1
0

ConfigAPIController.php 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de>
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. *
  8. * @license GNU AGPL version 3 or any later version
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as
  12. * published by the Free Software Foundation, either version 3 of the
  13. * License, or (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. */
  24. namespace OCA\User_LDAP\Controller;
  25. use OC\CapabilitiesManager;
  26. use OC\Core\Controller\OCSController;
  27. use OC\Security\IdentityProof\Manager;
  28. use OCA\User_LDAP\Configuration;
  29. use OCA\User_LDAP\ConnectionFactory;
  30. use OCA\User_LDAP\Helper;
  31. use OCP\AppFramework\Http\DataResponse;
  32. use OCP\AppFramework\OCS\OCSBadRequestException;
  33. use OCP\AppFramework\OCS\OCSException;
  34. use OCP\AppFramework\OCS\OCSNotFoundException;
  35. use OCP\ILogger;
  36. use OCP\IRequest;
  37. use OCP\IUserManager;
  38. use OCP\IUserSession;
  39. class ConfigAPIController extends OCSController {
  40. /** @var Helper */
  41. private $ldapHelper;
  42. /** @var ILogger */
  43. private $logger;
  44. /** @var ConnectionFactory */
  45. private $connectionFactory;
  46. public function __construct(
  47. $appName,
  48. IRequest $request,
  49. CapabilitiesManager $capabilitiesManager,
  50. IUserSession $userSession,
  51. IUserManager $userManager,
  52. Manager $keyManager,
  53. Helper $ldapHelper,
  54. ILogger $logger,
  55. ConnectionFactory $connectionFactory
  56. ) {
  57. parent::__construct(
  58. $appName,
  59. $request,
  60. $capabilitiesManager,
  61. $userSession,
  62. $userManager,
  63. $keyManager
  64. );
  65. $this->ldapHelper = $ldapHelper;
  66. $this->logger = $logger;
  67. $this->connectionFactory = $connectionFactory;
  68. }
  69. /**
  70. * Creates a new (empty) configuration and returns the resulting prefix
  71. *
  72. * Example: curl -X POST -H "OCS-APIREQUEST: true" -u $admin:$password \
  73. * https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config
  74. *
  75. * results in:
  76. *
  77. * <?xml version="1.0"?>
  78. * <ocs>
  79. * <meta>
  80. * <status>ok</status>
  81. * <statuscode>200</statuscode>
  82. * <message>OK</message>
  83. * </meta>
  84. * <data>
  85. * <configID>s40</configID>
  86. * </data>
  87. * </ocs>
  88. *
  89. * Failing example: if an exception is thrown (e.g. Database connection lost)
  90. * the detailed error will be logged. The output will then look like:
  91. *
  92. * <?xml version="1.0"?>
  93. * <ocs>
  94. * <meta>
  95. * <status>failure</status>
  96. * <statuscode>999</statuscode>
  97. * <message>An issue occurred when creating the new config.</message>
  98. * </meta>
  99. * <data/>
  100. * </ocs>
  101. *
  102. * For JSON output provide the format=json parameter
  103. *
  104. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  105. * @return DataResponse
  106. * @throws OCSException
  107. */
  108. public function create() {
  109. try {
  110. $configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix();
  111. $configHolder = new Configuration($configPrefix);
  112. $configHolder->ldapConfigurationActive = false;
  113. $configHolder->saveConfiguration();
  114. } catch (\Exception $e) {
  115. $this->logger->logException($e);
  116. throw new OCSException('An issue occurred when creating the new config.');
  117. }
  118. return new DataResponse(['configID' => $configPrefix]);
  119. }
  120. /**
  121. * Deletes a LDAP configuration, if present.
  122. *
  123. * Example:
  124. * curl -X DELETE -H "OCS-APIREQUEST: true" -u $admin:$password \
  125. * https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60
  126. *
  127. * <?xml version="1.0"?>
  128. * <ocs>
  129. * <meta>
  130. * <status>ok</status>
  131. * <statuscode>200</statuscode>
  132. * <message>OK</message>
  133. * </meta>
  134. * <data/>
  135. * </ocs>
  136. *
  137. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  138. * @param string $configID
  139. * @return DataResponse
  140. * @throws OCSBadRequestException
  141. * @throws OCSException
  142. */
  143. public function delete($configID) {
  144. try {
  145. $this->ensureConfigIDExists($configID);
  146. if (!$this->ldapHelper->deleteServerConfiguration($configID)) {
  147. throw new OCSException('Could not delete configuration');
  148. }
  149. } catch (OCSException $e) {
  150. throw $e;
  151. } catch (\Exception $e) {
  152. $this->logger->logException($e);
  153. throw new OCSException('An issue occurred when deleting the config.');
  154. }
  155. return new DataResponse();
  156. }
  157. /**
  158. * Modifies a configuration
  159. *
  160. * Example:
  161. * curl -X PUT -d "configData[ldapHost]=ldaps://my.ldap.server&configData[ldapPort]=636" \
  162. * -H "OCS-APIREQUEST: true" -u $admin:$password \
  163. * https://nextcloud.server/ocs/v2.php/apps/user_ldap/api/v1/config/s60
  164. *
  165. * <?xml version="1.0"?>
  166. * <ocs>
  167. * <meta>
  168. * <status>ok</status>
  169. * <statuscode>200</statuscode>
  170. * <message>OK</message>
  171. * </meta>
  172. * <data/>
  173. * </ocs>
  174. *
  175. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  176. * @param string $configID
  177. * @param array $configData
  178. * @return DataResponse
  179. * @throws OCSException
  180. */
  181. public function modify($configID, $configData) {
  182. try {
  183. $this->ensureConfigIDExists($configID);
  184. if (!is_array($configData)) {
  185. throw new OCSBadRequestException('configData is not properly set');
  186. }
  187. $configuration = new Configuration($configID);
  188. $configKeys = $configuration->getConfigTranslationArray();
  189. foreach ($configKeys as $i => $key) {
  190. if (isset($configData[$key])) {
  191. $configuration->$key = $configData[$key];
  192. }
  193. }
  194. $configuration->saveConfiguration();
  195. $this->connectionFactory->get($configID)->clearCache();
  196. } catch (OCSException $e) {
  197. throw $e;
  198. } catch (\Exception $e) {
  199. $this->logger->logException($e);
  200. throw new OCSException('An issue occurred when modifying the config.');
  201. }
  202. return new DataResponse();
  203. }
  204. /**
  205. * Retrieves a configuration
  206. *
  207. * <?xml version="1.0"?>
  208. * <ocs>
  209. * <meta>
  210. * <status>ok</status>
  211. * <statuscode>200</statuscode>
  212. * <message>OK</message>
  213. * </meta>
  214. * <data>
  215. * <ldapHost>ldaps://my.ldap.server</ldapHost>
  216. * <ldapPort>7770</ldapPort>
  217. * <ldapBackupHost></ldapBackupHost>
  218. * <ldapBackupPort></ldapBackupPort>
  219. * <ldapBase>ou=small,dc=my,dc=ldap,dc=server</ldapBase>
  220. * <ldapBaseUsers>ou=users,ou=small,dc=my,dc=ldap,dc=server</ldapBaseUsers>
  221. * <ldapBaseGroups>ou=small,dc=my,dc=ldap,dc=server</ldapBaseGroups>
  222. * <ldapAgentName>cn=root,dc=my,dc=ldap,dc=server</ldapAgentName>
  223. * <ldapAgentPassword>clearTextWithShowPassword=1</ldapAgentPassword>
  224. * <ldapTLS>1</ldapTLS>
  225. * <turnOffCertCheck>0</turnOffCertCheck>
  226. * <ldapIgnoreNamingRules/>
  227. * <ldapUserDisplayName>displayname</ldapUserDisplayName>
  228. * <ldapUserDisplayName2>uid</ldapUserDisplayName2>
  229. * <ldapUserFilterObjectclass>inetOrgPerson</ldapUserFilterObjectclass>
  230. * <ldapUserFilterGroups></ldapUserFilterGroups>
  231. * <ldapUserFilter>(&amp;(objectclass=nextcloudUser)(nextcloudEnabled=TRUE))</ldapUserFilter>
  232. * <ldapUserFilterMode>1</ldapUserFilterMode>
  233. * <ldapGroupFilter>(&amp;(|(objectclass=nextcloudGroup)))</ldapGroupFilter>
  234. * <ldapGroupFilterMode>0</ldapGroupFilterMode>
  235. * <ldapGroupFilterObjectclass>nextcloudGroup</ldapGroupFilterObjectclass>
  236. * <ldapGroupFilterGroups></ldapGroupFilterGroups>
  237. * <ldapGroupDisplayName>cn</ldapGroupDisplayName>
  238. * <ldapGroupMemberAssocAttr>memberUid</ldapGroupMemberAssocAttr>
  239. * <ldapLoginFilter>(&amp;(|(objectclass=inetOrgPerson))(uid=%uid))</ldapLoginFilter>
  240. * <ldapLoginFilterMode>0</ldapLoginFilterMode>
  241. * <ldapLoginFilterEmail>0</ldapLoginFilterEmail>
  242. * <ldapLoginFilterUsername>1</ldapLoginFilterUsername>
  243. * <ldapLoginFilterAttributes></ldapLoginFilterAttributes>
  244. * <ldapQuotaAttribute></ldapQuotaAttribute>
  245. * <ldapQuotaDefault></ldapQuotaDefault>
  246. * <ldapEmailAttribute>mail</ldapEmailAttribute>
  247. * <ldapCacheTTL>20</ldapCacheTTL>
  248. * <ldapUuidUserAttribute>auto</ldapUuidUserAttribute>
  249. * <ldapUuidGroupAttribute>auto</ldapUuidGroupAttribute>
  250. * <ldapOverrideMainServer></ldapOverrideMainServer>
  251. * <ldapConfigurationActive>1</ldapConfigurationActive>
  252. * <ldapAttributesForUserSearch>uid;sn;givenname</ldapAttributesForUserSearch>
  253. * <ldapAttributesForGroupSearch></ldapAttributesForGroupSearch>
  254. * <ldapExperiencedAdmin>0</ldapExperiencedAdmin>
  255. * <homeFolderNamingRule></homeFolderNamingRule>
  256. * <hasMemberOfFilterSupport></hasMemberOfFilterSupport>
  257. * <useMemberOfToDetectMembership>1</useMemberOfToDetectMembership>
  258. * <ldapExpertUsernameAttr>uid</ldapExpertUsernameAttr>
  259. * <ldapExpertUUIDUserAttr>uid</ldapExpertUUIDUserAttr>
  260. * <ldapExpertUUIDGroupAttr></ldapExpertUUIDGroupAttr>
  261. * <lastJpegPhotoLookup>0</lastJpegPhotoLookup>
  262. * <ldapNestedGroups>0</ldapNestedGroups>
  263. * <ldapPagingSize>500</ldapPagingSize>
  264. * <turnOnPasswordChange>1</turnOnPasswordChange>
  265. * <ldapDynamicGroupMemberURL></ldapDynamicGroupMemberURL>
  266. * </data>
  267. * </ocs>
  268. *
  269. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  270. * @param string $configID
  271. * @param bool|string $showPassword
  272. * @return DataResponse
  273. * @throws OCSException
  274. */
  275. public function show($configID, $showPassword = false) {
  276. try {
  277. $this->ensureConfigIDExists($configID);
  278. $config = new Configuration($configID);
  279. $data = $config->getConfiguration();
  280. if (!(int)$showPassword) {
  281. $data['ldapAgentPassword'] = '***';
  282. }
  283. foreach ($data as $key => $value) {
  284. if (is_array($value)) {
  285. $value = implode(';', $value);
  286. $data[$key] = $value;
  287. }
  288. }
  289. } catch (OCSException $e) {
  290. throw $e;
  291. } catch (\Exception $e) {
  292. $this->logger->logException($e);
  293. throw new OCSException('An issue occurred when modifying the config.');
  294. }
  295. return new DataResponse($data);
  296. }
  297. /**
  298. * If the given config ID is not available, an exception is thrown
  299. *
  300. * @AuthorizedAdminSetting(settings=OCA\User_LDAP\Settings\Admin)
  301. * @param string $configID
  302. * @throws OCSNotFoundException
  303. */
  304. private function ensureConfigIDExists($configID) {
  305. $prefixes = $this->ldapHelper->getServerConfigurationPrefixes();
  306. if (!in_array($configID, $prefixes, true)) {
  307. throw new OCSNotFoundException('Config ID not found');
  308. }
  309. }
  310. }