CheckGroup.php 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Côme Chilliet <come.chilliet@nextcloud.com>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Roeland Jago Douma <roeland@famdouma.nl>
  12. *
  13. * @license AGPL-3.0
  14. *
  15. * This code is free software: you can redistribute it and/or modify
  16. * it under the terms of the GNU Affero General Public License, version 3,
  17. * as published by the Free Software Foundation.
  18. *
  19. * This program is distributed in the hope that it will be useful,
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  22. * GNU Affero General Public License for more details.
  23. *
  24. * You should have received a copy of the GNU Affero General Public License, version 3,
  25. * along with this program. If not, see <http://www.gnu.org/licenses/>
  26. *
  27. */
  28. namespace OCA\User_LDAP\Command;
  29. use OCA\User_LDAP\Group_Proxy;
  30. use OCA\User_LDAP\Helper;
  31. use OCA\User_LDAP\Mapping\GroupMapping;
  32. use OCA\User_LDAP\Service\UpdateGroupsService;
  33. use OCP\EventDispatcher\IEventDispatcher;
  34. use OCP\Group\Events\GroupCreatedEvent;
  35. use OCP\Group\Events\UserAddedEvent;
  36. use OCP\Group\Events\UserRemovedEvent;
  37. use Symfony\Component\Console\Command\Command;
  38. use Symfony\Component\Console\Input\InputArgument;
  39. use Symfony\Component\Console\Input\InputInterface;
  40. use Symfony\Component\Console\Input\InputOption;
  41. use Symfony\Component\Console\Output\OutputInterface;
  42. class CheckGroup extends Command {
  43. public function __construct(
  44. private UpdateGroupsService $service,
  45. protected Group_Proxy $backend,
  46. protected Helper $helper,
  47. protected GroupMapping $mapping,
  48. protected IEventDispatcher $dispatcher,
  49. ) {
  50. parent::__construct();
  51. }
  52. protected function configure(): void {
  53. $this
  54. ->setName('ldap:check-group')
  55. ->setDescription('checks whether a group exists on LDAP.')
  56. ->addArgument(
  57. 'ocName',
  58. InputArgument::REQUIRED,
  59. 'the group name as used in Nextcloud, or the LDAP DN'
  60. )
  61. ->addOption(
  62. 'force',
  63. null,
  64. InputOption::VALUE_NONE,
  65. 'ignores disabled LDAP configuration'
  66. )
  67. ->addOption(
  68. 'update',
  69. null,
  70. InputOption::VALUE_NONE,
  71. 'syncs values from LDAP'
  72. )
  73. ;
  74. }
  75. protected function execute(InputInterface $input, OutputInterface $output): int {
  76. $this->dispatcher->addListener(GroupCreatedEvent::class, fn ($event) => $this->onGroupCreatedEvent($event, $output));
  77. $this->dispatcher->addListener(UserAddedEvent::class, fn ($event) => $this->onUserAddedEvent($event, $output));
  78. $this->dispatcher->addListener(UserRemovedEvent::class, fn ($event) => $this->onUserRemovedEvent($event, $output));
  79. try {
  80. $this->assertAllowed($input->getOption('force'));
  81. $gid = $input->getArgument('ocName');
  82. $wasMapped = $this->groupWasMapped($gid);
  83. if ($this->backend->getLDAPAccess($gid)->stringResemblesDN($gid)) {
  84. $groupname = $this->backend->dn2GroupName($gid);
  85. if ($groupname !== false) {
  86. $gid = $groupname;
  87. }
  88. }
  89. /* Search to trigger mapping for new groups */
  90. $this->backend->getGroups($gid);
  91. $exists = $this->backend->groupExistsOnLDAP($gid, true);
  92. if ($exists === true) {
  93. $output->writeln('The group is still available on LDAP.');
  94. if ($input->getOption('update')) {
  95. $this->backend->getLDAPAccess($gid)->connection->clearCache();
  96. if ($wasMapped) {
  97. $this->service->handleKnownGroups([$gid]);
  98. } else {
  99. $this->service->handleCreatedGroups([$gid]);
  100. }
  101. }
  102. return 0;
  103. } elseif ($wasMapped) {
  104. $output->writeln('The group does not exist on LDAP anymore.');
  105. if ($input->getOption('update')) {
  106. $this->backend->getLDAPAccess($gid)->connection->clearCache();
  107. $this->service->handleRemovedGroups([$gid]);
  108. }
  109. return 0;
  110. } else {
  111. throw new \Exception('The given group is not a recognized LDAP group.');
  112. }
  113. } catch (\Exception $e) {
  114. $output->writeln('<error>' . $e->getMessage(). '</error>');
  115. return 1;
  116. }
  117. }
  118. public function onGroupCreatedEvent(GroupCreatedEvent $event, OutputInterface $output): void {
  119. $output->writeln('<info>The group '.$event->getGroup()->getGID().' was added to Nextcloud with '.$event->getGroup()->count().' users</info>');
  120. }
  121. public function onUserAddedEvent(UserAddedEvent $event, OutputInterface $output): void {
  122. $user = $event->getUser();
  123. $group = $event->getGroup();
  124. $output->writeln('<info>The user '.$user->getUID().' was added to group '.$group->getGID().'</info>');
  125. }
  126. public function onUserRemovedEvent(UserRemovedEvent $event, OutputInterface $output): void {
  127. $user = $event->getUser();
  128. $group = $event->getGroup();
  129. $output->writeln('<info>The user '.$user->getUID().' was removed from group '.$group->getGID().'</info>');
  130. }
  131. /**
  132. * checks whether a group is actually mapped
  133. * @param string $gid the groupname as passed to the command
  134. */
  135. protected function groupWasMapped(string $gid): bool {
  136. $dn = $this->mapping->getDNByName($gid);
  137. if ($dn !== false) {
  138. return true;
  139. }
  140. $name = $this->mapping->getNameByDN($gid);
  141. return $name !== false;
  142. }
  143. /**
  144. * checks whether the setup allows reliable checking of LDAP group existence
  145. * @throws \Exception
  146. */
  147. protected function assertAllowed(bool $force): void {
  148. if ($this->helper->haveDisabledConfigurations() && !$force) {
  149. throw new \Exception('Cannot check group existence, because '
  150. . 'disabled LDAP configurations are present.');
  151. }
  152. // we don't check ldapUserCleanupInterval from config.php because this
  153. // action is triggered manually, while the setting only controls the
  154. // background job.
  155. }
  156. private function updateGroup(string $gid, OutputInterface $output, bool $wasMapped): void {
  157. try {
  158. if ($wasMapped) {
  159. $this->service->handleKnownGroups([$gid]);
  160. } else {
  161. $this->service->handleCreatedGroups([$gid]);
  162. }
  163. } catch (\Exception $e) {
  164. $output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>');
  165. }
  166. }
  167. }