diff options
Diffstat (limited to 'apps/user_ldap/lib/Command/CheckUser.php')
| -rw-r--r-- | apps/user_ldap/lib/Command/CheckUser.php | 126 |
1 files changed, 46 insertions, 80 deletions
diff --git a/apps/user_ldap/lib/Command/CheckUser.php b/apps/user_ldap/lib/Command/CheckUser.php index 5314cac365a..8bb26ce3d0e 100644 --- a/apps/user_ldap/lib/Command/CheckUser.php +++ b/apps/user_ldap/lib/Command/CheckUser.php @@ -1,29 +1,10 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ - namespace OCA\User_LDAP\Command; use OCA\User_LDAP\Helper; @@ -37,47 +18,30 @@ use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; class CheckUser extends Command { - /** @var User_Proxy */ - protected $backend; - - /** @var Helper */ - protected $helper; - - /** @var DeletedUsersIndex */ - protected $dui; - - /** @var UserMapping */ - protected $mapping; - - /** - * @param User_Proxy $uBackend - * @param Helper $helper - * @param DeletedUsersIndex $dui - * @param UserMapping $mapping - */ - public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) { - $this->backend = $uBackend; - $this->helper = $helper; - $this->dui = $dui; - $this->mapping = $mapping; + public function __construct( + protected User_Proxy $backend, + protected Helper $helper, + protected DeletedUsersIndex $dui, + protected UserMapping $mapping, + ) { parent::__construct(); } - protected function configure() { + protected function configure(): void { $this ->setName('ldap:check-user') ->setDescription('checks whether a user exists on LDAP.') ->addArgument( - 'ocName', - InputArgument::REQUIRED, - 'the user name as used in Nextcloud' - ) + 'ocName', + InputArgument::REQUIRED, + 'the user name as used in Nextcloud, or the LDAP DN' + ) ->addOption( - 'force', - null, - InputOption::VALUE_NONE, - 'ignores disabled LDAP configuration' - ) + 'force', + null, + InputOption::VALUE_NONE, + 'ignores disabled LDAP configuration' + ) ->addOption( 'update', null, @@ -89,50 +53,53 @@ class CheckUser extends Command { protected function execute(InputInterface $input, OutputInterface $output): int { try { + $this->assertAllowed($input->getOption('force')); $uid = $input->getArgument('ocName'); - $this->isAllowed($input->getOption('force')); - $this->confirmUserIsMapped($uid); - $exists = $this->backend->userExistsOnLDAP($uid); + if ($this->backend->getLDAPAccess($uid)->stringResemblesDN($uid)) { + $username = $this->backend->dn2UserName($uid); + if ($username !== false) { + $uid = $username; + } + } + $wasMapped = $this->userWasMapped($uid); + $exists = $this->backend->userExistsOnLDAP($uid, true); if ($exists === true) { $output->writeln('The user is still available on LDAP.'); if ($input->getOption('update')) { $this->updateUser($uid, $output); } - return 0; + return self::SUCCESS; } - $this->dui->markUser($uid); - $output->writeln('The user does not exists on LDAP anymore.'); - $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' - . $uid . '"'); - return 0; + if ($wasMapped) { + $this->dui->markUser($uid); + $output->writeln('The user does not exists on LDAP anymore.'); + $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "' + . $uid . '"'); + return self::SUCCESS; + } + + throw new \Exception('The given user is not a recognized LDAP user.'); } catch (\Exception $e) { - $output->writeln('<error>' . $e->getMessage(). '</error>'); - return 1; + $output->writeln('<error>' . $e->getMessage() . '</error>'); + return self::FAILURE; } } /** * checks whether a user is actually mapped * @param string $ocName the username as used in Nextcloud - * @throws \Exception - * @return true */ - protected function confirmUserIsMapped($ocName) { + protected function userWasMapped(string $ocName): bool { $dn = $this->mapping->getDNByName($ocName); - if ($dn === false) { - throw new \Exception('The given user is not a recognized LDAP user.'); - } - - return true; + return $dn !== false; } /** * checks whether the setup allows reliable checking of LDAP user existence * @throws \Exception - * @return true */ - protected function isAllowed($force) { + protected function assertAllowed(bool $force): void { if ($this->helper->haveDisabledConfigurations() && !$force) { throw new \Exception('Cannot check user existence, because ' . 'disabled LDAP configurations are present.'); @@ -141,8 +108,6 @@ class CheckUser extends Command { // we don't check ldapUserCleanupInterval from config.php because this // action is triggered manually, while the setting only controls the // background job. - - return true; } private function updateUser(string $uid, OutputInterface $output): void { @@ -151,7 +116,8 @@ class CheckUser extends Command { $attrs = $access->userManager->getAttributes(); $user = $access->userManager->get($uid); $avatarAttributes = $access->getConnection()->resolveRule('avatar'); - $result = $access->search('objectclass=*', $user->getDN(), $attrs, 1, 0); + $baseDn = $this->helper->DNasBaseParameter($user->getDN()); + $result = $access->search('objectclass=*', $baseDn, $attrs, 1, 0); foreach ($result[0] as $attribute => $valueSet) { $output->writeln(' ' . $attribute . ': '); foreach ($valueSet as $value) { |