diff options
| author | blizzz <blizzz@arthur-schiwon.de> | 2021-06-07 14:13:54 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-07 14:13:54 +0300 |
| commit | ae4907b6c95b7ac5d36ef358048c7acafd517c07 (patch) | |
| tree | 945164141939d36342b13c67f2444c4cfaf41e9c /apps | |
| parent | 56b68ce4e07835ecb806bc996e5648e433c5650b (diff) | |
| parent | 592d6d5ebc20b604d387b8c362cf11022ccf79e7 (diff) | |
Merge pull request #26397 from nextcloud/external-storage-login-ldap-public
allow using any ldap property as login name when using external storage login credentials
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php index 5fa6b36ad63..e6c2be70056 100644 --- a/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php +++ b/apps/files_external/lib/Lib/Auth/Password/LoginCredentials.php @@ -37,6 +37,8 @@ use OCP\EventDispatcher\IEventDispatcher; use OCP\IL10N; use OCP\ISession; use OCP\IUser; +use OCP\IUserBackend; +use OCP\LDAP\ILDAPProviderFactory; use OCP\Security\ICredentialsManager; use OCP\User\Events\PasswordUpdatedEvent; use OCP\User\Events\UserLoggedInEvent; @@ -56,10 +58,21 @@ class LoginCredentials extends AuthMechanism { /** @var CredentialsStore */ private $credentialsStore; - public function __construct(IL10N $l, ISession $session, ICredentialsManager $credentialsManager, CredentialsStore $credentialsStore, IEventDispatcher $eventDispatcher) { + /** @var ILDAPProviderFactory */ + private $ldapFactory; + + public function __construct( + IL10N $l, + ISession $session, + ICredentialsManager $credentialsManager, + CredentialsStore $credentialsStore, + IEventDispatcher $eventDispatcher, + ILDAPProviderFactory $ldapFactory + ) { $this->session = $session; $this->credentialsManager = $credentialsManager; $this->credentialsStore = $credentialsStore; + $this->ldapFactory = $ldapFactory; $this ->setIdentifier('password::logincredentials') @@ -87,7 +100,7 @@ class LoginCredentials extends AuthMechanism { $credentials = [ 'user' => $sessionCredentials->getLoginName(), - 'password' => $sessionCredentials->getPassword() + 'password' => $sessionCredentials->getPassword(), ]; $this->credentialsManager->store($user->getUID(), self::CREDENTIALS_IDENTIFIER, $credentials); @@ -105,7 +118,25 @@ class LoginCredentials extends AuthMechanism { } $credentials = $this->getCredentials($user); - $storage->setBackendOption('user', $credentials['user']); + $loginKey = $storage->getBackendOption("login_ldap_attr"); + if ($loginKey) { + $backend = $user->getBackend(); + if ($backend instanceof IUserBackend && $backend->getBackendName() === 'LDAP') { + $value = $this->getLdapPropertyForUser($user, $loginKey); + if ($value === null) { + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute not set for user ' . $user->getUID()); + } + $storage->setBackendOption('user', $value); + } else { + throw new InsufficientDataForMeaningfulAnswerException('Custom ldap attribute configured but user ' . $user->getUID() . ' is not an ldap user'); + } + } else { + $storage->setBackendOption('user', $credentials['user']); + } $storage->setBackendOption('password', $credentials['password']); } + + private function getLdapPropertyForUser(IUser $user, string $property): ?string { + return $this->ldapFactory->getLDAPProvider()->getUserAttribute($user->getUID(), $property); + } } |