diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2022-02-08 23:31:32 +0300 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2022-02-10 22:12:37 +0300 |
commit | 64df0daa601a0f208aec12f49e58c520a128d955 (patch) | |
tree | 4e4c378cd78036dad7e0133eec86d0ecba758056 | |
parent | a1d6678c25832df9cbd355e4ca523bcc66336f8c (diff) |
Setup warning for invalid LDAP user or group UUIDs.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r-- | apps/settings/composer/composer/autoload_classmap.php | 1 | ||||
-rw-r--r-- | apps/settings/composer/composer/autoload_static.php | 1 | ||||
-rw-r--r-- | apps/settings/composer/composer/installed.php | 4 | ||||
-rw-r--r-- | apps/settings/lib/Controller/CheckSetupController.php | 18 | ||||
-rw-r--r-- | apps/settings/lib/SetupChecks/LdapInvalidUuids.php | 69 | ||||
-rw-r--r-- | apps/settings/tests/Controller/CheckSetupControllerTest.php | 21 | ||||
-rw-r--r-- | core/js/setupchecks.js | 1 |
7 files changed, 109 insertions, 6 deletions
diff --git a/apps/settings/composer/composer/autoload_classmap.php b/apps/settings/composer/composer/autoload_classmap.php index 468afa7dacb..0495dee3746 100644 --- a/apps/settings/composer/composer/autoload_classmap.php +++ b/apps/settings/composer/composer/autoload_classmap.php @@ -61,6 +61,7 @@ return array( 'OCA\\Settings\\Settings\\Personal\\Security\\WebAuthn' => $baseDir . '/../lib/Settings/Personal/Security/WebAuthn.php', 'OCA\\Settings\\Settings\\Personal\\ServerDevNotice' => $baseDir . '/../lib/Settings/Personal/ServerDevNotice.php', 'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => $baseDir . '/../lib/SetupChecks/CheckUserCertificates.php', + 'OCA\\Settings\\SetupChecks\\LdapInvalidUuids' => $baseDir . '/../lib/SetupChecks/LdapInvalidUuids.php', 'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat' => $baseDir . '/../lib/SetupChecks/LegacySSEKeyFormat.php', 'OCA\\Settings\\SetupChecks\\PhpDefaultCharset' => $baseDir . '/../lib/SetupChecks/PhpDefaultCharset.php', 'OCA\\Settings\\SetupChecks\\PhpOutputBuffering' => $baseDir . '/../lib/SetupChecks/PhpOutputBuffering.php', diff --git a/apps/settings/composer/composer/autoload_static.php b/apps/settings/composer/composer/autoload_static.php index 5418e0cb7c5..fd7bb8c22f8 100644 --- a/apps/settings/composer/composer/autoload_static.php +++ b/apps/settings/composer/composer/autoload_static.php @@ -76,6 +76,7 @@ class ComposerStaticInitSettings 'OCA\\Settings\\Settings\\Personal\\Security\\WebAuthn' => __DIR__ . '/..' . '/../lib/Settings/Personal/Security/WebAuthn.php', 'OCA\\Settings\\Settings\\Personal\\ServerDevNotice' => __DIR__ . '/..' . '/../lib/Settings/Personal/ServerDevNotice.php', 'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => __DIR__ . '/..' . '/../lib/SetupChecks/CheckUserCertificates.php', + 'OCA\\Settings\\SetupChecks\\LdapInvalidUuids' => __DIR__ . '/..' . '/../lib/SetupChecks/LdapInvalidUuids.php', 'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat' => __DIR__ . '/..' . '/../lib/SetupChecks/LegacySSEKeyFormat.php', 'OCA\\Settings\\SetupChecks\\PhpDefaultCharset' => __DIR__ . '/..' . '/../lib/SetupChecks/PhpDefaultCharset.php', 'OCA\\Settings\\SetupChecks\\PhpOutputBuffering' => __DIR__ . '/..' . '/../lib/SetupChecks/PhpOutputBuffering.php', diff --git a/apps/settings/composer/composer/installed.php b/apps/settings/composer/composer/installed.php index 244245bc0cf..6e11f678155 100644 --- a/apps/settings/composer/composer/installed.php +++ b/apps/settings/composer/composer/installed.php @@ -5,7 +5,7 @@ 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), - 'reference' => 'fb5ee6087bfd1f4cc2f37cda7a7cab7072aaae86', + 'reference' => '3c77e489a6bb2541cd5d0c92b5498e71ec1a873f', 'name' => '__root__', 'dev' => false, ), @@ -16,7 +16,7 @@ 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), - 'reference' => 'fb5ee6087bfd1f4cc2f37cda7a7cab7072aaae86', + 'reference' => '3c77e489a6bb2541cd5d0c92b5498e71ec1a873f', 'dev_requirement' => false, ), ), diff --git a/apps/settings/lib/Controller/CheckSetupController.php b/apps/settings/lib/Controller/CheckSetupController.php index 3e239c15c1b..45b9b773a8c 100644 --- a/apps/settings/lib/Controller/CheckSetupController.php +++ b/apps/settings/lib/Controller/CheckSetupController.php @@ -48,7 +48,6 @@ use DirectoryIterator; use Doctrine\DBAL\Exception; use Doctrine\DBAL\Platforms\SqlitePlatform; use Doctrine\DBAL\TransactionIsolationLevel; -use OCP\DB\Types; use GuzzleHttp\Exception\ClientException; use OC; use OC\AppFramework\Http; @@ -61,20 +60,24 @@ use OC\IntegrityCheck\Checker; use OC\Lock\NoopLockingProvider; use OC\MemoryInfo; use OCA\Settings\SetupChecks\CheckUserCertificates; +use OCA\Settings\SetupChecks\LdapInvalidUuids; use OCA\Settings\SetupChecks\LegacySSEKeyFormat; use OCA\Settings\SetupChecks\PhpDefaultCharset; use OCA\Settings\SetupChecks\PhpOutputBuffering; use OCA\Settings\SetupChecks\SupportedDatabase; +use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\RedirectResponse; +use OCP\DB\Types; use OCP\Http\Client\IClientService; use OCP\IConfig; use OCP\IDateTimeFormatter; use OCP\IDBConnection; use OCP\IL10N; use OCP\IRequest; +use OCP\IServerContainer; use OCP\IURLGenerator; use OCP\Lock\ILockingProvider; use OCP\Security\ISecureRandom; @@ -111,6 +114,10 @@ class CheckSetupController extends Controller { private $iniGetWrapper; /** @var IDBConnection */ private $connection; + /** @var IAppManager */ + private $appManager; + /** @var IServerContainer */ + private $serverContainer; public function __construct($AppName, IRequest $request, @@ -127,7 +134,10 @@ class CheckSetupController extends Controller { MemoryInfo $memoryInfo, ISecureRandom $secureRandom, IniGetWrapper $iniGetWrapper, - IDBConnection $connection) { + IDBConnection $connection, + IAppManager $appManager, + IServerContainer $serverContainer + ) { parent::__construct($AppName, $request); $this->config = $config; $this->clientService = $clientService; @@ -143,6 +153,8 @@ class CheckSetupController extends Controller { $this->secureRandom = $secureRandom; $this->iniGetWrapper = $iniGetWrapper; $this->connection = $connection; + $this->appManager = $appManager; + $this->serverContainer = $serverContainer; } /** @@ -732,6 +744,7 @@ Raw output $legacySSEKeyFormat = new LegacySSEKeyFormat($this->l10n, $this->config, $this->urlGenerator); $checkUserCertificates = new CheckUserCertificates($this->l10n, $this->config, $this->urlGenerator); $supportedDatabases = new SupportedDatabase($this->l10n, $this->connection); + $ldapInvalidUuids = new LdapInvalidUuids($this->appManager, $this->l10n, $this->serverContainer); return new DataResponse( [ @@ -779,6 +792,7 @@ Raw output CheckUserCertificates::class => ['pass' => $checkUserCertificates->run(), 'description' => $checkUserCertificates->description(), 'severity' => $checkUserCertificates->severity(), 'elements' => $checkUserCertificates->elements()], 'isDefaultPhoneRegionSet' => $this->config->getSystemValueString('default_phone_region', '') !== '', SupportedDatabase::class => ['pass' => $supportedDatabases->run(), 'description' => $supportedDatabases->description(), 'severity' => $supportedDatabases->severity()], + LdapInvalidUuids::class => ['pass' => $ldapInvalidUuids->run(), 'description' => $ldapInvalidUuids->description(), 'severity' => $ldapInvalidUuids->severity()], ] ); } diff --git a/apps/settings/lib/SetupChecks/LdapInvalidUuids.php b/apps/settings/lib/SetupChecks/LdapInvalidUuids.php new file mode 100644 index 00000000000..11b0105cada --- /dev/null +++ b/apps/settings/lib/SetupChecks/LdapInvalidUuids.php @@ -0,0 +1,69 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2022 Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @author Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Settings\SetupChecks; + +use OCA\User_LDAP\Mapping\GroupMapping; +use OCA\User_LDAP\Mapping\UserMapping; +use OCP\App\IAppManager; +use OCP\IL10N; +use OCP\IServerContainer; + +class LdapInvalidUuids { + + /** @var IAppManager */ + private $appManager; + /** @var IL10N */ + private $l10n; + /** @var IServerContainer */ + private $server; + + public function __construct(IAppManager $appManager, IL10N $l10n, IServerContainer $server) { + $this->appManager = $appManager; + $this->l10n = $l10n; + $this->server = $server; + } + + public function description(): string { + return $this->l10n->t('Invalid UUIDs of LDAP users or groups have been found. Please review your "Override UUID detection" settings in the Expert part of the LDAP configuration and use "occ ldap:update-uuid" to update them.'); + } + + public function severity(): string { + return 'warning'; + } + + public function run(): bool { + if (!$this->appManager->isEnabledForUser('user_ldap')) { + return true; + } + /** @var UserMapping $userMapping */ + $userMapping = $this->server->get(UserMapping::class); + /** @var GroupMapping $groupMapping */ + $groupMapping = $this->server->get(GroupMapping::class); + return count($userMapping->getList(0, 1, true)) === 0 + && count($groupMapping->getList(0, 1, true)) === 0; + } +} diff --git a/apps/settings/tests/Controller/CheckSetupControllerTest.php b/apps/settings/tests/Controller/CheckSetupControllerTest.php index 5cfab1ccf2d..20893b70dab 100644 --- a/apps/settings/tests/Controller/CheckSetupControllerTest.php +++ b/apps/settings/tests/Controller/CheckSetupControllerTest.php @@ -42,6 +42,7 @@ use OC\IntegrityCheck\Checker; use OC\MemoryInfo; use OC\Security\SecureRandom; use OCA\Settings\Controller\CheckSetupController; +use OCP\App\IAppManager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\DataResponse; @@ -52,6 +53,7 @@ use OCP\IDateTimeFormatter; use OCP\IDBConnection; use OCP\IL10N; use OCP\IRequest; +use OCP\IServerContainer; use OCP\IURLGenerator; use OCP\Lock\ILockingProvider; use PHPUnit\Framework\MockObject\MockObject; @@ -99,6 +101,10 @@ class CheckSetupControllerTest extends TestCase { private $iniGetWrapper; /** @var IDBConnection|\PHPUnit\Framework\MockObject\MockObject */ private $connection; + /** @var IAppManager|MockObject */ + private $appManager; + /** @var IServerContainer|MockObject */ + private $serverContainer; /** * Holds a list of directories created during tests. @@ -141,6 +147,8 @@ class CheckSetupControllerTest extends TestCase { $this->iniGetWrapper = $this->getMockBuilder(IniGetWrapper::class)->getMock(); $this->connection = $this->getMockBuilder(IDBConnection::class) ->disableOriginalConstructor()->getMock(); + $this->appManager = $this->createMock(IAppManager::class); + $this->serverContainer = $this->createMock(IServerContainer::class); $this->checkSetupController = $this->getMockBuilder(CheckSetupController::class) ->setConstructorArgs([ 'settings', @@ -159,6 +167,8 @@ class CheckSetupControllerTest extends TestCase { $this->secureRandom, $this->iniGetWrapper, $this->connection, + $this->appManager, + $this->serverContainer, ]) ->setMethods([ 'isReadOnlyConfig', @@ -617,6 +627,7 @@ class CheckSetupControllerTest extends TestCase { 'imageMagickLacksSVGSupport' => false, 'isDefaultPhoneRegionSet' => false, 'OCA\Settings\SetupChecks\SupportedDatabase' => ['pass' => true, 'description' => '', 'severity' => 'info'], + \OCA\Settings\SetupChecks\LdapInvalidUuids::class => ['pass' => true, 'description' => 'Invalid UUIDs of LDAP users or groups have been found. Please review your "Override UUID detection" settings in the Expert part of the LDAP configuration and use "occ ldap:update-uuid" to update them.', 'severity' => 'warning'], ] ); $this->assertEquals($expected, $this->checkSetupController->check()); @@ -641,6 +652,8 @@ class CheckSetupControllerTest extends TestCase { $this->secureRandom, $this->iniGetWrapper, $this->connection, + $this->appManager, + $this->serverContainer ]) ->setMethods(null)->getMock(); @@ -1410,7 +1423,9 @@ Array $this->memoryInfo, $this->secureRandom, $this->iniGetWrapper, - $this->connection + $this->connection, + $this->appManager, + $this->serverContainer ); $this->assertSame($expected, $this->invokePrivate($checkSetupController, 'isMysqlUsedWithoutUTF8MB4')); @@ -1460,7 +1475,9 @@ Array $this->memoryInfo, $this->secureRandom, $this->iniGetWrapper, - $this->connection + $this->connection, + $this->appManager, + $this->serverContainer ); $this->assertSame($expected, $this->invokePrivate($checkSetupController, 'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed')); diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 82d8b649af1..043d25bf35f 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -501,6 +501,7 @@ OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat', messages) OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\CheckUserCertificates', messages) OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\SupportedDatabase', messages) + OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\LdapInvalidUuids', messages) } else { messages.push({ |