Merge pull request #33945 from nextcloud/fix/noid/fair-use-ldap

LDAP to not register new users when outside of fair use or over limits

4 files changed, 89 insertions, 19 deletions

diff --git a/lib/private/Server.php b/lib/private/Server.php
index 33ac8262cea..d804cca2086 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -795,6 +795,7 @@ class Server extends ServerContainer implements IServerContainer {
 
 		$this->registerAlias(\OCP\Support\CrashReport\IRegistry::class, \OC\Support\CrashReport\Registry::class);
 		$this->registerAlias(\OCP\Support\Subscription\IRegistry::class, \OC\Support\Subscription\Registry::class);
+		$this->registerAlias(\OCP\Support\Subscription\IAssertion::class, \OC\Support\Subscription\Assertion::class);
 
 		$this->registerService(\OC\Log::class, function (Server $c) {
 			$logType = $c->get(AllConfig::class)->getSystemValue('log_type', 'file');
diff --git a/lib/private/Support/Subscription/Assertion.php b/lib/private/Support/Subscription/Assertion.php
new file mode 100644
index 00000000000..9b77e875944
--- /dev/null
+++ b/lib/private/Support/Subscription/Assertion.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Support\Subscription;
+
+use OCP\HintException;
+use OCP\L10N\IFactory;
+use OCP\Notification\IManager;
+use OCP\Support\Subscription\IAssertion;
+use OCP\Support\Subscription\IRegistry;
+
+class Assertion implements IAssertion {
+	private IRegistry $registry;
+	private IFactory $l10nFactory;
+	private IManager $notificationManager;
+
+	public function __construct(IRegistry $registry, IFactory $l10nFactory, IManager $notificationManager) {
+		$this->registry = $registry;
+		$this->l10nFactory = $l10nFactory;
+		$this->notificationManager = $notificationManager;
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function createUserIsLegit(): void {
+		if ($this->registry->delegateIsHardUserLimitReached($this->notificationManager)) {
+			$l = $this->l10nFactory->get('lib');
+			throw new HintException($l->t('The user limit has been reached and the user was not created. Check your notifications to learn more.'));
+		}
+	}
+}
diff --git a/lib/private/Support/Subscription/Registry.php b/lib/private/Support/Subscription/Registry.php
index ba3642d021c..87070e7a0dc 100644
--- a/lib/private/Support/Subscription/Registry.php
+++ b/lib/private/Support/Subscription/Registry.php
@@ -215,19 +215,38 @@ class Registry implements IRegistry {
 		return $userCount;
 	}
 
-	private function notifyAboutReachedUserLimit(IManager $notificationManager) {
+	private function notifyAboutReachedUserLimit(IManager $notificationManager): void {
 		$admins = $this->groupManager->get('admin')->getUsers();
-		foreach ($admins as $admin) {
-			$notification = $notificationManager->createNotification();
 
-			$notification->setApp('core')
-				->setUser($admin->getUID())
-				->setDateTime(new \DateTime())
-				->setObject('user_limit_reached', '1')
-				->setSubject('user_limit_reached');
+		$notification = $notificationManager->createNotification();
+		$notification->setApp('core')
+			->setObject('user_limit_reached', '1')
+			->setSubject('user_limit_reached');
+
+		if ($notificationManager->getCount($notification) > 0
+			&& !$this->reIssue()
+		) {
+			return;
+		}
+
+		$notificationManager->markProcessed($notification);
+		$notification->setDateTime(new \DateTime());
+
+		foreach ($admins as $admin) {
+			$notification->setUser($admin->getUID());
 			$notificationManager->notify($notification);
 		}
 
 		$this->logger->warning('The user limit was reached and the new user was not created', ['app' => 'lib']);
 	}
+
+	protected function reIssue(): bool {
+		$lastNotification = (int)$this->config->getAppValue('lib', 'last_subscription_reminder', '0');
+
+		if ((time() - $lastNotification) >= 86400) {
+			$this->config->setAppValue('lib', 'last_subscription_reminder', (string)time());
+			return true;
+		}
+		return false;
+	}
 }
diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php
index be5151313c4..dc31eece414 100644
--- a/lib/private/User/Manager.php
+++ b/lib/private/User/Manager.php
@@ -44,8 +44,7 @@ use OCP\IGroup;
 use OCP\IUser;
 use OCP\IUserBackend;
 use OCP\IUserManager;
-use OCP\Notification\IManager;
-use OCP\Support\Subscription\IRegistry;
+use OCP\Support\Subscription\IAssertion;
 use OCP\User\Backend\IGetRealUIDBackend;
 use OCP\User\Backend\ISearchKnownUsersBackend;
 use OCP\User\Backend\ICheckPasswordBackend;
@@ -386,19 +385,15 @@ class Manager extends PublicEmitter implements IUserManager {
 	/**
 	 * @param string $uid
 	 * @param string $password
-	 * @throws \InvalidArgumentException
 	 * @return false|IUser the created user or false
+	 * @throws \InvalidArgumentException
+	 * @throws HintException
 	 */
 	public function createUser($uid, $password) {
 		// DI injection is not used here as IRegistry needs the user manager itself for user count and thus it would create a cyclic dependency
-		/** @var IRegistry $registry */
-		$registry = \OC::$server->get(IRegistry::class);
-		/** @var IManager $notificationManager */
-		$notificationManager = \OC::$server->get(IManager::class);
-		if ($registry->delegateIsHardUserLimitReached($notificationManager)) {
-			$l = \OC::$server->getL10N('lib');
-			throw new HintException($l->t('The user limit has been reached and the user was not created.'));
-		}
+		/** @var IAssertion $assertion */
+		$assertion = \OC::$server->get(IAssertion::class);
+		$assertion->createUserIsLegit();
 
 		$localBackends = [];
 		foreach ($this->backends as $backend) {