Merge pull request #14401 from owncloud/ux-s2s-ldap

allow login names to be used for s2s with LDAP users

5 files changed, 106 insertions, 13 deletions

diff --git a/apps/files_sharing/api/server2server.php b/apps/files_sharing/api/server2server.php
index 8bda0bb8749..211dc52c333 100644
--- a/apps/files_sharing/api/server2server.php
+++ b/apps/files_sharing/api/server2server.php
@@ -51,6 +51,14 @@ class Server2Server {
 				return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.');
 			}
 
+			\OCP\Util::writeLog('files_sharing', 'shareWith before, ' . $shareWith, \OCP\Util::DEBUG);
+			\OCP\Util::emitHook(
+				'\OCA\Files_Sharing\API\Server2Server',
+				'preLoginNameUsedAsUserName',
+				array('uid' => &$shareWith)
+			);
+			\OCP\Util::writeLog('files_sharing', 'shareWith after, ' . $shareWith, \OCP\Util::DEBUG);
+
 			if (!\OCP\User::userExists($shareWith)) {
 				return new \OC_OCS_Result(null, 400, 'User does not exists');
 			}
diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
index 5457e6b654f..68fd1b698e0 100644
--- a/apps/user_ldap/appinfo/app.php
+++ b/apps/user_ldap/appinfo/app.php
@@ -62,6 +62,13 @@ if(count($configPrefixes) > 0) {
 OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs');
 OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp');
 
+\OCP\Util::connectHook(
+	'\OCA\Files_Sharing\API\Server2Server',
+	'preLoginNameUsedAsUserName',
+	'\OCA\user_ldap\lib\Helper',
+	'loginName2UserName'
+);
+
 if(OCP\App::isEnabled('user_webdavauth')) {
 	OCP\Util::writeLog('user_ldap',
 		'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php
index 40874b2ef9f..57b75823a1d 100644
--- a/apps/user_ldap/lib/helper.php
+++ b/apps/user_ldap/lib/helper.php
@@ -27,6 +27,9 @@
 
 namespace OCA\user_ldap\lib;
 
+use OCA\user_ldap\lib\LDAP;
+use OCA\user_ldap\User_Proxy;
+
 class Helper {
 
 	/**
@@ -181,4 +184,32 @@ class Helper {
 
 		return $domain;
 	}
+
+	/**
+	 * listens to a hook thrown by server2server sharing and replaces the given
+	 * login name by a username, if it matches an LDAP user.
+	 *
+	 * @param array $param
+	 * @throws \Exception
+	 */
+	public static function loginName2UserName($param) {
+		if(!isset($param['uid'])) {
+			throw new \Exception('key uid is expected to be set in $param');
+		}
+
+		//ain't it ironic?
+		$helper = new Helper();
+
+		$configPrefixes = $helper->getServerConfigurationPrefixes(true);
+		$ldapWrapper = new LDAP();
+		$ocConfig = \OC::$server->getConfig();
+
+		$userBackend  = new User_Proxy(
+			$configPrefixes, $ldapWrapper, $ocConfig
+		);
+		$uid = $userBackend->loginName2UserName($param['uid'] );
+		if($uid !== false) {
+			$param['uid'] = $uid;
+		}
+	}
 }
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index a2f4b4ee9e5..00cba718369 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -71,6 +71,43 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
 	}
 
 	/**
+	 * returns the username for the given login name, if available
+	 *
+	 * @param string $loginName
+	 * @return string|false
+	 */
+	public function loginName2UserName($loginName) {
+		try {
+			$ldapRecord = $this->getLDAPUserByLoginName($loginName);
+			$user = $this->access->userManager->get($ldapRecord['dn']);
+			if($user instanceof OfflineUser) {
+				return false;
+			}
+			return $user->getUsername();
+		} catch (\Exception $e) {
+			return false;
+		}
+	}
+
+	/**
+	 * returns an LDAP record based on a given login name
+	 *
+	 * @param string $loginName
+	 * @return array
+	 * @throws \Exception
+	 */
+	public function getLDAPUserByLoginName($loginName) {
+		//find out dn of the user name
+		$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
+			'uid', 'samaccountname');
+		$users = $this->access->fetchUsersByLoginName($loginName, $attrs);
+		if(count($users) < 1) {
+			throw new \Exception('No user available for the given login name.');
+		}
+		return $users[0];
+	}
+
+	/**
 	 * Check if the password is correct
 	 * @param string $uid The username
 	 * @param string $password The password
@@ -79,15 +116,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
 	 * Check if the password is correct without logging in the user
 	 */
 	public function checkPassword($uid, $password) {
-		//find out dn of the user name
-		$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
-			'uid', 'samaccountname');
-		$users = $this->access->fetchUsersByLoginName($uid, $attrs);
-		if(count($users) < 1) {
+		try {
+			$ldapRecord = $this->getLDAPUserByLoginName($uid);
+		} catch(\Exception $e) {
 			return false;
 		}
-		$dn = $users[0]['dn'];
+		$dn = $ldapRecord['dn'];
 		$user = $this->access->userManager->get($dn);
+
 		if(!$user instanceof User) {
 			\OCP\Util::writeLog('user_ldap',
 				'LDAP Login: Could not get user object for DN ' . $dn .
@@ -102,14 +138,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
 			}
 
 			$user->markLogin();
-			if(isset($users[0][$this->access->connection->ldapUserDisplayName])) {
-				$dpn = $users[0][$this->access->connection->ldapUserDisplayName];
+			if(isset($ldapRecord[$this->access->connection->ldapUserDisplayName])) {
+				$dpn = $ldapRecord[$this->access->connection->ldapUserDisplayName];
 				$user->storeDisplayName($dpn);
 			}
-			if(isset($users[0]['uid'])) {
-				$user->storeLDAPUserName($users[0]['uid']);
-			} else if(isset($users[0]['samaccountname'])) {
-				$user->storeLDAPUserName($users[0]['samaccountname']);
+			if(isset($ldapRecord['uid'])) {
+				$user->storeLDAPUserName($ldapRecord['uid']);
+			} else if(isset($ldapRecord['samaccountname'])) {
+				$user->storeLDAPUserName($ldapRecord['samaccountname']);
 			}
 
 			return $user->getUsername();
diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php
index 683529eb902..1491be3f394 100644
--- a/apps/user_ldap/user_proxy.php
+++ b/apps/user_ldap/user_proxy.php
@@ -161,7 +161,7 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
 
 	/**
 	 * check if a user exists on LDAP
-	 * @param string|OCA\User_LDAP\lib\User\User $user either the ownCloud user
+	 * @param string|\OCA\User_LDAP\lib\User\User $user either the ownCloud user
 	 * name or an instance of that user
 	 * @return boolean
 	 */
@@ -183,6 +183,17 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
 	}
 
 	/**
+	 * returns the username for the given login name, if available
+	 *
+	 * @param string $loginName
+	 * @return string|false
+	 */
+	public function loginName2UserName($loginName) {
+		$id = 'LOGINNAME,' . $loginName;
+		return $this->handleRequest($id, 'loginName2UserName', array($loginName));
+	}
+
+	/**
 	 * get the user's home directory
 	 * @param string $uid the username
 	 * @return boolean