1
0

Manager.php 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\User_LDAP\User;
  8. use OCA\User_LDAP\Access;
  9. use OCA\User_LDAP\FilesystemHelper;
  10. use OCP\Cache\CappedMemoryCache;
  11. use OCP\IAvatarManager;
  12. use OCP\IConfig;
  13. use OCP\IDBConnection;
  14. use OCP\Image;
  15. use OCP\IUserManager;
  16. use OCP\Notification\IManager as INotificationManager;
  17. use OCP\Share\IManager;
  18. use Psr\Log\LoggerInterface;
  19. /**
  20. * Manager
  21. *
  22. * upon request, returns an LDAP user object either by creating or from run-time
  23. * cache
  24. */
  25. class Manager {
  26. protected ?Access $access = null;
  27. protected IConfig $ocConfig;
  28. protected IDBConnection $db;
  29. protected IUserManager $userManager;
  30. protected INotificationManager $notificationManager;
  31. protected FilesystemHelper $ocFilesystem;
  32. protected LoggerInterface $logger;
  33. protected Image $image;
  34. protected IAvatarManager $avatarManager;
  35. /** @var CappedMemoryCache<User> $usersByDN */
  36. protected CappedMemoryCache $usersByDN;
  37. /** @var CappedMemoryCache<User> $usersByUid */
  38. protected CappedMemoryCache $usersByUid;
  39. private IManager $shareManager;
  40. public function __construct(
  41. IConfig $ocConfig,
  42. FilesystemHelper $ocFilesystem,
  43. LoggerInterface $logger,
  44. IAvatarManager $avatarManager,
  45. Image $image,
  46. IUserManager $userManager,
  47. INotificationManager $notificationManager,
  48. IManager $shareManager
  49. ) {
  50. $this->ocConfig = $ocConfig;
  51. $this->ocFilesystem = $ocFilesystem;
  52. $this->logger = $logger;
  53. $this->avatarManager = $avatarManager;
  54. $this->image = $image;
  55. $this->userManager = $userManager;
  56. $this->notificationManager = $notificationManager;
  57. $this->usersByDN = new CappedMemoryCache();
  58. $this->usersByUid = new CappedMemoryCache();
  59. $this->shareManager = $shareManager;
  60. }
  61. /**
  62. * Binds manager to an instance of Access.
  63. * It needs to be assigned first before the manager can be used.
  64. * @param Access
  65. */
  66. public function setLdapAccess(Access $access) {
  67. $this->access = $access;
  68. }
  69. /**
  70. * @brief creates an instance of User and caches (just runtime) it in the
  71. * property array
  72. * @param string $dn the DN of the user
  73. * @param string $uid the internal (owncloud) username
  74. * @return \OCA\User_LDAP\User\User
  75. */
  76. private function createAndCache($dn, $uid) {
  77. $this->checkAccess();
  78. $user = new User($uid, $dn, $this->access, $this->ocConfig,
  79. $this->ocFilesystem, clone $this->image, $this->logger,
  80. $this->avatarManager, $this->userManager,
  81. $this->notificationManager);
  82. $this->usersByDN[$dn] = $user;
  83. $this->usersByUid[$uid] = $user;
  84. return $user;
  85. }
  86. /**
  87. * removes a user entry from the cache
  88. * @param $uid
  89. */
  90. public function invalidate($uid) {
  91. if (!isset($this->usersByUid[$uid])) {
  92. return;
  93. }
  94. $dn = $this->usersByUid[$uid]->getDN();
  95. unset($this->usersByUid[$uid]);
  96. unset($this->usersByDN[$dn]);
  97. }
  98. /**
  99. * @brief checks whether the Access instance has been set
  100. * @throws \Exception if Access has not been set
  101. * @return null
  102. */
  103. private function checkAccess() {
  104. if (is_null($this->access)) {
  105. throw new \Exception('LDAP Access instance must be set first');
  106. }
  107. }
  108. /**
  109. * returns a list of attributes that will be processed further, e.g. quota,
  110. * email, displayname, or others.
  111. *
  112. * @param bool $minimal - optional, set to true to skip attributes with big
  113. * payload
  114. * @return string[]
  115. */
  116. public function getAttributes($minimal = false) {
  117. $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']);
  118. $attributes = [
  119. $this->access->getConnection()->ldapExpertUUIDUserAttr,
  120. $this->access->getConnection()->ldapQuotaAttribute,
  121. $this->access->getConnection()->ldapEmailAttribute,
  122. $this->access->getConnection()->ldapUserDisplayName,
  123. $this->access->getConnection()->ldapUserDisplayName2,
  124. $this->access->getConnection()->ldapExtStorageHomeAttribute,
  125. $this->access->getConnection()->ldapAttributePhone,
  126. $this->access->getConnection()->ldapAttributeWebsite,
  127. $this->access->getConnection()->ldapAttributeAddress,
  128. $this->access->getConnection()->ldapAttributeTwitter,
  129. $this->access->getConnection()->ldapAttributeFediverse,
  130. $this->access->getConnection()->ldapAttributeOrganisation,
  131. $this->access->getConnection()->ldapAttributeRole,
  132. $this->access->getConnection()->ldapAttributeHeadline,
  133. $this->access->getConnection()->ldapAttributeBiography,
  134. $this->access->getConnection()->ldapAttributeBirthDate,
  135. ];
  136. $homeRule = (string)$this->access->getConnection()->homeFolderNamingRule;
  137. if (str_starts_with($homeRule, 'attr:')) {
  138. $attributes[] = substr($homeRule, strlen('attr:'));
  139. }
  140. if (!$minimal) {
  141. // attributes that are not really important but may come with big
  142. // payload.
  143. $attributes = array_merge(
  144. $attributes,
  145. $this->access->getConnection()->resolveRule('avatar')
  146. );
  147. }
  148. $attributes = array_reduce($attributes,
  149. function ($list, $attribute) {
  150. $attribute = strtolower(trim((string)$attribute));
  151. if (!empty($attribute) && !in_array($attribute, $list)) {
  152. $list[] = $attribute;
  153. }
  154. return $list;
  155. },
  156. $baseAttributes // hard-coded, lower-case, non-empty attributes
  157. );
  158. return $attributes;
  159. }
  160. /**
  161. * Checks whether the specified user is marked as deleted
  162. * @param string $id the Nextcloud user name
  163. * @return bool
  164. */
  165. public function isDeletedUser($id) {
  166. $isDeleted = $this->ocConfig->getUserValue(
  167. $id, 'user_ldap', 'isDeleted', 0);
  168. return (int)$isDeleted === 1;
  169. }
  170. /**
  171. * creates and returns an instance of OfflineUser for the specified user
  172. * @param string $id
  173. * @return \OCA\User_LDAP\User\OfflineUser
  174. */
  175. public function getDeletedUser($id) {
  176. return new OfflineUser(
  177. $id,
  178. $this->ocConfig,
  179. $this->access->getUserMapper(),
  180. $this->shareManager
  181. );
  182. }
  183. /**
  184. * @brief returns a User object by its Nextcloud username
  185. * @param string $id the DN or username of the user
  186. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  187. */
  188. protected function createInstancyByUserName($id) {
  189. //most likely a uid. Check whether it is a deleted user
  190. if ($this->isDeletedUser($id)) {
  191. return $this->getDeletedUser($id);
  192. }
  193. $dn = $this->access->username2dn($id);
  194. if ($dn !== false) {
  195. return $this->createAndCache($dn, $id);
  196. }
  197. return null;
  198. }
  199. /**
  200. * @brief returns a User object by its DN or Nextcloud username
  201. * @param string $id the DN or username of the user
  202. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  203. * @throws \Exception when connection could not be established
  204. */
  205. public function get($id) {
  206. $this->checkAccess();
  207. if (isset($this->usersByDN[$id])) {
  208. return $this->usersByDN[$id];
  209. } elseif (isset($this->usersByUid[$id])) {
  210. return $this->usersByUid[$id];
  211. }
  212. if ($this->access->stringResemblesDN($id)) {
  213. $uid = $this->access->dn2username($id);
  214. if ($uid !== false) {
  215. return $this->createAndCache($id, $uid);
  216. }
  217. }
  218. return $this->createInstancyByUserName($id);
  219. }
  220. }