diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2022-02-08 23:31:32 +0300 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2022-02-15 15:23:25 +0300 |
commit | 6368c68a57ec0ed97eae91d50a66833876738379 (patch) | |
tree | d6f09a7f885f3a3bbdd24fd799c743859220be46 /apps | |
parent | 3188f5dc76055170e3d504a5cf5f5d1a6e4e7c2c (diff) |
Setup warning for invalid LDAP user or group UUIDs.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps')
3 files changed, 102 insertions, 3 deletions
diff --git a/apps/settings/lib/Controller/CheckSetupController.php b/apps/settings/lib/Controller/CheckSetupController.php index 1df8dda9897..2c950ce15e0 100644 --- a/apps/settings/lib/Controller/CheckSetupController.php +++ b/apps/settings/lib/Controller/CheckSetupController.php @@ -58,10 +58,12 @@ use OCA\Settings\SetupChecks\LegacySSEKeyFormat; use OCA\Settings\SetupChecks\PhpDefaultCharset; use OCA\Settings\SetupChecks\PhpOutputBuffering; use OCA\Settings\SetupChecks\SupportedDatabase; +use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\RedirectResponse; +use OCP\DB\Types; use OCP\Http\Client\IClientService; use OCP\IConfig; use OCP\IDateTimeFormatter; @@ -69,6 +71,7 @@ use OCP\IDBConnection; use OCP\IL10N; use OCP\ILogger; use OCP\IRequest; +use OCP\IServerContainer; use OCP\IURLGenerator; use OCP\Lock\ILockingProvider; use OCP\Security\ISecureRandom; @@ -104,6 +107,10 @@ class CheckSetupController extends Controller { private $iniGetWrapper; /** @var IDBConnection */ private $connection; + /** @var IAppManager */ + private $appManager; + /** @var IServerContainer */ + private $serverContainer; public function __construct($AppName, IRequest $request, @@ -120,7 +127,10 @@ class CheckSetupController extends Controller { MemoryInfo $memoryInfo, ISecureRandom $secureRandom, IniGetWrapper $iniGetWrapper, - IDBConnection $connection) { + IDBConnection $connection, + IAppManager $appManager, + IServerContainer $serverContainer + ) { parent::__construct($AppName, $request); $this->config = $config; $this->clientService = $clientService; @@ -136,6 +146,8 @@ class CheckSetupController extends Controller { $this->secureRandom = $secureRandom; $this->iniGetWrapper = $iniGetWrapper; $this->connection = $connection; + $this->appManager = $appManager; + $this->serverContainer = $serverContainer; } /** @@ -766,6 +778,7 @@ Raw output PhpOutputBuffering::class => ['pass' => $phpOutputBuffering->run(), 'description' => $phpOutputBuffering->description(), 'severity' => $phpOutputBuffering->severity()], LegacySSEKeyFormat::class => ['pass' => $legacySSEKeyFormat->run(), 'description' => $legacySSEKeyFormat->description(), 'severity' => $legacySSEKeyFormat->severity(), 'linkToDocumentation' => $legacySSEKeyFormat->linkToDocumentation()], SupportedDatabase::class => ['pass' => $supportedDatabases->run(), 'description' => $supportedDatabases->description(), 'severity' => $supportedDatabases->severity()], + LdapInvalidUuids::class => ['pass' => $ldapInvalidUuids->run(), 'description' => $ldapInvalidUuids->description(), 'severity' => $ldapInvalidUuids->severity()], ] ); } diff --git a/apps/settings/lib/SetupChecks/LdapInvalidUuids.php b/apps/settings/lib/SetupChecks/LdapInvalidUuids.php new file mode 100644 index 00000000000..11b0105cada --- /dev/null +++ b/apps/settings/lib/SetupChecks/LdapInvalidUuids.php @@ -0,0 +1,69 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright Copyright (c) 2022 Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @author Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Settings\SetupChecks; + +use OCA\User_LDAP\Mapping\GroupMapping; +use OCA\User_LDAP\Mapping\UserMapping; +use OCP\App\IAppManager; +use OCP\IL10N; +use OCP\IServerContainer; + +class LdapInvalidUuids { + + /** @var IAppManager */ + private $appManager; + /** @var IL10N */ + private $l10n; + /** @var IServerContainer */ + private $server; + + public function __construct(IAppManager $appManager, IL10N $l10n, IServerContainer $server) { + $this->appManager = $appManager; + $this->l10n = $l10n; + $this->server = $server; + } + + public function description(): string { + return $this->l10n->t('Invalid UUIDs of LDAP users or groups have been found. Please review your "Override UUID detection" settings in the Expert part of the LDAP configuration and use "occ ldap:update-uuid" to update them.'); + } + + public function severity(): string { + return 'warning'; + } + + public function run(): bool { + if (!$this->appManager->isEnabledForUser('user_ldap')) { + return true; + } + /** @var UserMapping $userMapping */ + $userMapping = $this->server->get(UserMapping::class); + /** @var GroupMapping $groupMapping */ + $groupMapping = $this->server->get(GroupMapping::class); + return count($userMapping->getList(0, 1, true)) === 0 + && count($groupMapping->getList(0, 1, true)) === 0; + } +} diff --git a/apps/settings/tests/Controller/CheckSetupControllerTest.php b/apps/settings/tests/Controller/CheckSetupControllerTest.php index d950879a765..d1b719ce2df 100644 --- a/apps/settings/tests/Controller/CheckSetupControllerTest.php +++ b/apps/settings/tests/Controller/CheckSetupControllerTest.php @@ -42,6 +42,7 @@ use OC\IntegrityCheck\Checker; use OC\MemoryInfo; use OC\Security\SecureRandom; use OCA\Settings\Controller\CheckSetupController; +use OCP\App\IAppManager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\DataResponse; @@ -53,6 +54,7 @@ use OCP\IDBConnection; use OCP\IL10N; use OCP\ILogger; use OCP\IRequest; +use OCP\IServerContainer; use OCP\IURLGenerator; use OCP\Lock\ILockingProvider; use PHPUnit\Framework\MockObject\MockObject; @@ -99,6 +101,10 @@ class CheckSetupControllerTest extends TestCase { private $iniGetWrapper; /** @var IDBConnection|\PHPUnit\Framework\MockObject\MockObject */ private $connection; + /** @var IAppManager|MockObject */ + private $appManager; + /** @var IServerContainer|MockObject */ + private $serverContainer; /** * Holds a list of directories created during tests. @@ -141,6 +147,8 @@ class CheckSetupControllerTest extends TestCase { $this->iniGetWrapper = $this->getMockBuilder(IniGetWrapper::class)->getMock(); $this->connection = $this->getMockBuilder(IDBConnection::class) ->disableOriginalConstructor()->getMock(); + $this->appManager = $this->createMock(IAppManager::class); + $this->serverContainer = $this->createMock(IServerContainer::class); $this->checkSetupController = $this->getMockBuilder(CheckSetupController::class) ->setConstructorArgs([ 'settings', @@ -159,6 +167,8 @@ class CheckSetupControllerTest extends TestCase { $this->secureRandom, $this->iniGetWrapper, $this->connection, + $this->appManager, + $this->serverContainer, ]) ->setMethods([ 'isReadOnlyConfig', @@ -616,6 +626,7 @@ class CheckSetupControllerTest extends TestCase { 'OCA\Settings\SetupChecks\PhpOutputBuffering' => ['pass' => true, 'description' => 'PHP configuration option output_buffering must be disabled', 'severity' => 'error'], 'OCA\Settings\SetupChecks\LegacySSEKeyFormat' => ['pass' => true, 'description' => 'The old server-side-encryption format is enabled. We recommend disabling this.', 'severity' => 'warning', 'linkToDocumentation' => ''], 'OCA\Settings\SetupChecks\SupportedDatabase' => ['pass' => true, 'description' => '', 'severity' => 'info'], + \OCA\Settings\SetupChecks\LdapInvalidUuids::class => ['pass' => true, 'description' => 'Invalid UUIDs of LDAP users or groups have been found. Please review your "Override UUID detection" settings in the Expert part of the LDAP configuration and use "occ ldap:update-uuid" to update them.', 'severity' => 'warning'], ] ); $this->assertEquals($expected, $this->checkSetupController->check()); @@ -675,6 +686,8 @@ class CheckSetupControllerTest extends TestCase { $this->secureRandom, $this->iniGetWrapper, $this->connection, + $this->appManager, + $this->serverContainer ]) ->setMethods(null)->getMock(); @@ -1444,7 +1457,9 @@ Array $this->memoryInfo, $this->secureRandom, $this->iniGetWrapper, - $this->connection + $this->connection, + $this->appManager, + $this->serverContainer ); $this->assertSame($expected, $this->invokePrivate($checkSetupController, 'isMysqlUsedWithoutUTF8MB4')); @@ -1494,7 +1509,9 @@ Array $this->memoryInfo, $this->secureRandom, $this->iniGetWrapper, - $this->connection + $this->connection, + $this->appManager, + $this->serverContainer ); $this->assertSame($expected, $this->invokePrivate($checkSetupController, 'isEnoughTempSpaceAvailableIfS3PrimaryStorageIsUsed')); |