diff options
author | Vincent Petry <pvince81@owncloud.com> | 2016-06-10 12:07:28 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-06-10 12:07:28 +0300 |
commit | 9edcdb33c732aec7784a36ed236fdc99925f2b6b (patch) | |
tree | edbaed14b8e2d34d3c9a5f6478bd0115539285d0 /apps | |
parent | 251a24b0cb6abb25ccfb8677ecbd52ba8c6b1c33 (diff) | |
parent | fba4460342bdcea7753e70c89a11c2ecc1b8824d (diff) |
Merge pull request #24950 from owncloud/stable9-fixdynamicldapgroupaccess
[stable9] Fixed dynamic group ldap access
Diffstat (limited to 'apps')
-rw-r--r-- | apps/user_ldap/group_ldap.php | 20 | ||||
-rw-r--r-- | apps/user_ldap/tests/group_ldap.php | 53 |
2 files changed, 64 insertions, 9 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 891c807cd74..5d0fb4c5acf 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -473,16 +473,17 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { // apply filter via ldap search to see if this user is in this // dynamic group $userMatch = $this->access->readAttribute( - $uid, + $userDN, $this->access->connection->ldapUserDisplayName, $memberUrlFilter ); if ($userMatch !== false) { // match found so this user is in this group - $pos = strpos($dynamicGroup['dn'][0], ','); - if ($pos !== false) { - $membershipGroup = substr($dynamicGroup['dn'][0],3,$pos-3); - $groups[] = $membershipGroup; + $groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]); + if(is_string($groupName)) { + // be sure to never return false if the dn could not be + // resolved to a name, for whatever reason. + $groups[] = $groupName; } } } else { @@ -534,11 +535,12 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { } if(isset($this->cachedGroupsByMember[$uid])) { - $groups = $this->cachedGroupsByMember[$uid]; + $groups = array_merge($groups, $this->cachedGroupsByMember[$uid]); } else { - $groups = array_values($this->getGroupsByMember($uid)); - $groups = $this->access->ownCloudGroupNames($groups); - $this->cachedGroupsByMember[$uid] = $groups; + $groupsByMember = array_values($this->getGroupsByMember($uid)); + $groupsByMember = $this->access->ownCloudGroupNames($groupsByMember); + $this->cachedGroupsByMember[$uid] = $groupsByMember; + $groups = array_merge($groups, $groupsByMember); } if($primaryGroup !== false) { diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php index 51bb1d84732..a81bf70f54a 100644 --- a/apps/user_ldap/tests/group_ldap.php +++ b/apps/user_ldap/tests/group_ldap.php @@ -455,4 +455,57 @@ class Test_Group_Ldap extends \Test\TestCase { $groupBackend->getUserGroups('userX'); } + public function testGetGroupsByMember() { + $access = $this->getAccessMock(); + + $access->connection->expects($this->any()) + ->method('__get') + ->will($this->returnCallback(function($name) { + if($name === 'useMemberOfToDetectMembership') { + return 0; + } else if($name === 'ldapDynamicGroupMemberURL') { + return ''; + } else if($name === 'ldapNestedGroups') { + return false; + } + return 1; + })); + + $dn = 'cn=userX,dc=foobar'; + + $access->connection->hasPrimaryGroups = false; + + $access->expects($this->exactly(2)) + ->method('username2dn') + ->will($this->returnValue($dn)); + + $access->expects($this->never()) + ->method('readAttribute') + ->with($dn, 'memberOf'); + + $group1 = [ + 'cn' => 'group1', + 'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'], + ]; + $group2 = [ + 'cn' => 'group2', + 'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'], + ]; + + $access->expects($this->once()) + ->method('ownCloudGroupNames') + ->with([$group1, $group2]) + ->will($this->returnValue(['group1', 'group2'])); + + $access->expects($this->once()) + ->method('fetchListOfGroups') + ->will($this->returnValue([$group1, $group2])); + + $groupBackend = new GroupLDAP($access); + $groups = $groupBackend->getUserGroups('userX'); + $this->assertEquals(['group1', 'group2'], $groups); + + $groupsAgain = $groupBackend->getUserGroups('userX'); + $this->assertEquals(['group1', 'group2'], $groupsAgain); + } } |