From 8e8acf2d9087523ac8f8bf3aeac8daa0c17add91 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Tue, 6 Sep 2022 22:34:54 +0200 Subject: LDAP to no register new users when outside of fair use or over limits Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/Mapping/UserMapping.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'apps/user_ldap/lib/Mapping/UserMapping.php') diff --git a/apps/user_ldap/lib/Mapping/UserMapping.php b/apps/user_ldap/lib/Mapping/UserMapping.php index 899cc015c9f..df39f00f58b 100644 --- a/apps/user_ldap/lib/Mapping/UserMapping.php +++ b/apps/user_ldap/lib/Mapping/UserMapping.php @@ -22,12 +22,32 @@ */ namespace OCA\User_LDAP\Mapping; +use OCP\HintException; +use OCP\IDBConnection; +use OCP\Support\Subscription\IAssertion; + /** * Class UserMapping + * * @package OCA\User_LDAP\Mapping */ class UserMapping extends AbstractMapping { + private IAssertion $assertion; + + public function __construct(IDBConnection $dbc, IAssertion $assertion) { + $this->assertion = $assertion; + parent::__construct($dbc); + } + + /** + * @throws HintException + */ + public function map($fdn, $name, $uuid): bool { + $this->assertion->createUserIsLegit(); + return parent::map($fdn, $name, $uuid); + } + /** * returns the DB table name which holds the mappings * @return string -- cgit v1.2.3 From 50d4963772f290463c8addb73f7c5f392050bbba Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Tue, 18 Oct 2022 23:26:16 +0200 Subject: [LDAP] throw exception only against prov api - unbreaks functionality for end users when on demand mapping takes place Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/Mapping/UserMapping.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'apps/user_ldap/lib/Mapping/UserMapping.php') diff --git a/apps/user_ldap/lib/Mapping/UserMapping.php b/apps/user_ldap/lib/Mapping/UserMapping.php index df39f00f58b..ade9c67213a 100644 --- a/apps/user_ldap/lib/Mapping/UserMapping.php +++ b/apps/user_ldap/lib/Mapping/UserMapping.php @@ -24,6 +24,8 @@ namespace OCA\User_LDAP\Mapping; use OCP\HintException; use OCP\IDBConnection; +use OCP\IRequest; +use OCP\Server; use OCP\Support\Subscription\IAssertion; /** @@ -34,6 +36,7 @@ use OCP\Support\Subscription\IAssertion; class UserMapping extends AbstractMapping { private IAssertion $assertion; + protected const PROV_API_REGEX = '/\/ocs\/v[1-9].php\/cloud\/(groups|users)/'; public function __construct(IDBConnection $dbc, IAssertion $assertion) { $this->assertion = $assertion; @@ -44,7 +47,23 @@ class UserMapping extends AbstractMapping { * @throws HintException */ public function map($fdn, $name, $uuid): bool { - $this->assertion->createUserIsLegit(); + try { + $this->assertion->createUserIsLegit(); + } catch (HintException $e) { + static $isProvisioningApi = null; + + if ($isProvisioningApi === null) { + $request = Server::get(IRequest::class); + $isProvisioningApi = \preg_match(self::PROV_API_REGEX, $request->getRequestUri()) === 1; + } + if ($isProvisioningApi) { + // only throw when prov API is being used, since functionality + // should not break for end users (e.g. when sharing). + // On direct API usage, e.g. on users page, this is desired. + throw $e; + } + return false; + } return parent::map($fdn, $name, $uuid); } -- cgit v1.2.3