ConfigAPIController.php 9.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de>
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. *
  8. * @license GNU AGPL version 3 or any later version
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as
  12. * published by the Free Software Foundation, either version 3 of the
  13. * License, or (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. */
  24. namespace OCA\User_LDAP\Controller;
  25. use OC\CapabilitiesManager;
  26. use OC\Core\Controller\OCSController;
  27. use OC\Security\IdentityProof\Manager;
  28. use OCA\User_LDAP\Configuration;
  29. use OCA\User_LDAP\ConnectionFactory;
  30. use OCA\User_LDAP\Helper;
  31. use OCP\AppFramework\Http;
  32. use OCP\AppFramework\Http\DataResponse;
  33. use OCP\AppFramework\OCS\OCSBadRequestException;
  34. use OCP\AppFramework\OCS\OCSException;
  35. use OCP\AppFramework\OCS\OCSNotFoundException;
  36. use OCP\IRequest;
  37. use OCP\IUserManager;
  38. use OCP\IUserSession;
  39. use Psr\Log\LoggerInterface;
  40. class ConfigAPIController extends OCSController {
  41. public function __construct(
  42. string $appName,
  43. IRequest $request,
  44. CapabilitiesManager $capabilitiesManager,
  45. IUserSession $userSession,
  46. IUserManager $userManager,
  47. Manager $keyManager,
  48. private Helper $ldapHelper,
  49. private LoggerInterface $logger,
  50. private ConnectionFactory $connectionFactory
  51. ) {
  52. parent::__construct(
  53. $appName,
  54. $request,
  55. $capabilitiesManager,
  56. $userSession,
  57. $userManager,
  58. $keyManager
  59. );
  60. }
  61. /**
  62. * Create a new (empty) configuration and return the resulting prefix
  63. *
  64. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  65. * @return DataResponse<Http::STATUS_OK, array{configID: string}, array{}>
  66. * @throws OCSException
  67. *
  68. * 200: Config created successfully
  69. */
  70. public function create() {
  71. try {
  72. $configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
  73. $configHolder = new Configuration($configPrefix);
  74. $configHolder->ldapConfigurationActive = false;
  75. $configHolder->saveConfiguration();
  76. } catch (\Exception $e) {
  77. $this->logger->error($e->getMessage(), ['exception' => $e]);
  78. throw new OCSException('An issue occurred when creating the new config.');
  79. }
  80. return new DataResponse(['configID' => $configPrefix]);
  81. }
  82. /**
  83. * Delete a LDAP configuration
  84. *
  85. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  86. * @param string $configID ID of the config
  87. * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
  88. * @throws OCSException
  89. * @throws OCSNotFoundException Config not found
  90. *
  91. * 200: Config deleted successfully
  92. */
  93. public function delete($configID) {
  94. try {
  95. $this->ensureConfigIDExists($configID);
  96. if (!$this->ldapHelper->deleteServerConfiguration($configID)) {
  97. throw new OCSException('Could not delete configuration');
  98. }
  99. } catch (OCSException $e) {
  100. throw $e;
  101. } catch (\Exception $e) {
  102. $this->logger->error($e->getMessage(), ['exception' => $e]);
  103. throw new OCSException('An issue occurred when deleting the config.');
  104. }
  105. return new DataResponse();
  106. }
  107. /**
  108. * Modify a configuration
  109. *
  110. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  111. * @param string $configID ID of the config
  112. * @param array<string, mixed> $configData New config
  113. * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
  114. * @throws OCSException
  115. * @throws OCSBadRequestException Modifying config is not possible
  116. * @throws OCSNotFoundException Config not found
  117. *
  118. * 200: Config returned
  119. */
  120. public function modify($configID, $configData) {
  121. try {
  122. $this->ensureConfigIDExists($configID);
  123. if (!is_array($configData)) {
  124. throw new OCSBadRequestException('configData is not properly set');
  125. }
  126. $configuration = new Configuration($configID);
  127. $configKeys = $configuration->getConfigTranslationArray();
  128. foreach ($configKeys as $i => $key) {
  129. if (isset($configData[$key])) {
  130. $configuration->$key = $configData[$key];
  131. }
  132. }
  133. $configuration->saveConfiguration();
  134. $this->connectionFactory->get($configID)->clearCache();
  135. } catch (OCSException $e) {
  136. throw $e;
  137. } catch (\Exception $e) {
  138. $this->logger->error($e->getMessage(), ['exception' => $e]);
  139. throw new OCSException('An issue occurred when modifying the config.');
  140. }
  141. return new DataResponse();
  142. }
  143. /**
  144. * Get a configuration
  145. *
  146. * Output can look like this:
  147. * <?xml version="1.0"?>
  148. * <ocs>
  149. * <meta>
  150. * <status>ok</status>
  151. * <statuscode>200</statuscode>
  152. * <message>OK</message>
  153. * </meta>
  154. * <data>
  155. * <ldapHost>ldaps://my.ldap.server</ldapHost>
  156. * <ldapPort>7770</ldapPort>
  157. * <ldapBackupHost></ldapBackupHost>
  158. * <ldapBackupPort></ldapBackupPort>
  159. * <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase>
  160. * <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers>
  161. * <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups>
  162. * <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName>
  163. * <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword>
  164. * <ldapTLS>1</ldapTLS>
  165. * <turnOffCertCheck>0</turnOffCertCheck>
  166. * <ldapIgnoreNamingRules/>
  167. * <ldapUserDisplayName>displayname</ldapUserDisplayName>
  168. * <ldapUserDisplayName2>uid</ldapUserDisplayName2>
  169. * <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass>
  170. * <ldapUserFilterGroups></ldapUserFilterGroups>
  171. * <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter>
  172. * <ldapUserFilterMode>1</ldapUserFilterMode>
  173. * <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter>
  174. * <ldapGroupFilterMode>0</ldapGroupFilterMode>
  175. * <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass>
  176. * <ldapGroupFilterGroups></ldapGroupFilterGroups>
  177. * <ldapGroupDisplayName>cn</ldapGroupDisplayName>
  178. * <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr>
  179. * <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter>
  180. * <ldapLoginFilterMode>0</ldapLoginFilterMode>
  181. * <ldapLoginFilterEmail>0</ldapLoginFilterEmail>
  182. * <ldapLoginFilterUsername>1</ldapLoginFilterUsername>
  183. * <ldapLoginFilterAttributes></ldapLoginFilterAttributes>
  184. * <ldapQuotaAttribute></ldapQuotaAttribute>
  185. * <ldapQuotaDefault></ldapQuotaDefault>
  186. * <ldapEmailAttribute>mail</ldapEmailAttribute>
  187. * <ldapCacheTTL>20</ldapCacheTTL>
  188. * <ldapUuidUserAttribute>auto</ldapUuidUserAttribute>
  189. * <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute>
  190. * <ldapOverrideMainServer></ldapOverrideMainServer>
  191. * <ldapConfigurationActive>1</ldapConfigurationActive>
  192. * <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch>
  193. * <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch>
  194. * <ldapExperiencedAdmin>0</ldapExperiencedAdmin>
  195. * <homeFolderNamingRule></homeFolderNamingRule>
  196. * <hasMemberOfFilterSupport></hasMemberOfFilterSupport>
  197. * <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership>
  198. * <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr>
  199. * <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr>
  200. * <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr>
  201. * <lastJpegPhotoLookup>0</lastJpegPhotoLookup>
  202. * <ldapNestedGroups>0</ldapNestedGroups>
  203. * <ldapPagingSize>500</ldapPagingSize>
  204. * <turnOnPasswordChange>1</turnOnPasswordChange>
  205. * <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL>
  206. * </data>
  207. * </ocs>
  208. *
  209. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  210. * @param string $configID ID of the config
  211. * @param bool $showPassword Whether to show the password
  212. * @return DataResponse<Http::STATUS_OK, array<string, mixed>, array{}>
  213. * @throws OCSException
  214. * @throws OCSNotFoundException Config not found
  215. *
  216. * 200: Config returned
  217. */
  218. public function show($configID, $showPassword = false) {
  219. try {
  220. $this->ensureConfigIDExists($configID);
  221. $config = new Configuration($configID);
  222. $data = $config->getConfiguration();
  223. if (!$showPassword) {
  224. $data['ldapAgentPassword'] = '***';
  225. }
  226. foreach ($data as $key => $value) {
  227. if (is_array($value)) {
  228. $value = implode(';', $value);
  229. $data[$key] = $value;
  230. }
  231. }
  232. } catch (OCSException $e) {
  233. throw $e;
  234. } catch (\Exception $e) {
  235. $this->logger->error($e->getMessage(), ['exception' => $e]);
  236. throw new OCSException('An issue occurred when modifying the config.');
  237. }
  238. return new DataResponse($data);
  239. }
  240. /**
  241. * If the given config ID is not available, an exception is thrown
  242. *
  243. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  244. * @param string $configID
  245. * @throws OCSNotFoundException
  246. */
  247. private function ensureConfigIDExists($configID): void {
  248. $prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
  249. if (!in_array($configID, $prefixes, true)) {
  250. throw new OCSNotFoundException('Config ID not found');
  251. }
  252. }
  253. }