. 	 *

  95. 	 * @param IEventDispatcher $eventDispatcher

  96. 	 * @param string $table

  97. 	 */

  98. 	public function __construct($eventDispatcher = null, $table = 'users') {

  99. 		$this->cache = new CappedMemoryCache();

  100. 		$this->table = $table;

  101. 		$this->eventDispatcher = $eventDispatcher ? $eventDispatcher : \OCP\Server::get(IEventDispatcher::class);

  102. 	}

  103. 

  104. 	/**

  105. 	 * FIXME: This function should not be required!

  106. 	 */

  107. 	private function fixDI() {

  108. 		if ($this->dbConn === null) {

  109. 			$this->dbConn = \OC::$server->getDatabaseConnection();

  110. 		}

  111. 	}

  112. 

  113. 	/**

  114. 	 * Create a new user

  115. 	 *

  116. 	 * @param string $uid The username of the user to create

  117. 	 * @param string $password The password of the new user

  118. 	 * @return bool

  119. 	 *

  120. 	 * Creates a new user. Basic checking of username is done in OC_User

  121. 	 * itself, not in its subclasses.

  122. 	 */

  123. 	public function createUser(string $uid, string $password): bool {

  124. 		$this->fixDI();

  125. 

  126. 		if (!$this->userExists($uid)) {

  127. 			$this->eventDispatcher->dispatchTyped(new ValidatePasswordPolicyEvent($password));

  128. 

  129. 			return $this->atomic(function () use ($uid, $password) {

  130. 				$qb = $this->dbConn->getQueryBuilder();

  131. 				$qb->insert($this->table)

  132. 					->values([

  133. 						'uid' => $qb->createNamedParameter($uid),

  134. 						'password' => $qb->createNamedParameter(\OC::$server->get(IHasher::class)->hash($password)),

  135. 						'uid_lower' => $qb->createNamedParameter(mb_strtolower($uid)),

  136. 					]);

  137. 

  138. 				$result = $qb->executeStatement();

  139. 

  140. 				// Clear cache

  141. 				unset($this->cache[$uid]);

  142. 				// Repopulate the cache

  143. 				$this->loadUser($uid);

  144. 

  145. 				return (bool) $result;

  146. 			}, $this->dbConn);

  147. 		}

  148. 

  149. 		return false;

  150. 	}

  151. 

  152. 	/**

  153. 	 * delete a user

  154. 	 *

  155. 	 * @param string $uid The username of the user to delete

  156. 	 * @return bool

  157. 	 *

  158. 	 * Deletes a user

  159. 	 */

  160. 	public function deleteUser($uid) {

  161. 		$this->fixDI();

  162. 

  163. 		// Delete user-group-relation

  164. 		$query = $this->dbConn->getQueryBuilder();

  165. 		$query->delete($this->table)

  166. 			->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));

  167. 		$result = $query->execute();

  168. 

  169. 		if (isset($this->cache[$uid])) {

  170. 			unset($this->cache[$uid]);

  171. 		}

  172. 

  173. 		return $result ? true : false;

  174. 	}

  175. 

  176. 	private function updatePassword(string $uid, string $passwordHash): bool {

  177. 		$query = $this->dbConn->getQueryBuilder();

  178. 		$query->update($this->table)

  179. 			->set('password', $query->createNamedParameter($passwordHash))

  180. 			->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));

  181. 		$result = $query->execute();

  182. 

  183. 		return $result ? true : false;

  184. 	}

  185. 

  186. 	/**

  187. 	 * Set password

  188. 	 *

  189. 	 * @param string $uid The username

  190. 	 * @param string $password The new password

  191. 	 * @return bool

  192. 	 *

  193. 	 * Change the password of a user

  194. 	 */

  195. 	public function setPassword(string $uid, string $password): bool {

  196. 		$this->fixDI();

  197. 

  198. 		if ($this->userExists($uid)) {

  199. 			$this->eventDispatcher->dispatchTyped(new ValidatePasswordPolicyEvent($password));

  200. 

  201. 			$hasher = \OC::$server->get(IHasher::class);

  202. 			$hashedPassword = $hasher->hash($password);

  203. 

  204. 			$return = $this->updatePassword($uid, $hashedPassword);

  205. 

  206. 			if ($return) {

  207. 				$this->cache[$uid]['password'] = $hashedPassword;

  208. 			}

  209. 

  210. 			return $return;

  211. 		}

  212. 

  213. 		return false;

  214. 	}

  215. 

  216. 	/**

  217. 	 * Set display name

  218. 	 *

  219. 	 * @param string $uid The username

  220. 	 * @param string $displayName The new display name

  221. 	 * @return bool

  222. 	 *

  223. 	 * @throws \InvalidArgumentException

  224. 	 *

  225. 	 * Change the display name of a user

  226. 	 */

  227. 	public function setDisplayName(string $uid, string $displayName): bool {

  228. 		if (mb_strlen($displayName) > 64) {

  229. 			throw new \InvalidArgumentException('Invalid displayname');

  230. 		}

  231. 

  232. 		$this->fixDI();

  233. 

  234. 		if ($this->userExists($uid)) {

  235. 			$query = $this->dbConn->getQueryBuilder();

  236. 			$query->update($this->table)

  237. 				->set('displayname', $query->createNamedParameter($displayName))

  238. 				->where($query->expr()->eq('uid_lower', $query->createNamedParameter(mb_strtolower($uid))));

  239. 			$query->execute();

  240. 

  241. 			$this->cache[$uid]['displayname'] = $displayName;

  242. 

  243. 			return true;

  244. 		}

  245. 

  246. 		return false;

  247. 	}

  248. 

  249. 	/**

  250. 	 * get display name of the user

  251. 	 *

  252. 	 * @param string $uid user ID of the user

  253. 	 * @return string display name

  254. 	 */

  255. 	public function getDisplayName($uid): string {

  256. 		$uid = (string)$uid;

  257. 		$this->loadUser($uid);

  258. 		return empty($this->cache[$uid]['displayname']) ? $uid : $this->cache[$uid]['displayname'];

  259. 	}

  260. 

  261. 	/**

  262. 	 * Get a list of all display names and user ids.

  263. 	 *

  264. 	 * @param string $search

  265. 	 * @param int|null $limit

  266. 	 * @param int|null $offset

  267. 	 * @return array an array of all displayNames (value) and the corresponding uids (key)

  268. 	 */

  269. 	public function getDisplayNames($search = '', $limit = null, $offset = null) {

  270. 		$limit = $this->fixLimit($limit);

  271. 

  272. 		$this->fixDI();

  273. 

  274. 		$query = $this->dbConn->getQueryBuilder();

  275. 

  276. 		$query->select('uid', 'displayname')

  277. 			->from($this->table, 'u')

  278. 			->leftJoin('u', 'preferences', 'p', $query->expr()->andX(

  279. 				$query->expr()->eq('userid', 'uid'),

  280. 				$query->expr()->eq('appid', $query->expr()->literal('settings')),

  281. 				$query->expr()->eq('configkey', $query->expr()->literal('email')))

  282. 			)

  283. 			// sqlite doesn't like re-using a single named parameter here

  284. 			->where($query->expr()->iLike('uid', $query->createPositionalParameter('%' . $this->dbConn->escapeLikeParameter($search) . '%')))

  285. 			->orWhere($query->expr()->iLike('displayname', $query->createPositionalParameter('%' . $this->dbConn->escapeLikeParameter($search) . '%')))

  286. 			->orWhere($query->expr()->iLike('configvalue', $query->createPositionalParameter('%' . $this->dbConn->escapeLikeParameter($search) . '%')))

  287. 			->orderBy($query->func()->lower('displayname'), 'ASC')

  288. 			->addOrderBy('uid_lower', 'ASC')

  289. 			->setMaxResults($limit)

  290. 			->setFirstResult($offset);

  291. 

  292. 		$result = $query->executeQuery();

  293. 		$displayNames = [];

  294. 		while ($row = $result->fetch()) {

  295. 			$displayNames[(string)$row['uid']] = (string)$row['displayname'];

  296. 		}

  297. 

  298. 		return $displayNames;

  299. 	}

  300. 

  301. 	/**

  302. 	 * @param string $searcher

  303. 	 * @param string $pattern

  304. 	 * @param int|null $limit

  305. 	 * @param int|null $offset

  306. 	 * @return array

  307. 	 * @since 21.0.1

  308. 	 */

  309. 	public function searchKnownUsersByDisplayName(string $searcher, string $pattern, ?int $limit = null, ?int $offset = null): array {

  310. 		$limit = $this->fixLimit($limit);

  311. 

  312. 		$this->fixDI();

  313. 

  314. 		$query = $this->dbConn->getQueryBuilder();

  315. 

  316. 		$query->select('u.uid', 'u.displayname')

  317. 			->from($this->table, 'u')

  318. 			->leftJoin('u', 'known_users', 'k', $query->expr()->andX(

  319. 				$query->expr()->eq('k.known_user', 'u.uid'),

  320. 				$query->expr()->eq('k.known_to', $query->createNamedParameter($searcher))

  321. 			))

  322. 			->where($query->expr()->eq('k.known_to', $query->createNamedParameter($searcher)))

  323. 			->andWhere($query->expr()->orX(

  324. 				$query->expr()->iLike('u.uid', $query->createNamedParameter('%' . $this->dbConn->escapeLikeParameter($pattern) . '%')),

  325. 				$query->expr()->iLike('u.displayname', $query->createNamedParameter('%' . $this->dbConn->escapeLikeParameter($pattern) . '%'))

  326. 			))

  327. 			->orderBy('u.displayname', 'ASC')

  328. 			->addOrderBy('u.uid_lower', 'ASC')

  329. 			->setMaxResults($limit)

  330. 			->setFirstResult($offset);

  331. 

  332. 		$result = $query->execute();

  333. 		$displayNames = [];

  334. 		while ($row = $result->fetch()) {

  335. 			$displayNames[(string)$row['uid']] = (string)$row['displayname'];

  336. 		}

  337. 

  338. 		return $displayNames;

  339. 	}

  340. 

  341. 	/**

  342. 	 * Check if the password is correct

  343. 	 *

  344. 	 * @param string $loginName The loginname

  345. 	 * @param string $password The password

  346. 	 * @return string

  347. 	 *

  348. 	 * Check if the password is correct without logging in the user

  349. 	 * returns the user id or false

  350. 	 */

  351. 	public function checkPassword(string $loginName, string $password) {

  352. 		$found = $this->loadUser($loginName);

  353. 

  354. 		if ($found && is_array($this->cache[$loginName])) {

  355. 			$storedHash = $this->cache[$loginName]['password'];

  356. 			$newHash = '';

  357. 			if (\OC::$server->get(IHasher::class)->verify($password, $storedHash, $newHash)) {

  358. 				if (!empty($newHash)) {

  359. 					$this->updatePassword($loginName, $newHash);

  360. 				}

  361. 				return (string)$this->cache[$loginName]['uid'];

  362. 			}

  363. 		}

  364. 

  365. 		return false;

  366. 	}

  367. 

  368. 	/**

  369. 	 * Load an user in the cache

  370. 	 *

  371. 	 * @param string $uid the username

  372. 	 * @return boolean true if user was found, false otherwise

  373. 	 */

  374. 	private function loadUser($uid) {

  375. 		$this->fixDI();

  376. 

  377. 		$uid = (string)$uid;

  378. 		if (!isset($this->cache[$uid])) {

  379. 			//guests $uid could be NULL or ''

  380. 			if ($uid === '') {

  381. 				$this->cache[$uid] = false;

  382. 				return true;

  383. 			}

  384. 

  385. 			$qb = $this->dbConn->getQueryBuilder();

  386. 			$qb->select('uid', 'displayname', 'password')

  387. 				->from($this->table)

  388. 				->where(

  389. 					$qb->expr()->eq(

  390. 						'uid_lower', $qb->createNamedParameter(mb_strtolower($uid))

  391. 					)

  392. 				);

  393. 			$result = $qb->execute();

  394. 			$row = $result->fetch();

  395. 			$result->closeCursor();

  396. 

  397. 			// "uid" is primary key, so there can only be a single result

  398. 			if ($row !== false) {

  399. 				$this->cache[$uid] = [

  400. 					'uid' => (string)$row['uid'],

  401. 					'displayname' => (string)$row['displayname'],

  402. 					'password' => (string)$row['password'],

  403. 				];

  404. 			} else {

  405. 				$this->cache[$uid] = false;

  406. 				return false;

  407. 			}

  408. 		}

  409. 

  410. 		return true;

  411. 	}

  412. 

  413. 	/**

  414. 	 * Get a list of all users

  415. 	 *

  416. 	 * @param string $search

  417. 	 * @param null|int $limit

  418. 	 * @param null|int $offset

  419. 	 * @return string[] an array of all uids

  420. 	 */

  421. 	public function getUsers($search = '', $limit = null, $offset = null) {

  422. 		$limit = $this->fixLimit($limit);

  423. 

  424. 		$users = $this->getDisplayNames($search, $limit, $offset);

  425. 		$userIds = array_map(function ($uid) {

  426. 			return (string)$uid;

  427. 		}, array_keys($users));

  428. 		sort($userIds, SORT_STRING | SORT_FLAG_CASE);

  429. 		return $userIds;

  430. 	}

  431. 

  432. 	/**

  433. 	 * check if a user exists

  434. 	 *

  435. 	 * @param string $uid the username

  436. 	 * @return boolean

  437. 	 */

  438. 	public function userExists($uid) {

  439. 		$this->loadUser($uid);

  440. 		return $this->cache[$uid] !== false;

  441. 	}

  442. 

  443. 	/**

  444. 	 * get the user's home directory

  445. 	 *

  446. 	 * @param string $uid the username

  447. 	 * @return string|false

  448. 	 */

  449. 	public function getHome(string $uid) {

  450. 		if ($this->userExists($uid)) {

  451. 			return \OC::$server->getConfig()->getSystemValueString('datadirectory', \OC::$SERVERROOT . '/data') . '/' . $uid;

  452. 		}

  453. 

  454. 		return false;

  455. 	}

  456. 

  457. 	/**

  458. 	 * @return bool

  459. 	 */

  460. 	public function hasUserListings() {

  461. 		return true;

  462. 	}

  463. 

  464. 	/**

  465. 	 * counts the users in the database

  466. 	 *

  467. 	 * @return int|false

  468. 	 */

  469. 	public function countUsers() {

  470. 		$this->fixDI();

  471. 

  472. 		$query = $this->dbConn->getQueryBuilder();

  473. 		$query->select($query->func()->count('uid'))

  474. 			->from($this->table);

  475. 		$result = $query->executeQuery();

  476. 

  477. 		return $result->fetchOne();

  478. 	}

  479. 

  480. 	/**

  481. 	 * returns the username for the given login name in the correct casing

  482. 	 *

  483. 	 * @param string $loginName

  484. 	 * @return string|false

  485. 	 */

  486. 	public function loginName2UserName($loginName) {

  487. 		if ($this->userExists($loginName)) {

  488. 			return $this->cache[$loginName]['uid'];

  489. 		}

  490. 

  491. 		return false;

  492. 	}

  493. 

  494. 	/**

  495. 	 * Backend name to be shown in user management

  496. 	 *

  497. 	 * @return string the name of the backend to be shown

  498. 	 */

  499. 	public function getBackendName() {

  500. 		return 'Database';

  501. 	}

  502. 

  503. 	public static function preLoginNameUsedAsUserName($param) {

  504. 		if (!isset($param['uid'])) {

  505. 			throw new \Exception('key uid is expected to be set in $param');

  506. 		}

  507. 

  508. 		$backends = \OC::$server->getUserManager()->getBackends();

  509. 		foreach ($backends as $backend) {

  510. 			if ($backend instanceof Database) {

  511. 				/** @var \OC\User\Database $backend */

  512. 				$uid = $backend->loginName2UserName($param['uid']);

  513. 				if ($uid !== false) {

  514. 					$param['uid'] = $uid;

  515. 					return;

  516. 				}

  517. 			}

  518. 		}

  519. 	}

  520. 

  521. 	public function getRealUID(string $uid): string {

  522. 		if (!$this->userExists($uid)) {

  523. 			throw new \RuntimeException($uid . ' does not exist');

  524. 		}

  525. 

  526. 		return $this->cache[$uid]['uid'];

  527. 	}

  528. 

  529. 	private function fixLimit($limit) {

  530. 		if (is_int($limit) && $limit >= 0) {

  531. 			return $limit;

  532. 		}

  533. 

  534. 		return null;

  535. 	}

  536. }