spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

mergre current develop

Browse Source
This commit is contained in:
Marcin Łojewski
2018-12-22 19:37:05 +01:00
parent 1b0467d070 55797f0d56
commit 602390b5b8
33 changed files with 501 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
CHANGELOG.md
View File

@@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
- Reverse active column option
- Support for Nextcloud 16
## [4.2.1] - 2018-12-22
### Fixed
- SQL error when same column names given in several tables
## [4.2.0] - 2018-12-16
### Added
- Support for Nextcloud 15
- Redmine, SHA-256, SHA-512 hash algorithms
### Fixed
- Loading user list when display name is null
- Hide "password change form" when "Allow password change" not set
### Changed
- Append salt only when checked. Not by default
## [4.1.0] - 2018-10-28
### Added
- Whirlpool hash algorithm
@@ -98,6 +117,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Changed
- Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12
[Unreleased]: https://github.com/nextcloud/user_sql/compare/v4.2.1...develop
[4.2.1]: https://github.com/nextcloud/user_sql/compare/v4.2.0...v4.2.1
[4.2.0]: https://github.com/nextcloud/user_sql/compare/v4.1.0...v4.2.0
[4.1.0]: https://github.com/nextcloud/user_sql/compare/v4.0.1...v4.1.0
[4.0.1]: https://github.com/nextcloud/user_sql/compare/v4.0.0...v4.0.1
[4.0.0]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc2...v4.0.0

18
README.md
View File

@@ -50,6 +50,7 @@ Name | Description | Details
**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: false.
**Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: false.
**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
@@ -73,7 +74,8 @@ Name | Description | Details
**Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
**Salt** | Salt which is appended to password when checking or changing the password. | Optional.
**Prepend salt** | Prepend a salt to the password instead of appending it. | Optional.<br/>Default: false.
**Append salt** | Append a salt to the password. | Optional.<br/>Default: false.
**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: false.
#### Group table
@@ -119,7 +121,8 @@ CREATE TABLE sql_user
home TEXT NULL,
password TEXT NOT NULL,
active TINYINT(1) NOT NULL DEFAULT '1',
provide_avatar BOOLEAN NOT NULL DEFAULT FALSE
provide_avatar BOOLEAN NOT NULL DEFAULT FALSE,
salt TEXT NULL
);
CREATE TABLE sql_group
@@ -195,8 +198,11 @@ Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp
Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
Redmine | Requires salt. Salt value for hash in the next column is 'salt'. | 48b75edeffd8e413341d7734f0f3391e7a5da994
SHA-1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
SHA-256 | No salt supported. | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
SHA-512 | No salt supported. | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
SHA-512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02
@@ -204,6 +210,10 @@ Whirlpool | | 74dfc2b27acfa364da55f93a5caee29ccad3557247eda238831b3e9bd931b01d77
## Development
#### Testing environment
There is a [vagrant](https://github.com/mlojewski-me/user_sql-vagrant) box which you can use at development stage.
#### New database driver support
Add a new class in the `OCA\UserSQL\Platform` namespace which extends the `AbstractPlatform` class.

4
appinfo/info.xml
View File

@@ -8,7 +8,7 @@
Retrieve the users and groups info. Allow the users to change their passwords.
Sync the users' email addresses with the addresses stored by Nextcloud.
</description>
<version>4.1.0</version>
<version>4.3.0-dev</version>
<licence>agpl</licence>
<author>Marcin Łojewski</author>
<author>Andreas Böhler</author>
@@ -22,7 +22,7 @@
<category>auth</category>
<dependencies>
<php min-version="7.0"/>
<nextcloud min-version="14" max-version="14"/>
<nextcloud min-version="14" max-version="16"/>
</dependencies>
<settings>
<admin>\OCA\UserSQL\Settings\Admin</admin>

25
lib/Backend/UserBackend.php
View File

@@ -21,6 +21,7 @@
namespace OCA\UserSQL\Backend;
use OC\User\Backend;
use OCA\UserSQL\Action\EmailSync;
use OCA\UserSQL\Action\IUserAction;
use OCA\UserSQL\Action\QuotaSync;
@@ -263,6 +264,10 @@ final class UserBackend extends ABackend implements
return false;
}
if (is_null($user->name)) {
return false;
}
$name = $user->name;
$this->logger->debug(
"Returning getDisplayName($uid): $name",
@@ -302,7 +307,7 @@ final class UserBackend extends ABackend implements
$password = $this->addSalt($user, $password);
$isCorrect = $passwordAlgorithm->checkPassword(
$password, $user->password
$password, $user->password, $user->salt
);
if ($user->active == false) {
@@ -361,9 +366,9 @@ final class UserBackend extends ABackend implements
private function addSalt(User $user, string $password): string
{
if ($user->salt !== null) {
if (empty($this->properties[Opt::PREPEND_SALT])) {
if (!empty($this->properties[Opt::APPEND_SALT])) {
return $password . $user->salt;
} else {
} elseif (!empty($this->properties[Opt::PREPEND_SALT])) {
return $user->salt . $password;
}
}
@@ -389,8 +394,10 @@ final class UserBackend extends ABackend implements
$names = [];
foreach ($users as $user) {
if (!is_null($user->name)) {
$names[$user] = $user->name;
}
}
$this->logger->debug(
"Returning getDisplayNames($search, $limit, $offset): count("
@@ -636,4 +643,16 @@ final class UserBackend extends ABackend implements
{
return false;
}
/**
* @inheritdoc
*/
public function implementsActions($actions): bool
{
if ($actions & Backend::SET_PASSWORD) {
return !empty($this->properties[Opt::PASSWORD_CHANGE]);
}
return parent::implementsActions($actions);
}
}

2
lib/Constant/Opt.php
View File

@@ -28,6 +28,7 @@ namespace OCA\UserSQL\Constant;
*/
final class Opt
{
const APPEND_SALT = "opt.append_salt";
const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
const CRYPTO_CLASS = "opt.crypto_class";
const EMAIL_SYNC = "opt.email_sync";
@@ -37,5 +38,6 @@ final class Opt
const PASSWORD_CHANGE = "opt.password_change";
const PREPEND_SALT = "opt.prepend_salt";
const QUOTA_SYNC = "opt.quota_sync";
const REVERSE_ACTIVE = "opt.reverse_active";
const USE_CACHE = "opt.use_cache";
}

6
lib/Crypto/AbstractAlgorithm.php
View File

@@ -65,15 +65,15 @@ abstract class AbstractAlgorithm implements IPasswordAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, $this->getPasswordHash($password));
return hash_equals($dbHash, $this->getPasswordHash($password, $salt));
}
/**
* @inheritdoc
*/
public abstract function getPasswordHash($password);
public abstract function getPasswordHash($password, $salt = null);
/**
* @inheritdoc

4
lib/Crypto/AbstractCrypt.php
View File

@@ -38,7 +38,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, crypt($password, $dbHash));
}
@@ -46,7 +46,7 @@ abstract class AbstractCrypt extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return crypt($password, $this->getSalt());
}

2
lib/Crypto/Cleartext.php
View File

@@ -43,7 +43,7 @@ class Cleartext extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return $password;
}

2
lib/Crypto/CourierMD5.php
View File

@@ -43,7 +43,7 @@ class CourierMD5 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{MD5}' . Utils::hexToBase64(md5($password));
}

2
lib/Crypto/CourierMD5Raw.php
View File

@@ -43,7 +43,7 @@ class CourierMD5Raw extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{MD5RAW}' . md5($password);
}

2
lib/Crypto/CourierSHA1.php
View File

@@ -43,7 +43,7 @@ class CourierSHA1 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{SHA}' . Utils::hexToBase64(sha1($password));
}

2
lib/Crypto/CourierSHA256.php
View File

@@ -43,7 +43,7 @@ class CourierSHA256 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return '{SHA256}' . Utils::hexToBase64(hash('sha256', $password));
}

2
lib/Crypto/Crypt.php
View File

@@ -44,7 +44,7 @@ class Crypt extends AbstractCrypt
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return password_hash($password, PASSWORD_DEFAULT);
}

4
lib/Crypto/CryptArgon2.php
View File

@@ -81,7 +81,7 @@ class CryptArgon2 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return password_verify($password, $dbHash);
}
@@ -89,7 +89,7 @@ class CryptArgon2 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return password_hash(
$password, PASSWORD_ARGON2I, [

4
lib/Crypto/CryptBlowfish.php
View File

@@ -52,7 +52,7 @@ class CryptBlowfish extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return password_verify($password, $dbHash);
}
@@ -60,7 +60,7 @@ class CryptBlowfish extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return password_hash(
$password, PASSWORD_BCRYPT, ["cost" => $this->cost]

6
lib/Crypto/IPasswordAlgorithm.php
View File

@@ -42,20 +42,22 @@ interface IPasswordAlgorithm
* This value is stored in the database, when the password is changed.
*
* @param String $password The new password.
* @param String $salt Optional. Salt value.
*
* @return boolean True if the password was hashed successfully, false otherwise.
*/
public function getPasswordHash($password);
public function getPasswordHash($password, $salt = null);
/**
* Check password given by the user against hash stored in the database.
*
* @param String $password Password given by the user.
* @param String $dbHash Password hash stored in the database.
* @param String $salt Optional. Salt value.
*
* @return boolean True if the password is correct, false otherwise.
*/
public function checkPassword($password, $dbHash);
public function checkPassword($password, $dbHash, $salt = null);
/**
* Configuration for the algorithm.

4
lib/Crypto/Joomla.php
View File

@@ -43,7 +43,7 @@ class Joomla extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
$salt = Utils::randomString(
32, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
@@ -55,7 +55,7 @@ class Joomla extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, self::generateHash($password, $dbHash));
}

2
lib/Crypto/MD5.php
View File

@@ -43,7 +43,7 @@ class MD5 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return md5($password);
}

4
lib/Crypto/Phpass.php
View File

@@ -50,7 +50,7 @@ class Phpass extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, $this->crypt($password, $dbHash));
}
@@ -136,7 +136,7 @@ class Phpass extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return $this->crypt($password, $this->genSalt());
}

50
lib/Crypto/Redmine.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
/**
* Redmine MD5 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class Redmine extends AbstractAlgorithm
{
/**
* @inheritdoc
*/
public function getPasswordHash($password, $salt = null)
{
if (is_null($salt)) {
return false;
}
return sha1($salt . sha1($password));
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "Redmine";
}
}

6
lib/Crypto/SHA1.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA1 hash implementation.
* SHA-1 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
@@ -43,7 +43,7 @@ class SHA1 extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return sha1($password);
}
@@ -53,6 +53,6 @@ class SHA1 extends AbstractAlgorithm
*/
protected function getAlgorithmName()
{
return "SHA1";
return "SHA-1";
}
}

58
lib/Crypto/SHA256.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA-256 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class SHA256 extends AbstractAlgorithm
{
/**
* The class constructor.
*
* @param IL10N $localization The localization service.
*/
public function __construct(IL10N $localization)
{
parent::__construct($localization);
}
/**
* @inheritdoc
*/
public function getPasswordHash($password, $salt = null)
{
return hash('sha256', $password);
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "SHA-256";
}
}

58
lib/Crypto/SHA512.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA-512 hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class SHA512 extends AbstractAlgorithm
{
/**
* The class constructor.
*
* @param IL10N $localization The localization service.
*/
public function __construct(IL10N $localization)
{
parent::__construct($localization);
}
/**
* @inheritdoc
*/
public function getPasswordHash($password, $salt = null)
{
return hash('sha512', $password);
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "SHA-512";
}
}

6
lib/Crypto/SHA512Whirlpool.php
View File

@@ -24,7 +24,7 @@ namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* SHA512 Whirlpool hash implementation.
* SHA-512 Whirlpool hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
@@ -43,7 +43,7 @@ class SHA512Whirlpool extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return hash('sha512', hash('whirlpool', $password));
}
@@ -53,6 +53,6 @@ class SHA512Whirlpool extends AbstractAlgorithm
*/
protected function getAlgorithmName()
{
return "SHA512 Whirlpool";
return "SHA-512 Whirlpool";
}
}

4
lib/Crypto/SSHA.php
View File

@@ -43,7 +43,7 @@ abstract class SSHA extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
$saltedPassword = base64_decode(
preg_replace("/" . $this->getPrefix() . "/i", "", $dbHash)
@@ -94,7 +94,7 @@ abstract class SSHA extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return self::ssha(
$password, Utils::randomString(

4
lib/Crypto/WCF2.php
View File

@@ -31,7 +31,7 @@ class WCF2 extends AbstractCrypt
/**
* @inheritdoc
*/
public function checkPassword($password, $dbHash)
public function checkPassword($password, $dbHash, $salt = null)
{
return hash_equals($dbHash, crypt(crypt($password, $dbHash), $dbHash));
}
@@ -39,7 +39,7 @@ class WCF2 extends AbstractCrypt
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
$salt = $this->getSalt();
return crypt(crypt($password, $salt), $salt);

2
lib/Crypto/Whirlpool.php
View File

@@ -43,7 +43,7 @@ class Whirlpool extends AbstractAlgorithm
/**
* @inheritdoc
*/
public function getPasswordHash($password)
public function getPasswordHash($password, $salt = null)
{
return hash('whirlpool', $password);
}

95
lib/Query/QueryProvider.php
View File

@@ -22,6 +22,7 @@
namespace OCA\UserSQL\Query;
use OCA\UserSQL\Constant\DB;
use OCA\UserSQL\Constant\Opt;
use OCA\UserSQL\Constant\Query;
use OCA\UserSQL\Properties;
@@ -86,81 +87,83 @@ class QueryProvider implements \ArrayAccess
$searchParam = Query::SEARCH_PARAM;
$uidParam = Query::UID_PARAM;
$reverseActiveOpt = $this->properties[Opt::REVERSE_ACTIVE];
$groupColumns
= "$gGID AS gid, " .
(empty($gName) ? $gGID : $gName) . " AS name, " .
(empty($gAdmin) ? "false" : $gAdmin) . " AS admin";
= "g.$gGID AS gid, " .
(empty($gName) ? "g." . $gGID : "g." . $gName) . " AS name, " .
(empty($gAdmin) ? "false" : "g." . $gAdmin) . " AS admin";
$userColumns
= "$uUID AS uid, " .
(empty($uName) ? $uUID : $uName) . " AS name, " .
(empty($uEmail) ? "null" : $uEmail) . " AS email, " .
(empty($uQuota) ? "null" : $uQuota) . " AS quota, " .
(empty($uHome) ? "null" : $uHome) . " AS home, " .
(empty($uActive) ? "true" : $uActive) . " AS active, " .
(empty($uAvatar) ? "false" : $uAvatar) . " AS avatar, " .
(empty($uSalt) ? "null" : $uSalt) . " AS salt";
= "u.$uUID AS uid, " .
(empty($uName) ? "u." . $uUID : "u." . $uName) . " AS name, " .
(empty($uEmail) ? "null" : "u." . $uEmail) . " AS email, " .
(empty($uQuota) ? "null" : "u." . $uQuota) . " AS quota, " .
(empty($uHome) ? "null" : "u." . $uHome) . " AS home, " .
(empty($uActive) ? "true" : (empty($reverseActiveOpt) ? "" : "NOT ") . "u." . $uActive) . " AS active, " .
(empty($uAvatar) ? "false" : "u." . $uAvatar) . " AS avatar, " .
(empty($uSalt) ? "null" : "u." . $uSalt) . " AS salt";
$this->queries = [
Query::BELONGS_TO_ADMIN =>
"SELECT COUNT($gGID) > 0 AS admin " .
"FROM $group, $userGroup " .
"WHERE $ugGID = $gGID " .
"AND $ugUID = :$uidParam " .
"AND $gAdmin",
"SELECT COUNT(g.$gGID) > 0 AS admin " .
"FROM $group g, $userGroup ug " .
"WHERE ug.$ugGID = g.$gGID " .
"AND ug.$ugUID = :$uidParam " .
"AND g.$gAdmin",
Query::COUNT_GROUPS =>
"SELECT COUNT($ugGID) " .
"FROM $userGroup " .
"WHERE $ugGID = :$gidParam " .
"AND $ugUID " .
"SELECT COUNT(ug.$ugGID) " .
"FROM $userGroup ug " .
"WHERE ug.$ugGID = :$gidParam " .
"AND ug.$ugUID " .
"LIKE :$searchParam",
Query::COUNT_USERS =>
"SELECT COUNT($uUID) AS count " .
"FROM $user " .
"WHERE $uUID LIKE :$searchParam",
"SELECT COUNT(u.$uUID) AS count " .
"FROM $user u " .
"WHERE u.$uUID LIKE :$searchParam",
Query::FIND_GROUP =>
"SELECT $groupColumns " .
"FROM $group " .
"WHERE $gGID = :$gidParam",
"FROM $group g " .
"WHERE g.$gGID = :$gidParam",
Query::FIND_GROUP_USERS =>
"SELECT $ugUID AS uid " .
"FROM $userGroup " .
"WHERE $ugGID = :$gidParam " .
"AND $ugUID " .
"SELECT ug.$ugUID AS uid " .
"FROM $userGroup ug " .
"WHERE ug.$ugGID = :$gidParam " .
"AND ug.$ugUID " .
"LIKE :$searchParam " .
"ORDER BY $ugUID",
"ORDER BY ug.$ugUID",
Query::FIND_GROUPS =>
"SELECT $groupColumns " .
"FROM $group " .
"WHERE $gGID LIKE :$searchParam " .
"ORDER BY $gGID",
"FROM $group g " .
"WHERE g.$gGID LIKE :$searchParam " .
"ORDER BY g.$gGID",
Query::FIND_USER =>
"SELECT $userColumns, $uPassword AS password " .
"FROM $user " .
"WHERE $uUID = :$uidParam",
"SELECT $userColumns, u.$uPassword AS password " .
"FROM $user u " .
"WHERE u.$uUID = :$uidParam",
Query::FIND_USER_CASE_INSENSITIVE =>
"SELECT $userColumns, $uPassword AS password " .
"FROM $user " .
"WHERE lower($uUID) = lower(:$uidParam)",
"SELECT $userColumns, u.$uPassword AS password " .
"FROM $user u " .
"WHERE lower(u.$uUID) = lower(:$uidParam)",
Query::FIND_USER_GROUPS =>
"SELECT $groupColumns " .
"FROM $group, $userGroup " .
"WHERE $ugGID = $gGID " .
"AND $ugUID = :$uidParam " .
"ORDER BY $gGID",
"FROM $group g, $userGroup ug " .
"WHERE ug.$ugGID = g.$gGID " .
"AND ug.$ugUID = :$uidParam " .
"ORDER BY g.$gGID",
Query::FIND_USERS =>
"SELECT $userColumns " .
"FROM $user " .
"WHERE $uUID LIKE :$searchParam " .
"ORDER BY $uUID",
"FROM $user u " .
"WHERE u.$uUID LIKE :$searchParam " .
"ORDER BY u.$uUID",
Query::UPDATE_DISPLAY_NAME =>
"UPDATE $user " .

4
templates/admin.php
View File

@@ -110,7 +110,8 @@ function print_select_options(
<fieldset><?php
print_checkbox_input($l, "opt-name_change", "Allow display name change", $_["opt.name_change"]);
print_checkbox_input($l, "opt-password_change", "Allow password change", $_["opt.password_change"]);
print_checkbox_input($l, "opt-case_insensitive_username", "Case-insensitive username", $_["opt.case_insensitive_username"]); ?>
print_checkbox_input($l, "opt-case_insensitive_username", "Case-insensitive username", $_["opt.case_insensitive_username"]);
print_checkbox_input($l, "opt-reverse_active", "Reverse active column", $_["opt.reverse_active"]); ?>
<div class="button-right"><?php
print_checkbox_input($l, "opt-use_cache", "Use cache", $_["opt.use_cache"], false); ?>
<input type="submit" id="user_sql-clear_cache" value="<?php p($l->t("Clear cache")); ?>">
@@ -153,6 +154,7 @@ function print_select_options(
print_text_input($l, "db-table-user-column-active", "Active", $_["db.table.user.column.active"]);
print_text_input($l, "db-table-user-column-avatar", "Provide avatar", $_["db.table.user.column.avatar"]);
print_text_input($l, "db-table-user-column-salt", "Salt", $_["db.table.user.column.salt"]);
print_checkbox_input($l, "opt-append_salt", "Append salt", $_["opt.append_salt"]);
print_checkbox_input($l, "opt-prepend_salt", "Prepend salt", $_["opt.prepend_salt"]); ?>
</fieldset>
</div>

2
tests/Crypto/PhpassTest.php
View File

@@ -27,7 +27,7 @@ use OCP\IL10N;
use Test\TestCase;
/**
* Unit tests for class <code>PhpassTest</code>.
* Unit tests for class <code>Phpass</code>.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/

61
tests/Crypto/RedmineTest.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Tests\UserSQL\Crypto;
use OCA\UserSQL\Crypto\IPasswordAlgorithm;
use OCA\UserSQL\Crypto\Redmine;
use OCP\IL10N;
use Test\TestCase;
/**
* Unit tests for class <code>Redmine</code>.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class RedmineTest extends TestCase
{
/**
* @var IPasswordAlgorithm
*/
private $crypto;
public function testCheckPassword()
{
$this->assertTrue(
$this->crypto->checkPassword(
"password", "48b75edeffd8e413341d7734f0f3391e7a5da994", "salt"
)
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password", "salt");
$this->assertTrue($this->crypto->checkPassword("password", $hash, "salt"));
}
protected function setUp()
{
parent::setUp();
$this->crypto = new Redmine($this->createMock(IL10N::class));
}
}

61
tests/Crypto/SHA256Test.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Tests\UserSQL\Crypto;
use OCA\UserSQL\Crypto\IPasswordAlgorithm;
use OCA\UserSQL\Crypto\SHA256;
use OCP\IL10N;
use Test\TestCase;
/**
* Unit tests for class <code>SHA256</code>.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class SHA512Test extends TestCase
{
/**
* @var IPasswordAlgorithm
*/
private $crypto;
public function testCheckPassword()
{
$this->assertTrue(
$this->crypto->checkPassword(
"password", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
)
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();
$this->crypto = new SHA256($this->createMock(IL10N::class));
}
}

62
tests/Crypto/SHA512Test.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Tests\UserSQL\Crypto;
use OCA\UserSQL\Crypto\IPasswordAlgorithm;
use OCA\UserSQL\Crypto\SHA512;
use OCP\IL10N;
use Test\TestCase;
/**
* Unit tests for class <code>SHA512</code>.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class SHA512Test extends TestCase
{
/**
* @var IPasswordAlgorithm
*/
private $crypto;
public function testCheckPassword()
{
$this->assertTrue(
$this->crypto->checkPassword(
"password",
"b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86"
)
);
}
public function testPasswordHash()
{
$hash = $this->crypto->getPasswordHash("password");
$this->assertTrue($this->crypto->checkPassword("password", $hash));
}
protected function setUp()
{
parent::setUp();
$this->crypto = new SHA512($this->createMock(IL10N::class));
}
}