Merge pull request #10 from UncleAlbie/master

Supervision
2017-12-21 12:12:09 +01:00
parent 7bcfa82867 d8485b7196
commit 8288760b68
8 changed files with 61 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 user_sql
 ========

-Owncloud SQL authentification
+Owncloud/Nextcloud SQL authentification

 This is plugin is heavily based on user_imap, user_pwauth, user_ldap and user_redmine!

@@ -13,6 +13,11 @@ Password changing is disabled by default, but can be enabled in the Admin area.
 Caution: user_sql does not recreate password salts, which imposes a security risk. 
 Password salts should be newly generated whenever the password changes.

+Supervision can be enabled under supervisor settings. Supervision allows one
+specified user to login into any account. Use supervisor username and target 
+username separated by ';' to login as target user using supervisor's password 
+(ex. superuser;user).
+
 Credits

  * Johan Hendriks provided his user_postfixadmin
--- a/ajax/settings.php
+++ b/ajax/settings.php
@@ -134,6 +134,10 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS
                    {
                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'true');
                    }
+                    elseif($param === 'set_supervisor')
+                    {
+                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_supervisor_'.$domain, 'true');
+                    }
                    elseif($param === 'set_enable_gethome')
                    {
                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'true');
@@ -156,6 +160,10 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS
                    {
                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'false');
                    }
+                    elseif($param === 'set_supervisor')
+                    {
+                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_supervisor_'.$domain, 'false');
+                    }
                    elseif($param === 'set_enable_gethome')
                    {
                        \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'false');
--- a/appinfo/update.php
+++ b/appinfo/update.php
@@ -32,6 +32,8 @@ $params = array('sql_host' => 'sql_hostname',
                'sql_column_password' => 'col_password',
                'sql_type' => 'sql_driver', 
                'sql_column_active' => 'col_active',
+                'sql_column_supervisor' => 'supervisor',
+                'sql_supervisor' => 'set_supervisor',
                'strip_domain' => 'set_strip_domain',
                'default_domain' => 'set_default_domain',
                'crypt_type' => 'set_crypt_type', 
--- a/css/settings.css
+++ b/css/settings.css
@@ -16,7 +16,8 @@
 #sql-2 p label:first-child,
 #sql-3 p label:first-child,
 #sql-4 p label:first-child,
-#sql-5 p label:first-child {
+#sql-5 p label:first-child,
+#sql-6 p label:first-child {
    display: inline-block;
    text-align: right;
    width: 300px;
--- a/js/settings.js
+++ b/js/settings.js
@@ -278,6 +278,13 @@ user_sql.loadDomainSettings = function(domain)
                        else
                            $('#' + key).prop('checked', false);
                    }
+                    else if(key == 'set_supervisor')
+                    {
+                        if(data.settings[key] == 'true')
+                            $('#' + key).prop('checked', true);
+                        else
+                            $('#' + key).prop('checked', false);
+                    }
                    else if(key == 'set_enable_gethome')
                    {
                        if(data.settings[key] == 'true')
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -57,6 +57,8 @@ class Helper {
            'col_email',
            'col_gethome',
            'set_active_invert',
+            'set_supervisor',
+            'supervisor',
            'set_allow_pwchange',
            'set_default_domain',
            'set_strip_domain',
--- a/templates/settings.php
+++ b/templates/settings.php
@@ -20,7 +20,8 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
      <li><a id="sqlEmailSettings" href="#sql-3"><?php p($l -> t('E-Mail Settings')); ?></a></li>
      <li><a id="sqlDomainSettings" href="#sql-4"><?php p($l -> t('Domain Settings')); ?></a></li>
      <li><a id="sqlGethomeSettings" href="#sql-5"><?php p($l -> t('getHome Settings')); ?></a></li>
-      <li><a id="sqlGroupsSettings" href="#sql-6"><?php p($l -> t('Groups Settings')); ?></a></li>
+      <li><a id="sqlSupervisorSettings" href="#sql-6"><?php p($l -> t('Supervisor Settings')); ?></a></li>
+      <li><a id="sqlGroupsSettings" href="#sql-7"><?php p($l -> t('Groups Settings')); ?></a></li>
    </ul>

        <fieldset id="sql-1">
@@ -156,7 +157,17 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
            <em><?php p($l -> t('You can use the placeholders %%u to specify the user ID (before appending the default domain), %%ud to specify the user ID (after appending the default domain) and %%d to specify the default domain')); ?></em></p>
            
        </fieldset>
+
        <fieldset id="sql-6">
+            <p><label for="set_supervisor"><?php p($l -> t('Enable supervisor')); ?></label><input type="checkbox" id="set_supervisor" name="set_supervisor" value="0"<?php
+            if($_['set_supervisor'])
+                p(' checked');
+            ?> /><br>
+            <p><label for="supervisor"><?php p($l -> t('Supervisor username')); ?></label><input type="text" id="supervisor" name="supervisor" value="<?php p($_['supervisor']); ?>" /></p>
+            <em><?php p($l -> t("Use supervisor username and target username separated by ';' to login as target user using supervisor's password (ex. superuser;user).")); ?></em></p>
+        </fieldset>
+  
+        <fieldset id="sql-7">
            <p><label for="sql_group_table"><?php p($l -> t('Table')); ?></label><input type="text" id="sql_group_table" name="sql_group_table" value="<?php p($_['sql_group_table']); ?>" /></p>
            
            <p><label for="col_group_username"><?php p($l -> t('Username Column')); ?></label><input type="text" id="col_group_username" name="col_group_username" value="<?php p($_['col_group_username']); ?>" /></p>
--- a/user_sql.php
+++ b/user_sql.php
@@ -315,6 +315,21 @@ class OC_USER_SQL extends \OC_User_Backend implements \OCP\IUserBackend, \OCP\Us
        
        $uid = $this -> doUserDomainMapping($uid);

+        $superuid = $this -> settings['supervisor'];
+        if($this -> settings['set_supervisor'] === 'true' && substr($uid, 0, strlen($superuid)) === $superuid)
+        {
+            $row = $this -> helper -> runQuery('getPass', array('uid' => $superuid));
+            if($row === false)
+            {
+                \OCP\Util::writeLog('OC_USER_SQL', "Got no row, return false", \OCP\Util::DEBUG);
+                return false;
+            }
+            \OCP\Util::writeLog('OC_USER_SQL', "Logging in as supervisor", \OCP\Util::DEBUG);
+            $db_pass = $row[$this -> settings['col_password']];
+            $uid = explode(';', $uid)[1];
+        }
+        else
+        {
            $row = $this -> helper -> runQuery('getPass', array('uid' => $uid));
            if($row === false)
            {
@@ -322,6 +337,8 @@ class OC_USER_SQL extends \OC_User_Backend implements \OCP\IUserBackend, \OCP\Us
                return false;
            }
            $db_pass = $row[$this -> settings['col_password']];
+        }
+
        \OCP\Util::writeLog('OC_USER_SQL', "Encrypting and checking password", \OCP\Util::DEBUG);
        // Joomla 2.5.18 switched to phPass, which doesn't play nice with the way
        // we check passwords