CheckUser.php 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Côme Chilliet <come.chilliet@nextcloud.com>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. *
  12. * @license AGPL-3.0
  13. *
  14. * This code is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU Affero General Public License, version 3,
  16. * as published by the Free Software Foundation.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU Affero General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU Affero General Public License, version 3,
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>
  25. *
  26. */
  27. namespace OCA\User_LDAP\Command;
  28. use OCA\User_LDAP\Helper;
  29. use OCA\User_LDAP\Mapping\UserMapping;
  30. use OCA\User_LDAP\User\DeletedUsersIndex;
  31. use OCA\User_LDAP\User_Proxy;
  32. use Symfony\Component\Console\Command\Command;
  33. use Symfony\Component\Console\Input\InputArgument;
  34. use Symfony\Component\Console\Input\InputInterface;
  35. use Symfony\Component\Console\Input\InputOption;
  36. use Symfony\Component\Console\Output\OutputInterface;
  37. class CheckUser extends Command {
  38. protected User_Proxy $backend;
  39. public function __construct(
  40. User_Proxy $uBackend,
  41. protected Helper $helper,
  42. protected DeletedUsersIndex $dui,
  43. protected UserMapping $mapping,
  44. ) {
  45. $this->backend = $uBackend;
  46. parent::__construct();
  47. }
  48. protected function configure(): void {
  49. $this
  50. ->setName('ldap:check-user')
  51. ->setDescription('checks whether a user exists on LDAP.')
  52. ->addArgument(
  53. 'ocName',
  54. InputArgument::REQUIRED,
  55. 'the user name as used in Nextcloud, or the LDAP DN'
  56. )
  57. ->addOption(
  58. 'force',
  59. null,
  60. InputOption::VALUE_NONE,
  61. 'ignores disabled LDAP configuration'
  62. )
  63. ->addOption(
  64. 'update',
  65. null,
  66. InputOption::VALUE_NONE,
  67. 'syncs values from LDAP'
  68. )
  69. ;
  70. }
  71. protected function execute(InputInterface $input, OutputInterface $output): int {
  72. try {
  73. $this->assertAllowed($input->getOption('force'));
  74. $uid = $input->getArgument('ocName');
  75. if ($this->backend->getLDAPAccess($uid)->stringResemblesDN($uid)) {
  76. $username = $this->backend->dn2UserName($uid);
  77. if ($username !== false) {
  78. $uid = $username;
  79. }
  80. }
  81. $wasMapped = $this->userWasMapped($uid);
  82. $exists = $this->backend->userExistsOnLDAP($uid, true);
  83. if ($exists === true) {
  84. $output->writeln('The user is still available on LDAP.');
  85. if ($input->getOption('update')) {
  86. $this->updateUser($uid, $output);
  87. }
  88. return self::SUCCESS;
  89. }
  90. if ($wasMapped) {
  91. $this->dui->markUser($uid);
  92. $output->writeln('The user does not exists on LDAP anymore.');
  93. $output->writeln('Clean up the user\'s remnants by: ./occ user:delete "'
  94. . $uid . '"');
  95. return self::SUCCESS;
  96. }
  97. throw new \Exception('The given user is not a recognized LDAP user.');
  98. } catch (\Exception $e) {
  99. $output->writeln('<error>' . $e->getMessage(). '</error>');
  100. return self::FAILURE;
  101. }
  102. }
  103. /**
  104. * checks whether a user is actually mapped
  105. * @param string $ocName the username as used in Nextcloud
  106. */
  107. protected function userWasMapped(string $ocName): bool {
  108. $dn = $this->mapping->getDNByName($ocName);
  109. return $dn !== false;
  110. }
  111. /**
  112. * checks whether the setup allows reliable checking of LDAP user existence
  113. * @throws \Exception
  114. */
  115. protected function assertAllowed(bool $force): void {
  116. if ($this->helper->haveDisabledConfigurations() && !$force) {
  117. throw new \Exception('Cannot check user existence, because '
  118. . 'disabled LDAP configurations are present.');
  119. }
  120. // we don't check ldapUserCleanupInterval from config.php because this
  121. // action is triggered manually, while the setting only controls the
  122. // background job.
  123. }
  124. private function updateUser(string $uid, OutputInterface $output): void {
  125. try {
  126. $access = $this->backend->getLDAPAccess($uid);
  127. $attrs = $access->userManager->getAttributes();
  128. $user = $access->userManager->get($uid);
  129. $avatarAttributes = $access->getConnection()->resolveRule('avatar');
  130. $baseDn = $this->helper->DNasBaseParameter($user->getDN());
  131. $result = $access->search('objectclass=*', $baseDn, $attrs, 1, 0);
  132. foreach ($result[0] as $attribute => $valueSet) {
  133. $output->writeln(' ' . $attribute . ': ');
  134. foreach ($valueSet as $value) {
  135. if (in_array($attribute, $avatarAttributes)) {
  136. $value = '{ImageData}';
  137. }
  138. $output->writeln(' ' . $value);
  139. }
  140. }
  141. $access->batchApplyUserAttributes($result);
  142. } catch (\Exception $e) {
  143. $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>');
  144. }
  145. }
  146. }