aboutsummaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/lib/LoginListener.php
blob: f397f4694d27c4fd9d8412d2780fb15040ea7d79 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
namespace OCA\User_LDAP;

use OCA\User_LDAP\Db\GroupMembership;
use OCA\User_LDAP\Db\GroupMembershipMapper;
use OCP\DB\Exception;
use OCP\EventDispatcher\Event;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\EventDispatcher\IEventListener;
use OCP\Group\Events\UserAddedEvent;
use OCP\Group\Events\UserRemovedEvent;
use OCP\IGroupManager;
use OCP\IUser;
use OCP\User\Events\PostLoginEvent;
use Psr\Log\LoggerInterface;

/**
 * @template-implements IEventListener<PostLoginEvent>
 */
class LoginListener implements IEventListener {
	public function __construct(
		private IEventDispatcher $dispatcher,
		private Group_Proxy $groupBackend,
		private IGroupManager $groupManager,
		private LoggerInterface $logger,
		private GroupMembershipMapper $groupMembershipMapper,
	) {
	}

	public function handle(Event $event): void {
		if ($event instanceof PostLoginEvent) {
			$this->onPostLogin($event->getUser());
		}
	}

	public function onPostLogin(IUser $user): void {
		$this->logger->info(
			self::class . ' - {user} postLogin',
			[
				'app' => 'user_ldap',
				'user' => $user->getUID(),
			]
		);
		$this->updateGroups($user);
	}

	private function updateGroups(IUser $userObject): void {
		$userId = $userObject->getUID();
		$groupMemberships = $this->groupMembershipMapper->findGroupMembershipsForUser($userId);
		$knownGroups = array_map(
			static fn (GroupMembership $groupMembership): string => $groupMembership->getGroupid(),
			$groupMemberships
		);
		$groupMemberships = array_combine($knownGroups, $groupMemberships);
		$actualGroups = $this->groupBackend->getUserGroups($userId);

		$newGroups = array_diff($actualGroups, $knownGroups);
		$oldGroups = array_diff($knownGroups, $actualGroups);
		foreach ($newGroups as $groupId) {
			$groupObject = $this->groupManager->get($groupId);
			if ($groupObject === null) {
				$this->logger->error(
					self::class . ' - group {group} could not be found (user {user})',
					[
						'app' => 'user_ldap',
						'user' => $userId,
						'group' => $groupId
					]
				);
				continue;
			}
			try {
				$this->groupMembershipMapper->insert(GroupMembership::fromParams(['groupid' => $groupId,'userid' => $userId]));
			} catch (Exception $e) {
				if ($e->getReason() !== Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
					$this->logger->error(
						self::class . ' - group {group} membership failed to be added (user {user})',
						[
							'app' => 'user_ldap',
							'user' => $userId,
							'group' => $groupId,
							'exception' => $e,
						]
					);
				}
				/* We failed to insert the groupmembership so we do not want to advertise it */
				continue;
			}
			$this->groupBackend->addRelationshipToCaches($userId, null, $groupId);
			$this->dispatcher->dispatchTyped(new UserAddedEvent($groupObject, $userObject));
			$this->logger->info(
				self::class . ' - {user} added to {group}',
				[
					'app' => 'user_ldap',
					'user' => $userId,
					'group' => $groupId
				]
			);
		}
		foreach ($oldGroups as $groupId) {
			try {
				$this->groupMembershipMapper->delete($groupMemberships[$groupId]);
			} catch (Exception $e) {
				if ($e->getReason() !== Exception::REASON_DATABASE_OBJECT_NOT_FOUND) {
					$this->logger->error(
						self::class . ' - group {group} membership failed to be removed (user {user})',
						[
							'app' => 'user_ldap',
							'user' => $userId,
							'group' => $groupId,
							'exception' => $e,
						]
					);
				}
				/* We failed to delete the groupmembership so we do not want to advertise it */
				continue;
			}
			$groupObject = $this->groupManager->get($groupId);
			if ($groupObject === null) {
				$this->logger->error(
					self::class . ' - group {group} could not be found (user {user})',
					[
						'app' => 'user_ldap',
						'user' => $userId,
						'group' => $groupId
					]
				);
				continue;
			}
			$this->dispatcher->dispatchTyped(new UserRemovedEvent($groupObject, $userObject));
			$this->logger->info(
				'service "updateGroups" - {user} removed from {group}',
				[
					'user' => $userId,
					'group' => $groupId
				]
			);
		}
	}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-19 10:56:05 +0000