UpdateUUID.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author Côme Chilliet <come.chilliet@nextcloud.com>
  8. *
  9. * @license GNU AGPL version 3 or any later version
  10. *
  11. * This program is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License as
  13. * published by the Free Software Foundation, either version 3 of the
  14. * License, or (at your option) any later version.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License
  22. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  23. *
  24. */
  25. namespace OCA\User_LDAP\Command;
  26. use OCA\User_LDAP\Access;
  27. use OCA\User_LDAP\Group_Proxy;
  28. use OCA\User_LDAP\Mapping\AbstractMapping;
  29. use OCA\User_LDAP\Mapping\GroupMapping;
  30. use OCA\User_LDAP\Mapping\UserMapping;
  31. use OCA\User_LDAP\User_Proxy;
  32. use Psr\Log\LoggerInterface;
  33. use Symfony\Component\Console\Command\Command;
  34. use Symfony\Component\Console\Helper\ProgressBar;
  35. use Symfony\Component\Console\Input\InputInterface;
  36. use Symfony\Component\Console\Input\InputOption;
  37. use Symfony\Component\Console\Output\OutputInterface;
  38. use function sprintf;
  39. class UuidUpdateReport {
  40. public const UNCHANGED = 0;
  41. public const UNKNOWN = 1;
  42. public const UNREADABLE = 2;
  43. public const UPDATED = 3;
  44. public const UNWRITABLE = 4;
  45. public const UNMAPPED = 5;
  46. public function __construct(
  47. public string $id,
  48. public string $dn,
  49. public bool $isUser,
  50. public int $state,
  51. public string $oldUuid = '',
  52. public string $newUuid = '',
  53. ) {
  54. }
  55. }
  56. class UpdateUUID extends Command {
  57. /** @var array<UuidUpdateReport[]> */
  58. protected array $reports = [];
  59. private bool $dryRun = false;
  60. public function __construct(
  61. private UserMapping $userMapping,
  62. private GroupMapping $groupMapping,
  63. private User_Proxy $userProxy,
  64. private Group_Proxy $groupProxy,
  65. private LoggerInterface $logger,
  66. ) {
  67. $this->reports = [
  68. UuidUpdateReport::UPDATED => [],
  69. UuidUpdateReport::UNKNOWN => [],
  70. UuidUpdateReport::UNREADABLE => [],
  71. UuidUpdateReport::UNWRITABLE => [],
  72. UuidUpdateReport::UNMAPPED => [],
  73. ];
  74. parent::__construct();
  75. }
  76. protected function configure(): void {
  77. $this
  78. ->setName('ldap:update-uuid')
  79. ->setDescription('Attempts to update UUIDs of user and group entries. By default, the command attempts to update UUIDs that have been invalidated by a migration step.')
  80. ->addOption(
  81. 'all',
  82. null,
  83. InputOption::VALUE_NONE,
  84. 'updates every user and group. All other options are ignored.'
  85. )
  86. ->addOption(
  87. 'userId',
  88. null,
  89. InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY,
  90. 'a user ID to update'
  91. )
  92. ->addOption(
  93. 'groupId',
  94. null,
  95. InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY,
  96. 'a group ID to update'
  97. )
  98. ->addOption(
  99. 'dn',
  100. null,
  101. InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY,
  102. 'a DN to update'
  103. )
  104. ->addOption(
  105. 'dry-run',
  106. null,
  107. InputOption::VALUE_NONE,
  108. 'UUIDs will not be updated in the database'
  109. )
  110. ;
  111. }
  112. protected function execute(InputInterface $input, OutputInterface $output): int {
  113. $this->dryRun = $input->getOption('dry-run');
  114. $entriesToUpdate = $this->estimateNumberOfUpdates($input);
  115. $progress = new ProgressBar($output);
  116. $progress->start($entriesToUpdate);
  117. foreach ($this->handleUpdates($input) as $_) {
  118. $progress->advance();
  119. }
  120. $progress->finish();
  121. $output->writeln('');
  122. $this->printReport($output);
  123. return count($this->reports[UuidUpdateReport::UNMAPPED]) === 0
  124. && count($this->reports[UuidUpdateReport::UNREADABLE]) === 0
  125. && count($this->reports[UuidUpdateReport::UNWRITABLE]) === 0
  126. ? self::SUCCESS
  127. : self::FAILURE;
  128. }
  129. protected function printReport(OutputInterface $output): void {
  130. if ($output->isQuiet()) {
  131. return;
  132. }
  133. if (count($this->reports[UuidUpdateReport::UPDATED]) === 0) {
  134. $output->writeln('<info>No record was updated.</info>');
  135. } else {
  136. $output->writeln(sprintf('<info>%d record(s) were updated.</info>', count($this->reports[UuidUpdateReport::UPDATED])));
  137. if ($output->isVerbose()) {
  138. /** @var UuidUpdateReport $report */
  139. foreach ($this->reports[UuidUpdateReport::UPDATED] as $report) {
  140. $output->writeln(sprintf(' %s had their old UUID %s updated to %s', $report->id, $report->oldUuid, $report->newUuid));
  141. }
  142. $output->writeln('');
  143. }
  144. }
  145. if (count($this->reports[UuidUpdateReport::UNMAPPED]) > 0) {
  146. $output->writeln(sprintf('<error>%d provided IDs were not mapped. These were:</error>', count($this->reports[UuidUpdateReport::UNMAPPED])));
  147. /** @var UuidUpdateReport $report */
  148. foreach ($this->reports[UuidUpdateReport::UNMAPPED] as $report) {
  149. if (!empty($report->id)) {
  150. $output->writeln(sprintf(' %s: %s',
  151. $report->isUser ? 'User' : 'Group', $report->id));
  152. } elseif (!empty($report->dn)) {
  153. $output->writeln(sprintf(' DN: %s', $report->dn));
  154. }
  155. }
  156. $output->writeln('');
  157. }
  158. if (count($this->reports[UuidUpdateReport::UNKNOWN]) > 0) {
  159. $output->writeln(sprintf('<info>%d provided IDs were unknown on LDAP.</info>', count($this->reports[UuidUpdateReport::UNKNOWN])));
  160. if ($output->isVerbose()) {
  161. /** @var UuidUpdateReport $report */
  162. foreach ($this->reports[UuidUpdateReport::UNKNOWN] as $report) {
  163. $output->writeln(sprintf(' %s: %s', $report->isUser ? 'User' : 'Group', $report->id));
  164. }
  165. $output->writeln(PHP_EOL . 'Old users can be removed along with their data per occ user:delete.' . PHP_EOL);
  166. }
  167. }
  168. if (count($this->reports[UuidUpdateReport::UNREADABLE]) > 0) {
  169. $output->writeln(sprintf('<error>For %d records, the UUID could not be read. Double-check your configuration.</error>', count($this->reports[UuidUpdateReport::UNREADABLE])));
  170. if ($output->isVerbose()) {
  171. /** @var UuidUpdateReport $report */
  172. foreach ($this->reports[UuidUpdateReport::UNREADABLE] as $report) {
  173. $output->writeln(sprintf(' %s: %s', $report->isUser ? 'User' : 'Group', $report->id));
  174. }
  175. }
  176. }
  177. if (count($this->reports[UuidUpdateReport::UNWRITABLE]) > 0) {
  178. $output->writeln(sprintf('<error>For %d records, the UUID could not be saved to database. Double-check your configuration.</error>', count($this->reports[UuidUpdateReport::UNWRITABLE])));
  179. if ($output->isVerbose()) {
  180. /** @var UuidUpdateReport $report */
  181. foreach ($this->reports[UuidUpdateReport::UNWRITABLE] as $report) {
  182. $output->writeln(sprintf(' %s: %s', $report->isUser ? 'User' : 'Group', $report->id));
  183. }
  184. }
  185. }
  186. }
  187. protected function handleUpdates(InputInterface $input): \Generator {
  188. if ($input->getOption('all')) {
  189. foreach ($this->handleMappingBasedUpdates(false) as $_) {
  190. yield;
  191. }
  192. } elseif ($input->getOption('userId')
  193. || $input->getOption('groupId')
  194. || $input->getOption('dn')
  195. ) {
  196. foreach ($this->handleUpdatesByUserId($input->getOption('userId')) as $_) {
  197. yield;
  198. }
  199. foreach ($this->handleUpdatesByGroupId($input->getOption('groupId')) as $_) {
  200. yield;
  201. }
  202. foreach ($this->handleUpdatesByDN($input->getOption('dn')) as $_) {
  203. yield;
  204. }
  205. } else {
  206. foreach ($this->handleMappingBasedUpdates(true) as $_) {
  207. yield;
  208. }
  209. }
  210. }
  211. protected function handleUpdatesByUserId(array $userIds): \Generator {
  212. foreach ($this->handleUpdatesByEntryId($userIds, $this->userMapping) as $_) {
  213. yield;
  214. }
  215. }
  216. protected function handleUpdatesByGroupId(array $groupIds): \Generator {
  217. foreach ($this->handleUpdatesByEntryId($groupIds, $this->groupMapping) as $_) {
  218. yield;
  219. }
  220. }
  221. protected function handleUpdatesByDN(array $dns): \Generator {
  222. $userList = $groupList = [];
  223. while ($dn = array_pop($dns)) {
  224. $uuid = $this->userMapping->getUUIDByDN($dn);
  225. if ($uuid) {
  226. $id = $this->userMapping->getNameByDN($dn);
  227. $userList[] = ['name' => $id, 'uuid' => $uuid];
  228. continue;
  229. }
  230. $uuid = $this->groupMapping->getUUIDByDN($dn);
  231. if ($uuid) {
  232. $id = $this->groupMapping->getNameByDN($dn);
  233. $groupList[] = ['name' => $id, 'uuid' => $uuid];
  234. continue;
  235. }
  236. $this->reports[UuidUpdateReport::UNMAPPED][] = new UuidUpdateReport('', $dn, true, UuidUpdateReport::UNMAPPED);
  237. yield;
  238. }
  239. foreach ($this->handleUpdatesByList($this->userMapping, $userList) as $_) {
  240. yield;
  241. }
  242. foreach ($this->handleUpdatesByList($this->groupMapping, $groupList) as $_) {
  243. yield;
  244. }
  245. }
  246. protected function handleUpdatesByEntryId(array $ids, AbstractMapping $mapping): \Generator {
  247. $isUser = $mapping instanceof UserMapping;
  248. $list = [];
  249. while ($id = array_pop($ids)) {
  250. if (!$dn = $mapping->getDNByName($id)) {
  251. $this->reports[UuidUpdateReport::UNMAPPED][] = new UuidUpdateReport($id, '', $isUser, UuidUpdateReport::UNMAPPED);
  252. yield;
  253. continue;
  254. }
  255. // Since we know it was mapped the UUID is populated
  256. $uuid = $mapping->getUUIDByDN($dn);
  257. $list[] = ['name' => $id, 'uuid' => $uuid];
  258. }
  259. foreach ($this->handleUpdatesByList($mapping, $list) as $_) {
  260. yield;
  261. }
  262. }
  263. protected function handleMappingBasedUpdates(bool $invalidatedOnly): \Generator {
  264. $limit = 1000;
  265. /** @var AbstractMapping $mapping*/
  266. foreach ([$this->userMapping, $this->groupMapping] as $mapping) {
  267. $offset = 0;
  268. do {
  269. $list = $mapping->getList($offset, $limit, $invalidatedOnly);
  270. $offset += $limit;
  271. foreach ($this->handleUpdatesByList($mapping, $list) as $tick) {
  272. yield; // null, for it only advances progress counter
  273. }
  274. } while (count($list) === $limit);
  275. }
  276. }
  277. protected function handleUpdatesByList(AbstractMapping $mapping, array $list): \Generator {
  278. if ($mapping instanceof UserMapping) {
  279. $isUser = true;
  280. $backendProxy = $this->userProxy;
  281. } else {
  282. $isUser = false;
  283. $backendProxy = $this->groupProxy;
  284. }
  285. foreach ($list as $row) {
  286. $access = $backendProxy->getLDAPAccess($row['name']);
  287. if ($access instanceof Access
  288. && $dn = $mapping->getDNByName($row['name'])) {
  289. if ($uuid = $access->getUUID($dn, $isUser)) {
  290. if ($uuid !== $row['uuid']) {
  291. if ($this->dryRun || $mapping->setUUIDbyDN($uuid, $dn)) {
  292. $this->reports[UuidUpdateReport::UPDATED][]
  293. = new UuidUpdateReport($row['name'], $dn, $isUser, UuidUpdateReport::UPDATED, $row['uuid'], $uuid);
  294. } else {
  295. $this->reports[UuidUpdateReport::UNWRITABLE][]
  296. = new UuidUpdateReport($row['name'], $dn, $isUser, UuidUpdateReport::UNWRITABLE, $row['uuid'], $uuid);
  297. }
  298. $this->logger->info('UUID of {id} was updated from {from} to {to}',
  299. [
  300. 'appid' => 'user_ldap',
  301. 'id' => $row['name'],
  302. 'from' => $row['uuid'],
  303. 'to' => $uuid,
  304. ]
  305. );
  306. }
  307. } else {
  308. $this->reports[UuidUpdateReport::UNREADABLE][] = new UuidUpdateReport($row['name'], $dn, $isUser, UuidUpdateReport::UNREADABLE);
  309. }
  310. } else {
  311. $this->reports[UuidUpdateReport::UNKNOWN][] = new UuidUpdateReport($row['name'], '', $isUser, UuidUpdateReport::UNKNOWN);
  312. }
  313. yield; // null, for it only advances progress counter
  314. }
  315. }
  316. protected function estimateNumberOfUpdates(InputInterface $input): int {
  317. if ($input->getOption('all')) {
  318. return $this->userMapping->count() + $this->groupMapping->count();
  319. } elseif ($input->getOption('userId')
  320. || $input->getOption('groupId')
  321. || $input->getOption('dn')
  322. ) {
  323. return count($input->getOption('userId'))
  324. + count($input->getOption('groupId'))
  325. + count($input->getOption('dn'));
  326. } else {
  327. return $this->userMapping->countInvalidated() + $this->groupMapping->countInvalidated();
  328. }
  329. }
  330. }