summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2018-04-11 00:44:39 +0200
committerGitHub <noreply@github.com>2018-04-11 00:44:39 +0200
commit38961a725f3b9243d9adaee078167c568c2a3dd6 (patch)
treec25c909c3fb4dc94fa28d45d32e0c7caf23b10dc /apps
parenta3c20356740c392355364b3b119be626a9f34f56 (diff)
parentf1565336bdaa72b6f4beddeb6fa04956f5da8f21 (diff)
downloadnextcloud-server-38961a725f3b9243d9adaee078167c568c2a3dd6.tar.gz
nextcloud-server-38961a725f3b9243d9adaee078167c568c2a3dd6.zip
Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks
add anounce- and (pre/|post)RevokeUser signals for non-native backends
Diffstat (limited to 'apps')
-rw-r--r--apps/admin_audit/lib/Actions/UserManagement.php26
-rw-r--r--apps/admin_audit/lib/AppInfo/Application.php2
-rw-r--r--apps/dav/lib/HookManager.php18
-rw-r--r--apps/user_ldap/ajax/clearMappings.php22
-rw-r--r--apps/user_ldap/lib/Access.php18
-rw-r--r--apps/user_ldap/lib/AccessFactory.php10
-rw-r--r--apps/user_ldap/lib/Jobs/Sync.php3
-rw-r--r--apps/user_ldap/lib/Jobs/UpdateGroups.php2
-rw-r--r--apps/user_ldap/lib/Mapping/AbstractMapping.php26
-rw-r--r--apps/user_ldap/lib/Proxy.php2
-rw-r--r--apps/user_ldap/lib/User_LDAP.php2
-rw-r--r--apps/user_ldap/tests/AccessTest.php12
-rw-r--r--apps/user_ldap/tests/Mapping/AbstractMappingTest.php23
13 files changed, 147 insertions, 19 deletions
diff --git a/apps/admin_audit/lib/Actions/UserManagement.php b/apps/admin_audit/lib/Actions/UserManagement.php
index 45250d4e708..5cf1494df6e 100644
--- a/apps/admin_audit/lib/Actions/UserManagement.php
+++ b/apps/admin_audit/lib/Actions/UserManagement.php
@@ -51,6 +51,19 @@ class UserManagement extends Action {
}
/**
+ * Log assignments of users (typically user backends)
+ *
+ * @param string $uid
+ */
+ public function assign(string $uid) {
+ $this->log(
+ 'UserID assigned: "%s"',
+ [ 'uid' => $uid ],
+ [ 'uid' ]
+ );
+ }
+
+ /**
* Log deletion of users
*
* @param array $params
@@ -66,6 +79,19 @@ class UserManagement extends Action {
}
/**
+ * Log unassignments of users (typically user backends, no data removed)
+ *
+ * @param string $uid
+ */
+ public function unassign(string $uid) {
+ $this->log(
+ 'UserID unassigned: "%s"',
+ [ 'uid' => $uid ],
+ [ 'uid' ]
+ );
+ }
+
+ /**
* Log enabling of users
*
* @param array $params
diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
index 5634a4a67b5..df39e3eb111 100644
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -93,6 +93,8 @@ class Application extends App {
/** @var IUserSession|Session $userSession */
$userSession = $this->getContainer()->getServer()->getUserSession();
$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+ $userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']);
+ $userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']);
}
protected function groupHooks(ILogger $logger) {
diff --git a/apps/dav/lib/HookManager.php b/apps/dav/lib/HookManager.php
index 57b176213e0..b1bd039c65e 100644
--- a/apps/dav/lib/HookManager.php
+++ b/apps/dav/lib/HookManager.php
@@ -77,14 +77,22 @@ class HookManager {
'post_createUser',
$this,
'postCreateUser');
+ \OC::$server->getUserManager()->listen('\OC\User', 'assignedUserId', function ($uid) {
+ $this->postCreateUser(['uid' => $uid]);
+ });
Util::connectHook('OC_User',
'pre_deleteUser',
$this,
'preDeleteUser');
+ \OC::$server->getUserManager()->listen('\OC\User', 'preUnassignedUserId', [$this, 'preUnassignedUserId']);
Util::connectHook('OC_User',
'post_deleteUser',
$this,
'postDeleteUser');
+ \OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', function ($uid) {
+ $this->postDeleteUser(['uid' => $uid]);
+ });
+ \OC::$server->getUserManager()->listen('\OC\User', 'postUnassignedUserId', [$this, 'postUnassignedUserId']);
Util::connectHook('OC_User',
'changeUser',
$this,
@@ -103,6 +111,10 @@ class HookManager {
$this->addressBooksToDelete = $this->cardDav->getUsersOwnAddressBooks('principals/users/' . $uid);
}
+ public function preUnassignedUserId($uid) {
+ $this->usersToDelete[$uid] = $this->userManager->get($uid);
+ }
+
public function postDeleteUser($params) {
$uid = $params['uid'];
if (isset($this->usersToDelete[$uid])){
@@ -119,6 +131,12 @@ class HookManager {
}
}
+ public function postUnassignedUserId($uid) {
+ if (isset($this->usersToDelete[$uid])){
+ $this->syncService->deleteUser($this->usersToDelete[$uid]);
+ }
+ }
+
public function changeUser($params) {
$user = $params['user'];
$this->syncService->updateUser($user);
diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php
index 01b6b7f0ef2..8e2d63e3eb2 100644
--- a/apps/user_ldap/ajax/clearMappings.php
+++ b/apps/user_ldap/ajax/clearMappings.php
@@ -33,13 +33,23 @@ use OCA\User_LDAP\Mapping\GroupMapping;
$subject = (string)$_POST['ldap_clear_mapping'];
$mapping = null;
-if($subject === 'user') {
- $mapping = new UserMapping(\OC::$server->getDatabaseConnection());
-} else if($subject === 'group') {
- $mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
-}
try {
- if(is_null($mapping) || !$mapping->clear()) {
+ if($subject === 'user') {
+ $mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+ $result = $mapping->clearCb(
+ function ($uid) {
+ \OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);
+ },
+ function ($uid) {
+ \OC::$server->getUserManager()->emit('\OC\User', 'postUnassignedUserId', [$uid]);
+ }
+ );
+ } else if($subject === 'group') {
+ $mapping = new GroupMapping(\OC::$server->getDatabaseConnection());
+ $result = $mapping->clear();
+ }
+
+ if($mapping === null || !$result) {
$l = \OC::$server->getL10N('user_ldap');
throw new \Exception($l->t('Failed to clear the mappings.'));
}
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 9fb37090270..2395da1ec90 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -44,6 +44,7 @@
namespace OCA\User_LDAP;
use OC\HintException;
+use OC\Hooks\PublicEmitter;
use OCA\User_LDAP\Exceptions\ConstraintViolationException;
use OCA\User_LDAP\User\IUserTools;
use OCA\User_LDAP\User\Manager;
@@ -52,6 +53,7 @@ use OCA\User_LDAP\Mapping\AbstractMapping;
use OC\ServerNotAvailableException;
use OCP\IConfig;
+use OCP\IUserManager;
use OCP\Util;
/**
@@ -95,13 +97,16 @@ class Access extends LDAPUtility implements IUserTools {
private $helper;
/** @var IConfig */
private $config;
+ /** @var IUserManager */
+ private $ncUserManager;
public function __construct(
Connection $connection,
ILDAPWrapper $ldap,
Manager $userManager,
Helper $helper,
- IConfig $config
+ IConfig $config,
+ IUserManager $ncUserManager
) {
parent::__construct($ldap);
$this->connection = $connection;
@@ -109,6 +114,7 @@ class Access extends LDAPUtility implements IUserTools {
$this->userManager->setLdapAccess($this);
$this->helper = $helper;
$this->config = $config;
+ $this->ncUserManager = $ncUserManager;
}
/**
@@ -605,10 +611,13 @@ class Access extends LDAPUtility implements IUserTools {
// outside of core user management will still cache the user as non-existing.
$originalTTL = $this->connection->ldapCacheTTL;
$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
- if(($isUser && $intName !== '' && !\OC::$server->getUserManager()->userExists($intName))
+ if(($isUser && $intName !== '' && !$this->ncUserManager->userExists($intName))
|| (!$isUser && !\OC::$server->getGroupManager()->groupExists($intName))) {
if($mapper->map($fdn, $intName, $uuid)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
+ if($this->ncUserManager instanceof PublicEmitter) {
+ $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
+ }
$newlyMapped = true;
return $intName;
}
@@ -617,6 +626,9 @@ class Access extends LDAPUtility implements IUserTools {
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if(is_string($altName) && $mapper->map($fdn, $altName, $uuid)) {
+ if($this->ncUserManager instanceof PublicEmitter) {
+ $this->ncUserManager->emit('\OC\User', 'assignedUserId', [$intName]);
+ }
$newlyMapped = true;
return $altName;
}
@@ -738,7 +750,7 @@ class Access extends LDAPUtility implements IUserTools {
//20 attempts, something else is very wrong. Avoids infinite loop.
while($attempts < 20){
$altName = $name . '_' . rand(1000,9999);
- if(!\OC::$server->getUserManager()->userExists($altName)) {
+ if(!$this->ncUserManager->userExists($altName)) {
return $altName;
}
$attempts++;
diff --git a/apps/user_ldap/lib/AccessFactory.php b/apps/user_ldap/lib/AccessFactory.php
index 45ff779bb01..f03f7f74202 100644
--- a/apps/user_ldap/lib/AccessFactory.php
+++ b/apps/user_ldap/lib/AccessFactory.php
@@ -26,6 +26,7 @@ namespace OCA\User_LDAP;
use OCA\User_LDAP\User\Manager;
use OCP\IConfig;
+use OCP\IUserManager;
class AccessFactory {
/** @var ILDAPWrapper */
@@ -36,17 +37,21 @@ class AccessFactory {
protected $helper;
/** @var IConfig */
protected $config;
+ /** @var IUserManager */
+ private $ncUserManager;
public function __construct(
ILDAPWrapper $ldap,
Manager $userManager,
Helper $helper,
- IConfig $config)
+ IConfig $config,
+ IUserManager $ncUserManager)
{
$this->ldap = $ldap;
$this->userManager = $userManager;
$this->helper = $helper;
$this->config = $config;
+ $this->ncUserManager = $ncUserManager;
}
public function get(Connection $connection) {
@@ -55,7 +60,8 @@ class AccessFactory {
$this->ldap,
$this->userManager,
$this->helper,
- $this->config
+ $this->config,
+ $this->ncUserManager
);
}
}
diff --git a/apps/user_ldap/lib/Jobs/Sync.php b/apps/user_ldap/lib/Jobs/Sync.php
index 4ef0636a2eb..0abb9331a2f 100644
--- a/apps/user_ldap/lib/Jobs/Sync.php
+++ b/apps/user_ldap/lib/Jobs/Sync.php
@@ -376,7 +376,8 @@ class Sync extends TimedJob {
$this->ldap,
$this->userManager,
$this->ldapHelper,
- $this->config
+ $this->config,
+ $this->ncUserManager
);
}
}
diff --git a/apps/user_ldap/lib/Jobs/UpdateGroups.php b/apps/user_ldap/lib/Jobs/UpdateGroups.php
index 2b57874c62f..c36ec80b93e 100644
--- a/apps/user_ldap/lib/Jobs/UpdateGroups.php
+++ b/apps/user_ldap/lib/Jobs/UpdateGroups.php
@@ -192,7 +192,7 @@ class UpdateGroups extends \OC\BackgroundJob\TimedJob {
\OC::$server->getUserManager(),
\OC::$server->getNotificationManager());
$connector = new Connection($ldapWrapper, $configPrefixes[0]);
- $ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig());
+ $ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig(), \OC::$server->getUserManager());
$groupMapper = new GroupMapping($dbc);
$userMapper = new UserMapping($dbc);
$ldapAccess->setGroupMapper($groupMapper);
diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php
index f5f56ce03d6..c7d737a7631 100644
--- a/apps/user_ldap/lib/Mapping/AbstractMapping.php
+++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php
@@ -279,6 +279,32 @@ abstract class AbstractMapping {
}
/**
+ * clears the mapping table one by one and executing a callback with
+ * each row's id (=owncloud_name col)
+ *
+ * @param callable $preCallback
+ * @param callable $postCallback
+ * @return bool true on success, false when at least one row was not
+ * deleted
+ */
+ public function clearCb(Callable $preCallback, Callable $postCallback): bool {
+ $picker = $this->dbc->getQueryBuilder();
+ $picker->select('owncloud_name')
+ ->from($this->getTableName());
+ $cursor = $picker->execute();
+ $result = true;
+ while($id = $cursor->fetchColumn(0)) {
+ $preCallback($id);
+ if($isUnmapped = $this->unmap($id)) {
+ $postCallback($id);
+ }
+ $result &= $isUnmapped;
+ }
+ $cursor->closeCursor();
+ return $result;
+ }
+
+ /**
* returns the number of entries in the mappings table
*
* @return int
diff --git a/apps/user_ldap/lib/Proxy.php b/apps/user_ldap/lib/Proxy.php
index ab5434f9fe5..8b5ff996085 100644
--- a/apps/user_ldap/lib/Proxy.php
+++ b/apps/user_ldap/lib/Proxy.php
@@ -82,7 +82,7 @@ abstract class Proxy {
new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db,
$coreUserManager, $coreNotificationManager);
$connector = new Connection($this->ldap, $configPrefix);
- $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig);
+ $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager);
$access->setUserMapper($userMap);
$access->setGroupMapper($groupMap);
self::$accesses[$configPrefix] = $access;
diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php
index 5a2b993c334..e56e4675e39 100644
--- a/apps/user_ldap/lib/User_LDAP.php
+++ b/apps/user_ldap/lib/User_LDAP.php
@@ -396,7 +396,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
\OC::$server->getLogger()->info('Cleaning up after user ' . $uid,
array('app' => 'user_ldap'));
- $this->access->getUserMapper()->unmap($uid);
+ $this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
$this->access->userManager->invalidate($uid);
return true;
}
diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php
index 336b92af04f..43a34959c54 100644
--- a/apps/user_ldap/tests/AccessTest.php
+++ b/apps/user_ldap/tests/AccessTest.php
@@ -72,6 +72,8 @@ class AccessTest extends TestCase {
private $helper;
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
private $config;
+ /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
+ private $ncUserManager;
/** @var Access */
private $access;
@@ -82,13 +84,15 @@ class AccessTest extends TestCase {
$this->helper = $this->createMock(Helper::class);
$this->config = $this->createMock(IConfig::class);
$this->userMapper = $this->createMock(UserMapping::class);
+ $this->ncUserManager = $this->createMock(IUserManager::class);
$this->access = new Access(
$this->connection,
$this->ldap,
$this->userManager,
$this->helper,
- $this->config
+ $this->config,
+ $this->ncUserManager
);
$this->access->setUserMapper($this->userMapper);
}
@@ -227,7 +231,7 @@ class AccessTest extends TestCase {
list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
$config = $this->createMock(IConfig::class);
- $access = new Access($con, $lw, $um, $helper, $config);
+ $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
$lw->expects($this->exactly(1))
->method('explodeDN')
@@ -250,7 +254,7 @@ class AccessTest extends TestCase {
/** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
$config = $this->createMock(IConfig::class);
$lw = new LDAP();
- $access = new Access($con, $lw, $um, $helper, $config);
+ $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
if(!function_exists('ldap_explode_dn')) {
$this->markTestSkipped('LDAP Module not available');
@@ -431,7 +435,7 @@ class AccessTest extends TestCase {
$attribute => array('count' => 1, $dnFromServer)
)));
- $access = new Access($con, $lw, $um, $helper, $config);
+ $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
$values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
$this->assertSame($values[0], strtolower($dnFromServer));
}
diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
index d3d33a82da9..54d8b49cdc8 100644
--- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
+++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
@@ -235,6 +235,29 @@ abstract class AbstractMappingTest extends \Test\TestCase {
}
/**
+ * tests clear() for successful update.
+ */
+ public function testClearCb() {
+ list($mapper, $data) = $this->initTest();
+
+ $callbackCalls = 0;
+ $test = $this;
+
+ $callback = function (string $id) use ($test, &$callbackCalls) {
+ $test->assertTrue(trim($id) !== '');
+ $callbackCalls++;
+ };
+
+ $done = $mapper->clearCb($callback, $callback);
+ $this->assertTrue($done);
+ $this->assertSame(count($data) * 2, $callbackCalls);
+ foreach($data as $entry) {
+ $name = $mapper->getNameByUUID($entry['uuid']);
+ $this->assertFalse($name);
+ }
+ }
+
+ /**
* tests getList() method
*/
public function testList() {