Move SAML configurations to a table of their own

- adds user_saml_configurations table and migrates existing configuration
- Controller methods are added since appconfig endpoints cannot be used
  anymore. THIS IS A BREAKING CHANGE.
- Frontend code is adjusted to use new endpoints.
- security-sloWebServerDecode was changed from global to provider specific
  setting. It being global seemed to be unintended. A migration path is yet
  missing.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

1 files changed, 35 insertions, 28 deletions

diff --git a/lib/UserBackend.php b/lib/UserBackend.php
index d7c1f3a4..2461a703 100644
--- a/lib/UserBackend.php
+++ b/lib/UserBackend.php
@@ -107,8 +107,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @param string $uid
 	 * @param array $attributes
 	 */
-	public function createUserIfNotExists($uid, array $attributes = []) {
-		if (!$this->userExistsInDatabase($uid)) {
+	public function createUserIfNotExists($uid, array $attributes = array()) {
+		if(!$this->userExistsInDatabase($uid)) {
 			$values = [
 				'uid' => $uid,
 			];
@@ -123,12 +123,12 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 			if ($home !== '') {
 				//if attribute's value is an absolute path take this, otherwise append it to data dir
 				//check for / at the beginning or pattern c:\ resp. c:/
-				if ('/' !== $home[0]
+				if(   '/' !== $home[0]
 				   && !(3 < strlen($home) && ctype_alpha($home[0])
 					   && $home[1] === ':' && ('\\' === $home[2] || '/' === $home[2]))
 				) {
 					$home = $this->config->getSystemValue('datadirectory',
-							\OC::$SERVERROOT.'/data') . '/' . $home;
+							\OC::$SERVERROOT.'/data' ) . '/' . $home;
 				}
 
 				$values['home'] = $home;
@@ -137,12 +137,13 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 			/* @var $qb IQueryBuilder */
 			$qb = $this->db->getQueryBuilder();
 			$qb->insert('user_saml_users');
-			foreach ($values as $column => $value) {
+			foreach($values as $column => $value) {
 				$qb->setValue($column, $qb->createNamedParameter($value));
 			}
 			$qb->execute();
 
 			$this->initializeHomeDir($uid);
+
 		}
 	}
 
@@ -202,8 +203,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 		$data = $result->fetchAll();
 		$result->closeCursor();
 
-		foreach ($data as $passwords) {
-			if (password_verify($password, $passwords['token'])) {
+		foreach($data as $passwords) {
+			if(password_verify($password, $passwords['token'])) {
 				return $uid;
 			}
 		}
@@ -218,7 +219,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @since 4.5.0
 	 */
 	public function deleteUser($uid) {
-		if ($this->userExistsInDatabase($uid)) {
+		if($this->userExistsInDatabase($uid)) {
 			/* @var $qb IQueryBuilder */
 			$qb = $this->db->getQueryBuilder();
 			$qb->delete('user_saml_users')
@@ -236,7 +237,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @return string
 	 */
 	public function getHome($uid) {
-		if ($this->userExistsInDatabase($uid)) {
+		if($this->userExistsInDatabase($uid)) {
 			$qb = $this->db->getQueryBuilder();
 			$qb->select('home')
 				->from('user_saml_users')
@@ -276,7 +277,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @since 4.5.0
 	 */
 	public function userExists($uid) {
-		if ($backend = $this->getActualUserBackend($uid)) {
+		if($backend = $this->getActualUserBackend($uid)) {
 			return $backend->userExists($uid);
 		} else {
 			return $this->userExistsInDatabase($uid);
@@ -284,7 +285,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	}
 
 	public function setDisplayName($uid, $displayName) {
-		if ($backend = $this->getActualUserBackend($uid)) {
+		if($backend = $this->getActualUserBackend($uid)) {
 			return $backend->setDisplayName($uid, $displayName);
 		}
 
@@ -308,10 +309,10 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @since 4.5.0
 	 */
 	public function getDisplayName($uid) {
-		if ($backend = $this->getActualUserBackend($uid)) {
+		if($backend = $this->getActualUserBackend($uid)) {
 			return $backend->getDisplayName($uid);
 		} else {
-			if ($this->userExistsInDatabase($uid)) {
+			if($this->userExistsInDatabase($uid)) {
 				$qb = $this->db->getQueryBuilder();
 				$qb->select('displayname')
 					->from('user_saml_users')
@@ -373,7 +374,7 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @since 4.5.0
 	 */
 	public function hasUserListings() {
-		if ($this->autoprovisionAllowed()) {
+		if($this->autoprovisionAllowed()) {
 			return true;
 		}
 
@@ -394,8 +395,10 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * {@inheritdoc}
 	 */
 	public function getLogoutUrl() {
-		$prefix = $this->settings->getPrefix();
-		$slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', '');
+		$id = $this->settings->getProviderId();
+		$settings = $this->settings->get($id);
+		$slo = $settings['idp-singleLogoutService.url'] ?? '';
+
 		if ($slo === '') {
 			return '';
 		}
@@ -484,14 +487,14 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	public function getCurrentUserId() {
 		$user = \OC::$server->getUserSession()->getUser();
 
-		if ($user instanceof IUser && $this->session->get('user_saml.samlUserData')) {
+		if($user instanceof IUser && $this->session->get('user_saml.samlUserData')) {
 			$uid = $user->getUID();
 		} else {
 			$this->userData->setAttributes($this->session->get('user_saml.samlUserData') ?? []);
 			$uid = $this->userData->getEffectiveUid();
 		}
 
-		if ($uid !== '' && $this->userExists($uid)) {
+		if($uid !== '' && $this->userExists($uid)) {
 			$this->session->set('last-password-confirm', strtotime('+4 year', time()));
 			return $uid;
 		}
@@ -524,8 +527,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 * @return null|UserInterface
 	 */
 	public function getActualUserBackend($uid) {
-		foreach (self::$backends as $backend) {
-			if ($backend->userExists($uid)) {
+		foreach(self::$backends as $backend) {
+			if($backend->userExists($uid)) {
 				return $backend;
 			}
 		}
@@ -543,9 +546,13 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 		self::$backends = $backends;
 	}
 
-	private function getAttributeKeys($name) {
-		$prefix = $this->settings->getPrefix($name);
-		$keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, ''));
+	/**
+	 * @throws \OCP\DB\Exception
+	 */
+	private function getAttributeKeys($name)
+	{
+		$settings = $this->settings->get($this->settings->getProviderId());
+		$keys = explode(' ', $settings[$name] ?? $this->config->getAppValue('user_saml', $name, ''));
 
 		if (count($keys) === 1 && $keys[0] === '') {
 			throw new \InvalidArgumentException('Attribute is not configured');
@@ -557,17 +564,17 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 		$keys = $this->getAttributeKeys($name);
 
 		$value = '';
-		foreach ($keys as $key) {
+		foreach($keys as $key) {
 			if (isset($attributes[$key])) {
 				if (is_array($attributes[$key])) {
 					foreach ($attributes[$key] as $attribute_part_value) {
-						if ($value !== '') {
+						if($value !== '') {
 							$value .= ' ';
 						}
 						$value .= $attribute_part_value;
 					}
 				} else {
-					if ($value !== '') {
+					if($value !== '') {
 						$value .= ' ';
 					}
 					$value .= $attributes[$key];
@@ -581,8 +588,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	private function getAttributeArrayValue($name, array $attributes) {
 		$keys = $this->getAttributeKeys($name);
 
-		$value = [];
-		foreach ($keys as $key) {
+		$value = array();
+		foreach($keys as $key) {
 			if (isset($attributes[$key])) {
 				if (is_array($attributes[$key])) {
 					$value = array_merge($value, array_values($attributes[$key]));