Skip to content

[stable23] Fix ldap:check-user method for newly created LDAP users #31306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Feb 22, 2022
Merged

[stable23] Fix ldap:check-user method for newly created LDAP users #31306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bbfaeab
Fix ldap:check-user method for newly created LDAP users
come-nc Jan 31, 2022
6e7ed28
Remove parenthesis around return in apps/user_ldap/lib/Command/CheckU…
come-nc Feb 7, 2022
9c34638
Improve typing in apps/user_ldap/lib/Command/CheckUser.php
come-nc Feb 7, 2022
c29ba3a
Make it explicit that a DN can be used for ldap:check-user
come-nc Feb 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions apps/user_ldap/lib/Access.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,7 +495,7 @@ public function dn2groupname($fdn, $ldapName = null) {
/**
* returns the internal Nextcloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
*
* @param string $dn the dn of the user object
* @param string $fdn the dn of the user object
* @param string $ldapName optional, the display name of the object
* @return string|false with with the name to use in Nextcloud
* @throws \Exception
Expand Down Expand Up @@ -1791,7 +1791,7 @@ private function detectUuidAttribute($dn, $isUser = true, $force = false, array
/**
* @param string $dn
* @param bool $isUser
* @param null $ldapRecord
* @param array|null $ldapRecord
* @return false|string
* @throws ServerNotAvailableException
*/
Expand Down
50 changes: 22 additions & 28 deletions apps/user_ldap/lib/Command/CheckUser.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @author Côme Chilliet <come.chilliet@nextcloud.com>
* @author Joas Schilling <coding@schilljs.com>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Roeland Jago Douma <roeland@famdouma.nl>
Expand Down Expand Up @@ -48,12 +49,6 @@ class CheckUser extends Command {
/** @var UserMapping */
protected $mapping;

/**
* @param User_Proxy $uBackend
* @param Helper $helper
* @param DeletedUsersIndex $dui
* @param UserMapping $mapping
*/
public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIndex $dui, UserMapping $mapping) {
$this->backend = $uBackend;
$this->helper = $helper;
Expand All @@ -62,14 +57,14 @@ public function __construct(User_Proxy $uBackend, Helper $helper, DeletedUsersIn
parent::__construct();
}

protected function configure() {
protected function configure(): void {
$this
->setName('ldap:check-user')
->setDescription('checks whether a user exists on LDAP.')
->addArgument(
'ocName',
InputArgument::REQUIRED,
'the user name as used in Nextcloud'
'the user name as used in Nextcloud, or the LDAP DN'
)
->addOption(
'force',
Expand All @@ -88,23 +83,31 @@ protected function configure() {

protected function execute(InputInterface $input, OutputInterface $output): int {
try {
$this->assertAllowed($input->getOption('force'));
$uid = $input->getArgument('ocName');
$this->isAllowed($input->getOption('force'));
$this->confirmUserIsMapped($uid);
if ($this->backend->getLDAPAccess($uid)->stringResemblesDN($uid)) {
$username = $this->backend->dn2UserName($uid);
if ($username !== false) {
$uid = $username;
}
}
$wasMapped = $this->userWasMapped($uid);
$exists = $this->backend->userExistsOnLDAP($uid, true);
if ($exists === true) {
$output->writeln('The user is still available on LDAP.');
if ($input->getOption('update')) {
$this->updateUser($uid, $output);
}
return 0;
} elseif ($wasMapped) {
$this->dui->markUser($uid);
$output->writeln('The user does not exists on LDAP anymore.');
$output->writeln('Clean up the user\'s remnants by: ./occ user:delete "'
. $uid . '"');
return 0;
} else {
throw new \Exception('The given user is not a recognized LDAP user.');
}

$this->dui->markUser($uid);
$output->writeln('The user does not exists on LDAP anymore.');
$output->writeln('Clean up the user\'s remnants by: ./occ user:delete "'
. $uid . '"');
return 0;
} catch (\Exception $e) {
$output->writeln('<error>' . $e->getMessage(). '</error>');
return 1;
Expand All @@ -114,24 +117,17 @@ protected function execute(InputInterface $input, OutputInterface $output): int
/**
* checks whether a user is actually mapped
* @param string $ocName the username as used in Nextcloud
* @throws \Exception
* @return true
*/
protected function confirmUserIsMapped($ocName) {
protected function userWasMapped(string $ocName): bool {
$dn = $this->mapping->getDNByName($ocName);
if ($dn === false) {
throw new \Exception('The given user is not a recognized LDAP user.');
}

return true;
return $dn !== false;
}

/**
* checks whether the setup allows reliable checking of LDAP user existence
* @throws \Exception
* @return true
*/
protected function isAllowed($force) {
protected function assertAllowed(bool $force): void {
if ($this->helper->haveDisabledConfigurations() && !$force) {
throw new \Exception('Cannot check user existence, because '
. 'disabled LDAP configurations are present.');
Expand All @@ -140,8 +136,6 @@ protected function isAllowed($force) {
// we don't check ldapUserCleanupInterval from config.php because this
// action is triggered manually, while the setting only controls the
// background job.

return true;
}

private function updateUser(string $uid, OutputInterface $output): void {
Expand Down