diff --git a/README.md b/README.md index c6cf065..dac088c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ user_sql ======== -Owncloud SQL authentification +Owncloud/Nextcloud SQL authentification This is plugin is heavily based on user_imap, user_pwauth, user_ldap and user_redmine! @@ -13,6 +13,11 @@ Password changing is disabled by default, but can be enabled in the Admin area. Caution: user_sql does not recreate password salts, which imposes a security risk. Password salts should be newly generated whenever the password changes. +Supervision can be enabled under supervisor settings. Supervision allows one +specified user to login into any account. Use supervisor username and target +username separated by ';' to login as target user using supervisor's password +(ex. superuser;user). + Credits * Johan Hendriks provided his user_postfixadmin diff --git a/ajax/settings.php b/ajax/settings.php index eabdfd3..f040dba 100644 --- a/ajax/settings.php +++ b/ajax/settings.php @@ -134,6 +134,10 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS { \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'true'); } + elseif($param === 'set_supervisor') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_supervisor_'.$domain, 'true'); + } elseif($param === 'set_enable_gethome') { \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'true'); @@ -156,6 +160,10 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS { \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'false'); } + elseif($param === 'set_supervisor') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_supervisor_'.$domain, 'false'); + } elseif($param === 'set_enable_gethome') { \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'false'); diff --git a/appinfo/update.php b/appinfo/update.php index 6312a16..c5ae8a2 100644 --- a/appinfo/update.php +++ b/appinfo/update.php @@ -32,6 +32,8 @@ $params = array('sql_host' => 'sql_hostname', 'sql_column_password' => 'col_password', 'sql_type' => 'sql_driver', 'sql_column_active' => 'col_active', + 'sql_column_supervisor' => 'supervisor', + 'sql_supervisor' => 'set_supervisor', 'strip_domain' => 'set_strip_domain', 'default_domain' => 'set_default_domain', 'crypt_type' => 'set_crypt_type', diff --git a/css/settings.css b/css/settings.css index a899217..8fd2c24 100644 --- a/css/settings.css +++ b/css/settings.css @@ -16,7 +16,8 @@ #sql-2 p label:first-child, #sql-3 p label:first-child, #sql-4 p label:first-child, -#sql-5 p label:first-child { +#sql-5 p label:first-child, +#sql-6 p label:first-child { display: inline-block; text-align: right; width: 300px; diff --git a/js/settings.js b/js/settings.js index 034cc2e..a1f5869 100644 --- a/js/settings.js +++ b/js/settings.js @@ -278,6 +278,13 @@ user_sql.loadDomainSettings = function(domain) else $('#' + key).prop('checked', false); } + else if(key == 'set_supervisor') + { + if(data.settings[key] == 'true') + $('#' + key).prop('checked', true); + else + $('#' + key).prop('checked', false); + } else if(key == 'set_enable_gethome') { if(data.settings[key] == 'true') diff --git a/lib/helper.php b/lib/helper.php index 0074f1d..bdd68dc 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -57,6 +57,8 @@ class Helper { 'col_email', 'col_gethome', 'set_active_invert', + 'set_supervisor', + 'supervisor', 'set_allow_pwchange', 'set_default_domain', 'set_strip_domain', diff --git a/templates/settings.php b/templates/settings.php index 6c9c0a2..7fbdba9 100644 --- a/templates/settings.php +++ b/templates/settings.php @@ -20,7 +20,8 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
  • t('E-Mail Settings')); ?>
  • t('Domain Settings')); ?>
  • t('getHome Settings')); ?>
    • -
  • t('Groups Settings')); ?>
    • +
  • t('Supervisor Settings')); ?>
    • +
  • t('Groups Settings')); ?>
    • @@ -156,7 +157,17 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock'; t('You can use the placeholders %%u to specify the user ID (before appending the default domain), %%ud to specify the user ID (after appending the default domain) and %%d to specify the default domain')); ?>

    +
    +

    />
    +

    + t("Use supervisor username and target username separated by ';' to login as target user using supervisor's password (ex. superuser;user).")); ?>

    +
    + +

    diff --git a/user_sql.php b/user_sql.php index 4186b33..33698e4 100644 --- a/user_sql.php +++ b/user_sql.php @@ -315,13 +315,30 @@ class OC_USER_SQL extends \OC_User_Backend implements \OCP\IUserBackend, \OCP\Us $uid = $this -> doUserDomainMapping($uid); - $row = $this -> helper -> runQuery('getPass', array('uid' => $uid)); - if($row === false) + $superuid = $this -> settings['supervisor']; + if($this -> settings['set_supervisor'] === 'true' && substr($uid, 0, strlen($superuid)) === $superuid) { - \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG); - return false; + $row = $this -> helper -> runQuery('getPass', array('uid' => $superuid)); + if($row === false) + { + \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG); + return false; + } + \OCP\Util::writeLog('OC_USER_SQL', "Logging in as supervisor", \OCP\Util::DEBUG); + $db_pass = $row[$this -> settings['col_password']]; + $uid = explode(';', $uid)[1]; } - $db_pass = $row[$this -> settings['col_password']]; + else + { + $row = $this -> helper -> runQuery('getPass', array('uid' => $uid)); + if($row === false) + { + \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG); + return false; + } + $db_pass = $row[$this -> settings['col_password']]; + } + \OCP\Util::writeLog('OC_USER_SQL', "Encrypting and checking password", \OCP\Util::DEBUG); // Joomla 2.5.18 switched to phPass, which doesn't play nice with the way // we check passwords