diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2021-11-04 11:19:18 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-04 11:19:18 +0300 |
| commit | b06e32af2696636f6b8ffcffcc848445eb3fd50a (patch) | |
| tree | 83b35d36d7b435ca51fe0dea5f31340c64ff8d2f /apps | |
| parent | 72bd10fab78e2fceeef4eb36710d42b7bb241b81 (diff) | |
| parent | 349f4f626336c4679f7fd8b9f6f916a400334409 (diff) | |
Merge pull request #29314 from nextcloud/backport/29180/stable20
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/user_ldap/ajax/wizard.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Access.php | 64 | ||||
| -rw-r--r-- | apps/user_ldap/lib/AccessFactory.php | 10 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Connection.php | 70 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Group_LDAP.php | 6 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Jobs/Sync.php | 12 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Jobs/UpdateGroups.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Proxy.php | 5 | ||||
| -rw-r--r-- | apps/user_ldap/lib/User_LDAP.php | 42 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Wizard.php | 50 | ||||
| -rw-r--r-- | apps/user_ldap/tests/AccessTest.php | 13 | ||||
| -rw-r--r-- | apps/user_ldap/tests/Integration/AbstractIntegrationTest.php | 2 |
12 files changed, 178 insertions, 102 deletions
diff --git a/apps/user_ldap/ajax/wizard.php b/apps/user_ldap/ajax/wizard.php index 34c9729f6f3..3e0a23e9d04 100644 --- a/apps/user_ldap/ajax/wizard.php +++ b/apps/user_ldap/ajax/wizard.php @@ -71,7 +71,8 @@ $access = new \OCA\User_LDAP\Access( $userManager, new \OCA\User_LDAP\Helper(\OC::$server->getConfig()), \OC::$server->getConfig(), - \OC::$server->getUserManager() + \OC::$server->getUserManager(), + \OC::$server->get(\Psr\Log\LoggerInterface::class) ); $wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access); diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 222443cfa8e..5c515d37a73 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -56,8 +56,8 @@ use OCA\User_LDAP\Mapping\AbstractMapping; use OCA\User_LDAP\User\Manager; use OCA\User_LDAP\User\OfflineUser; use OCP\IConfig; -use OCP\ILogger; use OCP\IUserManager; +use Psr\Log\LoggerInterface; use function strlen; use function substr; @@ -96,6 +96,8 @@ class Access extends LDAPUtility { private $config; /** @var IUserManager */ private $ncUserManager; + /** @var LoggerInterface */ + private $logger; /** @var string */ private $lastCookie = ''; @@ -105,7 +107,8 @@ class Access extends LDAPUtility { Manager $userManager, Helper $helper, IConfig $config, - IUserManager $ncUserManager + IUserManager $ncUserManager, + LoggerInterface $logger ) { parent::__construct($ldap); $this->connection = $connection; @@ -114,6 +117,7 @@ class Access extends LDAPUtility { $this->helper = $helper; $this->config = $config; $this->ncUserManager = $ncUserManager; + $this->logger = $logger; } /** @@ -189,15 +193,16 @@ class Access extends LDAPUtility { */ public function readAttribute($dn, $attr, $filter = 'objectClass=*') { if (!$this->checkConnection()) { - \OCP\Util::writeLog('user_ldap', + $this->logger->warning( 'No LDAP Connector assigned, access impossible for readAttribute.', - ILogger::WARN); + ['app' => 'user_ldap'] + ); return false; } $cr = $this->connection->getConnectionResource(); if (!$this->ldap->isResource($cr)) { //LDAP not available - \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', ILogger::DEBUG); + $this->logger->debug('LDAP resource not available.', ['app' => 'user_ldap']); return false; } //Cancel possibly running Paged Results operation, otherwise we run in @@ -252,7 +257,7 @@ class Access extends LDAPUtility { } } while ($isRangeRequest); - \OCP\Util::writeLog('user_ldap', 'Requested attribute ' . $attr . ' not found for ' . $dn, ILogger::DEBUG); + $this->logger->debug('Requested attribute ' . $attr . ' not found for ' . $dn, ['app' => 'user_ldap']); return false; } @@ -283,13 +288,13 @@ class Access extends LDAPUtility { if (!$this->ldap->isResource($rr)) { if ($attribute !== '') { //do not throw this message on userExists check, irritates - \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN ' . $dn, ILogger::DEBUG); + $this->logger->debug('readAttribute failed for DN ' . $dn, ['app' => 'user_ldap']); } //in case an error occurs , e.g. object does not exist return false; } if ($attribute === '' && ($filter === 'objectclass=*' || $this->invokeLDAPMethod('countEntries', $cr, $rr) === 1)) { - \OCP\Util::writeLog('user_ldap', 'readAttribute: ' . $dn . ' found', ILogger::DEBUG); + $this->logger->debug('readAttribute: ' . $dn . ' found', ['app' => 'user_ldap']); return true; } $er = $this->invokeLDAPMethod('firstEntry', $cr, $rr); @@ -375,7 +380,7 @@ class Access extends LDAPUtility { $cr = $this->connection->getConnectionResource(); if (!$this->ldap->isResource($cr)) { //LDAP not available - \OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', ILogger::DEBUG); + $this->logger->debug('LDAP resource not available.', ['app' => 'user_ldap']); return false; } try { @@ -549,14 +554,14 @@ class Access extends LDAPUtility { } } else { //If the UUID can't be detected something is foul. - \OCP\Util::writeLog('user_ldap', 'Cannot determine UUID for ' . $fdn . '. Skipping.', ILogger::INFO); + $this->logger->debug('Cannot determine UUID for ' . $fdn . '. Skipping.', ['app' => 'user_ldap']); return false; } if (is_null($ldapName)) { $ldapName = $this->readAttribute($fdn, $nameAttribute, $filter); - if (!isset($ldapName[0]) && empty($ldapName[0])) { - \OCP\Util::writeLog('user_ldap', 'No or empty name for ' . $fdn . ' with filter ' . $filter . '.', ILogger::DEBUG); + if (!isset($ldapName[0]) || empty($ldapName[0])) { + $this->logger->debug('No or empty name for ' . $fdn . ' with filter ' . $filter . '.', ['app' => 'user_ldap']); return false; } $ldapName = $ldapName[0]; @@ -566,6 +571,10 @@ class Access extends LDAPUtility { $usernameAttribute = (string)$this->connection->ldapExpertUsernameAttr; if ($usernameAttribute !== '') { $username = $this->readAttribute($fdn, $usernameAttribute); + if (!isset($username[0]) || empty($username[0])) { + $this->logger->debug('No or empty username (' . $usernameAttribute . ') for ' . $fdn . '.', ['app' => 'user_ldap']); + return false; + } $username = $username[0]; } else { $username = $uuid; @@ -573,9 +582,8 @@ class Access extends LDAPUtility { try { $intName = $this->sanitizeUsername($username); } catch (\InvalidArgumentException $e) { - \OC::$server->getLogger()->logException($e, [ - 'app' => 'user_ldap', - 'level' => ILogger::WARN, + $this->logger->warning('Error sanitizing username: ' . $e->getMessage(), [ + 'exception' => $e, ]); // we don't attempt to set a username here. We can go for // for an alternative 4 digit random number as we would append @@ -615,7 +623,7 @@ class Access extends LDAPUtility { } //if everything else did not help.. - \OCP\Util::writeLog('user_ldap', 'Could not create unique name for ' . $fdn . '.', ILogger::INFO); + $this->logger->info('Could not create unique name for ' . $fdn . '.', ['app' => 'user_ldap']); return false; } @@ -937,7 +945,7 @@ class Access extends LDAPUtility { if ($user !== null) { $user->processAttributes($userRecord); } else { - \OC::$server->getLogger()->debug( + $this->logger->debug( "The ldap user manager returned null for $ocName", ['app' => 'user_ldap'] ); @@ -1116,13 +1124,13 @@ class Access extends LDAPUtility { * Maybe implement exponential backoff? * This was enough to get solr indexer working which has large delays between LDAP fetches. */ - \OCP\Util::writeLog('user_ldap', "Connection lost on $command, attempting to reestablish.", ILogger::DEBUG); + $this->logger->debug("Connection lost on $command, attempting to reestablish.", ['app' => 'user_ldap']); $this->connection->resetConnectionResource(); $cr = $this->connection->getConnectionResource(); if (!$this->ldap->isResource($cr)) { // Seems like we didn't find any resource. - \OCP\Util::writeLog('user_ldap', "Could not $command, because resource is missing.", ILogger::DEBUG); + $this->logger->debug("Could not $command, because resource is missing.", ['app' => 'user_ldap']); throw $e; } @@ -1156,7 +1164,7 @@ class Access extends LDAPUtility { if (!$this->ldap->isResource($cr)) { // Seems like we didn't find any resource. // Return an empty array just like before. - \OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', ILogger::DEBUG); + $this->logger->debug('Could not search, because resource is missing.', ['app' => 'user_ldap']); return false; } @@ -1172,7 +1180,7 @@ class Access extends LDAPUtility { // cannot use $cr anymore, might have changed in the previous call! $error = $this->ldap->errno($this->connection->getConnectionResource()); if (!$this->ldap->isResource($sr) || $error !== 0) { - \OCP\Util::writeLog('user_ldap', 'Attempt for Paging? ' . print_r($pagedSearchOK, true), ILogger::ERROR); + $this->logger->error('Attempt for Paging? ' . print_r($pagedSearchOK, true), ['app' => 'user_ldap']); return false; } @@ -1217,7 +1225,7 @@ class Access extends LDAPUtility { } } else { if (!is_null($limit) && (int)$this->connection->ldapPagingSize !== 0) { - \OC::$server->getLogger()->debug( + $this->logger->debug( 'Paged search was not available', ['app' => 'user_ldap'] ); @@ -1253,7 +1261,7 @@ class Access extends LDAPUtility { ?int $offset = null, bool $skipHandling = false ) { - \OC::$server->getLogger()->debug('Count filter: {filter}', [ + $this->logger->debug('Count filter: {filter}', [ 'app' => 'user_ldap', 'filter' => $filter ]); @@ -1763,7 +1771,7 @@ class Access extends LDAPUtility { $value = $this->readAttribute($dn, $attribute); if (is_array($value) && isset($value[0]) && !empty($value[0])) { - \OC::$server->getLogger()->debug( + $this->logger->debug( 'Setting {attribute} as {subject}', [ 'app' => 'user_ldap', @@ -1776,7 +1784,7 @@ class Access extends LDAPUtility { return true; } } - \OC::$server->getLogger()->debug('Could not autodetect the UUID attribute', ['app' => 'user_ldap']); + $this->logger->debug('Could not autodetect the UUID attribute', ['app' => 'user_ldap']); return false; } @@ -1871,7 +1879,7 @@ class Access extends LDAPUtility { * an exception here would kill the experience for a valid, acting * user. Instead we write a log message. */ - \OC::$server->getLogger()->info( + $this->logger->info( 'Passed string does not resemble a valid GUID. Known UUID ' . '({uuid}) probably does not match UUID configuration.', ['app' => 'user_ldap', 'uuid' => $guid] @@ -2046,7 +2054,7 @@ class Access extends LDAPUtility { ): bool { $pagedSearchOK = false; if ($limit !== 0) { - \OC::$server->getLogger()->debug( + $this->logger->debug( 'initializing paged search for filter {filter}, base {base}, attr {attr}, limit {limit}, offset {offset}', [ 'app' => 'user_ldap', @@ -2078,7 +2086,7 @@ class Access extends LDAPUtility { 'controlPagedResult', $this->connection->getConnectionResource(), $limit, false ); if ($pagedSearchOK) { - \OC::$server->getLogger()->debug('Ready for a paged search', ['app' => 'user_ldap']); + $this->logger->debug('Ready for a paged search', ['app' => 'user_ldap']); } /* ++ Fixing RHDS searches with pages with zero results ++ * We coudn't get paged searches working with our RHDS for login ($limit = 0), diff --git a/apps/user_ldap/lib/AccessFactory.php b/apps/user_ldap/lib/AccessFactory.php index 96f2655f046..7b67401efb4 100644 --- a/apps/user_ldap/lib/AccessFactory.php +++ b/apps/user_ldap/lib/AccessFactory.php @@ -27,6 +27,7 @@ namespace OCA\User_LDAP; use OCA\User_LDAP\User\Manager; use OCP\IConfig; use OCP\IUserManager; +use Psr\Log\LoggerInterface; class AccessFactory { /** @var ILDAPWrapper */ @@ -39,18 +40,22 @@ class AccessFactory { protected $config; /** @var IUserManager */ private $ncUserManager; + /** @var LoggerInterface */ + private $logger; public function __construct( ILDAPWrapper $ldap, Manager $userManager, Helper $helper, IConfig $config, - IUserManager $ncUserManager) { + IUserManager $ncUserManager, + LoggerInterface $logger) { $this->ldap = $ldap; $this->userManager = $userManager; $this->helper = $helper; $this->config = $config; $this->ncUserManager = $ncUserManager; + $this->logger = $logger; } public function get(Connection $connection) { @@ -60,7 +65,8 @@ class AccessFactory { $this->userManager, $this->helper, $this->config, - $this->ncUserManager + $this->ncUserManager, + $this->logger ); } } diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index dd1d966361b..63f2296a167 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -38,7 +38,7 @@ namespace OCA\User_LDAP; use OC\ServerNotAvailableException; -use OCP\ILogger; +use Psr\Log\LoggerInterface; /** * magic properties (incomplete) @@ -104,6 +104,9 @@ class Connection extends LDAPUtility { protected $bindResult = []; + /** @var LoggerInterface */ + protected $logger; + /** * Constructor * @param ILDAPWrapper $ldap @@ -123,6 +126,7 @@ class Connection extends LDAPUtility { $helper = new Helper(\OC::$server->getConfig()); $this->doNotValidate = !in_array($this->configPrefix, $helper->getServerConfigurationPrefixes()); + $this->logger = \OC::$server->get(LoggerInterface::class); } public function __destruct() { @@ -209,7 +213,10 @@ class Connection extends LDAPUtility { $this->establishConnection(); } if (is_null($this->ldapConnectionRes)) { - \OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server ' . $this->configuration->ldapHost, ILogger::ERROR); + $this->logger->error( + 'No LDAP Connection to server ' . $this->configuration->ldapHost, + ['app' => 'user_ldap'] + ); throw new ServerNotAvailableException('Connection to LDAP server could not be established'); } return $this->ldapConnectionRes; @@ -381,10 +388,10 @@ class Connection extends LDAPUtility { && (!is_null($this->configID))) { $this->configuration->$effectiveSetting = 'auto'; $this->configuration->saveConfiguration(); - \OCP\Util::writeLog('user_ldap', - 'Illegal value for the '. - $effectiveSetting.', '.'reset to '. - 'autodetect.', ILogger::INFO); + $this->logger->info( + 'Illegal value for the '.$effectiveSetting.', reset to autodetect.', + ['app' => 'user_ldap'] + ); } } } @@ -407,10 +414,9 @@ class Connection extends LDAPUtility { if ((stripos($this->configuration->ldapHost, 'ldaps://') === 0) && $this->configuration->ldapTLS) { $this->configuration->ldapTLS = false; - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->info( 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', - ILogger::INFO + ['app' => 'user_ldap'] ); } } @@ -450,10 +456,9 @@ class Connection extends LDAPUtility { break; } $configurationOK = false; - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->warning( $errorStr.'No '.$subj.' given!', - ILogger::WARN + ['app' => 'user_ldap'] ); } } @@ -465,11 +470,11 @@ class Connection extends LDAPUtility { ($agent === '' && $pwd !== '') || ($agent !== '' && $pwd === '') ) { - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->warning( $errorStr.'either no password is given for the user ' . 'agent or a password is given, but not an LDAP agent.', - ILogger::WARN); + ['app' => 'user_ldap'] + ); $configurationOK = false; } @@ -478,20 +483,18 @@ class Connection extends LDAPUtility { $baseGroups = $this->configuration->ldapBaseGroups; if (empty($base) && empty($baseUsers) && empty($baseGroups)) { - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->warning( $errorStr.'Not a single Base DN given.', - ILogger::WARN + ['app' => 'user_ldap'] ); $configurationOK = false; } if (mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8') === false) { - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->warning( $errorStr.'login filter does not contain %uid place holder.', - ILogger::WARN + ['app' => 'user_ldap'] ); $configurationOK = false; } @@ -535,34 +538,32 @@ class Connection extends LDAPUtility { return false; } if (!$this->ignoreValidation && !$this->configured) { - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->warning( 'Configuration is invalid, cannot connect', - ILogger::WARN + ['app' => 'user_ldap'] ); return false; } if (!$this->ldapConnectionRes) { if (!$this->ldap->areLDAPFunctionsAvailable()) { $phpLDAPinstalled = false; - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->error( 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', - ILogger::ERROR + ['app' => 'user_ldap'] ); return false; } if ($this->configuration->turnOffCertCheck) { if (putenv('LDAPTLS_REQCERT=never')) { - \OCP\Util::writeLog('user_ldap', + $this->logger->debug( 'Turned off SSL certificate validation successfully.', - ILogger::DEBUG); + ['app' => 'user_ldap'] + ); } else { - \OCP\Util::writeLog( - 'user_ldap', + $this->logger->warning( 'Could not turn off SSL certificate validation.', - ILogger::WARN + ['app' => 'user_ldap'] ); } } @@ -672,9 +673,10 @@ class Connection extends LDAPUtility { if (!$ldapLogin) { $errno = $this->ldap->errno($cr); - \OCP\Util::writeLog('user_ldap', + $this->logger->warning( 'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr), - ILogger::WARN); + ['app' => 'user_ldap'] + ); // Set to failure mode, if LDAP error code is not one of // - LDAP_SUCCESS (0) diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php index 9c2e3ebb713..a1ceeffba58 100644 --- a/apps/user_ldap/lib/Group_LDAP.php +++ b/apps/user_ldap/lib/Group_LDAP.php @@ -50,7 +50,7 @@ use OC\Cache\CappedMemoryCache; use OC\ServerNotAvailableException; use OCP\Group\Backend\IGetDisplayNameBackend; use OCP\GroupInterface; -use OCP\ILogger; +use Psr\Log\LoggerInterface; class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend { protected $enabled = false; @@ -63,7 +63,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I protected $cachedNestedGroups; /** @var GroupPluginManager */ protected $groupPluginManager; - /** @var ILogger */ + /** @var LoggerInterface */ protected $logger; /** @@ -83,7 +83,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I $this->cachedGroupsByMember = new CappedMemoryCache(); $this->cachedNestedGroups = new CappedMemoryCache(); $this->groupPluginManager = $groupPluginManager; - $this->logger = OC::$server->getLogger(); + $this->logger = OC::$server->get(LoggerInterface::class); $this->ldapGroupMemberAssocAttr = strtolower($gAssoc); } diff --git a/apps/user_ldap/lib/Jobs/Sync.php b/apps/user_ldap/lib/Jobs/Sync.php index 053ca894902..226a994cf57 100644 --- a/apps/user_ldap/lib/Jobs/Sync.php +++ b/apps/user_ldap/lib/Jobs/Sync.php @@ -41,6 +41,7 @@ use OCP\IDBConnection; use OCP\Image; use OCP\IUserManager; use OCP\Notification\IManager; +use Psr\Log\LoggerInterface; class Sync extends TimedJob { public const MAX_INTERVAL = 12 * 60 * 60; // 12h @@ -61,6 +62,8 @@ class Sync extends TimedJob { protected $dbc; /** @var IUserManager */ protected $ncUserManager; + /** @var LoggerInterface */ + protected $logger; /** @var IManager */ protected $notificationManager; /** @var ConnectionFactory */ @@ -337,6 +340,12 @@ class Sync extends TimedJob { $this->ncUserManager = \OC::$server->getUserManager(); } + if (isset($argument['logger'])) { + $this->logger = $argument['logger']; + } else { + $this->logger = \OC::$server->get(LoggerInterface::class); + } + if (isset($argument['notificationManager'])) { $this->notificationManager = $argument['notificationManager']; } else { @@ -378,7 +387,8 @@ class Sync extends TimedJob { $this->userManager, $this->ldapHelper, $this->config, - $this->ncUserManager + $this->ncUserManager, + $this->logger ); } } diff --git a/apps/user_ldap/lib/Jobs/UpdateGroups.php b/apps/user_ldap/lib/Jobs/UpdateGroups.php index 85615a46181..387c4cb3a55 100644 --- a/apps/user_ldap/lib/Jobs/UpdateGroups.php +++ b/apps/user_ldap/lib/Jobs/UpdateGroups.php @@ -48,6 +48,7 @@ use OCP\Group\Events\UserAddedEvent; use OCP\Group\Events\UserRemovedEvent; use OCP\ILogger; use OCP\IUser; +use Psr\Log\LoggerInterface; class UpdateGroups extends \OC\BackgroundJob\TimedJob { private static $groupsFromDB; @@ -210,7 +211,7 @@ class UpdateGroups extends \OC\BackgroundJob\TimedJob { \OC::$server->getUserManager(), \OC::$server->getNotificationManager()); $connector = new Connection($ldapWrapper, $configPrefixes[0]); - $ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig(), \OC::$server->getUserManager()); + $ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper, \OC::$server->getConfig(), \OC::$server->getUserManager(), \OC::$server->get(LoggerInterface::class)); $groupMapper = new GroupMapping($dbc); $userMapper = new UserMapping($dbc); $ldapAccess->setGroupMapper($groupMapper); diff --git a/apps/user_ldap/lib/Proxy.php b/apps/user_ldap/lib/Proxy.php index 7bcbd19ff1c..2b290f0ef32 100644 --- a/apps/user_ldap/lib/Proxy.php +++ b/apps/user_ldap/lib/Proxy.php @@ -36,6 +36,7 @@ namespace OCA\User_LDAP; use OCA\User_LDAP\Mapping\GroupMapping; use OCA\User_LDAP\Mapping\UserMapping; use OCA\User_LDAP\User\Manager; +use Psr\Log\LoggerInterface; abstract class Proxy { private static $accesses = []; @@ -70,6 +71,7 @@ abstract class Proxy { static $db; static $coreUserManager; static $coreNotificationManager; + static $logger; if ($fs === null) { $ocConfig = \OC::$server->getConfig(); $fs = new FilesystemHelper(); @@ -80,12 +82,13 @@ abstract class Proxy { $groupMap = new GroupMapping($db); $coreUserManager = \OC::$server->getUserManager(); $coreNotificationManager = \OC::$server->getNotificationManager(); + $logger = \OC::$server->get(LoggerInterface::class); } $userManager = new Manager($ocConfig, $fs, $log, $avatarM, new \OCP\Image(), $db, $coreUserManager, $coreNotificationManager); $connector = new Connection($this->ldap, $configPrefix); - $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager); + $access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig), $ocConfig, $coreUserManager, $logger); $access->setUserMapper($userMap); $access->setGroupMapper($groupMap); self::$accesses[$configPrefix] = $access; diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index 79f230ae00b..2af0cf8e48c 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -46,10 +46,9 @@ use OCA\User_LDAP\Exceptions\NotOnLDAP; use OCA\User_LDAP\User\OfflineUser; use OCA\User_LDAP\User\User; use OCP\IConfig; -use OCP\ILogger; use OCP\IUserSession; use OCP\Notification\IManager as INotificationManager; -use OCP\Util; +use Psr\Log\LoggerInterface; class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP { /** @var \OCP\IConfig */ @@ -61,6 +60,9 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn /** @var UserPluginManager */ protected $userPluginManager; + /** @var LoggerInterface */ + protected $logger; + /** * @param Access $access * @param \OCP\IConfig $ocConfig @@ -72,6 +74,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn $this->ocConfig = $ocConfig; $this->notificationManager = $notificationManager; $this->userPluginManager = $userPluginManager; + $this->logger = \OC::$server->get(LoggerInterface::class); } /** @@ -173,17 +176,21 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn try { $ldapRecord = $this->getLDAPUserByLoginName($uid); } catch (NotOnLDAP $e) { - \OC::$server->getLogger()->logException($e, ['app' => 'user_ldap', 'level' => ILogger::DEBUG]); + $this->logger->debug( + $e->getMessage(), + ['app' => 'user_ldap', 'exception' => $e] + ); return false; } $dn = $ldapRecord['dn'][0]; $user = $this->access->userManager->get($dn); if (!$user instanceof User) { - Util::writeLog('user_ldap', + $this->logger->warning( 'LDAP Login: Could not get user object for DN ' . $dn . '. Maybe the LDAP entry has no set display name attribute?', - ILogger::WARN); + ['app' => 'user_ldap'] + ); return false; } if ($user->getUsername() !== false) { @@ -266,16 +273,20 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn $this->access->getFilterPartForUserSearch($search) ]); - Util::writeLog('user_ldap', + $this->logger->debug( 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, - ILogger::DEBUG); + ['app' => 'user_ldap'] + ); //do the search and translate results to Nextcloud names $ldap_users = $this->access->fetchListOfUsers( $filter, $this->access->userManager->getAttributes(true), $limit, $offset); $ldap_users = $this->access->nextcloudUserNames($ldap_users); - Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', ILogger::DEBUG); + $this->logger->debug( + 'getUsers: '.count($ldap_users). ' Users found', + ['app' => 'user_ldap'] + ); $this->access->connection->writeToCache($cachekey, $ldap_users); return $ldap_users; @@ -353,8 +364,10 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn $user = $this->access->userManager->get($uid); if (is_null($user)) { - Util::writeLog('user_ldap', 'No DN found for '.$uid.' on '. - $this->access->connection->ldapHost, ILogger::DEBUG); + $this->logger->debug( + 'No DN found for '.$uid.' on '.$this->access->connection->ldapHost, + ['app' => 'user_ldap'] + ); $this->access->connection->writeToCache('userExists'.$uid, false); return false; } @@ -379,12 +392,13 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn $marked = $this->ocConfig->getUserValue($uid, 'user_ldap', 'isDeleted', 0); if ((int)$marked === 0) { - \OC::$server->getLogger()->notice( + $this->logger->notice( 'User '.$uid . ' is not marked as deleted, not cleaning up.', - ['app' => 'user_ldap']); + ['app' => 'user_ldap'] + ); return false; } - \OC::$server->getLogger()->info('Cleaning up after user ' . $uid, + $this->logger->info('Cleaning up after user ' . $uid, ['app' => 'user_ldap']); $this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core @@ -619,7 +633,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn ); $this->access->cacheUserExists($username); } else { - \OC::$server->getLogger()->warning( + $this->logger->warning( 'Failed to map created LDAP user with userid {userid}, because UUID could not be determined', [ 'app' => 'user_ldap', diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index 78337ff32b1..67a130555f2 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -40,7 +40,7 @@ namespace OCA\User_LDAP; use OC\ServerNotAvailableException; -use OCP\ILogger; +use Psr\Log\LoggerInterface; class Wizard extends LDAPUtility { /** @var \OCP\IL10N */ @@ -51,6 +51,9 @@ class Wizard extends LDAPUtility { protected $result; protected $resultCache = []; + /** @var LoggerInterface */ + protected $logger; + public const LRESULT_PROCESSED_OK = 2; public const LRESULT_PROCESSED_INVALID = 3; public const LRESULT_PROCESSED_SKIP = 4; @@ -78,6 +81,7 @@ class Wizard extends LDAPUtility { } $this->access = $access; $this->result = new WizardResult(); + $this->logger = \OC::$server->get(LoggerInterface::class); } public function __destruct() { @@ -301,9 +305,11 @@ class Wizard extends LDAPUtility { if ($winner !== '') { $this->applyFind('ldap_email_attr', $winner); if ($writeLog) { - \OCP\Util::writeLog('user_ldap', 'The mail attribute has ' . - 'automatically been reset, because the original value ' . - 'did not return any results.', ILogger::INFO); + $this->logger->info( + 'The mail attribute has automatically been reset, '. + 'because the original value did not return any results.', + ['app' => 'user_ldap'] + ); } } @@ -681,7 +687,10 @@ class Wizard extends LDAPUtility { foreach ($portSettings as $setting) { $p = $setting['port']; $t = $setting['tls']; - \OCP\Util::writeLog('user_ldap', 'Wiz: trying port '. $p . ', TLS '. $t, ILogger::DEBUG); + $this->logger->debug( + 'Wiz: trying port '. $p . ', TLS '. $t, + ['app' => 'user_ldap'] + ); //connectAndBind may throw Exception, it needs to be catched by the //callee of this method @@ -704,7 +713,10 @@ class Wizard extends LDAPUtility { 'ldapTLS' => (int)$t ]; $this->configuration->setConfiguration($config); - \OCP\Util::writeLog('user_ldap', 'Wiz: detected Port ' . $p, ILogger::DEBUG); + $this->logger->debug( + 'Wiz: detected Port ' . $p, + ['app' => 'user_ldap'] + ); $this->result->addChange('ldap_port', $p); return $this->result; } @@ -849,8 +861,10 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { $errorNo = $this->ldap->errno($cr); $errorMsg = $this->ldap->error($cr); - \OCP\Util::writeLog('user_ldap', 'Wiz: Could not search base '.$base. - ' Error '.$errorNo.': '.$errorMsg, ILogger::INFO); + $this->logger->info( + 'Wiz: Could not search base '.$base.' Error '.$errorNo.': '.$errorMsg, + ['app' => 'user_ldap'] + ); return false; } $entries = $this->ldap->countEntries($cr, $rr); @@ -1026,7 +1040,10 @@ class Wizard extends LDAPUtility { break; } - \OCP\Util::writeLog('user_ldap', 'Wiz: Final filter '.$filter, ILogger::DEBUG); + $this->logger->debug( + 'Wiz: Final filter '.$filter, + ['app' => 'user_ldap'] + ); return $filter; } @@ -1046,7 +1063,10 @@ class Wizard extends LDAPUtility { if (!$hostInfo) { throw new \Exception(self::$l->t('Invalid Host')); } - \OCP\Util::writeLog('user_ldap', 'Wiz: Attempting to connect ', ILogger::DEBUG); + $this->logger->debug( + 'Wiz: Attempting to connect', + ['app' => 'user_ldap'] + ); $cr = $this->ldap->connect($host, $port); if (!is_resource($cr)) { throw new \Exception(self::$l->t('Invalid Host')); @@ -1065,7 +1085,10 @@ class Wizard extends LDAPUtility { } } - \OCP\Util::writeLog('user_ldap', 'Wiz: Attemping to Bind ', ILogger::DEBUG); + $this->logger->debug( + 'Wiz: Attemping to Bind', + ['app' => 'user_ldap'] + ); //interesting part: do the bind! $login = $this->ldap->bind($cr, $this->configuration->ldapAgentName, @@ -1080,7 +1103,10 @@ class Wizard extends LDAPUtility { if ($login === true) { $this->ldap->unbind($cr); - \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . (int)$tls, ILogger::DEBUG); + $this->logger->debug( + 'Wiz: Bind successful to Port '. $port . ' TLS ' . (int)$tls, + ['app' => 'user_ldap'] + ); return true; } diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php index 6fe0fb1f24f..b97fe321bf7 100644 --- a/apps/user_ldap/tests/AccessTest.php +++ b/apps/user_ldap/tests/AccessTest.php @@ -53,6 +53,7 @@ use OCP\IDBConnection; use OCP\Image; use OCP\IUserManager; use OCP\Notification\IManager as INotificationManager; +use Psr\Log\LoggerInterface; use Test\TestCase; /** @@ -79,6 +80,8 @@ class AccessTest extends TestCase { private $config; /** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */ private $ncUserManager; + /** @var LoggerInterface|MockObject */ + private $logger; /** @var Access */ private $access; @@ -91,6 +94,7 @@ class AccessTest extends TestCase { $this->userMapper = $this->createMock(UserMapping::class); $this->groupMapper = $this->createMock(GroupMapping::class); $this->ncUserManager = $this->createMock(IUserManager::class); + $this->logger = $this->createMock(LoggerInterface::class); $this->access = new Access( $this->connection, @@ -98,7 +102,8 @@ class AccessTest extends TestCase { $this->userManager, $this->helper, $this->config, - $this->ncUserManager + $this->ncUserManager, + $this->logger ); $this->access->setUserMapper($this->userMapper); $this->access->setGroupMapper($this->groupMapper); @@ -238,7 +243,7 @@ class AccessTest extends TestCase { list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock(); /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */ $config = $this->createMock(IConfig::class); - $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager); + $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger); $lw->expects($this->exactly(1)) ->method('explodeDN') @@ -261,7 +266,7 @@ class AccessTest extends TestCase { /** @var IConfig|\PHPUnit\Framework\MockObject\MockObject $config */ $config = $this->createMock(IConfig::class); $lw = new LDAP(); - $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager); + $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger); if (!function_exists('ldap_explode_dn')) { $this->markTestSkipped('LDAP Module not available'); @@ -442,7 +447,7 @@ class AccessTest extends TestCase { $attribute => ['count' => 1, $dnFromServer] ]); - $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager); + $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager, $this->logger); $values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute); $this->assertSame($values[0], strtolower($dnFromServer)); } diff --git a/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php b/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php index e40f73a7596..acca987a81d 100644 --- a/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php +++ b/apps/user_ldap/tests/Integration/AbstractIntegrationTest.php @@ -143,7 +143,7 @@ abstract class AbstractIntegrationTest { * initializes the Access test instance */ protected function initAccess() { - $this->access = new Access($this->connection, $this->ldap, $this->userManager, $this->helper, \OC::$server->getConfig()); + $this->access = new Access($this->connection, $this->ldap, $this->userManager, $this->helper, \OC::$server->getConfig(), \OC::$server->getLogger()); } /** |