Manager.php 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\User_LDAP\User;
  8. use OCA\User_LDAP\Access;
  9. use OCA\User_LDAP\FilesystemHelper;
  10. use OCP\Cache\CappedMemoryCache;
  11. use OCP\IAvatarManager;
  12. use OCP\IConfig;
  13. use OCP\IDBConnection;
  14. use OCP\Image;
  15. use OCP\IUserManager;
  16. use OCP\Notification\IManager as INotificationManager;
  17. use OCP\Share\IManager;
  18. use Psr\Log\LoggerInterface;
  19. /**
  20. * Manager
  21. *
  22. * upon request, returns an LDAP user object either by creating or from run-time
  23. * cache
  24. */
  25. class Manager {
  26. protected ?Access $access = null;
  27. protected IConfig $ocConfig;
  28. protected IDBConnection $db;
  29. protected IUserManager $userManager;
  30. protected INotificationManager $notificationManager;
  31. protected FilesystemHelper $ocFilesystem;
  32. protected LoggerInterface $logger;
  33. protected Image $image;
  34. protected IAvatarManager $avatarManager;
  35. /** @var CappedMemoryCache<User> $usersByDN */
  36. protected CappedMemoryCache $usersByDN;
  37. /** @var CappedMemoryCache<User> $usersByUid */
  38. protected CappedMemoryCache $usersByUid;
  39. private IManager $shareManager;
  40. public function __construct(
  41. IConfig $ocConfig,
  42. FilesystemHelper $ocFilesystem,
  43. LoggerInterface $logger,
  44. IAvatarManager $avatarManager,
  45. Image $image,
  46. IUserManager $userManager,
  47. INotificationManager $notificationManager,
  48. IManager $shareManager,
  49. ) {
  50. $this->ocConfig = $ocConfig;
  51. $this->ocFilesystem = $ocFilesystem;
  52. $this->logger = $logger;
  53. $this->avatarManager = $avatarManager;
  54. $this->image = $image;
  55. $this->userManager = $userManager;
  56. $this->notificationManager = $notificationManager;
  57. $this->usersByDN = new CappedMemoryCache();
  58. $this->usersByUid = new CappedMemoryCache();
  59. $this->shareManager = $shareManager;
  60. }
  61. /**
  62. * Binds manager to an instance of Access.
  63. * It needs to be assigned first before the manager can be used.
  64. * @param Access
  65. */
  66. public function setLdapAccess(Access $access) {
  67. $this->access = $access;
  68. }
  69. /**
  70. * @brief creates an instance of User and caches (just runtime) it in the
  71. * property array
  72. * @param string $dn the DN of the user
  73. * @param string $uid the internal (owncloud) username
  74. * @return \OCA\User_LDAP\User\User
  75. */
  76. private function createAndCache($dn, $uid) {
  77. $this->checkAccess();
  78. $user = new User($uid, $dn, $this->access, $this->ocConfig,
  79. $this->ocFilesystem, clone $this->image, $this->logger,
  80. $this->avatarManager, $this->userManager,
  81. $this->notificationManager);
  82. $this->usersByDN[$dn] = $user;
  83. $this->usersByUid[$uid] = $user;
  84. return $user;
  85. }
  86. /**
  87. * removes a user entry from the cache
  88. * @param $uid
  89. */
  90. public function invalidate($uid) {
  91. if (!isset($this->usersByUid[$uid])) {
  92. return;
  93. }
  94. $dn = $this->usersByUid[$uid]->getDN();
  95. unset($this->usersByUid[$uid]);
  96. unset($this->usersByDN[$dn]);
  97. }
  98. /**
  99. * @brief checks whether the Access instance has been set
  100. * @throws \Exception if Access has not been set
  101. * @psalm-assert !null $this->access
  102. * @return null
  103. */
  104. private function checkAccess() {
  105. if (is_null($this->access)) {
  106. throw new \Exception('LDAP Access instance must be set first');
  107. }
  108. }
  109. /**
  110. * returns a list of attributes that will be processed further, e.g. quota,
  111. * email, displayname, or others.
  112. *
  113. * @param bool $minimal - optional, set to true to skip attributes with big
  114. * payload
  115. * @return string[]
  116. */
  117. public function getAttributes($minimal = false) {
  118. $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']);
  119. $attributes = [
  120. $this->access->getConnection()->ldapExpertUUIDUserAttr,
  121. $this->access->getConnection()->ldapQuotaAttribute,
  122. $this->access->getConnection()->ldapEmailAttribute,
  123. $this->access->getConnection()->ldapUserDisplayName,
  124. $this->access->getConnection()->ldapUserDisplayName2,
  125. $this->access->getConnection()->ldapExtStorageHomeAttribute,
  126. $this->access->getConnection()->ldapAttributePhone,
  127. $this->access->getConnection()->ldapAttributeWebsite,
  128. $this->access->getConnection()->ldapAttributeAddress,
  129. $this->access->getConnection()->ldapAttributeTwitter,
  130. $this->access->getConnection()->ldapAttributeFediverse,
  131. $this->access->getConnection()->ldapAttributeOrganisation,
  132. $this->access->getConnection()->ldapAttributeRole,
  133. $this->access->getConnection()->ldapAttributeHeadline,
  134. $this->access->getConnection()->ldapAttributeBiography,
  135. $this->access->getConnection()->ldapAttributeBirthDate,
  136. $this->access->getConnection()->ldapAttributePronouns,
  137. ];
  138. $homeRule = (string)$this->access->getConnection()->homeFolderNamingRule;
  139. if (str_starts_with($homeRule, 'attr:')) {
  140. $attributes[] = substr($homeRule, strlen('attr:'));
  141. }
  142. if (!$minimal) {
  143. // attributes that are not really important but may come with big
  144. // payload.
  145. $attributes = array_merge(
  146. $attributes,
  147. $this->access->getConnection()->resolveRule('avatar')
  148. );
  149. }
  150. $attributes = array_reduce($attributes,
  151. function ($list, $attribute) {
  152. $attribute = strtolower(trim((string)$attribute));
  153. if (!empty($attribute) && !in_array($attribute, $list)) {
  154. $list[] = $attribute;
  155. }
  156. return $list;
  157. },
  158. $baseAttributes // hard-coded, lower-case, non-empty attributes
  159. );
  160. return $attributes;
  161. }
  162. /**
  163. * Checks whether the specified user is marked as deleted
  164. * @param string $id the Nextcloud user name
  165. * @return bool
  166. */
  167. public function isDeletedUser($id) {
  168. $isDeleted = $this->ocConfig->getUserValue(
  169. $id, 'user_ldap', 'isDeleted', 0);
  170. return (int)$isDeleted === 1;
  171. }
  172. /**
  173. * creates and returns an instance of OfflineUser for the specified user
  174. * @param string $id
  175. * @return \OCA\User_LDAP\User\OfflineUser
  176. */
  177. public function getDeletedUser($id) {
  178. return new OfflineUser(
  179. $id,
  180. $this->ocConfig,
  181. $this->access->getUserMapper(),
  182. $this->shareManager
  183. );
  184. }
  185. /**
  186. * @brief returns a User object by its Nextcloud username
  187. * @param string $id the DN or username of the user
  188. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  189. */
  190. protected function createInstancyByUserName($id) {
  191. //most likely a uid. Check whether it is a deleted user
  192. if ($this->isDeletedUser($id)) {
  193. return $this->getDeletedUser($id);
  194. }
  195. $dn = $this->access->username2dn($id);
  196. if ($dn !== false) {
  197. return $this->createAndCache($dn, $id);
  198. }
  199. return null;
  200. }
  201. /**
  202. * @brief returns a User object by its DN or Nextcloud username
  203. * @param string $id the DN or username of the user
  204. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  205. * @throws \Exception when connection could not be established
  206. */
  207. public function get($id) {
  208. $this->checkAccess();
  209. if (isset($this->usersByDN[$id])) {
  210. return $this->usersByDN[$id];
  211. } elseif (isset($this->usersByUid[$id])) {
  212. return $this->usersByUid[$id];
  213. }
  214. if ($this->access->stringResemblesDN($id)) {
  215. $uid = $this->access->dn2username($id);
  216. if ($uid !== false) {
  217. return $this->createAndCache($id, $uid);
  218. }
  219. }
  220. return $this->createInstancyByUserName($id);
  221. }
  222. /**
  223. * @brief Checks whether a User object by its DN or Nextcloud username exists
  224. * @param string $id the DN or username of the user
  225. * @throws \Exception when connection could not be established
  226. */
  227. public function exists($id): bool {
  228. $this->checkAccess();
  229. $this->logger->debug('Checking if {id} exists', ['id' => $id]);
  230. if (isset($this->usersByDN[$id])) {
  231. return true;
  232. } elseif (isset($this->usersByUid[$id])) {
  233. return true;
  234. }
  235. if ($this->access->stringResemblesDN($id)) {
  236. $this->logger->debug('{id} looks like a dn', ['id' => $id]);
  237. $uid = $this->access->dn2username($id);
  238. if ($uid !== false) {
  239. return true;
  240. }
  241. }
  242. // Most likely a uid. Check whether it is a deleted user
  243. if ($this->isDeletedUser($id)) {
  244. return true;
  245. }
  246. $dn = $this->access->username2dn($id);
  247. if ($dn !== false) {
  248. return true;
  249. }
  250. return false;
  251. }
  252. }