diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2014-05-19 20:52:25 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2014-05-19 20:52:25 +0200 |
| commit | 51a6764f3180a258dc17a6744929866aeddb8779 (patch) | |
| tree | 78452f7027ab7b71d48f1aedc736cd9617430ce8 /apps/user_ldap/lib | |
| parent | 2c483fdca21fc32bf6ef8eaf5835e8e4614acd3a (diff) | |
| parent | b6d2d6329d99c47fa8a01a7a8db7f8f2de6b9f74 (diff) | |
| download | nextcloud-server-51a6764f3180a258dc17a6744929866aeddb8779.tar.gz nextcloud-server-51a6764f3180a258dc17a6744929866aeddb8779.zip | |
Merge branch 'master' into cleanup-list-code
Conflicts:
apps/files_sharing/ajax/list.php
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/access.php | 505 | ||||
| -rw-r--r-- | apps/user_ldap/lib/backendutility.php | 4 | ||||
| -rw-r--r-- | apps/user_ldap/lib/configuration.php | 115 | ||||
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 65 | ||||
| -rw-r--r-- | apps/user_ldap/lib/helper.php | 20 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ildapwrapper.php | 168 | ||||
| -rw-r--r-- | apps/user_ldap/lib/jobs.php | 57 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ldap.php | 127 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ldaputility.php | 4 | ||||
| -rw-r--r-- | apps/user_ldap/lib/proxy.php | 39 | ||||
| -rw-r--r-- | apps/user_ldap/lib/wizard.php | 188 | ||||
| -rw-r--r-- | apps/user_ldap/lib/wizardresult.php | 15 |
12 files changed, 806 insertions, 501 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 712407505fb..78de14f4ee9 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -23,6 +23,10 @@ namespace OCA\user_ldap\lib; +/** + * Class Access + * @package OCA\user_ldap\lib + */ class Access extends LDAPUtility { public $connection; //never ever check this var directly, always use getPagedSearchResultState @@ -30,24 +34,30 @@ class Access extends LDAPUtility { protected $cookies = array(); + /** + * @param Connection $connection + * @param ILDAPWrapper $ldap + */ public function __construct(Connection $connection, ILDAPWrapper $ldap) { parent::__construct($ldap); $this->connection = $connection; } + /** + * @return bool + */ private function checkConnection() { return ($this->connection instanceof Connection); } /** - * @brief reads a given attribute for an LDAP record identified by a DN - * @param $dn the record in question - * @param $attr the attribute that shall be retrieved + * reads a given attribute for an LDAP record identified by a DN + * @param string $dn the record in question + * @param string $attr the attribute that shall be retrieved * if empty, just check the record's existence - * @returns an array of values on success or an empty + * @param string $filter + * @return array|false an array of values on success or an empty * array if $attr is empty, false otherwise - * - * Reads an attribute from an LDAP entry or check if entry exists */ public function readAttribute($dn, $attr, $filter = 'objectClass=*') { if(!$this->checkConnection()) { @@ -105,7 +115,7 @@ class Access extends LDAPUtility { } /** - * @brief checks wether the given attribute`s valua is probably a DN + * checks whether the given attributes value is probably a DN * @param string $attr the attribute in question * @return boolean if so true, otherwise false */ @@ -119,16 +129,16 @@ class Access extends LDAPUtility { } /** - * @brief sanitizes a DN received from the LDAP server - * @param $dn the DN in question - * @return the sanitized DN + * sanitizes a DN received from the LDAP server + * @param array $dn the DN in question + * @return array the sanitized DN */ private function sanitizeDN($dn) { //treating multiple base DNs if(is_array($dn)) { $result = array(); foreach($dn as $singleDN) { - $result[] = $this->sanitizeDN($singleDN); + $result[] = $this->sanitizeDN($singleDN); } return $result; } @@ -163,7 +173,8 @@ class Access extends LDAPUtility { /** * gives back the database table for the query - * @param boolean $isUser + * @param bool $isUser + * @return string */ private function getMapTable($isUser) { if($isUser) { @@ -174,11 +185,9 @@ class Access extends LDAPUtility { } /** - * @brief returns the LDAP DN for the given internal ownCloud name of the group - * @param string $name the ownCloud name in question - * @returns string with the LDAP DN on success, otherwise false - * * returns the LDAP DN for the given internal ownCloud name of the group + * @param string $name the ownCloud name in question + * @return string with the LDAP DN on success, otherwise false */ public function groupname2dn($name) { $dn = $this->ocname2dn($name, false); @@ -191,11 +200,9 @@ class Access extends LDAPUtility { } /** - * @brief returns the LDAP DN for the given internal ownCloud name of the user - * @param $name the ownCloud name in question - * @returns string with the LDAP DN on success, otherwise false - * * returns the LDAP DN for the given internal ownCloud name of the user + * @param string $name the ownCloud name in question + * @return string with the LDAP DN on success, otherwise false */ public function username2dn($name) { $dn = $this->ocname2dn($name, true); @@ -209,12 +216,10 @@ class Access extends LDAPUtility { } /** - * @brief returns the LDAP DN for the given internal ownCloud name - * @param $name the ownCloud name in question - * @param boolean $isUser is it a user? otherwise group - * @returns string with the LDAP DN on success, otherwise false - * * returns the LDAP DN for the given internal ownCloud name + * @param string $name the ownCloud name in question + * @param boolean $isUser is it a user? otherwise group + * @return string with the LDAP DN on success, otherwise false */ private function ocname2dn($name, $isUser) { $table = $this->getMapTable($isUser); @@ -230,15 +235,12 @@ class Access extends LDAPUtility { } /** - * @brief returns the internal ownCloud name for the given LDAP DN of the group - * @param $dn the dn of the group object - * @param $ldapname optional, the display name of the object - * @returns string with with the name to use in ownCloud, false on DN outside of search DN - * - * returns the internal ownCloud name for the given LDAP DN of the - * group, false on DN outside of search DN or failure + * returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure + * @param string $dn the dn of the group object + * @param string $ldapName optional, the display name of the object + * @return string with the name to use in ownCloud, false on DN outside of search DN */ - public function dn2groupname($dn, $ldapname = null) { + public function dn2groupname($dn, $ldapName = null) { //To avoid bypassing the base DN settings under certain circumstances //with the group support, check whether the provided DN matches one of //the given Bases @@ -246,18 +248,16 @@ class Access extends LDAPUtility { return false; } - return $this->dn2ocname($dn, $ldapname, false); + return $this->dn2ocname($dn, $ldapName, false); } /** - * @brief returns the internal ownCloud name for the given LDAP DN of the user - * @param $dn the dn of the user object - * @param $ldapname optional, the display name of the object - * @returns string with with the name to use in ownCloud - * * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure + * @param string $dn the dn of the user object + * @param string $ldapName optional, the display name of the object + * @return string with with the name to use in ownCloud */ - public function dn2username($dn, $ldapname = null) { + public function dn2username($dn, $ldapName = null) { //To avoid bypassing the base DN settings under certain circumstances //with the group support, check whether the provided DN matches one of //the given Bases @@ -265,19 +265,17 @@ class Access extends LDAPUtility { return false; } - return $this->dn2ocname($dn, $ldapname, true); + return $this->dn2ocname($dn, $ldapName, true); } /** - * @brief returns an internal ownCloud name for the given LDAP DN - * @param $dn the dn of the user object - * @param $ldapname optional, the display name of the object - * @param $isUser optional, wether it is a user object (otherwise group assumed) - * @returns string with with the name to use in ownCloud - * - * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN + * returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN + * @param string $dn the dn of the user object + * @param string $ldapName optional, the display name of the object + * @param bool $isUser optional, whether it is a user object (otherwise group assumed) + * @return string with with the name to use in ownCloud */ - public function dn2ocname($dn, $ldapname = null, $isUser = true) { + public function dn2ocname($dn, $ldapName = null, $isUser = true) { $table = $this->getMapTable($isUser); if($isUser) { $fncFindMappedName = 'findMappedUser'; @@ -288,9 +286,9 @@ class Access extends LDAPUtility { } //let's try to retrieve the ownCloud name from the mappings table - $ocname = $this->$fncFindMappedName($dn); - if($ocname) { - return $ocname; + $ocName = $this->$fncFindMappedName($dn); + if($ocName) { + return $ocName; } //second try: get the UUID and check if it is known. Then, update the DN and return the name. @@ -317,13 +315,13 @@ class Access extends LDAPUtility { return false; } - if(is_null($ldapname)) { - $ldapname = $this->readAttribute($dn, $nameAttribute); - if(!isset($ldapname[0]) && empty($ldapname[0])) { + if(is_null($ldapName)) { + $ldapName = $this->readAttribute($dn, $nameAttribute); + if(!isset($ldapName[0]) && empty($ldapName[0])) { \OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', \OCP\Util::INFO); return false; } - $ldapname = $ldapname[0]; + $ldapName = $ldapName[0]; } if($isUser) { @@ -334,27 +332,27 @@ class Access extends LDAPUtility { } else { $username = $uuid; } - $intname = $this->sanitizeUsername($username); + $intName = $this->sanitizeUsername($username); } else { - $intname = $ldapname; + $intName = $ldapName; } //a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups //disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check $originalTTL = $this->connection->ldapCacheTTL; $this->connection->setConfiguration(array('ldapCacheTTL' => 0)); - if(($isUser && !\OCP\User::userExists($intname)) - || (!$isUser && !\OC_Group::groupExists($intname))) { - if($this->mapComponent($dn, $intname, $isUser)) { + if(($isUser && !\OCP\User::userExists($intName)) + || (!$isUser && !\OC_Group::groupExists($intName))) { + if($this->mapComponent($dn, $intName, $isUser)) { $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); - return $intname; + return $intName; } } $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); - $altname = $this->createAltInternalOwnCloudName($intname, $isUser); - if($this->mapComponent($dn, $altname, $isUser)) { - return $altname; + $altName = $this->createAltInternalOwnCloudName($intName, $isUser); + if($this->mapComponent($dn, $altName, $isUser)) { + return $altName; } //if everything else did not help.. @@ -363,9 +361,9 @@ class Access extends LDAPUtility { } /** - * @brief gives back the user names as they are used ownClod internally - * @param $ldapGroups an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... ) - * @returns an array with the user names to use in ownCloud + * gives back the user names as they are used ownClod internally + * @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... ) + * @return array an array with the user names to use in ownCloud * * gives back the user names as they are used ownClod internally */ @@ -374,9 +372,9 @@ class Access extends LDAPUtility { } /** - * @brief gives back the group names as they are used ownClod internally - * @param $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... ) - * @returns an array with the group names to use in ownCloud + * gives back the group names as they are used ownClod internally + * @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... ) + * @return array an array with the group names to use in ownCloud * * gives back the group names as they are used ownClod internally */ @@ -384,6 +382,10 @@ class Access extends LDAPUtility { return $this->ldap2ownCloudNames($ldapGroups, false); } + /** + * @param string $dn + * @return bool|string + */ private function findMappedUser($dn) { static $query = null; if(is_null($query)) { @@ -400,6 +402,10 @@ class Access extends LDAPUtility { return false; } + /** + * @param string $dn + * @return bool|string + */ private function findMappedGroup($dn) { static $query = null; if(is_null($query)) { @@ -416,9 +422,10 @@ class Access extends LDAPUtility { return false; } - /** - * @param boolean $isUsers + * @param array $ldapObjects + * @param bool $isUsers + * @return array */ private function ldap2ownCloudNames($ldapObjects, $isUsers) { if($isUsers) { @@ -430,13 +437,13 @@ class Access extends LDAPUtility { foreach($ldapObjects as $ldapObject) { $nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null; - $ocname = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers); - if($ocname) { - $ownCloudNames[] = $ocname; + $ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers); + if($ocName) { + $ownCloudNames[] = $ocName; if($isUsers) { //cache the user names so it does not need to be retrieved //again later (e.g. sharing dialogue). - $this->cacheUserDisplayName($ocname, $nameByLDAP); + $this->cacheUserDisplayName($ocName, $nameByLDAP); } } continue; @@ -445,19 +452,19 @@ class Access extends LDAPUtility { } /** - * @brief caches the user display name - * @param string the internal owncloud username - * @param string the display name + * caches the user display name + * @param string $ocName the internal ownCloud username + * @param string $displayName the display name */ - public function cacheUserDisplayName($ocname, $displayName) { + public function cacheUserDisplayName($ocName, $displayName) { $cacheKeyTrunk = 'getDisplayName'; - $this->connection->writeToCache($cacheKeyTrunk.$ocname, $displayName); + $this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName); } /** - * @brief creates a unique name for internal ownCloud use for users. Don't call it directly. - * @param $name the display name of the object - * @returns string with with the name to use in ownCloud or false if unsuccessful + * creates a unique name for internal ownCloud use for users. Don't call it directly. + * @param string $name the display name of the object + * @return string with with the name to use in ownCloud or false if unsuccessful * * Instead of using this method directly, call * createAltInternalOwnCloudName($name, true) @@ -477,9 +484,9 @@ class Access extends LDAPUtility { } /** - * @brief creates a unique name for internal ownCloud use for groups. Don't call it directly. - * @param $name the display name of the object - * @returns string with with the name to use in ownCloud or false if unsuccessful. + * creates a unique name for internal ownCloud use for groups. Don't call it directly. + * @param string $name the display name of the object + * @return string with with the name to use in ownCloud or false if unsuccessful. * * Instead of using this method directly, call * createAltInternalOwnCloudName($name, false) @@ -504,17 +511,17 @@ class Access extends LDAPUtility { $lastNo = 1; //will become name_2 } else { natsort($usedNames); - $lastname = array_pop($usedNames); - $lastNo = intval(substr($lastname, strrpos($lastname, '_') + 1)); + $lastName = array_pop($usedNames); + $lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1)); } $altName = $name.'_'.strval($lastNo+1); unset($usedNames); $attempts = 1; while($attempts < 21){ - //Pro forma check to be really sure it is unique - //while loop is just a precaution. If a name is not generated within - //20 attempts, something else is very wrong. Avoids infinite loop. + // Check to be really sure it is unique + // while loop is just a precaution. If a name is not generated within + // 20 attempts, something else is very wrong. Avoids infinite loop. if(!\OC_Group::groupExists($altName)) { return $altName; } @@ -525,10 +532,10 @@ class Access extends LDAPUtility { } /** - * @brief creates a unique name for internal ownCloud use. - * @param $name the display name of the object + * creates a unique name for internal ownCloud use. + * @param string $name the display name of the object * @param boolean $isUser whether name should be created for a user (true) or a group (false) - * @returns string with with the name to use in ownCloud or false if unsuccessful + * @return string with with the name to use in ownCloud or false if unsuccessful */ private function createAltInternalOwnCloudName($name, $isUser) { $originalTTL = $this->connection->ldapCacheTTL; @@ -544,8 +551,8 @@ class Access extends LDAPUtility { } /** - * @brief retrieves all known groups from the mappings table - * @returns array with the results + * retrieves all known groups from the mappings table + * @return array with the results * * retrieves all known groups from the mappings table */ @@ -554,8 +561,8 @@ class Access extends LDAPUtility { } /** - * @brief retrieves all known users from the mappings table - * @returns array with the results + * retrieves all known users from the mappings table + * @return array with the results * * retrieves all known users from the mappings table */ @@ -578,20 +585,20 @@ class Access extends LDAPUtility { } /** - * @brief inserts a new user or group into the mappings table - * @param $dn the record in question - * @param $ocname the name to use in ownCloud - * @param $isUser is it a user or a group? - * @returns true on success, false otherwise + * inserts a new user or group into the mappings table + * @param string $dn the record in question + * @param string $ocName the name to use in ownCloud + * @param bool $isUser is it a user or a group? + * @return bool true on success, false otherwise * * inserts a new user or group into the mappings table */ - private function mapComponent($dn, $ocname, $isUser = true) { + private function mapComponent($dn, $ocName, $isUser = true) { $table = $this->getMapTable($isUser); $sqlAdjustment = ''; - $dbtype = \OCP\Config::getSystemValue('dbtype'); - if($dbtype === 'mysql') { + $dbType = \OCP\Config::getSystemValue('dbtype'); + if($dbType === 'mysql') { $sqlAdjustment = 'FROM DUAL'; } @@ -607,9 +614,9 @@ class Access extends LDAPUtility { '); //feed the DB - $insRows = $insert->execute(array($dn, $ocname, + $insRows = $insert->execute(array($dn, $ocName, $this->getUUID($dn, $isUser), $dn, - $ocname)); + $ocName)); if(\OCP\DB::isError($insRows)) { return false; @@ -623,8 +630,11 @@ class Access extends LDAPUtility { } /** - * @param integer $limit - * @param integer $offset + * @param string $filter + * @param string|string[] $attr + * @param int $limit + * @param int $offset + * @return array */ public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) { return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1)); @@ -632,15 +642,19 @@ class Access extends LDAPUtility { /** * @param string $filter - * @param integer $limit - * @param integer $offset + * @param string|string[] $attr + * @param int $limit + * @param int $offset + * @return array */ public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) { return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1)); } /** - * @param boolean $manyAttributes + * @param array $list + * @param bool $manyAttributes + * @return array */ private function fetchList($list, $manyAttributes) { if(is_array($list)) { @@ -656,12 +670,12 @@ class Access extends LDAPUtility { } /** - * @brief executes an LDAP search, optimized for Users - * @param $filter the LDAP filter for the search - * @param $attr optional, when a certain attribute shall be filtered out + * executes an LDAP search, optimized for Users + * @param string $filter the LDAP filter for the search + * @param string|string[] $attr optional, when a certain attribute shall be filtered out * @param integer $limit * @param integer $offset - * @returns array with the search result + * @return array with the search result * * Executes an LDAP search */ @@ -671,18 +685,22 @@ class Access extends LDAPUtility { /** * @param string $filter + * @param string|string[] $attr + * @param int $limit + * @param int $offset + * @return false|int */ public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) { return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset); } /** - * @brief executes an LDAP search, optimized for Groups + * executes an LDAP search, optimized for Groups * @param string $filter the LDAP filter for the search - * @param $attr optional, when a certain attribute shall be filtered out + * @param string|string[] $attr optional, when a certain attribute shall be filtered out * @param integer $limit * @param integer $offset - * @returns array with the search result + * @return array with the search result * * Executes an LDAP search */ @@ -691,14 +709,14 @@ class Access extends LDAPUtility { } /** - * @brief prepares and executes an LDAP search operation - * @param $filter the LDAP filter for the search - * @param $base an array containing the LDAP subtree(s) that shall be searched - * @param $attr optional, array, one or more attributes that shall be + * prepares and executes an LDAP search operation + * @param string $filter the LDAP filter for the search + * @param array $base an array containing the LDAP subtree(s) that shall be searched + * @param string|string[] $attr optional, array, one or more attributes that shall be * retrieved. Results will according to the order in the array. - * @param $limit optional, maximum results to be counted - * @param $offset optional, a starting point - * @returns array with the search result as first value and pagedSearchOK as + * @param int $limit optional, maximum results to be counted + * @param int $offset optional, a starting point + * @return array|false array with the search result as first value and pagedSearchOK as * second | false if not successful */ private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) { @@ -715,7 +733,7 @@ class Access extends LDAPUtility { return false; } - //check wether paged search should be attempted + //check whether paged search should be attempted $pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset); $linkResources = array_pad(array(), count($base), $cr); @@ -737,17 +755,17 @@ class Access extends LDAPUtility { } /** - * @brief processes an LDAP paged search operation - * @param $sr the array containing the LDAP search resources - * @param $filter the LDAP filter for the search - * @param $base an array containing the LDAP subtree(s) that shall be searched - * @param $iFoundItems number of results in the search operation - * @param $limit maximum results to be counted - * @param $offset a starting point - * @param $pagedSearchOK whether a paged search has been executed - * @param boolean $skipHandling required for paged search when cookies to + * processes an LDAP paged search operation + * @param array $sr the array containing the LDAP search resources + * @param string $filter the LDAP filter for the search + * @param array $base an array containing the LDAP subtree(s) that shall be searched + * @param int $iFoundItems number of results in the search operation + * @param int $limit maximum results to be counted + * @param int $offset a starting point + * @param bool $pagedSearchOK whether a paged search has been executed + * @param bool $skipHandling required for paged search when cookies to * prior results need to be gained - * @returns array with the search result as first value and pagedSearchOK as + * @return array|false array with the search result as first value and pagedSearchOK as * second | false if not successful */ private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) { @@ -778,16 +796,16 @@ class Access extends LDAPUtility { } /** - * @brief executes an LDAP search, but counts the results only + * executes an LDAP search, but counts the results only * @param string $filter the LDAP filter for the search - * @param $base an array containing the LDAP subtree(s) that shall be searched - * @param $attr optional, array, one or more attributes that shall be + * @param array $base an array containing the LDAP subtree(s) that shall be searched + * @param string|string[] $attr optional, array, one or more attributes that shall be * retrieved. Results will according to the order in the array. - * @param $limit optional, maximum results to be counted - * @param $offset optional, a starting point - * @param $skipHandling indicates whether the pages search operation is + * @param int $limit optional, maximum results to be counted + * @param int $offset optional, a starting point + * @param bool $skipHandling indicates whether the pages search operation is * completed - * @returns int | false if the search could not be initialized + * @return int|false Integer or false if the search could not be initialized * */ private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) { @@ -799,7 +817,7 @@ class Access extends LDAPUtility { $counter = 0; $count = null; - $cr = $this->connection->getConnectionResource(); + $this->connection->getConnectionResource(); do { $continue = false; @@ -821,10 +839,15 @@ class Access extends LDAPUtility { return $counter; } - private function countEntriesInSearchResults($searchResults, $limit, - &$hasHitLimit) { + /** + * @param array $searchResults + * @param int $limit + * @param bool $hasHitLimit + * @return int + */ + private function countEntriesInSearchResults($searchResults, $limit, &$hasHitLimit) { $cr = $this->connection->getConnectionResource(); - $count = 0; + $counter = 0; foreach($searchResults as $res) { $count = intval($this->ldap->countEntries($cr, $res)); @@ -838,14 +861,14 @@ class Access extends LDAPUtility { } /** - * @brief executes an LDAP search - * @param $filter the LDAP filter for the search - * @param $base an array containing the LDAP subtree(s) that shall be searched - * @param $attr optional, array, one or more attributes that shall be - * retrieved. Results will according to the order in the array. - * @returns array with the search result - * * Executes an LDAP search + * @param string $filter the LDAP filter for the search + * @param array $base an array containing the LDAP subtree(s) that shall be searched + * @param string|string[] $attr optional, array, one or more attributes that shall be + * @param int $limit + * @param int $offset + * @param bool $skipHandling + * @return array with the search result */ private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) { $search = $this->executeSearch($filter, $base, $attr, $limit, $offset); @@ -873,8 +896,8 @@ class Access extends LDAPUtility { } $findings = array(); - foreach($sr as $key => $res) { - $findings = array_merge($findings, $this->ldap->getEntries($cr , $res )); + foreach($sr as $res) { + $findings = array_merge($findings, $this->ldap->getEntries($cr , $res )); } $this->processPagedSearchStatus($sr, $filter, $base, $findings['count'], @@ -889,9 +912,9 @@ class Access extends LDAPUtility { if(!is_null($attr)) { $selection = array(); - $multiarray = false; + $multiArray = false; if(count($attr) > 1) { - $multiarray = true; + $multiArray = true; $i = 0; } foreach($findings as $item) { @@ -900,7 +923,7 @@ class Access extends LDAPUtility { } $item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8'); - if($multiarray) { + if($multiArray) { foreach($attr as $key) { $key = mb_strtolower($key, 'UTF-8'); if(isset($item[$key])) { @@ -931,7 +954,7 @@ class Access extends LDAPUtility { $findings = $selection; } //we slice the findings, when - //a) paged search insuccessful, though attempted + //a) paged search unsuccessful, though attempted //b) no paged search, but limit set if((!$this->getPagedSearchResultState() && $pagedSearchOK) @@ -945,28 +968,32 @@ class Access extends LDAPUtility { return $findings; } + /** + * @param string $name + * @return bool|mixed|string + */ public function sanitizeUsername($name) { if($this->connection->ldapIgnoreNamingRules) { return $name; } - // Translitaration - //latin characters to ASCII + // Transliteration + // latin characters to ASCII $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name); - //REPLACEMENTS + // Replacements $name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8'); - //every remaining unallowed characters will be removed + // Every remaining disallowed characters will be removed $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); return $name; } /** - * @brief escapes (user provided) parts for LDAP filter + * escapes (user provided) parts for LDAP filter * @param string $input, the provided value - * @return the escaped string + * @return string the escaped string */ public function escapeFilterPart($input) { $search = array('*', '\\', '(', ')'); @@ -975,49 +1002,43 @@ class Access extends LDAPUtility { } /** - * @brief combines the input filters with AND - * @param $filters array, the filters to connect - * @returns the combined filter - * - * Combines Filter arguments with AND + * combines the input filters with AND + * @param string[] $filters the filters to connect + * @return string the combined filter */ public function combineFilterWithAnd($filters) { return $this->combineFilter($filters, '&'); } /** - * @brief combines the input filters with AND - * @param $filters array, the filters to connect - * @returns the combined filter - * - * Combines Filter arguments with AND + * combines the input filters with AND + * @param string[] $filters the filters to connect + * @return string the combined filter */ public function combineFilterWithOr($filters) { return $this->combineFilter($filters, '|'); } /** - * @brief combines the input filters with given operator - * @param $filters array, the filters to connect + * combines the input filters with given operator + * @param string[] $filters the filters to connect * @param string $operator either & or | - * @returns the combined filter - * - * Combines Filter arguments with AND + * @return string the combined filter */ private function combineFilter($filters, $operator) { $combinedFilter = '('.$operator; foreach($filters as $filter) { - if(!empty($filter) && $filter[0] !== '(') { + if(!empty($filter) && $filter[0] !== '(') { $filter = '('.$filter.')'; - } - $combinedFilter.=$filter; + } + $combinedFilter.=$filter; } $combinedFilter.=')'; return $combinedFilter; } /** - * @brief creates a filter part for to perfrom search for users + * creates a filter part for to perform search for users * @param string $search the search term * @return string the final filter part to use in LDAP searches */ @@ -1028,7 +1049,7 @@ class Access extends LDAPUtility { } /** - * @brief creates a filter part for to perfrom search for groups + * creates a filter part for to perform search for groups * @param string $search the search term * @return string the final filter part to use in LDAP searches */ @@ -1039,11 +1060,12 @@ class Access extends LDAPUtility { } /** - * @brief creates a filter part for searches + * creates a filter part for searches * @param string $search the search term + * @param string[]|null $searchAttributes * @param string $fallbackAttribute a fallback attribute in case the user * did not define search attributes. Typically the display name attribute. - * @returns string the final filter part to use in LDAP searches + * @return string the final filter part to use in LDAP searches */ private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) { $filter = array(); @@ -1065,7 +1087,9 @@ class Access extends LDAPUtility { } /** + * @param string $name * @param string $password + * @return bool */ public function areCredentialsValid($name, $password) { $name = $this->DNasBaseParameter($name); @@ -1083,10 +1107,11 @@ class Access extends LDAPUtility { } /** - * @brief auto-detects the directory's UUID attribute - * @param $dn a known DN used to check against - * @param $force the detection should be run, even if it is not set to auto - * @returns true on success, false otherwise + * auto-detects the directory's UUID attribute + * @param string $dn a known DN used to check against + * @param bool $isUser + * @param bool $force the detection should be run, even if it is not set to auto + * @return bool true on success, false otherwise */ private function detectUuidAttribute($dn, $isUser = true, $force = false) { if($isUser) { @@ -1106,7 +1131,7 @@ class Access extends LDAPUtility { return true; } - //for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID + // for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID $testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid'); foreach($testAttributes as $attribute) { @@ -1126,6 +1151,11 @@ class Access extends LDAPUtility { return false; } + /** + * @param string $dn + * @param bool $isUser + * @return array|bool|false + */ public function getUUID($dn, $isUser = true) { if($isUser) { $uuidAttr = 'ldapUuidUserAttribute'; @@ -1153,12 +1183,10 @@ class Access extends LDAPUtility { } /** - * @brief converts a binary ObjectGUID into a string representation - * @param $oguid the ObjectGUID in it's binary form as retrieved from AD - * @returns String - * * converts a binary ObjectGUID into a string representation - * http://www.php.net/manual/en/function.ldap-get-values-len.php#73198 + * @param string $oguid the ObjectGUID in it's binary form as retrieved from AD + * @return string + * @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198 */ private function convertObjectGUID2Str($oguid) { $hex_guid = bin2hex($oguid); @@ -1181,25 +1209,24 @@ class Access extends LDAPUtility { } /** - * @brief converts a stored DN so it can be used as base parameter for LDAP queries - * @param $dn the DN - * @returns String - * - * converts a stored DN so it can be used as base parameter for LDAP queries - * internally we store them for usage in LDAP filters + * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters + * @param string $dn the DN + * @return string */ private function DNasBaseParameter($dn) { return str_ireplace('\\5c', '\\', $dn); } /** - * @brief checks if the given DN is part of the given base DN(s) - * @param $dn the DN - * @param $bases array containing the allowed base DN or DNs - * @returns Boolean + * checks if the given DN is part of the given base DN(s) + * @param string $dn the DN + * @param string[] $bases array containing the allowed base DN or DNs + * @return bool */ private function isDNPartOfBase($dn, $bases) { + $belongsToBase = false; $bases = $this->sanitizeDN($bases); + foreach($bases as $base) { $belongsToBase = true; if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) { @@ -1213,12 +1240,12 @@ class Access extends LDAPUtility { } /** - * @brief get a cookie for the next LDAP paged search - * @param $base a string with the base DN for the search - * @param $filter the search filter to identify the correct search - * @param $limit the limit (or 'pageSize'), to identify the correct search well - * @param $offset the offset for the new search to identify the correct search really good - * @returns string containing the key or empty if none is cached + * get a cookie for the next LDAP paged search + * @param string $base a string with the base DN for the search + * @param string $filter the search filter to identify the correct search + * @param int $limit the limit (or 'pageSize'), to identify the correct search well + * @param int $offset the offset for the new search to identify the correct search really good + * @return string containing the key or empty if none is cached */ private function getPagedResultCookie($base, $filter, $limit, $offset) { if($offset === 0) { @@ -1226,10 +1253,10 @@ class Access extends LDAPUtility { } $offset -= $limit; //we work with cache here - $cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset); + $cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset); $cookie = ''; - if(isset($this->cookies[$cachekey])) { - $cookie = $this->cookies[$cachekey]; + if(isset($this->cookies[$cacheKey])) { + $cookie = $this->cookies[$cacheKey]; if(is_null($cookie)) { $cookie = ''; } @@ -1238,23 +1265,23 @@ class Access extends LDAPUtility { } /** - * @brief set a cookie for LDAP paged search run - * @param $base a string with the base DN for the search - * @param $filter the search filter to identify the correct search - * @param $limit the limit (or 'pageSize'), to identify the correct search well - * @param $offset the offset for the run search to identify the correct search really good - * @param $cookie string containing the cookie returned by ldap_control_paged_result_response + * set a cookie for LDAP paged search run + * @param string $base a string with the base DN for the search + * @param string $filter the search filter to identify the correct search + * @param int $limit the limit (or 'pageSize'), to identify the correct search well + * @param int $offset the offset for the run search to identify the correct search really good + * @param string $cookie string containing the cookie returned by ldap_control_paged_result_response * @return void */ private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) { if(!empty($cookie)) { - $cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset); - $this->cookies[$cachekey] = $cookie; + $cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset); + $this->cookies[$cacheKey] = $cookie; } } /** - * @brief check wether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search. + * Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search. * @return boolean|null true on success, null or false otherwise */ public function getPagedSearchResultState() { @@ -1263,15 +1290,14 @@ class Access extends LDAPUtility { return $result; } - /** - * @brief prepares a paged search, if possible - * @param $filter the LDAP filter for the search - * @param $bases an array containing the LDAP subtree(s) that shall be searched - * @param $attr optional, when a certain attribute shall be filtered outside - * @param $limit - * @param $offset - * + * Prepares a paged search, if possible + * @param string $filter the LDAP filter for the search + * @param string[] $bases an array containing the LDAP subtree(s) that shall be searched + * @param string[] $attr optional, when a certain attribute shall be filtered outside + * @param int $limit + * @param int $offset + * @return bool|true */ private function initPagedSearch($filter, $bases, $attr, $limit, $offset) { $pagedSearchOK = false; @@ -1287,8 +1313,9 @@ class Access extends LDAPUtility { $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset); if(empty($cookie) && ($offset > 0)) { // no cookie known, although the offset is not 0. Maybe cache run out. We need - // to start all over *sigh* (btw, Dear Reader, did you need LDAP paged + // to start all over *sigh* (btw, Dear Reader, did you know LDAP paged // searching was designed by MSFT?) + // Lukas: No, but thanks to reading that source I finally know! $reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit; //a bit recursive, $offset of 0 is the exit \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO); diff --git a/apps/user_ldap/lib/backendutility.php b/apps/user_ldap/lib/backendutility.php index 815757a1a11..c94366ce019 100644 --- a/apps/user_ldap/lib/backendutility.php +++ b/apps/user_ldap/lib/backendutility.php @@ -29,8 +29,8 @@ abstract class BackendUtility { protected $access; /** - * @brief constructor, make sure the subclasses call this one! - * @param $access an instance of Access for LDAP interaction + * constructor, make sure the subclasses call this one! + * @param Access $access an instance of Access for LDAP interaction */ public function __construct(Access $access) { $this->access = $access; diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php index c9ed1e648a2..9c455929b4a 100644 --- a/apps/user_ldap/lib/configuration.php +++ b/apps/user_ldap/lib/configuration.php @@ -82,35 +82,47 @@ class Configuration { /** * @param string $configPrefix + * @param bool $autoRead */ - public function __construct($configPrefix, $autoread = true) { + public function __construct($configPrefix, $autoRead = true) { $this->configPrefix = $configPrefix; - if($autoread) { + if($autoRead) { $this->readConfiguration(); } } + /** + * @param string $name + * @return mixed|void + */ public function __get($name) { if(isset($this->config[$name])) { return $this->config[$name]; } } + /** + * @param string $name + * @param mixed $value + */ public function __set($name, $value) { $this->setConfiguration(array($name => $value)); } + /** + * @return array + */ public function getConfiguration() { return $this->config; } /** - * @brief set LDAP configuration with values delivered by an array, not read + * set LDAP configuration with values delivered by an array, not read * from configuration. It does not save the configuration! To do so, you * must call saveConfiguration afterwards. - * @param $config array that holds the config parameters in an associated + * @param array $config array that holds the config parameters in an associated * array - * @param &$applied optional; array where the set fields will be given to + * @param array &$applied optional; array where the set fields will be given to * @return false|null */ public function setConfiguration($config, &$applied = null) { @@ -119,11 +131,11 @@ class Configuration { } $cta = $this->getConfigTranslationArray(); - foreach($config as $inputkey => $val) { - if(strpos($inputkey, '_') !== false && array_key_exists($inputkey, $cta)) { - $key = $cta[$inputkey]; - } elseif(array_key_exists($inputkey, $this->config)) { - $key = $inputkey; + foreach($config as $inputKey => $val) { + if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) { + $key = $cta[$inputKey]; + } elseif(array_key_exists($inputKey, $this->config)) { + $key = $inputKey; } else { continue; } @@ -150,7 +162,7 @@ class Configuration { } $this->$setMethod($key, $val); if(is_array($applied)) { - $applied[] = $inputkey; + $applied[] = $inputKey; } } @@ -164,7 +176,7 @@ class Configuration { //some are determined continue; } - $dbkey = $cta[$key]; + $dbKey = $cta[$key]; switch($key) { case 'ldapBase': case 'ldapBaseUsers': @@ -180,7 +192,7 @@ class Configuration { break; case 'ldapIgnoreNamingRules': $readMethod = 'getSystemValue'; - $dbkey = $key; + $dbKey = $key; break; case 'ldapAgentPassword': $readMethod = 'getPwd'; @@ -193,14 +205,14 @@ class Configuration { $readMethod = 'getValue'; break; } - $this->config[$key] = $this->$readMethod($dbkey); + $this->config[$key] = $this->$readMethod($dbKey); } $this->configRead = true; } } /** - * @brief saves the current Configuration in the database + * saves the current Configuration in the database */ public function saveConfiguration() { $cta = array_flip($this->getConfigTranslationArray()); @@ -237,8 +249,12 @@ class Configuration { } } - protected function getMultiLine($varname) { - $value = $this->getValue($varname); + /** + * @param string $varName + * @return array|string + */ + protected function getMultiLine($varName) { + $value = $this->getValue($varName); if(empty($value)) { $value = ''; } else { @@ -248,7 +264,11 @@ class Configuration { return $value; } - protected function setMultiLine($varname, $value) { + /** + * @param string $varName + * @param array|string $value + */ + protected function setMultiLine($varName, $value) { if(empty($value)) { $value = ''; } else if (!is_array($value)) { @@ -258,44 +278,69 @@ class Configuration { } } - $this->setValue($varname, $value); + $this->setValue($varName, $value); } - protected function getPwd($varname) { - return base64_decode($this->getValue($varname)); + /** + * @param string $varName + * @return string + */ + protected function getPwd($varName) { + return base64_decode($this->getValue($varName)); } - protected function getLcValue($varname) { - return mb_strtolower($this->getValue($varname), 'UTF-8'); + /** + * @param string $varName + * @return string + */ + protected function getLcValue($varName) { + return mb_strtolower($this->getValue($varName), 'UTF-8'); } - protected function getSystemValue($varname) { + /** + * @param string $varName + * @return string + */ + protected function getSystemValue($varName) { //FIXME: if another system value is added, softcode the default value - return \OCP\Config::getSystemValue($varname, false); + return \OCP\Config::getSystemValue($varName, false); } - protected function getValue($varname) { + /** + * @param string $varName + * @return string + */ + protected function getValue($varName) { static $defaults; if(is_null($defaults)) { $defaults = $this->getDefaults(); } return \OCP\Config::getAppValue('user_ldap', - $this->configPrefix.$varname, - $defaults[$varname]); + $this->configPrefix.$varName, + $defaults[$varName]); } - protected function setValue($varname, $value) { - $this->config[$varname] = $value; + /** + * @param string $varName + * @param mixed $value + */ + protected function setValue($varName, $value) { + $this->config[$varName] = $value; } - protected function saveValue($varname, $value) { + /** + * @param string $varName + * @param string $value + * @return bool + */ + protected function saveValue($varName, $value) { return \OCP\Config::setAppValue('user_ldap', - $this->configPrefix.$varname, + $this->configPrefix.$varName, $value); } /** - * @returns an associative array with the default values. Keys are correspond + * @return array an associative array with the default values. Keys are correspond * to config-value entries in the database table */ public function getDefaults() { @@ -350,7 +395,7 @@ class Configuration { } /** - * @return returns an array that maps internal variable names to database fields + * @return array that maps internal variable names to database fields */ public function getConfigTranslationArray() { //TODO: merge them into one representation @@ -403,4 +448,4 @@ class Configuration { return $array; } -}
\ No newline at end of file +} diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index 173c4ebcc23..52f6c5ceb10 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -42,9 +42,10 @@ class Connection extends LDAPUtility { protected $doNotValidate = false; /** - * @brief Constructor - * @param $configPrefix a string with the prefix for the configkey column (appconfig table) - * @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections + * Constructor + * @param ILDAPWrapper $ldap + * @param string $configPrefix a string with the prefix for the configkey column (appconfig table) + * @param string $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections */ public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') { parent::__construct($ldap); @@ -56,7 +57,7 @@ class Connection extends LDAPUtility { if($memcache->isAvailable()) { $this->cache = $memcache->create(); } else { - $this->cache = \OC_Cache::getGlobalCache(); + $this->cache = \OC\Cache::getGlobalCache(); } $this->hasPagedResultSupport = $this->ldap->hasPagedResultSupport(); @@ -72,7 +73,7 @@ class Connection extends LDAPUtility { } /** - * @brief defines behaviour when the instance is cloned + * defines behaviour when the instance is cloned */ public function __clone() { //a cloned instance inherits the connection resource. It may use it, @@ -82,6 +83,10 @@ class Connection extends LDAPUtility { !is_null($this->configID)); } + /** + * @param string $name + * @return bool|mixed|void + */ public function __get($name) { if(!$this->configured) { $this->readConfiguration(); @@ -94,6 +99,10 @@ class Connection extends LDAPUtility { return $this->configuration->$name; } + /** + * @param string $name + * @param mixed $value + */ public function __set($name, $value) { $this->doNotValidate = false; $before = $this->configuration->$name; @@ -108,10 +117,8 @@ class Connection extends LDAPUtility { } /** - * @brief initializes the LDAP backend - * @param $force read the config settings no matter what - * * initializes the LDAP backend + * @param bool $force read the config settings no matter what */ public function init($force = false) { $this->readConfiguration($force); @@ -136,6 +143,7 @@ class Connection extends LDAPUtility { /** * @param string|null $key + * @return string */ private function getCacheKey($key) { $prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-'; @@ -147,6 +155,7 @@ class Connection extends LDAPUtility { /** * @param string $key + * @return mixed|null */ public function getFromCache($key) { if(!$this->configured) { @@ -166,6 +175,7 @@ class Connection extends LDAPUtility { /** * @param string $key + * @return bool */ public function isCached($key) { if(!$this->configured) { @@ -180,6 +190,7 @@ class Connection extends LDAPUtility { /** * @param string $key + * @param mixed $value */ public function writeToCache($key, $value) { if(!$this->configured) { @@ -199,8 +210,8 @@ class Connection extends LDAPUtility { } /** - * @brief Caches the general LDAP configuration. - * @param $force optional. true, if the re-read should be forced. defaults + * Caches the general LDAP configuration. + * @param bool $force optional. true, if the re-read should be forced. defaults * to false. * @return null */ @@ -212,9 +223,9 @@ class Connection extends LDAPUtility { } /** - * @brief set LDAP configuration with values delivered by an array, not read from configuration - * @param $config array that holds the config parameters in an associated array - * @param &$setParameters optional; array where the set fields will be given to + * set LDAP configuration with values delivered by an array, not read from configuration + * @param array $config array that holds the config parameters in an associated array + * @param array &$setParameters optional; array where the set fields will be given to * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters */ public function setConfiguration($config, &$setParameters = null) { @@ -232,7 +243,7 @@ class Connection extends LDAPUtility { } /** - * @brief saves the current Configuration in the database and empties the + * saves the current Configuration in the database and empties the * cache * @return null */ @@ -242,7 +253,7 @@ class Connection extends LDAPUtility { } /** - * @brief get the current LDAP configuration + * get the current LDAP configuration * @return array */ public function getConfiguration() { @@ -278,7 +289,7 @@ class Connection extends LDAPUtility { private function doSoftValidation() { //if User or Group Base are not set, take over Base DN setting foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) { - $val = $this->configuration->$keyBase; + $val = $this->configuration->$keyBase; if(empty($val)) { $obj = strpos('Users', $keyBase) !== false ? 'Users' : 'Groups'; \OCP\Util::writeLog('user_ldap', @@ -326,9 +337,9 @@ class Connection extends LDAPUtility { } //make sure empty search attributes are saved as simple, empty array - $sakeys = array('ldapAttributesForUserSearch', + $saKeys = array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch'); - foreach($sakeys as $key) { + foreach($saKeys as $key) { $val = $this->configuration->$key; if(is_array($val) && count($val) === 1 && empty($val[0])) { $this->configuration->$key = array(); @@ -345,6 +356,9 @@ class Connection extends LDAPUtility { } } + /** + * @return bool + */ private function doCriticalValidation() { $configurationOK = true; $errorStr = 'Configuration Error (prefix '. @@ -419,8 +433,8 @@ class Connection extends LDAPUtility { } /** - * @brief Validates the user specified configuration - * @returns true if configuration seems OK, false otherwise + * Validates the user specified configuration + * @return bool true if configuration seems OK, false otherwise */ private function validateConfiguration() { @@ -435,8 +449,8 @@ class Connection extends LDAPUtility { // necessary, but advisable. If left empty, give an info message $this->doSoftValidation(); - //second step: critical checks. If left empty or filled wrong, set as - //unconfigured and give a warning. + //second step: critical checks. If left empty or filled wrong, mark as + //not configured and give a warning. return $this->doCriticalValidation(); } @@ -508,12 +522,17 @@ class Connection extends LDAPUtility { } } + /** + * @param string $host + * @param string $port + * @return false|void + */ private function doConnect($host, $port) { if(empty($host)) { return false; } if(strpos($host, '://') !== false) { - //ldap_connect ignores port paramater when URLs are passed + //ldap_connect ignores port parameter when URLs are passed $host .= ':' . $port; } $this->ldapConnectionRes = $this->ldap->connect($host, $port); diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php index b5955cb2abb..37caedc6251 100644 --- a/apps/user_ldap/lib/helper.php +++ b/apps/user_ldap/lib/helper.php @@ -26,8 +26,8 @@ namespace OCA\user_ldap\lib; class Helper { /** - * @brief returns prefixes for each saved LDAP/AD server configuration. - * @param bool optional, whether only active configuration shall be + * returns prefixes for each saved LDAP/AD server configuration. + * @param bool $activeConfigurations optional, whether only active configuration shall be * retrieved, defaults to false * @return array with a list of the available prefixes * @@ -79,8 +79,8 @@ class Helper { /** * - * @brief determines the host for every configured connection - * @return an array with configprefix as keys + * determines the host for every configured connection + * @return array an array with configprefix as keys * */ static public function getServerConfigurationHosts() { @@ -106,8 +106,8 @@ class Helper { } /** - * @brief deletes a given saved LDAP/AD server configuration. - * @param string the configuration prefix of the config to delete + * deletes a given saved LDAP/AD server configuration. + * @param string $prefix the configuration prefix of the config to delete * @return bool true on success, false otherwise */ static public function deleteServerConfiguration($prefix) { @@ -148,7 +148,7 @@ class Helper { * Truncate's the given mapping table * * @param string $mapping either 'user' or 'group' - * @return boolean true on success, false otherwise + * @return bool true on success, false otherwise */ static public function clearMapping($mapping) { if($mapping === 'user') { @@ -176,9 +176,9 @@ class Helper { } /** - * @brief extractsthe domain from a given URL - * @param $url the URL - * @return mixed, domain as string on success, false otherwise + * extractsthe domain from a given URL + * @param string $url the URL + * @return string|false domain as string on success, false otherwise */ static public function getDomainFromURL($url) { $uinfo = parse_url($url); diff --git a/apps/user_ldap/lib/ildapwrapper.php b/apps/user_ldap/lib/ildapwrapper.php index 017d5549690..97ae0810116 100644 --- a/apps/user_ldap/lib/ildapwrapper.php +++ b/apps/user_ldap/lib/ildapwrapper.php @@ -28,178 +28,178 @@ interface ILDAPWrapper { //LDAP functions in use /** - * @brief Bind to LDAP directory + * Bind to LDAP directory * @param resource $link LDAP link resource - * @param $dn an RDN to log in with - * @param $password the password - * @return true on success, false otherwise + * @param string $dn an RDN to log in with + * @param string $password the password + * @return bool true on success, false otherwise * * with $dn and $password as null a anonymous bind is attempted. */ public function bind($link, $dn, $password); /** - * @brief connect to an LDAP server - * @param $host The host to connect to - * @param $port The port to connect to - * @return a link resource on success, otherwise false + * connect to an LDAP server + * @param string $host The host to connect to + * @param string $port The port to connect to + * @return mixed a link resource on success, otherwise false */ public function connect($host, $port); /** - * @brief Send LDAP pagination control - * @param $link LDAP link resource - * @param $pagesize number of results per page - * @param boolean $isCritical Indicates whether the pagination is critical of not. - * @param $cookie structure sent by LDAP server - * @return true on success, false otherwise + * Send LDAP pagination control + * @param resource $link LDAP link resource + * @param int $pageSize number of results per page + * @param bool $isCritical Indicates whether the pagination is critical of not. + * @param array $cookie structure sent by LDAP server + * @return bool true on success, false otherwise */ - public function controlPagedResult($link, $pagesize, $isCritical, $cookie); + public function controlPagedResult($link, $pageSize, $isCritical, $cookie); /** - * @brief Retrieve the LDAP pagination cookie - * @param $link LDAP link resource - * @param $result LDAP result resource - * @param $cookie structure sent by LDAP server - * @return boolean on success, false otherwise + * Retrieve the LDAP pagination cookie + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource + * @param string $cookie structure sent by LDAP server + * @return bool true on success, false otherwise * * Corresponds to ldap_control_paged_result_response */ public function controlPagedResultResponse($link, $result, &$cookie); /** - * @brief Count the number of entries in a search - * @param $link LDAP link resource - * @param $result LDAP result resource - * @return mixed, number of results on success, false otherwise + * Count the number of entries in a search + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource + * @return int|false number of results on success, false otherwise */ public function countEntries($link, $result); /** - * @brief Return the LDAP error number of the last LDAP command - * @param $link LDAP link resource - * @return error message as string + * Return the LDAP error number of the last LDAP command + * @param resource $link LDAP link resource + * @return string error message as string */ public function errno($link); /** - * @brief Return the LDAP error message of the last LDAP command - * @param $link LDAP link resource - * @return error code as integer + * Return the LDAP error message of the last LDAP command + * @param resource $link LDAP link resource + * @return int error code as integer */ public function error($link); /** - * @brief Return first result id - * @param $link LDAP link resource - * @param $result LDAP result resource - * @return an LDAP search result resource + * Return first result id + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource + * @return Resource an LDAP search result resource * */ public function firstEntry($link, $result); /** - * @brief Get attributes from a search result entry - * @param $link LDAP link resource - * @param $result LDAP result resource + * Get attributes from a search result entry + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource * @return array containing the results, false on error * */ public function getAttributes($link, $result); /** - * @brief Get the DN of a result entry - * @param $link LDAP link resource - * @param $result LDAP result resource + * Get the DN of a result entry + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource * @return string containing the DN, false on error */ public function getDN($link, $result); /** - * @brief Get all result entries - * @param $link LDAP link resource - * @param $result LDAP result resource + * Get all result entries + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource * @return array containing the results, false on error */ public function getEntries($link, $result); /** - * @brief Return next result id - * @param $link LDAP link resource + * Return next result id + * @param resource $link LDAP link resource * @param resource $result LDAP entry result resource - * @return an LDAP search result resource + * @return resource an LDAP search result resource * */ public function nextEntry($link, $result); /** - * @brief Read an entry - * @param $link LDAP link resource - * @param $baseDN The DN of the entry to read from - * @param $filter An LDAP filter - * @param $attr array of the attributes to read - * @return an LDAP search result resource + * Read an entry + * @param resource $link LDAP link resource + * @param array $baseDN The DN of the entry to read from + * @param string $filter An LDAP filter + * @param array $attr array of the attributes to read + * @return resource an LDAP search result resource */ public function read($link, $baseDN, $filter, $attr); /** - * @brief Search LDAP tree - * @param $link LDAP link resource - * @param $baseDN The DN of the entry to read from - * @param $filter An LDAP filter - * @param $attr array of the attributes to read - * @param $attrsonly optional, 1 if only attribute types shall be returned - * @param $limit optional, limits the result entries - * @return an LDAP search result resource, false on error + * Search LDAP tree + * @param resource $link LDAP link resource + * @param string $baseDN The DN of the entry to read from + * @param string $filter An LDAP filter + * @param array $attr array of the attributes to read + * @param int $attrsOnly optional, 1 if only attribute types shall be returned + * @param int $limit optional, limits the result entries + * @return resource|false an LDAP search result resource, false on error */ - public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0); + public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0); /** - * @brief Sets the value of the specified option to be $value - * @param $link LDAP link resource - * @param $option a defined LDAP Server option - * @param integer $value the new value for the option - * @return true on success, false otherwise + * Sets the value of the specified option to be $value + * @param resource $link LDAP link resource + * @param string $option a defined LDAP Server option + * @param int $value the new value for the option + * @return bool true on success, false otherwise */ public function setOption($link, $option, $value); /** - * @brief establish Start TLS - * @param $link LDAP link resource - * @return true on success, false otherwise + * establish Start TLS + * @param resource $link LDAP link resource + * @return bool true on success, false otherwise */ public function startTls($link); /** - * @brief Sort the result of a LDAP search - * @param $link LDAP link resource - * @param $result LDAP result resource - * @param $sortfilter attribute to use a key in sort + * Sort the result of a LDAP search + * @param resource $link LDAP link resource + * @param resource $result LDAP result resource + * @param string $sortFilter attribute to use a key in sort */ - public function sort($link, $result, $sortfilter); + public function sort($link, $result, $sortFilter); /** - * @brief Unbind from LDAP directory + * Unbind from LDAP directory * @param resource $link LDAP link resource - * @return true on success, false otherwise + * @return bool true on success, false otherwise */ public function unbind($link); - //additional required methods in owncloud + //additional required methods in ownCloud /** - * @brief Checks whether the server supports LDAP - * @return boolean if it the case, false otherwise + * Checks whether the server supports LDAP + * @return bool true if it the case, false otherwise * */ public function areLDAPFunctionsAvailable(); /** - * @brief Checks whether PHP supports LDAP Paged Results - * @return boolean if it the case, false otherwise + * Checks whether PHP supports LDAP Paged Results + * @return bool true if it the case, false otherwise * */ public function hasPagedResultSupport(); /** - * @brief Checks whether the submitted parameter is a resource - * @param $resource the resource variable to check - * @return boolean if it is a resource, false otherwise + * Checks whether the submitted parameter is a resource + * @param resource $resource the resource variable to check + * @return bool true if it is a resource, false otherwise */ public function isResource($resource); diff --git a/apps/user_ldap/lib/jobs.php b/apps/user_ldap/lib/jobs.php index 9b108da6331..19c041e4db4 100644 --- a/apps/user_ldap/lib/jobs.php +++ b/apps/user_ldap/lib/jobs.php @@ -33,6 +33,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob { $this->interval = self::getRefreshInterval(); } + /** + * @param mixed $argument + */ public function run($argument){ Jobs::updateGroups(); } @@ -57,11 +60,17 @@ class Jobs extends \OC\BackgroundJob\TimedJob { \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – Finished.', \OCP\Util::DEBUG); } + /** + * @return int + */ static private function getRefreshInterval() { //defaults to every hour return \OCP\Config::getAppValue('user_ldap', 'bgjRefreshInterval', 3600); } + /** + * @param string[] $groups + */ static private function handleKnownGroups($groups) { \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – Dealing with known Groups.', \OCP\Util::DEBUG); $query = \OCP\DB::prepare(' @@ -71,32 +80,35 @@ class Jobs extends \OC\BackgroundJob\TimedJob { '); foreach($groups as $group) { //we assume, that self::$groupsFromDB has been retrieved already - $knownUsers = unserialize(self::$groupsFromDB[$group]['owncloudusers']); - $actualUsers = self::getGroupBE()->usersInGroup($group); - $hasChanged = false; - foreach(array_diff($knownUsers, $actualUsers) as $removedUser) { - \OCP\Util::emitHook('OC_User', 'post_removeFromGroup', array('uid' => $removedUser, 'gid' => $group)); - \OCP\Util::writeLog('user_ldap', + $knownUsers = unserialize(self::$groupsFromDB[$group]['owncloudusers']); + $actualUsers = self::getGroupBE()->usersInGroup($group); + $hasChanged = false; + foreach(array_diff($knownUsers, $actualUsers) as $removedUser) { + \OCP\Util::emitHook('OC_User', 'post_removeFromGroup', array('uid' => $removedUser, 'gid' => $group)); + \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".', \OCP\Util::INFO); - $hasChanged = true; - } - foreach(array_diff($actualUsers, $knownUsers) as $addedUser) { - \OCP\Util::emitHook('OC_User', 'post_addToGroup', array('uid' => $addedUser, 'gid' => $group)); - \OCP\Util::writeLog('user_ldap', + $hasChanged = true; + } + foreach(array_diff($actualUsers, $knownUsers) as $addedUser) { + \OCP\Util::emitHook('OC_User', 'post_addToGroup', array('uid' => $addedUser, 'gid' => $group)); + \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".', \OCP\Util::INFO); - $hasChanged = true; - } - if($hasChanged) { + $hasChanged = true; + } + if($hasChanged) { $query->execute(array(serialize($actualUsers), $group)); - } + } } \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with known Groups.', \OCP\Util::DEBUG); } + /** + * @param string[] $createdGroups + */ static private function handleCreatedGroups($createdGroups) { \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – dealing with created Groups.', \OCP\Util::DEBUG); $query = \OCP\DB::prepare(' @@ -109,13 +121,16 @@ class Jobs extends \OC\BackgroundJob\TimedJob { 'bgJ "updateGroups" – new group "'.$createdGroup.'" found.', \OCP\Util::INFO); $users = serialize(self::getGroupBE()->usersInGroup($createdGroup)); - $query->execute(array($createdGroup, $users)); + $query->execute(array($createdGroup, $users)); } \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with created Groups.', \OCP\Util::DEBUG); } + /** + * @param string[] $removedGroups + */ static private function handleRemovedGroups($removedGroups) { \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – dealing with removed groups.', \OCP\Util::DEBUG); $query = \OCP\DB::prepare(' @@ -127,13 +142,16 @@ class Jobs extends \OC\BackgroundJob\TimedJob { \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.', \OCP\Util::INFO); - $query->execute(array($removedGroup)); + $query->execute(array($removedGroup)); } \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with removed groups.', \OCP\Util::DEBUG); } + /** + * @return \OCA\user_ldap\GROUP_LDAP|\OCA\user_ldap\Group_Proxy + */ static private function getGroupBE() { if(!is_null(self::$groupBE)) { return self::$groupBE; @@ -152,6 +170,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob { return self::$groupBE; } + /** + * @return array + */ static private function getKnownGroups() { if(is_array(self::$groupsFromDB)) { return self::$groupsFromDB; @@ -163,7 +184,7 @@ class Jobs extends \OC\BackgroundJob\TimedJob { $result = $query->execute()->fetchAll(); self::$groupsFromDB = array(); foreach($result as $dataset) { - self::$groupsFromDB[$dataset['owncloudname']] = $dataset; + self::$groupsFromDB[$dataset['owncloudname']] = $dataset; } return self::$groupsFromDB; diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php index d1ca91045b2..2b20b2ab738 100644 --- a/apps/user_ldap/lib/ldap.php +++ b/apps/user_ldap/lib/ldap.php @@ -27,14 +27,31 @@ class LDAP implements ILDAPWrapper { protected $curFunc = ''; protected $curArgs = array(); + /** + * @param resource $link + * @param string $dn + * @param string $password + * @return bool|mixed + */ public function bind($link, $dn, $password) { return $this->invokeLDAPMethod('bind', $link, $dn, $password); } + /** + * @param string $host + * @param string $port + * @return mixed + */ public function connect($host, $port) { return $this->invokeLDAPMethod('connect', $host, $port); } + /** + * @param LDAP $link + * @param LDAP $result + * @param string $cookie + * @return bool|LDAP + */ public function controlPagedResultResponse($link, $result, &$cookie) { $this->preFunctionCall('ldap_control_paged_result_response', array($link, $result, $cookie)); @@ -44,70 +61,150 @@ class LDAP implements ILDAPWrapper { return $result; } - public function controlPagedResult($link, $pagesize, $isCritical, $cookie) { - return $this->invokeLDAPMethod('control_paged_result', $link, $pagesize, + /** + * @param LDAP $link + * @param int $pageSize + * @param bool $isCritical + * @param string $cookie + * @return mixed|true + */ + public function controlPagedResult($link, $pageSize, $isCritical, $cookie) { + return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize, $isCritical, $cookie); } + /** + * @param LDAP $link + * @param LDAP $result + * @return mixed + */ public function countEntries($link, $result) { return $this->invokeLDAPMethod('count_entries', $link, $result); } + /** + * @param LDAP $link + * @return mixed|string + */ public function errno($link) { return $this->invokeLDAPMethod('errno', $link); } + /** + * @param LDAP $link + * @return int|mixed + */ public function error($link) { return $this->invokeLDAPMethod('error', $link); } + /** + * @param LDAP $link + * @param LDAP $result + * @return mixed + */ public function firstEntry($link, $result) { return $this->invokeLDAPMethod('first_entry', $link, $result); } + /** + * @param LDAP $link + * @param LDAP $result + * @return array|mixed + */ public function getAttributes($link, $result) { return $this->invokeLDAPMethod('get_attributes', $link, $result); } + /** + * @param LDAP $link + * @param LDAP $result + * @return mixed|string + */ public function getDN($link, $result) { return $this->invokeLDAPMethod('get_dn', $link, $result); } + /** + * @param LDAP $link + * @param LDAP $result + * @return array|mixed + */ public function getEntries($link, $result) { return $this->invokeLDAPMethod('get_entries', $link, $result); } + /** + * @param LDAP $link + * @param resource $result + * @return mixed|an + */ public function nextEntry($link, $result) { return $this->invokeLDAPMethod('next_entry', $link, $result); } + /** + * @param LDAP $link + * @param string $baseDN + * @param string $filter + * @param array $attr + * @return mixed + */ public function read($link, $baseDN, $filter, $attr) { return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr); } - public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0) { - return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, - $attr, $attrsonly, $limit); + /** + * @param LDAP $link + * @param string $baseDN + * @param string $filter + * @param array $attr + * @param int $attrsOnly + * @param int $limit + * @return mixed + */ + public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) { + return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit); } + /** + * @param LDAP $link + * @param string $option + * @param int $value + * @return bool|mixed + */ public function setOption($link, $option, $value) { return $this->invokeLDAPMethod('set_option', $link, $option, $value); } - public function sort($link, $result, $sortfilter) { - return $this->invokeLDAPMethod('sort', $link, $result, $sortfilter); + /** + * @param LDAP $link + * @param LDAP $result + * @param string $sortFilter + * @return mixed + */ + public function sort($link, $result, $sortFilter) { + return $this->invokeLDAPMethod('sort', $link, $result, $sortFilter); } + /** + * @param LDAP $link + * @return mixed|true + */ public function startTls($link) { return $this->invokeLDAPMethod('start_tls', $link); } + /** + * @param resource $link + * @return bool|mixed + */ public function unbind($link) { return $this->invokeLDAPMethod('unbind', $link); } /** - * @brief Checks whether the server supports LDAP + * Checks whether the server supports LDAP * @return boolean if it the case, false otherwise * */ public function areLDAPFunctionsAvailable() { @@ -115,7 +212,7 @@ class LDAP implements ILDAPWrapper { } /** - * @brief Checks whether PHP supports LDAP Paged Results + * Checks whether PHP supports LDAP Paged Results * @return boolean if it the case, false otherwise * */ public function hasPagedResultSupport() { @@ -125,14 +222,17 @@ class LDAP implements ILDAPWrapper { } /** - * @brief Checks whether the submitted parameter is a resource - * @param $resource the resource variable to check - * @return boolean if it is a resource, false otherwise + * Checks whether the submitted parameter is a resource + * @param Resource $resource the resource variable to check + * @return bool true if it is a resource, false otherwise */ public function isResource($resource) { return is_resource($resource); } + /** + * @return mixed + */ private function invokeLDAPMethod() { $arguments = func_get_args(); $func = 'ldap_' . array_shift($arguments); @@ -148,6 +248,7 @@ class LDAP implements ILDAPWrapper { /** * @param string $functionName + * @param array $args */ private function preFunctionCall($functionName, $args) { $this->curFunc = $functionName; @@ -181,4 +282,4 @@ class LDAP implements ILDAPWrapper { $this->curFunc = ''; $this->curArgs = array(); } -}
\ No newline at end of file +} diff --git a/apps/user_ldap/lib/ldaputility.php b/apps/user_ldap/lib/ldaputility.php index 7fffd9c88d1..aa1e75e928b 100644 --- a/apps/user_ldap/lib/ldaputility.php +++ b/apps/user_ldap/lib/ldaputility.php @@ -27,8 +27,8 @@ abstract class LDAPUtility { protected $ldap; /** - * @brief constructor, make sure the subclasses call this one! - * @param $ldapWrapper an instance of an ILDAPWrapper + * constructor, make sure the subclasses call this one! + * @param ILDAPWrapper $ldapWrapper an instance of an ILDAPWrapper */ public function __construct(ILDAPWrapper $ldapWrapper) { $this->ldap = $ldapWrapper; diff --git a/apps/user_ldap/lib/proxy.php b/apps/user_ldap/lib/proxy.php index 0eb294eb7a0..d15d1ae8616 100644 --- a/apps/user_ldap/lib/proxy.php +++ b/apps/user_ldap/lib/proxy.php @@ -29,16 +29,26 @@ abstract class Proxy { static private $accesses = array(); private $ldap = null; + /** + * @param ILDAPWrapper $ldap + */ public function __construct(ILDAPWrapper $ldap) { $this->ldap = $ldap; - $this->cache = \OC_Cache::getGlobalCache(); + $this->cache = \OC\Cache::getGlobalCache(); } + /** + * @param string $configPrefix + */ private function addAccess($configPrefix) { $connector = new Connection($this->ldap, $configPrefix); self::$accesses[$configPrefix] = new Access($connector, $this->ldap); } + /** + * @param string $configPrefix + * @return mixed + */ protected function getAccess($configPrefix) { if(!isset(self::$accesses[$configPrefix])) { $this->addAccess($configPrefix); @@ -46,30 +56,45 @@ abstract class Proxy { return self::$accesses[$configPrefix]; } + /** + * @param string $uid + * @return string + */ protected function getUserCacheKey($uid) { return 'user-'.$uid.'-lastSeenOn'; } + /** + * @param string $gid + * @return string + */ protected function getGroupCacheKey($gid) { return 'group-'.$gid.'-lastSeenOn'; } /** - * @param boolean $passOnWhen + * @param string $id * @param string $method + * @param array $parameters + * @param bool $passOnWhen + * @return mixed */ abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen); /** + * @param string $id * @param string $method + * @param array $parameters + * @return mixed */ abstract protected function walkBackends($id, $method, $parameters); /** - * @brief Takes care of the request to the User backend - * @param $uid string, the uid connected to the request + * Takes care of the request to the User backend + * @param string $id * @param string $method string, the method of the user backend that shall be called - * @param $parameters an array of parameters to be passed + * @param array $parameters an array of parameters to be passed + * @param bool $passOnWhen * @return mixed, the result of the specified method */ protected function handleRequest($id, $method, $parameters, $passOnWhen = false) { @@ -82,6 +107,7 @@ abstract class Proxy { /** * @param string|null $key + * @return string */ private function getCacheKey($key) { $prefix = 'LDAP-Proxy-'; @@ -93,6 +119,7 @@ abstract class Proxy { /** * @param string $key + * @return mixed|null */ public function getFromCache($key) { if(!$this->isCached($key)) { @@ -105,6 +132,7 @@ abstract class Proxy { /** * @param string $key + * @return bool */ public function isCached($key) { $key = $this->getCacheKey($key); @@ -113,6 +141,7 @@ abstract class Proxy { /** * @param string $key + * @param mixed $value */ public function writeToCache($key, $value) { $key = $this->getCacheKey($key); diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 8406b2d42a5..b8a0e5ad799 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -44,9 +44,9 @@ class Wizard extends LDAPUtility { const LDAP_NW_TIMEOUT = 4; /** - * @brief Constructor - * @param $configuration an instance of Configuration - * @param $ldap an instance of ILDAPWrapper + * Constructor + * @param Configuration $configuration an instance of Configuration + * @param ILDAPWrapper $ldap an instance of ILDAPWrapper */ public function __construct(Configuration $configuration, ILDAPWrapper $ldap) { parent::__construct($ldap); @@ -63,6 +63,10 @@ class Wizard extends LDAPUtility { } } + /** + * @return WizardResult + * @throws \Exception + */ public function countGroups() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -96,6 +100,10 @@ class Wizard extends LDAPUtility { return $this->result; } + /** + * @return WizardResult + * @throws \Exception + */ public function countUsers() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -125,7 +133,10 @@ class Wizard extends LDAPUtility { return $this->result; } - + /** + * @return WizardResult + * @throws \Exception + */ public function determineAttributes() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -151,7 +162,8 @@ class Wizard extends LDAPUtility { } /** - * @brief return the state of the Group Filter Mode + * return the state of the Group Filter Mode + * @return WizardResult */ public function getGroupFilterMode() { $this->getFilterMode('ldapGroupFilterMode'); @@ -159,7 +171,8 @@ class Wizard extends LDAPUtility { } /** - * @brief return the state of the Login Filter Mode + * return the state of the Login Filter Mode + * @return WizardResult */ public function getLoginFilterMode() { $this->getFilterMode('ldapLoginFilterMode'); @@ -167,7 +180,8 @@ class Wizard extends LDAPUtility { } /** - * @brief return the state of the User Filter Mode + * return the state of the User Filter Mode + * @return WizardResult */ public function getUserFilterMode() { $this->getFilterMode('ldapUserFilterMode'); @@ -175,20 +189,21 @@ class Wizard extends LDAPUtility { } /** - * @brief return the state of the mode of the specified filter - * @param string $confkey string, contains the access key of the Configuration + * return the state of the mode of the specified filter + * @param string $confKey contains the access key of the Configuration */ - private function getFilterMode($confkey) { - $mode = $this->configuration->$confkey; + private function getFilterMode($confKey) { + $mode = $this->configuration->$confKey; if(is_null($mode)) { $mode = $this->LFILTER_MODE_ASSISTED; } - $this->result->addChange($confkey, $mode); + $this->result->addChange($confKey, $mode); } /** - * @brief detects the available LDAP attributes - * @returns the instance's WizardResult instance + * detects the available LDAP attributes + * @return array The instance's WizardResult instance + * @throws \Exception */ private function getUserAttributes() { if(!$this->checkRequirements(array('ldapHost', @@ -220,8 +235,8 @@ class Wizard extends LDAPUtility { } /** - * @brief detects the available LDAP groups - * @returns the instance's WizardResult instance + * detects the available LDAP groups + * @return WizardResult the instance's WizardResult instance */ public function determineGroupsForGroups() { return $this->determineGroups('ldap_groupfilter_groups', @@ -230,8 +245,8 @@ class Wizard extends LDAPUtility { } /** - * @brief detects the available LDAP groups - * @returns the instance's WizardResult instance + * detects the available LDAP groups + * @return WizardResult the instance's WizardResult instance */ public function determineGroupsForUsers() { return $this->determineGroups('ldap_userfilter_groups', @@ -239,12 +254,14 @@ class Wizard extends LDAPUtility { } /** - * @brief detects the available LDAP groups - * @param string $dbkey - * @param string $confkey - * @returns the instance's WizardResult instance + * detects the available LDAP groups + * @param string $dbKey + * @param string $confKey + * @param bool $testMemberOf + * @return WizardResult the instance's WizardResult instance + * @throws \Exception */ - private function determineGroups($dbkey, $confkey, $testMemberOf = true) { + private function determineGroups($dbKey, $confKey, $testMemberOf = true) { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', 'ldapBase', @@ -256,8 +273,8 @@ class Wizard extends LDAPUtility { throw new \Exception('Could not connect to LDAP'); } - $obclasses = array('posixGroup', 'group', 'zimbraDistributionList', '*'); - $this->determineFeature($obclasses, 'cn', $dbkey, $confkey); + $obClasses = array('posixGroup', 'group', 'zimbraDistributionList', '*'); + $this->determineFeature($obClasses, 'cn', $dbKey, $confKey); if($testMemberOf) { $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf(); @@ -270,6 +287,10 @@ class Wizard extends LDAPUtility { return $this->result; } + /** + * @return bool|WizardResult + * @throws \Exception + */ public function determineGroupMemberAssoc() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -289,8 +310,9 @@ class Wizard extends LDAPUtility { } /** - * @brief detects the available object classes - * @returns the instance's WizardResult instance + * Detects the available object classes + * @return WizardResult the instance's WizardResult instance + * @throws \Exception */ public function determineGroupObjectClasses() { if(!$this->checkRequirements(array('ldapHost', @@ -315,8 +337,9 @@ class Wizard extends LDAPUtility { } /** - * @brief detects the available object classes - * @returns the instance's WizardResult instance + * detects the available object classes + * @return WizardResult + * @throws \Exception */ public function determineUserObjectClasses() { if(!$this->checkRequirements(array('ldapHost', @@ -344,6 +367,10 @@ class Wizard extends LDAPUtility { return $this->result; } + /** + * @return WizardResult + * @throws \Exception + */ public function getGroupFilter() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -364,6 +391,10 @@ class Wizard extends LDAPUtility { return $this->result; } + /** + * @return WizardResult + * @throws \Exception + */ public function getUserListFilter() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -386,6 +417,10 @@ class Wizard extends LDAPUtility { return $this->result; } + /** + * @return bool|WizardResult + * @throws \Exception + */ public function getUserLoginFilter() { if(!$this->checkRequirements(array('ldapHost', 'ldapPort', @@ -406,7 +441,8 @@ class Wizard extends LDAPUtility { /** * Tries to determine the port, requires given Host, User DN and Password - * @returns mixed WizardResult on success, false otherwise + * @return WizardResult|false WizardResult on success, false otherwise + * @throws \Exception */ public function guessPortAndTLS() { if(!$this->checkRequirements(array('ldapHost', @@ -443,8 +479,8 @@ class Wizard extends LDAPUtility { } /** - * @brief tries to determine a base dn from User DN or LDAP Host - * @returns mixed WizardResult on success, false otherwise + * tries to determine a base dn from User DN or LDAP Host + * @return WizardResult|false WizardResult on success, false otherwise */ public function guessBaseDN() { if(!$this->checkRequirements(array('ldapHost', @@ -483,11 +519,10 @@ class Wizard extends LDAPUtility { } /** - * @brief sets the found value for the configuration key in the WizardResult + * sets the found value for the configuration key in the WizardResult * as well as in the Configuration instance * @param string $key the configuration key - * @param $value the (detected) value - * @return null + * @param string $value the (detected) value * */ private function applyFind($key, $value) { @@ -496,7 +531,7 @@ class Wizard extends LDAPUtility { } /** - * @brief Checks, whether a port was entered in the Host configuration + * Checks, whether a port was entered in the Host configuration * field. In this case the port will be stripped off, but also stored as * setting. */ @@ -514,9 +549,10 @@ class Wizard extends LDAPUtility { } /** - * @brief tries to detect the group member association attribute which is + * tries to detect the group member association attribute which is * one of 'uniqueMember', 'memberUid', 'member' - * @return mixed, string with the attribute name, false on error + * @return string|false, string with the attribute name, false on error + * @throws \Exception */ private function detectGroupMemberAssoc() { $possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa'); @@ -535,7 +571,7 @@ class Wizard extends LDAPUtility { } $er = $this->ldap->firstEntry($cr, $rr); while(is_resource($er)) { - $dn = $this->ldap->getDN($cr, $er); + $this->ldap->getDN($cr, $er); $attrs = $this->ldap->getAttributes($cr, $er); $result = array(); for($i = 0; $i < count($possibleAttrs); $i++) { @@ -555,9 +591,10 @@ class Wizard extends LDAPUtility { } /** - * @brief Checks whether for a given BaseDN results will be returned + * Checks whether for a given BaseDN results will be returned * @param string $base the BaseDN to test * @return bool true on success, false otherwise + * @throws \Exception */ private function testBaseDN($base) { $cr = $this->getConnection(); @@ -580,10 +617,11 @@ class Wizard extends LDAPUtility { } /** - * @brief Checks whether the server supports memberOf in LDAP Filter. + * Checks whether the server supports memberOf in LDAP Filter. * Requires that groups are determined, thus internally called from within * determineGroups() - * @return bool, true if it does, false otherwise + * @return bool true if it does, false otherwise + * @throws \Exception */ private function testMemberOf() { $cr = $this->getConnection(); @@ -603,7 +641,7 @@ class Wizard extends LDAPUtility { //assuming only groups have their cn cached :) continue; } - $filter = strtolower($filterPrefix . $dn . $filterSuffix); + $filter = strtolower($filterPrefix . $dn . $filterSuffix); $rr = $this->ldap->search($cr, $base, $filter, array('dn')); if(!$this->ldap->isResource($rr)) { continue; @@ -620,11 +658,12 @@ class Wizard extends LDAPUtility { } /** - * @brief creates an LDAP Filter from given configuration + * creates an LDAP Filter from given configuration * @param integer $filterType int, for which use case the filter shall be created * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or * self::LFILTER_GROUP_LIST - * @return mixed, string with the filter on success, false otherwise + * @return string|false string with the filter on success, false otherwise + * @throws \Exception */ private function composeLdapFilter($filterType) { $filter = ''; @@ -737,7 +776,7 @@ class Wizard extends LDAPUtility { if(is_array($attrsToFilter) && count($attrsToFilter) > 0) { $filterAttributes = '(|'; foreach($attrsToFilter as $attribute) { - $filterAttributes .= '(' . $attribute . $loginpart . ')'; + $filterAttributes .= '(' . $attribute . $loginpart . ')'; } $filterAttributes .= ')'; $parts++; @@ -765,9 +804,11 @@ class Wizard extends LDAPUtility { /** * Connects and Binds to an LDAP Server - * @param $port the port to connect with - * @param $tls whether startTLS is to be used - * @return + * @param int $port the port to connect with + * @param bool $tls whether startTLS is to be used + * @param bool $ncc + * @return bool + * @throws \Exception */ private function connectAndBind($port = 389, $tls = false, $ncc = false) { if($ncc) { @@ -819,27 +860,26 @@ class Wizard extends LDAPUtility { if($ncc) { throw new \Exception('Certificate cannot be validated.'); } - \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successfull to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG); + \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG); return true; } - $errno = $this->ldap->errno($cr); + $errNo = $this->ldap->errno($cr); $error = ldap_error($cr); $this->ldap->unbind($cr); - if($errno === -1 || ($errno === 2 && $ncc)) { + if($errNo === -1 || ($errNo === 2 && $ncc)) { //host, port or TLS wrong return false; - } else if ($errno === 2) { + } else if ($errNo === 2) { return $this->connectAndBind($port, $tls, true); } throw new \Exception($error); } /** - * @brief checks whether a valid combination of agent and password has been + * checks whether a valid combination of agent and password has been * provided (either two values or nothing for anonymous connect) - * @return boolean, true if everything is fine, false otherwise - * + * @return bool, true if everything is fine, false otherwise */ private function checkAgentRequirements() { $agent = $this->configuration->ldapAgentName; @@ -850,7 +890,8 @@ class Wizard extends LDAPUtility { } /** - * @param string[] $reqs + * @param array $reqs + * @return bool */ private function checkRequirements($reqs) { $this->checkAgentRequirements(); @@ -864,18 +905,17 @@ class Wizard extends LDAPUtility { } /** - * @brief does a cumulativeSearch on LDAP to get different values of a + * does a cumulativeSearch on LDAP to get different values of a * specified attribute * @param string[] $filters array, the filters that shall be used in the search * @param string $attr the attribute of which a list of values shall be returned - * @param $lfw bool, whether the last filter is a wildcard which shall not + * @param bool $lfw whether the last filter is a wildcard which shall not * be processed if there were already findings, defaults to true * @param int $dnReadLimit the amount of how many DNs should be analyzed. * The lower, the faster * @param string $maxF string. if not null, this variable will have the filter that * yields most result entries - * @return mixed, an array with the values on success, false otherwise - * + * @return array|false an array with the values on success, false otherwise */ public function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, $dnReadLimit = 3, &$maxF = null) { $dnRead = array(); @@ -941,15 +981,16 @@ class Wizard extends LDAPUtility { } /** - * @brief determines if and which $attr are available on the LDAP server + * determines if and which $attr are available on the LDAP server * @param string[] $objectclasses the objectclasses to use as search filter * @param string $attr the attribute to look for * @param string $dbkey the dbkey of the setting the feature is connected to * @param string $confkey the confkey counterpart for the $dbkey as used in the * Configuration class - * @param $po boolean, whether the objectClass with most result entries + * @param bool $po whether the objectClass with most result entries * shall be pre-selected via the result - * @returns array, list of found items. + * @return array, list of found items. + * @throws \Exception */ private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) { $cr = $this->getConnection(); @@ -999,10 +1040,10 @@ class Wizard extends LDAPUtility { } /** - * @brief appends a list of values fr - * @param $result resource, the return value from ldap_get_attributes + * appends a list of values fr + * @param resource $result the return value from ldap_get_attributes * @param string $attribute the attribute values to look for - * @param &$known array, new values will be appended here + * @param array &$known new values will be appended here * @return int, state on of the class constants LRESULT_PROCESSED_OK, * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP */ @@ -1013,7 +1054,7 @@ class Wizard extends LDAPUtility { return self::LRESULT_PROCESSED_INVALID; } - //strtolower on all keys for proper comparison + // strtolower on all keys for proper comparison $result = \OCP\Util::mb_array_change_key_case($result); $attribute = strtolower($attribute); if(isset($result[$attribute])) { @@ -1031,6 +1072,9 @@ class Wizard extends LDAPUtility { } } + /** + * @return bool|mixed + */ private function getConnection() { if(!is_null($this->cr)) { return $this->cr; @@ -1057,6 +1101,9 @@ class Wizard extends LDAPUtility { return false; } + /** + * @return array + */ private function getDefaultLdapPortSettings() { static $settings = array( array('port' => 7636, 'tls' => false), @@ -1069,6 +1116,9 @@ class Wizard extends LDAPUtility { return $settings; } + /** + * @return array + */ private function getPortSettingsToTry() { //389 ← LDAP / Unencrypted or StartTLS //636 ← LDAPS / SSL @@ -1096,4 +1146,4 @@ class Wizard extends LDAPUtility { } -}
\ No newline at end of file +} diff --git a/apps/user_ldap/lib/wizardresult.php b/apps/user_ldap/lib/wizardresult.php index 9e0936faa69..42b0bc04654 100644 --- a/apps/user_ldap/lib/wizardresult.php +++ b/apps/user_ldap/lib/wizardresult.php @@ -28,10 +28,17 @@ class WizardResult { protected $options = array(); protected $markedChange = false; + /** + * @param string $key + * @param mixed $value + */ public function addChange($key, $value) { $this->changes[$key] = $value; } + /** + * + */ public function markChange() { $this->markedChange = true; } @@ -47,10 +54,16 @@ class WizardResult { $this->options[$key] = $values; } + /** + * @return bool + */ public function hasChanges() { return (count($this->changes) > 0 || $this->markedChange); } + /** + * @return array + */ public function getResultArray() { $result = array(); $result['changes'] = $this->changes; @@ -59,4 +72,4 @@ class WizardResult { } return $result; } -}
\ No newline at end of file +} |