Manager.php 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. * @author Roger Szabo <roger.szabo@web.de>
  12. * @author Thomas Müller <thomas.mueller@tmit.eu>
  13. *
  14. * @license AGPL-3.0
  15. *
  16. * This code is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU Affero General Public License, version 3,
  18. * as published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful,
  21. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. * GNU Affero General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU Affero General Public License, version 3,
  26. * along with this program. If not, see <http://www.gnu.org/licenses/>
  27. *
  28. */
  29. namespace OCA\User_LDAP\User;
  30. use OCP\Cache\CappedMemoryCache;
  31. use OCA\User_LDAP\Access;
  32. use OCA\User_LDAP\FilesystemHelper;
  33. use OCP\IAvatarManager;
  34. use OCP\IConfig;
  35. use OCP\IDBConnection;
  36. use OCP\Image;
  37. use OCP\IUserManager;
  38. use OCP\Notification\IManager as INotificationManager;
  39. use OCP\Share\IManager;
  40. use Psr\Log\LoggerInterface;
  41. /**
  42. * Manager
  43. *
  44. * upon request, returns an LDAP user object either by creating or from run-time
  45. * cache
  46. */
  47. class Manager {
  48. protected ?Access $access = null;
  49. protected IConfig $ocConfig;
  50. protected IDBConnection $db;
  51. protected IUserManager $userManager;
  52. protected INotificationManager $notificationManager;
  53. protected FilesystemHelper $ocFilesystem;
  54. protected LoggerInterface $logger;
  55. protected Image $image;
  56. protected IAvatarManager $avatarManager;
  57. /** @var CappedMemoryCache<User> $usersByDN */
  58. protected CappedMemoryCache $usersByDN;
  59. /** @var CappedMemoryCache<User> $usersByUid */
  60. protected CappedMemoryCache $usersByUid;
  61. private IManager $shareManager;
  62. public function __construct(
  63. IConfig $ocConfig,
  64. FilesystemHelper $ocFilesystem,
  65. LoggerInterface $logger,
  66. IAvatarManager $avatarManager,
  67. Image $image,
  68. IUserManager $userManager,
  69. INotificationManager $notificationManager,
  70. IManager $shareManager
  71. ) {
  72. $this->ocConfig = $ocConfig;
  73. $this->ocFilesystem = $ocFilesystem;
  74. $this->logger = $logger;
  75. $this->avatarManager = $avatarManager;
  76. $this->image = $image;
  77. $this->userManager = $userManager;
  78. $this->notificationManager = $notificationManager;
  79. $this->usersByDN = new CappedMemoryCache();
  80. $this->usersByUid = new CappedMemoryCache();
  81. $this->shareManager = $shareManager;
  82. }
  83. /**
  84. * Binds manager to an instance of Access.
  85. * It needs to be assigned first before the manager can be used.
  86. * @param Access
  87. */
  88. public function setLdapAccess(Access $access) {
  89. $this->access = $access;
  90. }
  91. /**
  92. * @brief creates an instance of User and caches (just runtime) it in the
  93. * property array
  94. * @param string $dn the DN of the user
  95. * @param string $uid the internal (owncloud) username
  96. * @return \OCA\User_LDAP\User\User
  97. */
  98. private function createAndCache($dn, $uid) {
  99. $this->checkAccess();
  100. $user = new User($uid, $dn, $this->access, $this->ocConfig,
  101. $this->ocFilesystem, clone $this->image, $this->logger,
  102. $this->avatarManager, $this->userManager,
  103. $this->notificationManager);
  104. $this->usersByDN[$dn] = $user;
  105. $this->usersByUid[$uid] = $user;
  106. return $user;
  107. }
  108. /**
  109. * removes a user entry from the cache
  110. * @param $uid
  111. */
  112. public function invalidate($uid) {
  113. if (!isset($this->usersByUid[$uid])) {
  114. return;
  115. }
  116. $dn = $this->usersByUid[$uid]->getDN();
  117. unset($this->usersByUid[$uid]);
  118. unset($this->usersByDN[$dn]);
  119. }
  120. /**
  121. * @brief checks whether the Access instance has been set
  122. * @throws \Exception if Access has not been set
  123. * @return null
  124. */
  125. private function checkAccess() {
  126. if (is_null($this->access)) {
  127. throw new \Exception('LDAP Access instance must be set first');
  128. }
  129. }
  130. /**
  131. * returns a list of attributes that will be processed further, e.g. quota,
  132. * email, displayname, or others.
  133. *
  134. * @param bool $minimal - optional, set to true to skip attributes with big
  135. * payload
  136. * @return string[]
  137. */
  138. public function getAttributes($minimal = false) {
  139. $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']);
  140. $attributes = [
  141. $this->access->getConnection()->ldapExpertUUIDUserAttr,
  142. $this->access->getConnection()->ldapQuotaAttribute,
  143. $this->access->getConnection()->ldapEmailAttribute,
  144. $this->access->getConnection()->ldapUserDisplayName,
  145. $this->access->getConnection()->ldapUserDisplayName2,
  146. $this->access->getConnection()->ldapExtStorageHomeAttribute,
  147. ];
  148. $homeRule = (string)$this->access->getConnection()->homeFolderNamingRule;
  149. if (strpos($homeRule, 'attr:') === 0) {
  150. $attributes[] = substr($homeRule, strlen('attr:'));
  151. }
  152. if (!$minimal) {
  153. // attributes that are not really important but may come with big
  154. // payload.
  155. $attributes = array_merge(
  156. $attributes,
  157. $this->access->getConnection()->resolveRule('avatar')
  158. );
  159. }
  160. $attributes = array_reduce($attributes,
  161. function ($list, $attribute) {
  162. $attribute = strtolower(trim((string)$attribute));
  163. if (!empty($attribute) && !in_array($attribute, $list)) {
  164. $list[] = $attribute;
  165. }
  166. return $list;
  167. },
  168. $baseAttributes // hard-coded, lower-case, non-empty attributes
  169. );
  170. return $attributes;
  171. }
  172. /**
  173. * Checks whether the specified user is marked as deleted
  174. * @param string $id the Nextcloud user name
  175. * @return bool
  176. */
  177. public function isDeletedUser($id) {
  178. $isDeleted = $this->ocConfig->getUserValue(
  179. $id, 'user_ldap', 'isDeleted', 0);
  180. return (int)$isDeleted === 1;
  181. }
  182. /**
  183. * creates and returns an instance of OfflineUser for the specified user
  184. * @param string $id
  185. * @return \OCA\User_LDAP\User\OfflineUser
  186. */
  187. public function getDeletedUser($id) {
  188. return new OfflineUser(
  189. $id,
  190. $this->ocConfig,
  191. $this->access->getUserMapper(),
  192. $this->shareManager
  193. );
  194. }
  195. /**
  196. * @brief returns a User object by its Nextcloud username
  197. * @param string $id the DN or username of the user
  198. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  199. */
  200. protected function createInstancyByUserName($id) {
  201. //most likely a uid. Check whether it is a deleted user
  202. if ($this->isDeletedUser($id)) {
  203. return $this->getDeletedUser($id);
  204. }
  205. $dn = $this->access->username2dn($id);
  206. if ($dn !== false) {
  207. return $this->createAndCache($dn, $id);
  208. }
  209. return null;
  210. }
  211. /**
  212. * @brief returns a User object by its DN or Nextcloud username
  213. * @param string $id the DN or username of the user
  214. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  215. * @throws \Exception when connection could not be established
  216. */
  217. public function get($id) {
  218. $this->checkAccess();
  219. if (isset($this->usersByDN[$id])) {
  220. return $this->usersByDN[$id];
  221. } elseif (isset($this->usersByUid[$id])) {
  222. return $this->usersByUid[$id];
  223. }
  224. if ($this->access->stringResemblesDN($id)) {
  225. $uid = $this->access->dn2username($id);
  226. if ($uid !== false) {
  227. return $this->createAndCache($id, $uid);
  228. }
  229. }
  230. return $this->createInstancyByUserName($id);
  231. }
  232. }