[LDAP] throw exception only against prov api

- unbreaks functionality for end users when on demand mapping takes
  place

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

1 files changed, 20 insertions, 1 deletions

diff --git a/apps/user_ldap/lib/Mapping/UserMapping.php b/apps/user_ldap/lib/Mapping/UserMapping.php
index df39f00f58b..ade9c67213a 100644
--- a/apps/user_ldap/lib/Mapping/UserMapping.php
+++ b/apps/user_ldap/lib/Mapping/UserMapping.php
@@ -24,6 +24,8 @@ namespace OCA\User_LDAP\Mapping;
 
 use OCP\HintException;
 use OCP\IDBConnection;
+use OCP\IRequest;
+use OCP\Server;
 use OCP\Support\Subscription\IAssertion;
 
 /**
@@ -34,6 +36,7 @@ use OCP\Support\Subscription\IAssertion;
 class UserMapping extends AbstractMapping {
 
 	private IAssertion $assertion;
+	protected const PROV_API_REGEX = '/\/ocs\/v[1-9].php\/cloud\/(groups|users)/';
 
 	public function __construct(IDBConnection $dbc, IAssertion $assertion) {
 		$this->assertion = $assertion;
@@ -44,7 +47,23 @@ class UserMapping extends AbstractMapping {
 	 * @throws HintException
 	 */
 	public function map($fdn, $name, $uuid): bool {
-		$this->assertion->createUserIsLegit();
+		try {
+			$this->assertion->createUserIsLegit();
+		} catch (HintException $e) {
+			static $isProvisioningApi = null;
+
+			if ($isProvisioningApi === null) {
+				$request = Server::get(IRequest::class);
+				$isProvisioningApi = \preg_match(self::PROV_API_REGEX, $request->getRequestUri()) === 1;
+			}
+			if ($isProvisioningApi) {
+				// only throw when prov API is being used, since functionality
+				// should not break for end users (e.g. when sharing).
+				// On direct API usage, e.g. on users page, this is desired.
+				throw $e;
+			}
+			return false;
+		}
 		return parent::map($fdn, $name, $uuid);
 	}