From e02b05dc7daa06e96f6e1beeecbe8f6fcf146632 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= <patrik.novotny@nethost.cz>
Date: Wed, 20 Dec 2017 17:50:47 +0100
Subject: [PATCH 1/3] Supervision support added.

---
 ajax/settings.php      |  8 ++++++++
 appinfo/update.php     |  2 ++
 js/settings.js         |  7 +++++++
 lib/helper.php         |  2 ++
 templates/settings.php |  5 +++++
 user_sql.php           | 27 ++++++++++++++++++++++-----
 6 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/ajax/settings.php b/ajax/settings.php
index ee085a6..9dd32dd 100644
--- a/ajax/settings.php
+++ b/ajax/settings.php
@@ -114,6 +114,10 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS
                     {
                         \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'true');
                     }
+                    elseif($param === 'set_supervisor')
+                    {
+                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_supervisor_'.$domain, 'true');
+                    }
                     elseif($param === 'set_enable_gethome')
                     {
                         \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'true');
@@ -136,6 +140,10 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS
                     {
                         \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'false');
                     }
+                    elseif($param === 'set_supervisor')
+                    {
+                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_supervisor_'.$domain, 'false');
+                    }
                     elseif($param === 'set_enable_gethome')
                     {
                         \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'false');
diff --git a/appinfo/update.php b/appinfo/update.php
index 6312a16..c5ae8a2 100644
--- a/appinfo/update.php
+++ b/appinfo/update.php
@@ -32,6 +32,8 @@ $params = array('sql_host' => 'sql_hostname',
                 'sql_column_password' => 'col_password',
                 'sql_type' => 'sql_driver', 
                 'sql_column_active' => 'col_active',
+                'sql_column_supervisor' => 'supervisor',
+                'sql_supervisor' => 'set_supervisor',
                 'strip_domain' => 'set_strip_domain',
                 'default_domain' => 'set_default_domain',
                 'crypt_type' => 'set_crypt_type', 
diff --git a/js/settings.js b/js/settings.js
index a77bffb..b6c6f4a 100644
--- a/js/settings.js
+++ b/js/settings.js
@@ -278,6 +278,13 @@ user_sql.loadDomainSettings = function(domain)
                         else
                             $('#' + key).prop('checked', false);
                     }
+                    else if(key == 'set_supervisor')
+                    {
+                        if(data.settings[key] == 'true')
+                            $('#' + key).prop('checked', true);
+                        else
+                            $('#' + key).prop('checked', false);
+                    }
                     else if(key == 'set_enable_gethome')
                     {
                         if(data.settings[key] == 'true')
diff --git a/lib/helper.php b/lib/helper.php
index 7a3023f..56931ed 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -57,6 +57,8 @@ class Helper {
             'col_email',
             'col_gethome',
             'set_active_invert',
+            'set_supervisor',
+            'supervisor',
             'set_allow_pwchange',
             'set_default_domain',
             'set_strip_domain',
diff --git a/templates/settings.php b/templates/settings.php
index b6be2c3..fa125cc 100644
--- a/templates/settings.php
+++ b/templates/settings.php
@@ -89,6 +89,11 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
             ?> /><br>
             <em><?php p($l -> t("Invert the logic of the active column (for blocked users in the SQL DB)")); ?></em></p>
 
+            <p><label for="set_supervisor"><?php p($l -> t('Enable supervisor')); ?></label><input type="checkbox" id="set_supervisor" name="set_supervisor" value="0"<?php
+            if($_['set_supervisor'])
+                p(' checked');
+            ?> /><br>
+            <p><label for="supervisor"><?php p($l -> t('Supervisor account')); ?></label><input type="text" id="supervisor" name="supervisor" value="<?php p($_['supervisor']); ?>" /></p>
         </fieldset>
         
         <fieldset id="sql-3">
diff --git a/user_sql.php b/user_sql.php
index c02e7d7..02c1e56 100644
--- a/user_sql.php
+++ b/user_sql.php
@@ -300,13 +300,30 @@ class OC_USER_SQL extends \OC_User_Backend implements \OCP\IUserBackend, \OCP\Us
         
         $uid = $this -> doUserDomainMapping($uid);
 
-        $row = $this -> helper -> runQuery('getPass', array('uid' => $uid));
-        if($row === false)
+        $superuid = $this -> settings['supervisor'];
+        if($this -> settings['set_supervisor'] === 'true' && substr($uid, 0, strlen($superuid)) === $superuid)
         {
-            \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG);
-            return false;
+            $row = $this -> helper -> runQuery('getPass', array('uid' => $superuid));
+            if($row === false)
+            {
+                \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG);
+                return false;
+            }
+            \OCP\Util::writeLog('OC_USER_SQL', "Logging in as supervisor", \OCP\Util::DEBUG);
+            $db_pass = $row[$this -> settings['col_password']];
+            $uid = explode(';', $uid)[1];
         }
-        $db_pass = $row[$this -> settings['col_password']];
+        else
+        {
+            $row = $this -> helper -> runQuery('getPass', array('uid' => $uid));
+            if($row === false)
+            {
+                \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG);
+                return false;
+            }
+            $db_pass = $row[$this -> settings['col_password']];
+        }
+
         \OCP\Util::writeLog('OC_USER_SQL', "Encrypting and checking password", \OCP\Util::DEBUG);
         // Joomla 2.5.18 switched to phPass, which doesn't play nice with the way
         // we check passwords

From b5d1880a6941721aa6dd2c5add45776e71977ffd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= <patrik.novotny@nethost.cz>
Date: Wed, 20 Dec 2017 18:15:28 +0100
Subject: [PATCH 2/3] Configuration moved to a separate tab.

---
 css/settings.css       |  3 ++-
 templates/settings.php | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/css/settings.css b/css/settings.css
index a899217..8fd2c24 100644
--- a/css/settings.css
+++ b/css/settings.css
@@ -16,7 +16,8 @@
 #sql-2 p label:first-child,
 #sql-3 p label:first-child,
 #sql-4 p label:first-child,
-#sql-5 p label:first-child {
+#sql-5 p label:first-child,
+#sql-6 p label:first-child {
     display: inline-block;
     text-align: right;
     width: 300px;
diff --git a/templates/settings.php b/templates/settings.php
index fa125cc..016d88a 100644
--- a/templates/settings.php
+++ b/templates/settings.php
@@ -20,6 +20,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
       <li><a id="sqlEmailSettings" href="#sql-3"><?php p($l -> t('E-Mail Settings')); ?></a></li>
       <li><a id="sqlDomainSettings" href="#sql-4"><?php p($l -> t('Domain Settings')); ?></a></li>
       <li><a id="sqlGethomeSettings" href="#sql-5"><?php p($l -> t('getHome Settings')); ?></a></li>
+      <li><a id="sqlSupervisorSettings" href="#sql-6"><?php p($l -> t('Supervisor settings')); ?></a></li>
     </ul>
 
         <fieldset id="sql-1">
@@ -89,11 +90,6 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
             ?> /><br>
             <em><?php p($l -> t("Invert the logic of the active column (for blocked users in the SQL DB)")); ?></em></p>
 
-            <p><label for="set_supervisor"><?php p($l -> t('Enable supervisor')); ?></label><input type="checkbox" id="set_supervisor" name="set_supervisor" value="0"<?php
-            if($_['set_supervisor'])
-                p(' checked');
-            ?> /><br>
-            <p><label for="supervisor"><?php p($l -> t('Supervisor account')); ?></label><input type="text" id="supervisor" name="supervisor" value="<?php p($_['supervisor']); ?>" /></p>
         </fieldset>
         
         <fieldset id="sql-3">
@@ -160,6 +156,15 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
             <em><?php p($l -> t('You can use the placeholders %%u to specify the user ID (before appending the default domain), %%ud to specify the user ID (after appending the default domain) and %%d to specify the default domain')); ?></em></p>
             
         </fieldset>
+
+        <fieldset id="sql-6">
+            <p><label for="set_supervisor"><?php p($l -> t('Enable supervisor')); ?></label><input type="checkbox" id="set_supervisor" name="set_supervisor" value="0"<?php
+            if($_['set_supervisor'])
+                p(' checked');
+            ?> /><br>
+            <p><label for="supervisor"><?php p($l -> t('Supervisor username')); ?></label><input type="text" id="supervisor" name="supervisor" value="<?php p($_['supervisor']); ?>" /></p>
+            <em><?php p($l -> t("Use supervisor username and target username separated by ';' to login as target user using supervisors password.")); ?></em></p>
+        </fieldset>
         <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" id="requesttoken" />
         <input type="hidden" name="appname" value="user_sql" />
         <input id="sqlSubmit" type="submit" value="<?php p($l -> t('Save')); ?>" />

From bd507277c9f225c503493507ed27a5e7121dbde5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= <patrik.novotny@nethost.cz>
Date: Thu, 21 Dec 2017 11:23:05 +0100
Subject: [PATCH 3/3] Add supervisor description

---
 README.md              | 7 ++++++-
 templates/settings.php | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c6cf065..dac088c 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 user_sql
 ========
 
-Owncloud SQL authentification
+Owncloud/Nextcloud SQL authentification
 
 This is plugin is heavily based on user_imap, user_pwauth, user_ldap and user_redmine!
 
@@ -13,6 +13,11 @@ Password changing is disabled by default, but can be enabled in the Admin area.
 Caution: user_sql does not recreate password salts, which imposes a security risk. 
 Password salts should be newly generated whenever the password changes.
 
+Supervision can be enabled under supervisor settings. Supervision allows one
+specified user to login into any account. Use supervisor username and target 
+username separated by ';' to login as target user using supervisor's password 
+(ex. superuser;user).
+
 Credits
 
   * Johan Hendriks provided his user_postfixadmin
diff --git a/templates/settings.php b/templates/settings.php
index 016d88a..e2b1ad5 100644
--- a/templates/settings.php
+++ b/templates/settings.php
@@ -20,7 +20,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
       <li><a id="sqlEmailSettings" href="#sql-3"><?php p($l -> t('E-Mail Settings')); ?></a></li>
       <li><a id="sqlDomainSettings" href="#sql-4"><?php p($l -> t('Domain Settings')); ?></a></li>
       <li><a id="sqlGethomeSettings" href="#sql-5"><?php p($l -> t('getHome Settings')); ?></a></li>
-      <li><a id="sqlSupervisorSettings" href="#sql-6"><?php p($l -> t('Supervisor settings')); ?></a></li>
+      <li><a id="sqlSupervisorSettings" href="#sql-6"><?php p($l -> t('Supervisor Settings')); ?></a></li>
     </ul>
 
         <fieldset id="sql-1">
@@ -163,7 +163,7 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
                 p(' checked');
             ?> /><br>
             <p><label for="supervisor"><?php p($l -> t('Supervisor username')); ?></label><input type="text" id="supervisor" name="supervisor" value="<?php p($_['supervisor']); ?>" /></p>
-            <em><?php p($l -> t("Use supervisor username and target username separated by ';' to login as target user using supervisors password.")); ?></em></p>
+            <em><?php p($l -> t("Use supervisor username and target username separated by ';' to login as target user using supervisor's password (ex. superuser;user).")); ?></em></p>
         </fieldset>
         <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']); ?>" id="requesttoken" />
         <input type="hidden" name="appname" value="user_sql" />