diff options
| author | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2022-03-10 17:20:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-10 17:20:08 +0100 |
| commit | fd0e25ac708c873cbcfc1a9055e284441ce6e287 (patch) | |
| tree | 1484c0bf7f2458d1121458419267ad15bbc94318 | |
| parent | 143b691a08d9dbbf3bf11b77fe27d41921a32fa5 (diff) | |
| parent | e610e9935d472163f665cfe8c82c20480243c9fc (diff) | |
| download | nextcloud-server-fd0e25ac708c873cbcfc1a9055e284441ce6e287.tar.gz nextcloud-server-fd0e25ac708c873cbcfc1a9055e284441ce6e287.zip | |
Merge pull request #31305 from nextcloud/backport/30938/stable22
[stable22] Fix ldap:check-user method for newly created LDAP users
| -rw-r--r-- | apps/user_ldap/lib/Access.php | 4 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Command/CheckUser.php | 50 |
2 files changed, 24 insertions, 30 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index bcec7d3a759..96fa4c2cce1 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -495,7 +495,7 @@ class Access extends LDAPUtility { /** * returns the internal Nextcloud name for the given LDAP DN of the user, false on DN outside of search DN or failure * - * @param string $dn the dn of the user object + * @param string $fdn the dn of the user object * @param string $ldapName optional, the display name of the object * @return string|false with with the name to use in Nextcloud * @throws \Exception @@ -1791,7 +1791,7 @@ class Access extends LDAPUtility { /** * @param string $dn * @param bool $isUser - * @param null $ldapRecord + * @param array|null $ldapRecord * @return false|string * @throws ServerNotAvailableException */ diff --git a/apps/user_ldap/lib/Command/CheckUser.php b/apps/user_ldap/lib/Command/CheckUser.php index e6b5a634a24..6ccfc9c19ea 100644 --- a/apps/user_ldap/lib/Command/CheckUser.php +++ b/apps/user_ldap/lib/Command/CheckUser.php @@ -4,6 +4,7 @@ * * @author Arthur Schiwon <blizzz@arthur-schiwon.de> * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @author Côme Chilliet <come.chilliet@nextcloud.com> * @author Joas Schilling <coding@schilljs.com> * @author Morris Jobke <hey@morrisjobke.de> * @author Roeland Jago Douma <roeland@famdouma.nl> @@ -48,12 +49,6 @@ class CheckUser extends Command { /** @var UserMapping */ protected $mapping; - /** - * @param User_Proxy $uBackend - * @param Helper $helper - * @param DeletedUsersIndex $dui - * @param UserMapping $mapping - */ public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) { $this->backend = $uBackend; $this->helper = $helper; @@ -62,14 +57,14 @@ class CheckUser extends Command { parent::__construct(); } - protected function configure() { + protected function configure(): void { $this ->setName('ldap:check-user') ->setDescription('checks whether a user exists on LDAP.') ->addArgument( 'ocName', InputArgument::REQUIRED, - 'the user name as used in Nextcloud' + 'the user name as used in Nextcloud, or the LDAP DN' ) ->addOption( 'force', @@ -88,9 +83,15 @@ class CheckUser extends Command { protected function execute(InputInterface $input, OutputInterface $output): int { try { + $this->assertAllowed($input->getOption('force')); $uid = $input->getArgument('ocName'); - $this->isAllowed($input->getOption('force')); - $this->confirmUserIsMapped($uid); + if ($this->backend->getLDAPAccess($uid)->stringResemblesDN($uid)) { + $username = $this->backend->dn2UserName($uid); + if ($username !== false) { + $uid = $username; + } + } + $wasMapped = $this->userWasMapped($uid); $exists = $this->backend->userExistsOnLDAP($uid, true); if ($exists === true) { $output->writeln('The user is still available on LDAP.'); @@ -98,13 +99,15 @@ class CheckUser extends Command { $this->updateUser($uid, $output); } return 0; + } elseif ($wasMapped) { + $this->dui->markUser($uid); + $output->writeln('The user does not exists on LDAP anymore.'); + $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' + . $uid . '"'); + return 0; + } else { + throw new \Exception('The given user is not a recognized LDAP user.'); } - - $this->dui->markUser($uid); - $output->writeln('The user does not exists on LDAP anymore.'); - $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' - . $uid . '"'); - return 0; } catch (\Exception $e) { $output->writeln('<error>' . $e->getMessage(). '</error>'); return 1; @@ -114,24 +117,17 @@ class CheckUser extends Command { /** * checks whether a user is actually mapped * @param string $ocName the username as used in Nextcloud - * @throws \Exception - * @return true */ - protected function confirmUserIsMapped($ocName) { + protected function userWasMapped(string $ocName): bool { $dn = $this->mapping->getDNByName($ocName); - if ($dn === false) { - throw new \Exception('The given user is not a recognized LDAP user.'); - } - - return true; + return $dn !== false; } /** * checks whether the setup allows reliable checking of LDAP user existence * @throws \Exception - * @return true */ - protected function isAllowed($force) { + protected function assertAllowed(bool $force): void { if ($this->helper->haveDisabledConfigurations() && !$force) { throw new \Exception('Cannot check user existence, because ' . 'disabled LDAP configurations are present.'); @@ -140,8 +136,6 @@ class CheckUser extends Command { // we don't check ldapUserCleanupInterval from config.php because this // action is triggered manually, while the setting only controls the // background job. - - return true; } private function updateUser(string $uid, OutputInterface $output): void { |