summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoger Szabo <roger.szabo@web.de>2017-04-06 16:26:41 +0800
committerRoger Szabo <roger.szabo@web.de>2017-04-06 16:26:41 +0800
commit33c8bf18575dd618f4df33a0da64f627910aa4b4 (patch)
tree77b10fad4ad01c32e31f4b41733cc96b8845c308
parentbd907a5dac743aa110900ec1aa5fd5c2895b0d0a (diff)
downloadnextcloud-server-33c8bf18575dd618f4df33a0da64f627910aa4b4.tar.gz
nextcloud-server-33c8bf18575dd618f4df33a0da64f627910aa4b4.zip
blizzz comments 03.04.2017
Signed-off-by: Roger Szabo <roger.szabo@web.de>
-rw-r--r--apps/user_ldap/appinfo/routes.php1
-rw-r--r--apps/user_ldap/lib/Access.php2
-rw-r--r--apps/user_ldap/lib/AppInfo/Application.php1
-rw-r--r--apps/user_ldap/lib/Controller/RenewPasswordController.php11
-rw-r--r--apps/user_ldap/lib/User/User.php33
5 files changed, 26 insertions, 22 deletions
diff --git a/apps/user_ldap/appinfo/routes.php b/apps/user_ldap/appinfo/routes.php
index af355173b1b..39964838d48 100644
--- a/apps/user_ldap/appinfo/routes.php
+++ b/apps/user_ldap/appinfo/routes.php
@@ -21,6 +21,7 @@
*
*/
+/** @var $this \OCP\Route\IRouter */
$this->create('user_ldap_ajax_clearMappings', 'ajax/clearMappings.php')
->actionInclude('user_ldap/ajax/clearMappings.php');
$this->create('user_ldap_ajax_deleteConfiguration', 'ajax/deleteConfiguration.php')
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index ff95d96ebdb..f8071b815b7 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -1096,7 +1096,7 @@ class Access extends LDAPUtility implements IUserTools {
* @param bool $skipHandling
* @return array with the search result
*/
- private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
+ public function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
if($limit <= 0) {
//otherwise search will fail
$limit = null;
diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php
index 7932984a7d2..c3fa1ce9f94 100644
--- a/apps/user_ldap/lib/AppInfo/Application.php
+++ b/apps/user_ldap/lib/AppInfo/Application.php
@@ -45,7 +45,6 @@ class Application extends App {
$c->query('UserManager'),
$server->getConfig(),
$c->query('OCP\IL10N'),
- //$c->query('Session'),
$server->getURLGenerator()
);
});
diff --git a/apps/user_ldap/lib/Controller/RenewPasswordController.php b/apps/user_ldap/lib/Controller/RenewPasswordController.php
index 79708e99fa0..4714c0646cd 100644
--- a/apps/user_ldap/lib/Controller/RenewPasswordController.php
+++ b/apps/user_ldap/lib/Controller/RenewPasswordController.php
@@ -55,13 +55,8 @@ class RenewPasswordController extends Controller {
* @param IConfig $config
* @param IURLGenerator $urlGenerator
*/
- function __construct($appName,
- IRequest $request,
- IUserManager $userManager,
- IConfig $config,
- IL10N $l10n,
- ISession $session,
- IURLGenerator $urlGenerator) {
+ function __construct($appName, IRequest $request, IUserManager $userManager,
+ IConfig $config, IL10N $l10n, ISession $session, IURLGenerator $urlGenerator) {
parent::__construct($appName, $request);
$this->userManager = $userManager;
$this->config = $config;
@@ -93,7 +88,7 @@ class RenewPasswordController extends Controller {
if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
}
- $parameters = array();
+ $parameters = [];
$renewPasswordMessages = $this->session->get('renewPasswordMessages');
$errors = [];
$messages = [];
diff --git a/apps/user_ldap/lib/User/User.php b/apps/user_ldap/lib/User/User.php
index 60c487fdb7c..a3ba7c8c85c 100644
--- a/apps/user_ldap/lib/User/User.php
+++ b/apps/user_ldap/lib/User/User.php
@@ -610,11 +610,30 @@ class User {
}
$uid = $params['uid'];
if(isset($uid) && $uid === $this->getUsername()) {
+ //retrieve relevant user attributes
+ $result = $this->access->search('objectclass=*', $this->dn, ['sn', 'pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']);
+
+ if(array_key_exists('pwdpolicysubentry', $result[0])) {
+ $pwdPolicySubentry = $result[0]['pwdpolicysubentry'];
+ if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
+ $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
+ }
+ }
+
+ $pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : null;
+ $pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : null;
+ $pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null;
+
+ //retrieve relevant password policy attributes
+ $result = $this->access->search('objectclass=*', $ppolicyDN, ['cn','pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
+
+ $pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : null;
+ $pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : null;
+ $pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : null;
+
//handle grace login
- $pwdGraceUseTime = $this->access->readAttribute($this->dn, 'pwdGraceUseTime');
$pwdGraceUseTimeCount = count($pwdGraceUseTime);
if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login?
- $pwdGraceAuthNLimit = $this->access->readAttribute($ppolicyDN, 'pwdGraceAuthNLimit');
if($pwdGraceAuthNLimit
&& (count($pwdGraceAuthNLimit) > 0)
&&($pwdGraceUseTimeCount < intval($pwdGraceAuthNLimit[0]))) { //at least one more grace login available?
@@ -628,7 +647,6 @@ class User {
exit();
}
//handle pwdReset attribute
- $pwdReset = $this->access->readAttribute($this->dn, 'pwdReset');
if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true');
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute(
@@ -636,20 +654,11 @@ class User {
exit();
}
//handle password expiry warning
- $pwdChangedTime = $this->access->readAttribute($this->dn, 'pwdChangedTime');//for efficiency read only 1 attribute first
if($pwdChangedTime && (count($pwdChangedTime) > 0)) {
- $pwdPolicySubentry = $this->access->readAttribute($this->dn, 'pwdPolicySubentry');
- if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){
- $ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN
- }
- $pwdMaxAge = $this->access->readAttribute($ppolicyDN, 'pwdMaxAge');
- $pwdExpireWarning = $this->access->readAttribute($ppolicyDN, 'pwdExpireWarning');
if($pwdMaxAge && (count($pwdMaxAge) > 0)
&& $pwdExpireWarning && (count($pwdExpireWarning) > 0)) {
$pwdMaxAgeInt = intval($pwdMaxAge[0]);
$pwdExpireWarningInt = intval($pwdExpireWarning[0]);
- //pwdMaxAge=0 -> password never expires
- //pwdExpireWarning=0 -> don't warn about expiry
if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){
$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]);
$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S'));