spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

Merge branch 'master' into feature/issue#46

Browse Source
This commit is contained in:
Marcin Łojewski
2018-10-28 18:34:13 +01:00
parent e0c6d41985 ac86cf84eb
commit 61cfe76fe5
18 changed files with 409 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Action/EmailSync.php
View File

@@ -111,7 +111,7 @@ class EmailSync implements IUserAction
}
$user->email = $ncMail;
$result = $this->userRepository->save($user);
$result = $this->userRepository->save($user, UserRepository::EMAIL_FIELD);
}
break;

2
lib/Action/QuotaSync.php
View File

@@ -111,7 +111,7 @@ class QuotaSync implements IUserAction
}
$user->quota = $ncQuota;
$result = $this->userRepository->save($user);
$result = $this->userRepository->save($user, UserRepository::QUOTA_FIELD);
}
break;

4
lib/Backend/GroupBackend.php
View File

@@ -403,10 +403,6 @@ final class GroupBackend extends ABackend implements
"Entering getGroupDetails($gid)", ["app" => $this->appName]
);
if (empty($this->properties[DB::GROUP_NAME_COLUMN])) {
return [];
}
$group = $this->getGroup($gid);
if (!($group instanceof Group)) {

41
lib/Backend/UserBackend.php
View File

@@ -292,14 +292,14 @@ final class UserBackend extends ABackend implements
return false;
}
$user = $this->userRepository->findByUid($uid);
if (!($user instanceof User)) {
$caseSensitive = empty($this->properties[Opt::CASE_INSENSITIVE_USERNAME]);
$user = $this->userRepository->findByUid($uid, $caseSensitive);
if (!($user instanceof User) || ($caseSensitive && $user->uid !== $uid)) {
return false;
}
if ($user->salt !== null) {
$password .= $user->salt;
}
$uid = $user->uid;
$password = $this->addSalt($user, $password);
$isCorrect = $passwordAlgorithm->checkPassword(
$password, $user->password
@@ -350,6 +350,27 @@ final class UserBackend extends ABackend implements
return $passwordAlgorithm;
}
/**
* Append or prepend salt from external column if available.
*
* @param User $user The user instance.
* @param string $password The password.
*
* @return string Salted password.
*/
private function addSalt(User $user, string $password): string
{
if ($user->salt !== null) {
if (empty($this->properties[Opt::PREPEND_SALT])) {
return $password . $user->salt;
} else {
return $user->salt . $password;
}
}
return $password;
}
/**
* @inheritdoc
*/
@@ -368,7 +389,7 @@ final class UserBackend extends ABackend implements
$names = [];
foreach ($users as $user) {
$names[$user->uid] = $user->name;
$names[$user] = $user->name;
}
$this->logger->debug(
@@ -457,9 +478,7 @@ final class UserBackend extends ABackend implements
return false;
}
if ($user->salt !== null) {
$password .= $user->salt;
}
$password = $this->addSalt($user, $password);
$passwordHash = $passwordAlgorithm->getPasswordHash($password);
if ($passwordHash === false) {
@@ -467,7 +486,7 @@ final class UserBackend extends ABackend implements
}
$user->password = $passwordHash;
$result = $this->userRepository->save($user);
$result = $this->userRepository->save($user, UserRepository::PASSWORD_FIELD);
if ($result === true) {
$this->logger->info(
@@ -571,7 +590,7 @@ final class UserBackend extends ABackend implements
}
$user->name = $displayName;
$result = $this->userRepository->save($user);
$result = $this->userRepository->save($user, UserRepository::DISPLAY_NAME_FIELD);
if ($result === true) {
$this->logger->info(

2
lib/Constant/Opt.php
View File

@@ -28,12 +28,14 @@ namespace OCA\UserSQL\Constant;
*/
final class Opt
{
const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
const CRYPTO_CLASS = "opt.crypto_class";
const EMAIL_SYNC = "opt.email_sync";
const HOME_LOCATION = "opt.home_location";
const HOME_MODE = "opt.home_mode";
const NAME_CHANGE = "opt.name_change";
const PASSWORD_CHANGE = "opt.password_change";
const PREPEND_SALT = "opt.prepend_salt";
const QUOTA_SYNC = "opt.quota_sync";
const USE_CACHE = "opt.use_cache";
}

6
lib/Constant/Query.php
View File

@@ -35,9 +35,13 @@ final class Query
const FIND_GROUP_USERS = "find_group_users";
const FIND_GROUPS = "find_groups";
const FIND_USER = "find_user";
const FIND_USER_CASE_INSENSITIVE = "find_user_case_insensitive";
const FIND_USER_GROUPS = "find_user_groups";
const FIND_USERS = "find_users";
const SAVE_USER = "save_user";
const UPDATE_DISPLAY_NAME = "update_display_name";
const UPDATE_EMAIL = "update_email";
const UPDATE_PASSWORD = "update_password";
const UPDATE_QUOTA = "update_quota";
const EMAIL_PARAM = "email";
const GID_PARAM = "gid";

60
lib/Crypto/Drupal7.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
/**
* Drupal 7 overrides of phpass hash implementation.
*
* @author BrandonKerr
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class Drupal7 extends Phpass
{
/**
* The expected (and maximum) number of characters in a hashed password.
*/
const DRUPAL_HASH_LENGTH = 55;
/**
* @inheritdoc
*/
protected function crypt($password, $setting)
{
return substr(parent::crypt($password, $setting), 0, self::DRUPAL_HASH_LENGTH);
}
/**
* @inheritdoc
*/
protected function hash($input)
{
return hash('sha512', $input, true);
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "Drupal 7";
}
}

20
lib/Crypto/Phpass.php
View File

@@ -61,7 +61,7 @@ class Phpass extends AbstractAlgorithm
*
* @return string|null Generated hash. Null on invalid settings.
*/
private function crypt($password, $setting)
protected function crypt($password, $setting)
{
$countLog2 = strpos(self::ITOA64, $setting[3]);
if ($countLog2 < 7 || $countLog2 > 30) {
@@ -75,17 +75,29 @@ class Phpass extends AbstractAlgorithm
return null;
}
$hash = md5($salt . $password, true);
$hash = $this->hash($salt . $password);
do {
$hash = md5($hash . $password, true);
$hash = $this->hash($hash . $password);
} while (--$count);
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
$output .= $this->encode64($hash, strlen($hash));
return $output;
}
/**
* Apply hash function to input.
*
* @param string $input Input string.
*
* @return string Hashed input.
*/
protected function hash($input)
{
return md5($input, true);
}
/**
* Encode binary input to base64 string.
*

58
lib/Crypto/Whirlpool.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace OCA\UserSQL\Crypto;
use OCP\IL10N;
/**
* Whirlpool hash implementation.
*
* @author Marcin Łojewski <dev@mlojewski.me>
*/
class Whirlpool extends AbstractAlgorithm
{
/**
* The class constructor.
*
* @param IL10N $localization The localization service.
*/
public function __construct(IL10N $localization)
{
parent::__construct($localization);
}
/**
* @inheritdoc
*/
public function getPasswordHash($password)
{
return hash('whirlpool', $password);
}
/**
* @inheritdoc
*/
protected function getAlgorithmName()
{
return "Whirlpool";
}
}

31
lib/Query/QueryProvider.php
View File

@@ -88,11 +88,11 @@ class QueryProvider implements \ArrayAccess
$groupColumns
= "$gGID AS gid, " .
(empty($gName) ? "null" : $gName) . " AS name, " .
(empty($gName) ? $gGID : $gName) . " AS name, " .
(empty($gAdmin) ? "false" : $gAdmin) . " AS admin";
$userColumns
= "$uUID AS uid, " .
(empty($uName) ? "null" : $uName) . " AS name, " .
(empty($uName) ? $uUID : $uName) . " AS name, " .
(empty($uEmail) ? "null" : $uEmail) . " AS email, " .
(empty($uQuota) ? "null" : $uQuota) . " AS quota, " .
(empty($uHome) ? "null" : $uHome) . " AS home, " .
@@ -144,6 +144,11 @@ class QueryProvider implements \ArrayAccess
"FROM $user " .
"WHERE $uUID = :$uidParam",
Query::FIND_USER_CASE_INSENSITIVE =>
"SELECT $userColumns, $uPassword AS password " .
"FROM $user " .
"WHERE lower($uUID) = lower(:$uidParam)",
Query::FIND_USER_GROUPS =>
"SELECT $groupColumns " .
"FROM $group, $userGroup " .
@@ -157,12 +162,24 @@ class QueryProvider implements \ArrayAccess
"WHERE $uUID LIKE :$searchParam " .
"ORDER BY $uUID",
Query::SAVE_USER =>
Query::UPDATE_DISPLAY_NAME =>
"UPDATE $user " .
"SET $uPassword = :$passwordParam, " .
"$uName = :$nameParam, " .
"$uEmail = :$emailParam, " .
"$uQuota = :$quotaParam " .
"SET $uName = :$nameParam " .
"WHERE $uUID = :$uidParam",
Query::UPDATE_EMAIL =>
"UPDATE $user " .
"SET $uEmail = :$emailParam " .
"WHERE $uUID = :$uidParam",
Query::UPDATE_PASSWORD =>
"UPDATE $user " .
"SET $uPassword = :$passwordParam " .
"WHERE $uUID = :$uidParam",
Query::UPDATE_QUOTA =>
"UPDATE $user " .
"SET $uQuota = :$quotaParam " .
"WHERE $uUID = :$uidParam",
];
}

75
lib/Repository/UserRepository.php
View File

@@ -32,6 +32,11 @@ use OCA\UserSQL\Query\DataQuery;
*/
class UserRepository
{
const DISPLAY_NAME_FIELD = 0b0001;
const EMAIL_FIELD = 0b0010;
const PASSWORD_FIELD = 0b0100;
const QUOTA_FIELD = 0b1000;
/**
* @var DataQuery The data query object.
*/
@@ -48,18 +53,26 @@ class UserRepository
}
/**
* Get a user entity object.
* Get an user entity object.
*
* @param string $uid The user ID.
* @param string $uid The user ID.
* @param bool $caseSensitive TRUE for case sensitive search,
* FALSE for case insensitive search.
*
* @return User The user entity, NULL if it does not exists or
* FALSE on failure.
*/
public function findByUid($uid)
public function findByUid($uid, $caseSensitive = true)
{
return $this->dataQuery->queryEntity(
Query::FIND_USER, User::class, [Query::UID_PARAM => $uid]
);
if ($caseSensitive) {
return $this->dataQuery->queryEntity(
Query::FIND_USER, User::class, [Query::UID_PARAM => $uid]
);
} else {
return $this->dataQuery->queryEntity(
Query::FIND_USER_CASE_INSENSITIVE, User::class, [Query::UID_PARAM => $uid]
);
}
}
/**
@@ -97,20 +110,48 @@ class UserRepository
/**
* Save an user entity object.
*
* @param User $user The user entity.
* @param User $user The user entity.
* @param int $fields Fields to update.
*
* @return bool TRUE on success, FALSE otherwise.
*/
public function save($user)
public function save($user, $fields)
{
return $this->dataQuery->update(
Query::SAVE_USER, [
Query::NAME_PARAM => $user->name,
Query::PASSWORD_PARAM => $user->password,
Query::EMAIL_PARAM => $user->email,
Query::QUOTA_PARAM => $user->quota,
Query::UID_PARAM => $user->uid
]
);
$status = true;
if ($fields & self::DISPLAY_NAME_FIELD) {
$status =& $this->dataQuery->update(
Query::UPDATE_DISPLAY_NAME, [
Query::NAME_PARAM => $user->name,
Query::UID_PARAM => $user->uid
]
);
}
if ($fields & self::PASSWORD_FIELD) {
$status =& $this->dataQuery->update(
Query::UPDATE_PASSWORD, [
Query::PASSWORD_PARAM => $user->password,
Query::UID_PARAM => $user->uid
]
);
}
if ($fields & self::EMAIL_FIELD) {
$status =& $this->dataQuery->update(
Query::UPDATE_EMAIL, [
Query::EMAIL_PARAM => $user->email,
Query::UID_PARAM => $user->uid
]
);
}
if ($fields & self::QUOTA_FIELD) {
$status =& $this->dataQuery->update(
Query::UPDATE_QUOTA, [
Query::QUOTA_PARAM => $user->quota,
Query::UID_PARAM => $user->uid
]
);
}
return $status;
}
}