Manager.php 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  9. * @author Marc Hefter <marchefter@march42.net>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Roeland Jago Douma <roeland@famdouma.nl>
  12. * @author Roger Szabo <roger.szabo@web.de>
  13. * @author Thomas Müller <thomas.mueller@tmit.eu>
  14. *
  15. * @license AGPL-3.0
  16. *
  17. * This code is free software: you can redistribute it and/or modify
  18. * it under the terms of the GNU Affero General Public License, version 3,
  19. * as published by the Free Software Foundation.
  20. *
  21. * This program is distributed in the hope that it will be useful,
  22. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. * GNU Affero General Public License for more details.
  25. *
  26. * You should have received a copy of the GNU Affero General Public License, version 3,
  27. * along with this program. If not, see <http://www.gnu.org/licenses/>
  28. *
  29. */
  30. namespace OCA\User_LDAP\User;
  31. use OCP\Cache\CappedMemoryCache;
  32. use OCA\User_LDAP\Access;
  33. use OCA\User_LDAP\FilesystemHelper;
  34. use OCP\IAvatarManager;
  35. use OCP\IConfig;
  36. use OCP\IDBConnection;
  37. use OCP\Image;
  38. use OCP\IUserManager;
  39. use OCP\Notification\IManager as INotificationManager;
  40. use OCP\Share\IManager;
  41. use Psr\Log\LoggerInterface;
  42. /**
  43. * Manager
  44. *
  45. * upon request, returns an LDAP user object either by creating or from run-time
  46. * cache
  47. */
  48. class Manager {
  49. protected ?Access $access = null;
  50. protected IConfig $ocConfig;
  51. protected IDBConnection $db;
  52. protected IUserManager $userManager;
  53. protected INotificationManager $notificationManager;
  54. protected FilesystemHelper $ocFilesystem;
  55. protected LoggerInterface $logger;
  56. protected Image $image;
  57. protected IAvatarManager $avatarManager;
  58. /** @var CappedMemoryCache<User> $usersByDN */
  59. protected CappedMemoryCache $usersByDN;
  60. /** @var CappedMemoryCache<User> $usersByUid */
  61. protected CappedMemoryCache $usersByUid;
  62. private IManager $shareManager;
  63. public function __construct(
  64. IConfig $ocConfig,
  65. FilesystemHelper $ocFilesystem,
  66. LoggerInterface $logger,
  67. IAvatarManager $avatarManager,
  68. Image $image,
  69. IUserManager $userManager,
  70. INotificationManager $notificationManager,
  71. IManager $shareManager
  72. ) {
  73. $this->ocConfig = $ocConfig;
  74. $this->ocFilesystem = $ocFilesystem;
  75. $this->logger = $logger;
  76. $this->avatarManager = $avatarManager;
  77. $this->image = $image;
  78. $this->userManager = $userManager;
  79. $this->notificationManager = $notificationManager;
  80. $this->usersByDN = new CappedMemoryCache();
  81. $this->usersByUid = new CappedMemoryCache();
  82. $this->shareManager = $shareManager;
  83. }
  84. /**
  85. * Binds manager to an instance of Access.
  86. * It needs to be assigned first before the manager can be used.
  87. * @param Access
  88. */
  89. public function setLdapAccess(Access $access) {
  90. $this->access = $access;
  91. }
  92. /**
  93. * @brief creates an instance of User and caches (just runtime) it in the
  94. * property array
  95. * @param string $dn the DN of the user
  96. * @param string $uid the internal (owncloud) username
  97. * @return \OCA\User_LDAP\User\User
  98. */
  99. private function createAndCache($dn, $uid) {
  100. $this->checkAccess();
  101. $user = new User($uid, $dn, $this->access, $this->ocConfig,
  102. $this->ocFilesystem, clone $this->image, $this->logger,
  103. $this->avatarManager, $this->userManager,
  104. $this->notificationManager);
  105. $this->usersByDN[$dn] = $user;
  106. $this->usersByUid[$uid] = $user;
  107. return $user;
  108. }
  109. /**
  110. * removes a user entry from the cache
  111. * @param $uid
  112. */
  113. public function invalidate($uid) {
  114. if (!isset($this->usersByUid[$uid])) {
  115. return;
  116. }
  117. $dn = $this->usersByUid[$uid]->getDN();
  118. unset($this->usersByUid[$uid]);
  119. unset($this->usersByDN[$dn]);
  120. }
  121. /**
  122. * @brief checks whether the Access instance has been set
  123. * @throws \Exception if Access has not been set
  124. * @return null
  125. */
  126. private function checkAccess() {
  127. if (is_null($this->access)) {
  128. throw new \Exception('LDAP Access instance must be set first');
  129. }
  130. }
  131. /**
  132. * returns a list of attributes that will be processed further, e.g. quota,
  133. * email, displayname, or others.
  134. *
  135. * @param bool $minimal - optional, set to true to skip attributes with big
  136. * payload
  137. * @return string[]
  138. */
  139. public function getAttributes($minimal = false) {
  140. $baseAttributes = array_merge(Access::UUID_ATTRIBUTES, ['dn', 'uid', 'samaccountname', 'memberof']);
  141. $attributes = [
  142. $this->access->getConnection()->ldapExpertUUIDUserAttr,
  143. $this->access->getConnection()->ldapQuotaAttribute,
  144. $this->access->getConnection()->ldapEmailAttribute,
  145. $this->access->getConnection()->ldapUserDisplayName,
  146. $this->access->getConnection()->ldapUserDisplayName2,
  147. $this->access->getConnection()->ldapExtStorageHomeAttribute,
  148. $this->access->getConnection()->ldapAttributePhone,
  149. $this->access->getConnection()->ldapAttributeWebsite,
  150. $this->access->getConnection()->ldapAttributeAddress,
  151. $this->access->getConnection()->ldapAttributeTwitter,
  152. $this->access->getConnection()->ldapAttributeFediverse,
  153. $this->access->getConnection()->ldapAttributeOrganisation,
  154. $this->access->getConnection()->ldapAttributeRole,
  155. $this->access->getConnection()->ldapAttributeHeadline,
  156. $this->access->getConnection()->ldapAttributeBiography,
  157. ];
  158. $homeRule = (string)$this->access->getConnection()->homeFolderNamingRule;
  159. if (str_starts_with($homeRule, 'attr:')) {
  160. $attributes[] = substr($homeRule, strlen('attr:'));
  161. }
  162. if (!$minimal) {
  163. // attributes that are not really important but may come with big
  164. // payload.
  165. $attributes = array_merge(
  166. $attributes,
  167. $this->access->getConnection()->resolveRule('avatar')
  168. );
  169. }
  170. $attributes = array_reduce($attributes,
  171. function ($list, $attribute) {
  172. $attribute = strtolower(trim((string)$attribute));
  173. if (!empty($attribute) && !in_array($attribute, $list)) {
  174. $list[] = $attribute;
  175. }
  176. return $list;
  177. },
  178. $baseAttributes // hard-coded, lower-case, non-empty attributes
  179. );
  180. return $attributes;
  181. }
  182. /**
  183. * Checks whether the specified user is marked as deleted
  184. * @param string $id the Nextcloud user name
  185. * @return bool
  186. */
  187. public function isDeletedUser($id) {
  188. $isDeleted = $this->ocConfig->getUserValue(
  189. $id, 'user_ldap', 'isDeleted', 0);
  190. return (int)$isDeleted === 1;
  191. }
  192. /**
  193. * creates and returns an instance of OfflineUser for the specified user
  194. * @param string $id
  195. * @return \OCA\User_LDAP\User\OfflineUser
  196. */
  197. public function getDeletedUser($id) {
  198. return new OfflineUser(
  199. $id,
  200. $this->ocConfig,
  201. $this->access->getUserMapper(),
  202. $this->shareManager
  203. );
  204. }
  205. /**
  206. * @brief returns a User object by its Nextcloud username
  207. * @param string $id the DN or username of the user
  208. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  209. */
  210. protected function createInstancyByUserName($id) {
  211. //most likely a uid. Check whether it is a deleted user
  212. if ($this->isDeletedUser($id)) {
  213. return $this->getDeletedUser($id);
  214. }
  215. $dn = $this->access->username2dn($id);
  216. if ($dn !== false) {
  217. return $this->createAndCache($dn, $id);
  218. }
  219. return null;
  220. }
  221. /**
  222. * @brief returns a User object by its DN or Nextcloud username
  223. * @param string $id the DN or username of the user
  224. * @return \OCA\User_LDAP\User\User|\OCA\User_LDAP\User\OfflineUser|null
  225. * @throws \Exception when connection could not be established
  226. */
  227. public function get($id) {
  228. $this->checkAccess();
  229. if (isset($this->usersByDN[$id])) {
  230. return $this->usersByDN[$id];
  231. } elseif (isset($this->usersByUid[$id])) {
  232. return $this->usersByUid[$id];
  233. }
  234. if ($this->access->stringResemblesDN($id)) {
  235. $uid = $this->access->dn2username($id);
  236. if ($uid !== false) {
  237. return $this->createAndCache($id, $uid);
  238. }
  239. }
  240. return $this->createInstancyByUserName($id);
  241. }
  242. }