diff options
Diffstat (limited to 'apps/user_ldap/lib/Controller')
| -rw-r--r-- | apps/user_ldap/lib/Controller/ConfigAPIController.php | 193 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Controller/RenewPasswordController.php | 93 |
2 files changed, 98 insertions, 188 deletions
diff --git a/apps/user_ldap/lib/Controller/ConfigAPIController.php b/apps/user_ldap/lib/Controller/ConfigAPIController.php index 54800ef24eb..d98e6d41b52 100644 --- a/apps/user_ldap/lib/Controller/ConfigAPIController.php +++ b/apps/user_ldap/lib/Controller/ConfigAPIController.php @@ -1,59 +1,42 @@ <?php + /** - * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\User_LDAP\Controller; use OC\CapabilitiesManager; use OC\Core\Controller\OCSController; use OC\Security\IdentityProof\Manager; use OCA\User_LDAP\Configuration; +use OCA\User_LDAP\ConnectionFactory; use OCA\User_LDAP\Helper; +use OCA\User_LDAP\Settings\Admin; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSNotFoundException; -use OCP\ILogger; use OCP\IRequest; use OCP\IUserManager; use OCP\IUserSession; +use OCP\ServerVersion; +use Psr\Log\LoggerInterface; class ConfigAPIController extends OCSController { - - /** @var Helper */ - private $ldapHelper; - - /** @var ILogger */ - private $logger; - public function __construct( - $appName, + string $appName, IRequest $request, CapabilitiesManager $capabilitiesManager, IUserSession $userSession, IUserManager $userManager, Manager $keyManager, - Helper $ldapHelper, - ILogger $logger + ServerVersion $serverVersion, + private Helper $ldapHelper, + private LoggerInterface $logger, + private ConnectionFactory $connectionFactory, ) { parent::__construct( $appName, @@ -61,96 +44,54 @@ class ConfigAPIController extends OCSController { $capabilitiesManager, $userSession, $userManager, - $keyManager + $keyManager, + $serverVersion, ); - - - $this->ldapHelper = $ldapHelper; - $this->logger = $logger; } /** - * creates a new (empty) configuration and returns the resulting prefix - * - * Example: curl -X POST -H "OCS-APIREQUEST: true" -u $admin:$password \ - * https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config - * - * results in: - * - * <?xml version="1.0"?> - * <ocs> - * <meta> - * <status>ok</status> - * <statuscode>200</statuscode> - * <message>OK</message> - * </meta> - * <data> - * <configID>s40</configID> - * </data> - * </ocs> - * - * Failing example: if an exception is thrown (e.g. Database connection lost) - * the detailed error will be logged. The output will then look like: - * - * <?xml version="1.0"?> - * <ocs> - * <meta> - * <status>failure</status> - * <statuscode>999</statuscode> - * <message>An issue occurred when creating the new config.</message> - * </meta> - * <data/> - * </ocs> - * - * For JSON output provide the format=json parameter + * Create a new (empty) configuration and return the resulting prefix * - * @return DataResponse + * @return DataResponse<Http::STATUS_OK, array{configID: string}, array{}> * @throws OCSException + * + * 200: Config created successfully */ + #[AuthorizedAdminSetting(settings: Admin::class)] public function create() { try { $configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix(); $configHolder = new Configuration($configPrefix); + $configHolder->ldapConfigurationActive = false; $configHolder->saveConfiguration(); } catch (\Exception $e) { - $this->logger->logException($e); + $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when creating the new config.'); } return new DataResponse(['configID' => $configPrefix]); } /** - * Deletes a LDAP configuration, if present. - * - * Example: - * curl -X DELETE -H "OCS-APIREQUEST: true" -u $admin:$password \ - * https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60 - * - * <?xml version="1.0"?> - * <ocs> - * <meta> - * <status>ok</status> - * <statuscode>200</statuscode> - * <message>OK</message> - * </meta> - * <data/> - * </ocs> + * Delete a LDAP configuration * - * @param string $configID - * @return DataResponse - * @throws OCSBadRequestException + * @param string $configID ID of the config + * @return DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSException + * @throws OCSNotFoundException Config not found + * + * 200: Config deleted successfully */ + #[AuthorizedAdminSetting(settings: Admin::class)] public function delete($configID) { try { $this->ensureConfigIDExists($configID); - if(!$this->ldapHelper->deleteServerConfiguration($configID)) { + if (!$this->ldapHelper->deleteServerConfiguration($configID)) { throw new OCSException('Could not delete configuration'); } - } catch(OCSException $e) { + } catch (OCSException $e) { throw $e; - } catch(\Exception $e) { - $this->logger->logException($e); + } catch (\Exception $e) { + $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when deleting the config.'); } @@ -158,33 +99,23 @@ class ConfigAPIController extends OCSController { } /** - * modifies a configuration + * Modify a configuration * - * Example: - * curl -X PUT -d "configData[ldapHost]=ldaps://my.ldap.server&configData[ldapPort]=636" \ - * -H "OCS-APIREQUEST: true" -u $admin:$password \ - * https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60 - * - * <?xml version="1.0"?> - * <ocs> - * <meta> - * <status>ok</status> - * <statuscode>200</statuscode> - * <message>OK</message> - * </meta> - * <data/> - * </ocs> - * - * @param string $configID - * @param array $configData - * @return DataResponse + * @param string $configID ID of the config + * @param array<string, mixed> $configData New config + * @return DataResponse<Http::STATUS_OK, list<empty>, array{}> * @throws OCSException + * @throws OCSBadRequestException Modifying config is not possible + * @throws OCSNotFoundException Config not found + * + * 200: Config returned */ + #[AuthorizedAdminSetting(settings: Admin::class)] public function modify($configID, $configData) { try { $this->ensureConfigIDExists($configID); - if(!is_array($configData)) { + if (!is_array($configData)) { throw new OCSBadRequestException('configData is not properly set'); } @@ -192,16 +123,17 @@ class ConfigAPIController extends OCSController { $configKeys = $configuration->getConfigTranslationArray(); foreach ($configKeys as $i => $key) { - if(isset($configData[$key])) { + if (isset($configData[$key])) { $configuration->$key = $configData[$key]; } } $configuration->saveConfiguration(); - } catch(OCSException $e) { + $this->connectionFactory->get($configID)->clearCache(); + } catch (OCSException $e) { throw $e; } catch (\Exception $e) { - $this->logger->logException($e); + $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when modifying the config.'); } @@ -209,8 +141,9 @@ class ConfigAPIController extends OCSController { } /** - * retrieves a configuration + * Get a configuration * + * Output can look like this: * <?xml version="1.0"?> * <ocs> * <meta> @@ -260,7 +193,6 @@ class ConfigAPIController extends OCSController { * <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch> * <ldapExperiencedAdmin>0</ldapExperiencedAdmin> * <homeFolderNamingRule></homeFolderNamingRule> - * <hasPagedResultSupport></hasPagedResultSupport> * <hasMemberOfFilterSupport></hasMemberOfFilterSupport> * <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership> * <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr> @@ -274,30 +206,34 @@ class ConfigAPIController extends OCSController { * </data> * </ocs> * - * @param string $configID - * @param bool|string $showPassword - * @return DataResponse + * @param string $configID ID of the config + * @param bool $showPassword Whether to show the password + * @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}> * @throws OCSException + * @throws OCSNotFoundException Config not found + * + * 200: Config returned */ + #[AuthorizedAdminSetting(settings: Admin::class)] public function show($configID, $showPassword = false) { try { $this->ensureConfigIDExists($configID); $config = new Configuration($configID); $data = $config->getConfiguration(); - if(!boolval(intval($showPassword))) { + if (!$showPassword) { $data['ldapAgentPassword'] = '***'; } foreach ($data as $key => $value) { - if(is_array($value)) { + if (is_array($value)) { $value = implode(';', $value); $data[$key] = $value; } } - } catch(OCSException $e) { + } catch (OCSException $e) { throw $e; } catch (\Exception $e) { - $this->logger->logException($e); + $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when modifying the config.'); } @@ -305,14 +241,15 @@ class ConfigAPIController extends OCSController { } /** - * if the given config ID is not available, an exception is thrown + * If the given config ID is not available, an exception is thrown * * @param string $configID * @throws OCSNotFoundException */ - private function ensureConfigIDExists($configID) { + #[AuthorizedAdminSetting(settings: Admin::class)] + private function ensureConfigIDExists($configID): void { $prefixes = $this->ldapHelper->getServerConfigurationPrefixes(); - if(!in_array($configID, $prefixes, true)) { + if (!in_array($configID, $prefixes, true)) { throw new OCSNotFoundException('Config ID not found'); } } diff --git a/apps/user_ldap/lib/Controller/RenewPasswordController.php b/apps/user_ldap/lib/Controller/RenewPasswordController.php index 9cdcdddb141..8389a362b8f 100644 --- a/apps/user_ldap/lib/Controller/RenewPasswordController.php +++ b/apps/user_ldap/lib/Controller/RenewPasswordController.php @@ -1,33 +1,19 @@ <?php + /** - * @copyright Copyright (c) 2017 Roger Szabo <roger.szabo@web.de> - * - * @author Roger Szabo <roger.szabo@web.de> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\User_LDAP\Controller; -use OC\HintException; -use OC_Util; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\OpenAPI; +use OCP\AppFramework\Http\Attribute\PublicPage; +use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; +use OCP\HintException; use OCP\IConfig; use OCP\IL10N; use OCP\IRequest; @@ -36,18 +22,8 @@ use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserManager; +#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] class RenewPasswordController extends Controller { - /** @var IUserManager */ - private $userManager; - /** @var IConfig */ - private $config; - /** @var IL10N */ - protected $l10n; - /** @var ISession */ - private $session; - /** @var IURLGenerator */ - private $urlGenerator; - /** * @param string $appName * @param IRequest $request @@ -55,37 +31,37 @@ class RenewPasswordController extends Controller { * @param IConfig $config * @param IURLGenerator $urlGenerator */ - function __construct($appName, IRequest $request, IUserManager $userManager, - IConfig $config, IL10N $l10n, ISession $session, IURLGenerator $urlGenerator) { + public function __construct( + $appName, + IRequest $request, + private IUserManager $userManager, + private IConfig $config, + protected IL10N $l10n, + private ISession $session, + private IURLGenerator $urlGenerator, + ) { parent::__construct($appName, $request); - $this->userManager = $userManager; - $this->config = $config; - $this->l10n = $l10n; - $this->session = $session; - $this->urlGenerator = $urlGenerator; } /** - * @PublicPage - * @NoCSRFRequired - * * @return RedirectResponse */ + #[PublicPage] + #[NoCSRFRequired] public function cancel() { return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); } /** - * @PublicPage - * @NoCSRFRequired - * @UseSession - * * @param string $user * * @return TemplateResponse|RedirectResponse */ + #[PublicPage] + #[NoCSRFRequired] + #[UseSession] public function showRenewPasswordForm($user) { - if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { + if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); } $parameters = []; @@ -93,7 +69,7 @@ class RenewPasswordController extends Controller { $errors = []; $messages = []; if (is_array($renewPasswordMessages)) { - list($errors, $messages) = $renewPasswordMessages; + [$errors, $messages] = $renewPasswordMessages; } $this->session->remove('renewPasswordMessages'); foreach ($errors as $value) { @@ -119,17 +95,16 @@ class RenewPasswordController extends Controller { } /** - * @PublicPage - * @UseSession - * * @param string $user * @param string $oldPassword * @param string $newPassword * * @return RedirectResponse */ + #[PublicPage] + #[UseSession] public function tryRenewPassword($user, $oldPassword, $newPassword) { - if($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { + if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') { return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); } $args = !is_null($user) ? ['user' => $user] : []; @@ -140,11 +115,11 @@ class RenewPasswordController extends Controller { ]); return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args)); } - + try { if (!is_null($newPassword) && \OC_User::setPassword($user, $newPassword)) { $this->session->set('loginMessages', [ - [], [$this->l10n->t("Please login with the new password")] + [], [$this->l10n->t('Please login with the new password')] ]); $this->config->setUserValue($user, 'user_ldap', 'needsPasswordReset', 'false'); return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); @@ -163,12 +138,11 @@ class RenewPasswordController extends Controller { } /** - * @PublicPage - * @NoCSRFRequired - * @UseSession - * * @return RedirectResponse */ + #[PublicPage] + #[NoCSRFRequired] + #[UseSession] public function showLoginFormInvalidPassword($user) { $args = !is_null($user) ? ['user' => $user] : []; $this->session->set('loginMessages', [ @@ -176,5 +150,4 @@ class RenewPasswordController extends Controller { ]); return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args)); } - } |