public function finishSetup()
{
if (file_exists($this->autoConfigFile)) {
unlink($this->autoConfigFile);
}
\OC_Util::redirectToDefaultPage();
}
public static function redirect($url)
{
if (!$url) {
\OC_Util::redirectToDefaultPage();
} else {
header("location: " . $url);
exit;
}
}
public function __construct($params)
{
$this->appName = 'contacts';
parent::__construct($this->appName, $params);
$this->container = $this->getContainer();
$this->server = $this->container->getServer();
$user = \OC::$server->getUserSession()->getUser();
if (is_null($user)) {
\OC_Util::redirectToDefaultPage();
}
$userId = $user->getUID();
$this->app = new App($userId);
$this->registerServices();
$this->container->registerMiddleware('HttpMiddleware');
}
/**
* Action after user's authentification : if he is on the rejected group, he is logout and redirect to main page
*
* @author Victor Bordage-Gorry <*****@*****.**>
* @copyright 2015 CNRS DSI / GLOBALIS media systems
*
*/
public function postLogin()
{
// Verify default group
$defaultGroup = $this->config->getSystemValue('deletion_account_request_default_exclusion_group');
if ($this->groupManager->get($defaultGroup)->searchUsers(\OCP\User::getUser())) {
\OCP\User::logout();
\OC_Util::redirectToDefaultPage();
exit;
}
// Verify configuration groups
$configGroups = $this->config->getSystemValue('deletion_account_request_exclusion_groups');
if (!empty($configGroups)) {
foreach ($configGroups as $groupKey => $groupValue) {
if ($this->groupManager->get($groupValue) && $this->groupManager->get($groupValue)->searchUsers(\OCP\User::getUser())) {
\OCP\User::logout();
\OC_Util::redirectToDefaultPage();
exit;
}
}
}
}
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
if (OCP\App::isEnabled('user_cas')) {
include_once 'CAS.php';
require_once 'user_cas/user_cas.php';
OCP\App::registerAdmin('user_cas', 'settings');
// register user backend
OC_User::useBackend('CAS');
OC::$CLASSPATH['OC_USER_CAS_Hooks'] = 'user_cas/lib/hooks.php';
OCP\Util::connectHook('OC_User', 'post_createUser', 'OC_USER_CAS_Hooks', 'post_createUser');
OCP\Util::connectHook('OC_User', 'post_login', 'OC_USER_CAS_Hooks', 'post_login');
OCP\Util::connectHook('OC_User', 'logout', 'OC_USER_CAS_Hooks', 'logout');
if (isset($_GET['app']) && $_GET['app'] == 'user_cas') {
require_once 'user_cas/auth.php';
if (!OC_User::login('', '')) {
$error = true;
OC_Log::write('cas', 'Error trying to authenticate the user', OC_Log::DEBUG);
}
if (isset($_SERVER["QUERY_STRING"]) && !empty($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != 'app=user_cas') {
header('Location: ' . OC::$WEBROOT . '/?' . $_SERVER["QUERY_STRING"]);
exit;
}
OC::$REQUESTEDAPP = '';
OC_Util::redirectToDefaultPage();
}
if (!OCP\User::isLoggedIn()) {
// Load js code in order to render the CAS link and to hide parts of the normal login form
OCP\Util::addScript('user_cas', 'utils');
}
}
/**
* Tries to login a user using the form based authentication
* @return bool|void
*/
protected static function tryFormLogin()
{
if (!isset($_POST["user"]) || !isset($_POST['password'])) {
return false;
}
if (!OC_Util::isCallRegistered()) {
return false;
}
OC_App::loadApps();
//setup extra user backends
OC_User::setupBackends();
if (OC_User::login((string) $_POST["user"], (string) $_POST["password"])) {
$userId = OC_User::getUser();
// setting up the time zone
if (isset($_POST['timezone-offset'])) {
self::$server->getSession()->set('timezone', (string) $_POST['timezone-offset']);
self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string) $_POST['timezone']);
}
self::cleanupLoginTokens($userId);
if (!empty($_POST["remember_login"])) {
$config = self::$server->getConfig();
if ($config->getSystemValue('debug', false)) {
self::$server->getLogger()->debug('Setting remember login to cookie', array('app' => 'core'));
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
$config->setUserValue($userId, 'login_token', $token, time());
OC_User::setMagicInCookie($userId, $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
exit;
}
return true;
}
public static function post_login($parameters)
{
$uid = $parameters['uid'];
$wuid = $uid;
$casBackend = new OC_USER_CAS();
$userDB = new OC_User_Database();
/*
* Récupération des données du fichier config général /config/config.php
*/
$serveur_Search = OCP\Config::getSystemValue('serveur_Search', 'error');
$port = OCP\Config::getSystemValue('port', 'error');
$racineAMU = OCP\Config::getSystemValue('racineAMU', 'error');
$racineAMUGRP = OCP\Config::getSystemValue('racineAMUGRP', 'error');
$AMU_nuage_dn = OCP\Config::getSystemValue('AMU_nuage_dn', 'error');
$AMU_nuage_pw = OCP\Config::getSystemValue('AMU_nuage_pw', 'error');
$PQuota = OCP\Config::getSystemValue('PQuota', 'unManaged');
$EQuota = OCP\Config::getSystemValue('EQuota', 'unManaged');
$LDAP = new LDAP_Infos($serveur_Search, $AMU_nuage_dn, $AMU_nuage_pw, $racineAMUGRP, $racineAMUGRP);
$restrictGrp = array("cn", "member");
/*
* Récupération tableau Groupes
* Si le tableau 'groupMapping' est vide pas de contrôle sur les groupes
*/
$AccesCloud = 0;
OCP\Util::writeLog('user_cas', "Authentification (Mapping groups=" . $casBackend->groupMapping . ")", OCP\Util::DEBUG);
if ($casBackend->groupMapping) {
$wTabGrp = str_replace(array('<br>', '<br />', "\n", "\r"), array('@', '', '@', ''), $casBackend->groupMapping);
$tabGRP = explode("@", $wTabGrp);
$i = 0;
$mesGroupes = array();
foreach ($tabGRP as $key => $value) {
$ListeMembre = $LDAP->getMembersOfGroup($value, $restrictGrp);
if (in_array($uid, $ListeMembre)) {
$AccesCloudAMU = 1;
}
}
} else {
$AccesCloud = 1;
}
/*
* Si pas d'acces, alors déconnexion
*/
if ($AccesCloud == 0) {
/*
* On vérifie si le compte utilisé est un compte local
*/
if (!$userDB->userExists($uid)) {
OCP\Util::writeLog('user_cas', "Aucun droit d'accès pour l'utilisateur " . $uid, OCP\Util::ERROR);
\OC_User::logout();
} else {
OCP\Util::writeLog('user_cas', "Authentification locale pour l'utilisateur " . $uid, OCP\Util::DEBUG);
OC::$REQUESTEDAPP = '';
OC_Util::redirectToDefaultPage();
exit(0);
}
}
/**
* Récupère les groupes liés à l'utilisateur avec la racine définie dans le formulaire 'cas_group_root'
* Si 'cas_group_root' n'est pas renseingé => pas de récupération de groupes
*/
$mesGroupes = array();
OCP\Util::writeLog('user_cas', "Authentification (Racine Groupes LDAP=" . $casBackend->groupRoot . ")", OCP\Util::DEBUG);
if ($casBackend->groupRoot) {
$i = 0;
$ListeGRP = $LDAP->getMemberOf($uid);
$a = sizeof($ListeGRP);
OCP\Util::writeLog('user_cas', "Taille=" . $a . " UID=" . $uid, OCP\Util::ERROR);
OCP\Util::writeLog('user_cas', "Racine Groupe=" . $casBackend->groupRoot, OCP\Util::ERROR);
foreach ($ListeGRP as $key => $value) {
if (strstr($value, $casBackend->groupRoot)) {
$mesGroupes[$i] = strtoupper(str_replace(':', '_', substr($value, 8)));
OCP\Util::writeLog('user_cas', "Groupe[{$i}]=" . $mesGroupes[$i], OCP\Util::ERROR);
$i++;
}
}
}
if (phpCAS::checkAuthentication()) {
//$attributes = phpCAS::getAttributes();
$cas_uid = phpCAS::getUser();
if ($cas_uid == $uid) {
/*
* Récupération des information utilisateur (LDAP)
*/
$tabLdapUser = $LDAP->getUserInfo($uid);
if ($tabLdapUser) {
$DisplayName = $tabLdapUser['displayName'];
}
if (!$userDB->userExists($uid)) {
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OCP\Util::writeLog('cas', 'Utilisateur invalide "' . $uid . '", caracteres autorises "a-zA-Z0-9" and "_.@-" ', OCP\Util::DEBUG);
return false;
} else {
/*
* Dans le cas d'une création
*/
$random_password = \OC_Util::generateRandomBytes(20);
$userDB->createUser($uid, $tabLdapUser['userpassword']);
$userDB->setDisplayName($uid, $DisplayName);
/*
* Mise à jour du quota si gestion dans fichier de configuration
*/
if ($EQuota != "unManaged" && $tabLdapUser['eduPersonPrimaryAffiliation'] == 'student') {
update_quota($uid, $EQuota);
}
if ($PQuota != "unManaged" && $tabLdapUser['eduPersonPrimaryAffiliation'] != 'student') {
update_quota($uid, $PQuota);
}
}
}
/*
* Mise à jour des groupes associés
*/
if (sizeof($mesGroupes) > 0) {
$cas_groups = $mesGroupes;
update_groups($uid, $cas_groups, $casBackend->protectedGroups, true);
}
/*
* Mise à jour du mail
*/
update_mail($uid, $tabLdapUser['Mail']);
/*
* Mise à jour du display name
*/
$userDB->setDisplayName($uid, $DisplayName);
return true;
}
}
return false;
}
protected static function tryBasicAuthLogin()
{
if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) {
return false;
}
OC_App::loadApps(array('authentication'));
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
$_REQUEST['redirect_url'] = OC_Request::requestUri();
OC_Util::redirectToDefaultPage();
}
return true;
}
/**
* Handle the request
*/
public static function handleRequest()
{
\OC::$server->getEventLogger()->start('handle_request', 'Handle request');
$systemConfig = \OC::$server->getSystemConfig();
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!$systemConfig->getValue('installed', false)) {
\OC::$server->getSession()->clear();
$setupHelper = new OC\Setup(\OC::$server->getConfig(), \OC::$server->getIniWrapper(), \OC::$server->getL10N('lib'), new \OC_Defaults(), \OC::$server->getLogger(), \OC::$server->getSecureRandom());
$controller = new OC\Core\Controller\SetupController($setupHelper);
$controller->run($_POST);
exit;
}
$request = \OC::$server->getRequest();
// Check if requested URL matches 'index.php/occ'
$isOccControllerRequested = preg_match('|/index\\.php$|', $request->getScriptName()) === 1 && strpos($request->getPathInfo(), '/occ/') === 0;
$requestPath = $request->getRawPathInfo();
if (substr($requestPath, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode($request);
$needUpgrade = self::checkUpgrade(!$isOccControllerRequested);
}
// emergency app disabling
if ($requestPath === '/disableapp' && $request->getMethod() === 'POST' && (string) $request->getParam('appid') !== '') {
\OCP\JSON::callCheck();
\OCP\JSON::checkAdminUser();
$appId = (string) $request->getParam('appid');
$appId = \OC_App::cleanAppId($appId);
\OC_App::disable($appId);
\OC_JSON::success();
exit;
}
try {
// Always load authentication apps
OC_App::loadApps(['authentication']);
} catch (\OC\NeedsUpdateException $e) {
if ($isOccControllerRequested && $needUpgrade) {
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
}
throw $e;
}
// Load minimum set of apps
if (!self::checkUpgrade(false) && !$systemConfig->getValue('maintenance', false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only filesystem and logging
OC_App::loadApps(array('filesystem', 'logging'));
self::handleLogin($request);
}
}
if (!self::$CLI) {
try {
if (!$systemConfig->getValue('maintenance', false) && !self::checkUpgrade(false)) {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
OC_Util::setupFS();
// FIXME
// Redirect to default application
OC_Util::redirectToDefaultPage();
} else {
// Not handled and not logged in
header('Location: ' . \OC::$server->getURLGenerator()->linkToRouteAbsolute('core.login.showLoginForm'));
}
}
/**
* Tries to login a user using the formbased authentication
* @return bool|void
*/
protected static function tryFormLogin()
{
if (!isset($_POST["user"]) || !isset($_POST['password'])) {
return false;
}
OC_JSON::callCheck();
OC_App::loadApps();
//setup extra user backends
OC_User::setupBackends();
if (OC_User::login($_POST["user"], $_POST["password"])) {
// setting up the time zone
if (isset($_POST['timezone-offset'])) {
self::$server->getSession()->set('timezone', $_POST['timezone-offset']);
}
$userid = OC_User::getUser();
self::cleanupLoginTokens($userid);
if (!empty($_POST["remember_login"])) {
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32);
OC_Preferences::setValue($userid, 'login_token', $token, time());
OC_User::setMagicInCookie($userid, $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
exit;
}
return true;
}
public function finishSetup()
{
if (file_exists($this->autoConfigFile)) {
unlink($this->autoConfigFile);
}
\OC::$server->getIntegrityCodeChecker()->runInstanceVerification();
\OC_Util::redirectToDefaultPage();
}
public function redirectToDefaultPage()
{
\OC_Util::redirectToDefaultPage();
}
public function finishSetup()
{
\OC_Util::redirectToDefaultPage();
}
/**
* Adds the user to the reject group and send an email to the administrator to inform them of the request for deletion
*
* @author Victor Bordage-Gorry <*****@*****.**>
* @copyright 2015 CNRS DSI / GLOBALIS media systems
*
* @param string $requesterUid User's Uid
*/
public function mailDeleteAccount($requesterUid)
{
$reason = trim(strip_tags(stripslashes($_POST['deletion_reason'])));
if (empty($reason) || $reason === '') {
return false;
}
// User modification, add to rejected group
$user = $this->userManager->get($requesterUid);
$userGroups = $this->groupManager->getUserGroupIds($user);
// get the user's exclusion group.
$configGroups = $this->config->getSystemValue('deletion_account_request_exclusion_groups');
if (is_array($configGroups)) {
foreach ($configGroups as $groupKey => $groupValue) {
if (in_array($groupKey, $userGroups)) {
if ($this->groupManager->groupExists($groupValue)) {
$group = $this->groupManager->get($groupValue);
} else {
$group = $this->groupManager->createGroup($groupValue);
}
break;
}
}
}
// if $group unset, we use the default value
if (empty($group)) {
$val = $this->config->getSystemValue('deletion_account_request_default_exclusion_group');
if ($this->groupManager->groupExists($val)) {
$group = $this->groupManager->get($val);
} else {
$group = $this->groupManager->createGroup($val);
}
}
$group->addUser($user);
// get the admin's mail
$configMails = $this->config->getSystemValue('deletion_account_request_admin_emails');
if (is_array($configMails)) {
foreach ($configMails as $mailKey => $mailValue) {
if (in_array($mailKey, $userGroups)) {
$toAddress = $toName = $mailValue;
break;
}
}
}
// if $toAdress unset, we use the default value
if (empty($toAdress)) {
$toAddress = $toName = $this->config->getSystemValue('deletion_account_request_default_admin_email');
}
// Mail part
$theme = new \OC_Defaults();
$subject = (string) $this->l->t('Request for deleting account: %s', array($requesterUid));
// generate the content
$html = new \OCP\Template($this->appName, "mail_userdeletion_html", "");
$html->assign('overwriteL10N', $this->l);
$html->assign('requesterUid', $requesterUid);
$html->assign('reason', $_POST['deletion_reason']);
$htmlMail = $html->fetchPage();
$alttext = new \OCP\Template($this->appName, "mail_userdeletion_text", "");
$alttext->assign('overwriteL10N', $this->l);
$alttext->assign('requesterUid', $requesterUid);
$alttext->assign('reason', $reason);
$altMail = $alttext->fetchPage();
$fromAddress = $fromName = \OCP\Util::getDefaultEmailAddress('owncloud');
//sending
try {
\OCP\Util::sendMail($toAddress, $toName, $subject, $htmlMail, $fromAddress, $fromName, 1, $altMail);
} catch (\Exception $e) {
\OCP\Util::writeLog('user_account_actions', "Can't send mail for user creation: " . $e->getMessage(), \OCP\Util::ERROR);
}
// logout and redirect
\OCP\User::logout();
\OC_Util::redirectToDefaultPage();
exit;
}
