diff options
author | Roger Szabo <roger.szabo@web.de> | 2017-04-06 16:26:41 +0800 |
---|---|---|
committer | Roger Szabo <roger.szabo@web.de> | 2017-04-06 16:26:41 +0800 |
commit | 33c8bf18575dd618f4df33a0da64f627910aa4b4 (patch) | |
tree | 77b10fad4ad01c32e31f4b41733cc96b8845c308 | |
parent | bd907a5dac743aa110900ec1aa5fd5c2895b0d0a (diff) | |
download | nextcloud-server-33c8bf18575dd618f4df33a0da64f627910aa4b4.tar.gz nextcloud-server-33c8bf18575dd618f4df33a0da64f627910aa4b4.zip |
blizzz comments 03.04.2017
Signed-off-by: Roger Szabo <roger.szabo@web.de>
-rw-r--r-- | apps/user_ldap/appinfo/routes.php | 1 | ||||
-rw-r--r-- | apps/user_ldap/lib/Access.php | 2 | ||||
-rw-r--r-- | apps/user_ldap/lib/AppInfo/Application.php | 1 | ||||
-rw-r--r-- | apps/user_ldap/lib/Controller/RenewPasswordController.php | 11 | ||||
-rw-r--r-- | apps/user_ldap/lib/User/User.php | 33 |
5 files changed, 26 insertions, 22 deletions
diff --git a/apps/user_ldap/appinfo/routes.php b/apps/user_ldap/appinfo/routes.php index af355173b1b..39964838d48 100644 --- a/apps/user_ldap/appinfo/routes.php +++ b/apps/user_ldap/appinfo/routes.php @@ -21,6 +21,7 @@ * */ +/** @var $this \OCP\Route\IRouter */ $this->create('user_ldap_ajax_clearMappings', 'ajax/clearMappings.php') ->actionInclude('user_ldap/ajax/clearMappings.php'); $this->create('user_ldap_ajax_deleteConfiguration', 'ajax/deleteConfiguration.php') diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index ff95d96ebdb..f8071b815b7 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -1096,7 +1096,7 @@ class Access extends LDAPUtility implements IUserTools { * @param bool $skipHandling * @return array with the search result */ - private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) { + public function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) { if($limit <= 0) { //otherwise search will fail $limit = null; diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php index 7932984a7d2..c3fa1ce9f94 100644 --- a/apps/user_ldap/lib/AppInfo/Application.php +++ b/apps/user_ldap/lib/AppInfo/Application.php @@ -45,7 +45,6 @@ class Application extends App { $c->query('UserManager'), $server->getConfig(), $c->query('OCP\IL10N'), - //$c->query('Session'), $server->getURLGenerator() ); }); diff --git a/apps/user_ldap/lib/Controller/RenewPasswordController.php b/apps/user_ldap/lib/Controller/RenewPasswordController.php index 79708e99fa0..4714c0646cd 100644 --- a/apps/user_ldap/lib/Controller/RenewPasswordController.php +++ b/apps/user_ldap/lib/Controller/RenewPasswordController.php @@ -55,13 +55,8 @@ class RenewPasswordController extends Controller { * @param IConfig $config * @param IURLGenerator $urlGenerator */ - function __construct($appName, - IRequest $request, - IUserManager $userManager, - IConfig $config, - IL10N $l10n, - ISession $session, - IURLGenerator $urlGenerator) { + function __construct($appName, IRequest $request, IUserManager $userManager, + IConfig $config, IL10N $l10n, ISession $session, IURLGenerator $urlGenerator) { parent::__construct($appName, $request); $this->userManager = $userManager; $this->config = $config; @@ -93,7 +88,7 @@ class RenewPasswordController extends Controller { if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); } - $parameters = array(); + $parameters = []; $renewPasswordMessages = $this->session->get('renewPasswordMessages'); $errors = []; $messages = []; diff --git a/apps/user_ldap/lib/User/User.php b/apps/user_ldap/lib/User/User.php index 60c487fdb7c..a3ba7c8c85c 100644 --- a/apps/user_ldap/lib/User/User.php +++ b/apps/user_ldap/lib/User/User.php @@ -610,11 +610,30 @@ class User { } $uid = $params['uid']; if(isset($uid) && $uid === $this->getUsername()) { + //retrieve relevant user attributes + $result = $this->access->search('objectclass=*', $this->dn, ['sn', 'pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']); + + if(array_key_exists('pwdpolicysubentry', $result[0])) { + $pwdPolicySubentry = $result[0]['pwdpolicysubentry']; + if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ + $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN + } + } + + $pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : null; + $pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : null; + $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null; + + //retrieve relevant password policy attributes + $result = $this->access->search('objectclass=*', $ppolicyDN, ['cn','pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']); + + $pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : null; + $pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : null; + $pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : null; + //handle grace login - $pwdGraceUseTime = $this->access->readAttribute($this->dn, 'pwdGraceUseTime'); $pwdGraceUseTimeCount = count($pwdGraceUseTime); if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login? - $pwdGraceAuthNLimit = $this->access->readAttribute($ppolicyDN, 'pwdGraceAuthNLimit'); if($pwdGraceAuthNLimit && (count($pwdGraceAuthNLimit) > 0) &&($pwdGraceUseTimeCount < intval($pwdGraceAuthNLimit[0]))) { //at least one more grace login available? @@ -628,7 +647,6 @@ class User { exit(); } //handle pwdReset attribute - $pwdReset = $this->access->readAttribute($this->dn, 'pwdReset'); if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password $this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( @@ -636,20 +654,11 @@ class User { exit(); } //handle password expiry warning - $pwdChangedTime = $this->access->readAttribute($this->dn, 'pwdChangedTime');//for efficiency read only 1 attribute first if($pwdChangedTime && (count($pwdChangedTime) > 0)) { - $pwdPolicySubentry = $this->access->readAttribute($this->dn, 'pwdPolicySubentry'); - if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ - $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN - } - $pwdMaxAge = $this->access->readAttribute($ppolicyDN, 'pwdMaxAge'); - $pwdExpireWarning = $this->access->readAttribute($ppolicyDN, 'pwdExpireWarning'); if($pwdMaxAge && (count($pwdMaxAge) > 0) && $pwdExpireWarning && (count($pwdExpireWarning) > 0)) { $pwdMaxAgeInt = intval($pwdMaxAge[0]); $pwdExpireWarningInt = intval($pwdExpireWarning[0]); - //pwdMaxAge=0 -> password never expires - //pwdExpireWarning=0 -> don't warn about expiry if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){ $pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]); $pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S')); |