1
0

CheckUser.php 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Côme Chilliet <come.chilliet@nextcloud.com>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. *
  12. * @license AGPL-3.0
  13. *
  14. * This code is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU Affero General Public License, version 3,
  16. * as published by the Free Software Foundation.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU Affero General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU Affero General Public License, version 3,
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>
  25. *
  26. */
  27. namespace OCA\User_LDAP\Command;
  28. use OCA\User_LDAP\Helper;
  29. use OCA\User_LDAP\Mapping\UserMapping;
  30. use OCA\User_LDAP\User\DeletedUsersIndex;
  31. use OCA\User_LDAP\User_Proxy;
  32. use Symfony\Component\Console\Command\Command;
  33. use Symfony\Component\Console\Input\InputArgument;
  34. use Symfony\Component\Console\Input\InputInterface;
  35. use Symfony\Component\Console\Input\InputOption;
  36. use Symfony\Component\Console\Output\OutputInterface;
  37. class CheckUser extends Command {
  38. /** @var User_Proxy */
  39. protected $backend;
  40. /** @var Helper */
  41. protected $helper;
  42. /** @var DeletedUsersIndex */
  43. protected $dui;
  44. /** @var UserMapping */
  45. protected $mapping;
  46. public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) {
  47. $this->backend = $uBackend;
  48. $this->helper = $helper;
  49. $this->dui = $dui;
  50. $this->mapping = $mapping;
  51. parent::__construct();
  52. }
  53. protected function configure(): void {
  54. $this
  55. ->setName('ldap:check-user')
  56. ->setDescription('checks whether a user exists on LDAP.')
  57. ->addArgument(
  58. 'ocName',
  59. InputArgument::REQUIRED,
  60. 'the user name as used in Nextcloud, or the LDAP DN'
  61. )
  62. ->addOption(
  63. 'force',
  64. null,
  65. InputOption::VALUE_NONE,
  66. 'ignores disabled LDAP configuration'
  67. )
  68. ->addOption(
  69. 'update',
  70. null,
  71. InputOption::VALUE_NONE,
  72. 'syncs values from LDAP'
  73. )
  74. ;
  75. }
  76. protected function execute(InputInterface $input, OutputInterface $output): int {
  77. try {
  78. $this->assertAllowed($input->getOption('force'));
  79. $uid = $input->getArgument('ocName');
  80. if ($this->backend->getLDAPAccess($uid)->stringResemblesDN($uid)) {
  81. $username = $this->backend->dn2UserName($uid);
  82. if ($username !== false) {
  83. $uid = $username;
  84. }
  85. }
  86. $wasMapped = $this->userWasMapped($uid);
  87. $exists = $this->backend->userExistsOnLDAP($uid, true);
  88. if ($exists === true) {
  89. $output->writeln('The user is still available on LDAP.');
  90. if ($input->getOption('update')) {
  91. $this->updateUser($uid, $output);
  92. }
  93. return 0;
  94. } elseif ($wasMapped) {
  95. $this->dui->markUser($uid);
  96. $output->writeln('The user does not exists on LDAP anymore.');
  97. $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "'
  98. . $uid . '"');
  99. return 0;
  100. } else {
  101. throw new \Exception('The given user is not a recognized LDAP user.');
  102. }
  103. } catch (\Exception $e) {
  104. $output->writeln('<error>' . $e->getMessage(). '</error>');
  105. return 1;
  106. }
  107. }
  108. /**
  109. * checks whether a user is actually mapped
  110. * @param string $ocName the username as used in Nextcloud
  111. */
  112. protected function userWasMapped(string $ocName): bool {
  113. $dn = $this->mapping->getDNByName($ocName);
  114. return $dn !== false;
  115. }
  116. /**
  117. * checks whether the setup allows reliable checking of LDAP user existence
  118. * @throws \Exception
  119. */
  120. protected function assertAllowed(bool $force): void {
  121. if ($this->helper->haveDisabledConfigurations() && !$force) {
  122. throw new \Exception('Cannot check user existence, because '
  123. . 'disabled LDAP configurations are present.');
  124. }
  125. // we don't check ldapUserCleanupInterval from config.php because this
  126. // action is triggered manually, while the setting only controls the
  127. // background job.
  128. }
  129. private function updateUser(string $uid, OutputInterface $output): void {
  130. try {
  131. $access = $this->backend->getLDAPAccess($uid);
  132. $attrs = $access->userManager->getAttributes();
  133. $user = $access->userManager->get($uid);
  134. $avatarAttributes = $access->getConnection()->resolveRule('avatar');
  135. $result = $access->search('objectclass=*', $user->getDN(), $attrs, 1, 0);
  136. foreach ($result[0] as $attribute => $valueSet) {
  137. $output->writeln(' ' . $attribute . ': ');
  138. foreach ($valueSet as $value) {
  139. if (in_array($attribute, $avatarAttributes)) {
  140. $value = '{ImageData}';
  141. }
  142. $output->writeln(' ' . $value);
  143. }
  144. }
  145. $access->batchApplyUserAttributes($result);
  146. } catch (\Exception $e) {
  147. $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>');
  148. }
  149. }
  150. }