123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696 |
- <?php
- /**
- * @author Aldo "xoen" Giambelluca <xoen@xoen.org>
- * @author Andreas Fischer <bantu@owncloud.com>
- * @author Arthur Schiwon <blizzz@owncloud.com>
- * @author Bartek Przybylski <bart.p.pl@gmail.com>
- * @author Bart Visscher <bartv@thisnet.nl>
- * @author Björn Schießle <schiessle@owncloud.com>
- * @author Dominik Schmidt <dev@dominik-schmidt.de>
- * @author Florian Preinstorfer <nblock@archlinux.us>
- * @author Georg Ehrke <georg@owncloud.com>
- * @author Jakob Sack <mail@jakobsack.de>
- * @author Jörn Friedrich Dreyer <jfd@butonic.de>
- * @author Lukas Reschke <lukas@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Robin Appelman <icewind@owncloud.com>
- * @author Robin McCorkell <rmccorkell@karoshi.org.uk>
- * @author Scrutinizer Auto-Fixer <auto-fixer@scrutinizer-ci.com>
- * @author shkdee <louis.traynard@m4x.org>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- * @author Tom Needham <tom@owncloud.com>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- *
- * @copyright Copyright (c) 2015, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- /**
- * This class provides wrapper methods for user management. Multiple backends are
- * supported. User management operations are delegated to the configured backend for
- * execution.
- *
- * Hooks provided:
- * pre_createUser(&run, uid, password)
- * post_createUser(uid, password)
- * pre_deleteUser(&run, uid)
- * post_deleteUser(uid)
- * pre_setPassword(&run, uid, password, recoveryPassword)
- * post_setPassword(uid, password, recoveryPassword)
- * pre_login(&run, uid, password)
- * post_login(uid)
- * logout()
- */
- class OC_User {
- /**
- * @return \OC\User\Session
- */
- public static function getUserSession() {
- return OC::$server->getUserSession();
- }
- /**
- * @return \OC\User\Manager
- * @deprecated Use \OC::$server->getUserManager()
- */
- public static function getManager() {
- return OC::$server->getUserManager();
- }
- private static $_backends = array();
- private static $_usedBackends = array();
- private static $_setupedBackends = array();
- // bool, stores if a user want to access a resource anonymously, e.g if he opens a public link
- private static $incognitoMode = false;
- /**
- * registers backend
- *
- * @param string $backend name of the backend
- * @deprecated Add classes by calling OC_User::useBackend() with a class instance instead
- * @return bool
- *
- * Makes a list of backends that can be used by other modules
- */
- public static function registerBackend($backend) {
- self::$_backends[] = $backend;
- return true;
- }
- /**
- * gets available backends
- *
- * @deprecated
- * @return array an array of backends
- *
- * Returns the names of all backends.
- */
- public static function getBackends() {
- return self::$_backends;
- }
- /**
- * gets used backends
- *
- * @deprecated
- * @return array an array of backends
- *
- * Returns the names of all used backends.
- */
- public static function getUsedBackends() {
- return array_keys(self::$_usedBackends);
- }
- /**
- * Adds the backend to the list of used backends
- *
- * @param string|OC_User_Interface $backend default: database The backend to use for user management
- * @return bool
- *
- * Set the User Authentication Module
- */
- public static function useBackend($backend = 'database') {
- if ($backend instanceof OC_User_Interface) {
- self::$_usedBackends[get_class($backend)] = $backend;
- self::getManager()->registerBackend($backend);
- } else {
- // You'll never know what happens
- if (null === $backend OR !is_string($backend)) {
- $backend = 'database';
- }
- // Load backend
- switch ($backend) {
- case 'database':
- case 'mysql':
- case 'sqlite':
- OC_Log::write('core', 'Adding user backend ' . $backend . '.', OC_Log::DEBUG);
- self::$_usedBackends[$backend] = new OC_User_Database();
- self::getManager()->registerBackend(self::$_usedBackends[$backend]);
- break;
- default:
- OC_Log::write('core', 'Adding default user backend ' . $backend . '.', OC_Log::DEBUG);
- $className = 'OC_USER_' . strToUpper($backend);
- self::$_usedBackends[$backend] = new $className();
- self::getManager()->registerBackend(self::$_usedBackends[$backend]);
- break;
- }
- }
- return true;
- }
- /**
- * remove all used backends
- */
- public static function clearBackends() {
- self::$_usedBackends = array();
- self::getManager()->clearBackends();
- }
- /**
- * setup the configured backends in config.php
- */
- public static function setupBackends() {
- OC_App::loadApps(array('prelogin'));
- $backends = OC_Config::getValue('user_backends', array());
- foreach ($backends as $i => $config) {
- $class = $config['class'];
- $arguments = $config['arguments'];
- if (class_exists($class)) {
- if (array_search($i, self::$_setupedBackends) === false) {
- // make a reflection object
- $reflectionObj = new ReflectionClass($class);
- // use Reflection to create a new instance, using the $args
- $backend = $reflectionObj->newInstanceArgs($arguments);
- self::useBackend($backend);
- self::$_setupedBackends[] = $i;
- } else {
- OC_Log::write('core', 'User backend ' . $class . ' already initialized.', OC_Log::DEBUG);
- }
- } else {
- OC_Log::write('core', 'User backend ' . $class . ' not found.', OC_Log::ERROR);
- }
- }
- }
- /**
- * Create a new user
- *
- * @param string $uid The username of the user to create
- * @param string $password The password of the new user
- * @throws Exception
- * @return bool true/false
- *
- * Creates a new user. Basic checking of username is done in OC_User
- * itself, not in its subclasses.
- *
- * Allowed characters in the username are: "a-z", "A-Z", "0-9" and "_.@-"
- * @deprecated Use \OC::$server->getUserManager()->createUser($uid, $password)
- */
- public static function createUser($uid, $password) {
- return self::getManager()->createUser($uid, $password);
- }
- /**
- * delete a user
- *
- * @param string $uid The username of the user to delete
- * @return bool
- *
- * Deletes a user
- * @deprecated Use \OC::$server->getUserManager->delete()
- */
- public static function deleteUser($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->delete();
- } else {
- return false;
- }
- }
- /**
- * Try to login a user
- *
- * @param string $loginname The login name of the user to log in
- * @param string $password The password of the user
- * @return boolean|null
- *
- * Log in a user and regenerate a new session - if the password is ok
- */
- public static function login($loginname, $password) {
- session_regenerate_id(true);
- $result = self::getUserSession()->login($loginname, $password);
- if ($result) {
- //we need to pass the user name, which may differ from login name
- OC_Util::setupFS(self::getUserSession()->getUser()->getUID());
- }
- return $result;
- }
- /**
- * Try to login a user using the magic cookie (remember login)
- *
- * @param string $uid The username of the user to log in
- * @param string $token
- * @return bool
- */
- public static function loginWithCookie($uid, $token) {
- return self::getUserSession()->loginWithCookie($uid, $token);
- }
- /**
- * Try to login a user, assuming authentication
- * has already happened (e.g. via Single Sign On).
- *
- * Log in a user and regenerate a new session.
- *
- * @param \OCP\Authentication\IApacheBackend $backend
- * @return bool
- */
- public static function loginWithApache(\OCP\Authentication\IApacheBackend $backend) {
- $uid = $backend->getCurrentUserId();
- $run = true;
- OC_Hook::emit("OC_User", "pre_login", array("run" => &$run, "uid" => $uid));
- if ($uid) {
- self::setUserId($uid);
- self::setDisplayName($uid);
- self::getUserSession()->setLoginName($uid);
- OC_Hook::emit("OC_User", "post_login", array("uid" => $uid, 'password' => ''));
- return true;
- }
- return false;
- }
- /**
- * Verify with Apache whether user is authenticated.
- *
- * @return boolean|null
- * true: authenticated
- * false: not authenticated
- * null: not handled / no backend available
- */
- public static function handleApacheAuth() {
- $backend = self::findFirstActiveUsedBackend();
- if ($backend) {
- OC_App::loadApps();
- //setup extra user backends
- self::setupBackends();
- self::unsetMagicInCookie();
- return self::loginWithApache($backend);
- }
- return null;
- }
- /**
- * Sets user id for session and triggers emit
- */
- public static function setUserId($uid) {
- $userSession = \OC::$server->getUserSession();
- $userManager = \OC::$server->getUserManager();
- if ($user = $userManager->get($uid)) {
- $userSession->setUser($user);
- } else {
- \OC::$server->getSession()->set('user_id', $uid);
- }
- }
- /**
- * Sets user display name for session
- *
- * @param string $uid
- * @param null $displayName
- * @return bool Whether the display name could get set
- */
- public static function setDisplayName($uid, $displayName = null) {
- if (is_null($displayName)) {
- $displayName = $uid;
- }
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->setDisplayName($displayName);
- } else {
- return false;
- }
- }
- /**
- * Logs the current user out and kills all the session data
- *
- * Logout, destroys session
- */
- public static function logout() {
- self::getUserSession()->logout();
- }
- /**
- * Tries to login the user with HTTP Basic Authentication
- */
- public static function tryBasicAuthLogin() {
- if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
- \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
- }
- }
- /**
- * Check if the user is logged in, considers also the HTTP basic credentials
- *
- * @return bool
- */
- public static function isLoggedIn() {
- if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) {
- return self::userExists(\OC::$server->getSession()->get('user_id'));
- }
- return false;
- }
- /**
- * set incognito mode, e.g. if a user wants to open a public link
- *
- * @param bool $status
- */
- public static function setIncognitoMode($status) {
- self::$incognitoMode = $status;
- }
- /**
- * get incognito mode status
- *
- * @return bool
- */
- public static function isIncognitoMode() {
- return self::$incognitoMode;
- }
- /**
- * Supplies an attribute to the logout hyperlink. The default behaviour
- * is to return an href with '?logout=true' appended. However, it can
- * supply any attribute(s) which are valid for <a>.
- *
- * @return string with one or more HTML attributes.
- */
- public static function getLogoutAttribute() {
- $backend = self::findFirstActiveUsedBackend();
- if ($backend) {
- return $backend->getLogoutAttribute();
- }
- return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
- }
- /**
- * Check if the user is an admin user
- *
- * @param string $uid uid of the admin
- * @return bool
- */
- public static function isAdminUser($uid) {
- if (OC_Group::inGroup($uid, 'admin') && self::$incognitoMode === false) {
- return true;
- }
- return false;
- }
- /**
- * get the user id of the user currently logged in.
- *
- * @return string uid or false
- */
- public static function getUser() {
- $uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null;
- if (!is_null($uid) && self::$incognitoMode === false) {
- return $uid;
- } else {
- return false;
- }
- }
- /**
- * get the display name of the user currently logged in.
- *
- * @param string $uid
- * @return string uid or false
- */
- public static function getDisplayName($uid = null) {
- if ($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->getDisplayName();
- } else {
- return $uid;
- }
- } else {
- $user = self::getUserSession()->getUser();
- if ($user) {
- return $user->getDisplayName();
- } else {
- return false;
- }
- }
- }
- /**
- * Autogenerate a password
- *
- * @return string
- *
- * generates a password
- */
- public static function generatePassword() {
- return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
- }
- /**
- * Set password
- *
- * @param string $uid The username
- * @param string $password The new password
- * @param string $recoveryPassword for the encryption app to reset encryption keys
- * @return bool
- *
- * Change the password of a user
- */
- public static function setPassword($uid, $password, $recoveryPassword = null) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->setPassword($password, $recoveryPassword);
- } else {
- return false;
- }
- }
- /**
- * Check whether user can change his avatar
- *
- * @param string $uid The username
- * @return bool
- *
- * Check whether a specified user can change his avatar
- */
- public static function canUserChangeAvatar($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->canChangeAvatar();
- } else {
- return false;
- }
- }
- /**
- * Check whether user can change his password
- *
- * @param string $uid The username
- * @return bool
- *
- * Check whether a specified user can change his password
- */
- public static function canUserChangePassword($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->canChangePassword();
- } else {
- return false;
- }
- }
- /**
- * Check whether user can change his display name
- *
- * @param string $uid The username
- * @return bool
- *
- * Check whether a specified user can change his display name
- */
- public static function canUserChangeDisplayName($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->canChangeDisplayName();
- } else {
- return false;
- }
- }
- /**
- * Check if the password is correct
- *
- * @param string $uid The username
- * @param string $password The password
- * @return string|false user id a string on success, false otherwise
- *
- * Check if the password is correct without logging in the user
- * returns the user id or false
- */
- public static function checkPassword($uid, $password) {
- $manager = self::getManager();
- $username = $manager->checkPassword($uid, $password);
- if ($username !== false) {
- return $username->getUID();
- }
- return false;
- }
- /**
- * @param string $uid The username
- * @return string
- *
- * returns the path to the users home directory
- * @deprecated Use \OC::$server->getUserManager->getHome()
- */
- public static function getHome($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->getHome();
- } else {
- return OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $uid;
- }
- }
- /**
- * Get a list of all users
- *
- * @return array an array of all uids
- *
- * Get a list of all users.
- * @param string $search
- * @param integer $limit
- * @param integer $offset
- */
- public static function getUsers($search = '', $limit = null, $offset = null) {
- $users = self::getManager()->search($search, $limit, $offset);
- $uids = array();
- foreach ($users as $user) {
- $uids[] = $user->getUID();
- }
- return $uids;
- }
- /**
- * Get a list of all users display name
- *
- * @param string $search
- * @param int $limit
- * @param int $offset
- * @return array associative array with all display names (value) and corresponding uids (key)
- *
- * Get a list of all display names and user ids.
- * @deprecated Use \OC::$server->getUserManager->searchDisplayName($search, $limit, $offset) instead.
- */
- public static function getDisplayNames($search = '', $limit = null, $offset = null) {
- $displayNames = array();
- $users = self::getManager()->searchDisplayName($search, $limit, $offset);
- foreach ($users as $user) {
- $displayNames[$user->getUID()] = $user->getDisplayName();
- }
- return $displayNames;
- }
- /**
- * check if a user exists
- *
- * @param string $uid the username
- * @return boolean
- */
- public static function userExists($uid) {
- return self::getManager()->userExists($uid);
- }
- /**
- * disables a user
- *
- * @param string $uid the user to disable
- */
- public static function disableUser($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- $user->setEnabled(false);
- }
- }
- /**
- * enable a user
- *
- * @param string $uid
- */
- public static function enableUser($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- $user->setEnabled(true);
- }
- }
- /**
- * checks if a user is enabled
- *
- * @param string $uid
- * @return bool
- */
- public static function isEnabled($uid) {
- $user = self::getManager()->get($uid);
- if ($user) {
- return $user->isEnabled();
- } else {
- return false;
- }
- }
- /**
- * Set cookie value to use in next page load
- *
- * @param string $username username to be set
- * @param string $token
- */
- public static function setMagicInCookie($username, $token) {
- self::getUserSession()->setMagicInCookie($username, $token);
- }
- /**
- * Remove cookie for "remember username"
- */
- public static function unsetMagicInCookie() {
- self::getUserSession()->unsetMagicInCookie();
- }
- /**
- * Returns the first active backend from self::$_usedBackends.
- *
- * @return OCP\Authentication\IApacheBackend|null if no backend active, otherwise OCP\Authentication\IApacheBackend
- */
- private static function findFirstActiveUsedBackend() {
- foreach (self::$_usedBackends as $backend) {
- if ($backend instanceof OCP\Authentication\IApacheBackend) {
- if ($backend->isSessionActive()) {
- return $backend;
- }
- }
- }
- return null;
- }
- }
|