public static function post_login($parameters)
{
$uid = $parameters['uid'];
$casBackend = OC_USER_CAS::getInstance();
$userDatabase = new OC_User_Database();
if (phpCAS::isAuthenticated()) {
// $cas_attributes may vary in name, therefore attributes are fetched to $attributes
$cas_attributes = phpCAS::getAttributes();
$cas_uid = phpCAS::getUser();
// parameters
$attributes = array();
if ($cas_uid == $uid) {
OC_Log::write('cas', 'attr \\"' . implode(',', $cas_attributes) . '\\" for the user: '******'cas_name'] = $cas_attributes[$casBackend->displayNameMapping];
} else {
$attributes['cas_name'] = $cas_attributes['cn'];
}
if (array_key_exists($casBackend->mailMapping, $cas_attributes)) {
$attributes['cas_email'] = $cas_attributes[$casBackend->mailMapping];
} else {
$attributes['cas_email'] = $cas_attributes['mail'];
}
if (array_key_exists($casBackend->groupMapping, $cas_attributes)) {
$attributes['cas_groups'] = $cas_attributes[$casBackend->groupMapping];
} else {
if (!empty($casBackend->defaultGroup)) {
$attributes['cas_groups'] = array($casBackend->defaultGroup);
OC_Log::write('cas', 'Using default group "' . $casBackend->defaultGroup . '" for the user: '******'/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OC_Log::write('cas', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG);
return false;
} else {
$random_password = OC_Util::generateRandomBytes(20);
OC_Log::write('cas', 'Creating new user: ' . $uid, OC_Log::DEBUG);
$userDatabase->createUser($uid, $random_password);
// after creating the user, fill the attributes
if ($userDatabase->userExists($uid)) {
OC_USER_CAS_Hooks::update_user($uid, $attributes);
}
}
}
// try to update user attributes
if ($casBackend->updateUserData) {
OC_USER_CAS_Hooks::update_user($cas_uid, $attributes);
}
return true;
}
}
return false;
}
private function getHasher()
{
if (!self::$hasher) {
//we don't want to use DES based crypt(), since it doesn't return a has with a recognisable prefix
$forcePortable = CRYPT_BLOWFISH != 1;
self::$hasher = new PasswordHash(8, $forcePortable);
}
return self::$hasher;
}
public static function post_login($parameters)
{
// Do nothing if we're sharding and not on the master
if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) {
return true;
}
$uid = '';
$userid = $parameters['uid'];
$samlBackend = new OC_USER_SAML();
$ocUserDatabase = new OC_User_Database();
// Redirect regardless of whether the user has authenticated with SAML or not.
// Since this is a post_login hook, he will have authenticated in some way and have a valid session.
if ($ocUserDatabase->userExists($userid)) {
// Set user attributes for sharding
$display_name = \OCP\User::getDisplayName($userid);
$email = \OCP\Config::getUserValue($userid, 'settings', 'email');
$groups = \OC_Group::getUserGroups($userid);
$quota = \OC_Preferences::getValue($userid, 'files', 'quota');
OC_Util::teardownFS($userid);
OC_Util::setupFS($userid);
OC_Log::write('saml', 'Setting user attributes: ' . $userid . ":" . $display_name . ":" . $email . ":" . join($groups) . ":" . $quota, OC_Log::INFO);
self::setAttributes($userid, $display_name, $email, $groups, $quota);
self::user_redirect($userid);
}
if (!$samlBackend->auth->isAuthenticated()) {
return false;
}
$attributes = $samlBackend->auth->getAttributes();
//$email = "<pre>" . print_r($attributes, 1) . "</pre>";
//$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
//error_log($email, 1, '*****@*****.**', $headers);
$usernameFound = false;
foreach ($samlBackend->usernameMapping as $usernameMapping) {
if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) {
$usernameFound = true;
$uid = $attributes[$usernameMapping][0];
OC_Log::write('saml', 'Authenticated user ' . $uid, OC_Log::INFO);
break;
}
}
if (!$usernameFound || $uid !== $userid) {
return false;
}
$attrs = self::get_user_attributes($uid, $samlBackend);
if (!$ocUserDatabase->userExists($uid)) {
// If autocreate is not enabled - back off
if (!$samlBackend->autocreate) {
return false;
}
// Apparently it is necessary to clear the uid first, to be able to create the user in the DB
$userManager = \OC_User::getManager();
$userManager->delete($uid);
// Reject invalid user names
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG);
return false;
}
$cookiedomain = OCP\App::isEnabled('files_sharding') ? OCA\FilesSharding\Lib::getCookieDomain() : null;
// Reject users we don't allow to autocreate an account
if (isset($uid) && trim($uid) != '' && !OC_User::userExists($uid) && !self::check_user_attributes($attributes)) {
$failCookieName = 'saml_auth_fail';
$userCookieName = 'saml_auth_fail_user';
$expire = 0;
//time()+60*60*24*30;
$expired = time() - 3600;
$path = '/';
setcookie($failCookieName, "notallowed:" . $uid, $expire, $path, $cookiedomain, false, false);
setcookie($userCookieName, $uid, $expire, $path, $cookiedomain, false, false);
$spSource = 'default-sp';
$auth = new SimpleSAML_Auth_Simple($spSource);
OC_Log::write('saml', 'Rejected user "' . $uid, OC_Log::ERROR);
if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) {
$auth->logout(!OCA\FilesSharding\Lib::getMasterURL());
} else {
$auth->logout();
}
return false;
}
// Create new user
$random_password = OC_Util::generateRandomBytes(20);
OC_Log::write('saml', 'Creating new user: '******'/' . $uid . '/files';
\OC\Files\Filesystem::init($uid, $userDir);
if ($samlBackend->updateUserData) {
self::update_user_data($uid, $samlBackend, $attrs, true);
if (OCP\App::isEnabled('files_sharding') && OCA\FilesSharding\Lib::isMaster()) {
$master_site = OCA\FilesSharding\Lib::dbGetSite(null);
$server_id = OCA\FilesSharding\Lib::dbChooseServerForUser($uid, $master_site, 0, null);
OC_Log::write('saml', 'Setting server for new user: '******'display_name'], $attrs['email'], $attrs['groups'], $attrs['quota']);
}
} else {
if ($samlBackend->updateUserData) {
self::update_user_data($uid, $samlBackend, $attrs, false);
}
}
self::user_redirect($userid);
return true;
}
public static function post_login($parameters)
{
$uid = $parameters['uid'];
$wuid = $uid;
$casBackend = new OC_USER_CAS();
$userDB = new OC_User_Database();
/*
* Récupération des données du fichier config général /config/config.php
*/
$serveur_Search = OCP\Config::getSystemValue('serveur_Search', 'error');
$port = OCP\Config::getSystemValue('port', 'error');
$racineAMU = OCP\Config::getSystemValue('racineAMU', 'error');
$racineAMUGRP = OCP\Config::getSystemValue('racineAMUGRP', 'error');
$AMU_nuage_dn = OCP\Config::getSystemValue('AMU_nuage_dn', 'error');
$AMU_nuage_pw = OCP\Config::getSystemValue('AMU_nuage_pw', 'error');
$PQuota = OCP\Config::getSystemValue('PQuota', 'unManaged');
$EQuota = OCP\Config::getSystemValue('EQuota', 'unManaged');
$LDAP = new LDAP_Infos($serveur_Search, $AMU_nuage_dn, $AMU_nuage_pw, $racineAMUGRP, $racineAMUGRP);
$restrictGrp = array("cn", "member");
/*
* Récupération tableau Groupes
* Si le tableau 'groupMapping' est vide pas de contrôle sur les groupes
*/
$AccesCloud = 0;
OCP\Util::writeLog('user_cas', "Authentification (Mapping groups=" . $casBackend->groupMapping . ")", OCP\Util::DEBUG);
if ($casBackend->groupMapping) {
$wTabGrp = str_replace(array('<br>', '<br />', "\n", "\r"), array('@', '', '@', ''), $casBackend->groupMapping);
$tabGRP = explode("@", $wTabGrp);
$i = 0;
$mesGroupes = array();
foreach ($tabGRP as $key => $value) {
$ListeMembre = $LDAP->getMembersOfGroup($value, $restrictGrp);
if (in_array($uid, $ListeMembre)) {
$AccesCloudAMU = 1;
}
}
} else {
$AccesCloud = 1;
}
/*
* Si pas d'acces, alors déconnexion
*/
if ($AccesCloud == 0) {
/*
* On vérifie si le compte utilisé est un compte local
*/
if (!$userDB->userExists($uid)) {
OCP\Util::writeLog('user_cas', "Aucun droit d'accès pour l'utilisateur " . $uid, OCP\Util::ERROR);
\OC_User::logout();
} else {
OCP\Util::writeLog('user_cas', "Authentification locale pour l'utilisateur " . $uid, OCP\Util::DEBUG);
OC::$REQUESTEDAPP = '';
OC_Util::redirectToDefaultPage();
exit(0);
}
}
/**
* Récupère les groupes liés à l'utilisateur avec la racine définie dans le formulaire 'cas_group_root'
* Si 'cas_group_root' n'est pas renseingé => pas de récupération de groupes
*/
$mesGroupes = array();
OCP\Util::writeLog('user_cas', "Authentification (Racine Groupes LDAP=" . $casBackend->groupRoot . ")", OCP\Util::DEBUG);
if ($casBackend->groupRoot) {
$i = 0;
$ListeGRP = $LDAP->getMemberOf($uid);
$a = sizeof($ListeGRP);
OCP\Util::writeLog('user_cas', "Taille=" . $a . " UID=" . $uid, OCP\Util::ERROR);
OCP\Util::writeLog('user_cas', "Racine Groupe=" . $casBackend->groupRoot, OCP\Util::ERROR);
foreach ($ListeGRP as $key => $value) {
if (strstr($value, $casBackend->groupRoot)) {
$mesGroupes[$i] = strtoupper(str_replace(':', '_', substr($value, 8)));
OCP\Util::writeLog('user_cas', "Groupe[{$i}]=" . $mesGroupes[$i], OCP\Util::ERROR);
$i++;
}
}
}
if (phpCAS::checkAuthentication()) {
//$attributes = phpCAS::getAttributes();
$cas_uid = phpCAS::getUser();
if ($cas_uid == $uid) {
/*
* Récupération des information utilisateur (LDAP)
*/
$tabLdapUser = $LDAP->getUserInfo($uid);
if ($tabLdapUser) {
$DisplayName = $tabLdapUser['displayName'];
}
if (!$userDB->userExists($uid)) {
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OCP\Util::writeLog('cas', 'Utilisateur invalide "' . $uid . '", caracteres autorises "a-zA-Z0-9" and "_.@-" ', OCP\Util::DEBUG);
return false;
} else {
/*
* Dans le cas d'une création
*/
$random_password = \OC_Util::generateRandomBytes(20);
$userDB->createUser($uid, $tabLdapUser['userpassword']);
$userDB->setDisplayName($uid, $DisplayName);
/*
* Mise à jour du quota si gestion dans fichier de configuration
*/
if ($EQuota != "unManaged" && $tabLdapUser['eduPersonPrimaryAffiliation'] == 'student') {
update_quota($uid, $EQuota);
}
if ($PQuota != "unManaged" && $tabLdapUser['eduPersonPrimaryAffiliation'] != 'student') {
update_quota($uid, $PQuota);
}
}
}
/*
* Mise à jour des groupes associés
*/
if (sizeof($mesGroupes) > 0) {
$cas_groups = $mesGroupes;
update_groups($uid, $cas_groups, $casBackend->protectedGroups, true);
}
/*
* Mise à jour du mail
*/
update_mail($uid, $tabLdapUser['Mail']);
/*
* Mise à jour du display name
*/
$userDB->setDisplayName($uid, $DisplayName);
return true;
}
}
return false;
}
/**
* Sets the display name for by using the CAS attribute specified in the mapping
*
*/
public function setDisplayName($uid, $displayName)
{
$udb = new OC_User_Database();
$udb->setDisplayName($uid, $displayName);
}
/**
* @brief exports a user, or owncloud instance
* @param optional $uid string user id of user to export if export type is user, defaults to current
* @param ootional $type string type of export, defualts to user
* @param otional $path string path to zip output folder
* @return false on error, path to zip on success
*/
public static function export($uid = null, $type = 'user', $path = null)
{
$datadir = OC_Config::getValue('datadirectory');
// Validate export type
$types = array('user', 'instance', 'system', 'userfiles');
if (!in_array($type, $types)) {
OC_Log::write('migration', 'Invalid export type', OC_Log::ERROR);
return json_encode(array(array('success' => false)));
}
self::$exporttype = $type;
// Userid?
if (self::$exporttype == 'user') {
// Check user exists
if (!is_null($uid)) {
$db = new OC_User_Database();
if (!$db->userExists($uid)) {
OC_Log::write('migration', 'User: '******' is not in the database and so cannot be exported.', OC_Log::ERROR);
return json_encode(array('success' => false));
}
self::$uid = $uid;
} else {
self::$uid = OC_User::getUser();
}
}
// Calculate zipname
if (self::$exporttype == 'user') {
$zipname = 'oc_export_' . self::$uid . '_' . date("y-m-d_H-i-s") . '.zip';
} else {
$zipname = 'oc_export_' . self::$exporttype . '_' . date("y-m-d_H-i-s") . '.zip';
}
// Calculate path
if (self::$exporttype == 'user') {
self::$zippath = $datadir . '/' . self::$uid . '/' . $zipname;
} else {
if (!is_null($path)) {
// Validate custom path
if (!file_exists($path) || !is_writeable($path)) {
OC_Log::write('migration', 'Path supplied is invalid.', OC_Log::ERROR);
return json_encode(array('success' => false));
}
self::$zippath = $path . $zipname;
} else {
// Default path
self::$zippath = get_temp_dir() . '/' . $zipname;
}
}
// Create the zip object
if (!self::createZip()) {
return json_encode(array('success' => false));
}
// Do the export
self::findProviders();
$exportdata = array();
switch (self::$exporttype) {
case 'user':
// Connect to the db
self::$dbpath = $datadir . '/' . self::$uid . '/migration.db';
if (!self::connectDB()) {
return json_encode(array('success' => false));
}
self::$content = new OC_Migration_Content(self::$zip, self::$MDB2);
// Export the app info
$exportdata = self::exportAppData();
// Add the data dir to the zip
self::$content->addDir($datadir . '/' . self::$uid, true, '/');
break;
case 'instance':
self::$content = new OC_Migration_Content(self::$zip);
// Creates a zip that is compatable with the import function
$dbfile = tempnam(get_temp_dir(), "owncloud_export_data_");
OC_DB::getDbStructure($dbfile, 'MDB2_SCHEMA_DUMP_ALL');
// Now add in *dbname* and *dbprefix*
$dbexport = file_get_contents($dbfile);
$dbnamestring = "<database>\n\n <name>" . OC_Config::getValue("dbname", "owncloud");
$dbtableprefixstring = "<table>\n\n <name>" . OC_Config::getValue("dbtableprefix", "oc_");
$dbexport = str_replace($dbnamestring, "<database>\n\n <name>*dbname*", $dbexport);
$dbexport = str_replace($dbtableprefixstring, "<table>\n\n <name>*dbprefix*", $dbexport);
// Add the export to the zip
self::$content->addFromString($dbexport, "dbexport.xml");
// Add user data
foreach (OC_User::getUsers() as $user) {
self::$content->addDir($datadir . '/' . $user . '/', true, "/userdata/");
}
break;
case 'userfiles':
self::$content = new OC_Migration_Content(self::$zip);
// Creates a zip with all of the users files
foreach (OC_User::getUsers() as $user) {
self::$content->addDir($datadir . '/' . $user . '/', true, "/");
}
break;
case 'system':
self::$content = new OC_Migration_Content(self::$zip);
// Creates a zip with the owncloud system files
self::$content->addDir(OC::$SERVERROOT . '/', false, '/');
foreach (array(".git", "3rdparty", "apps", "core", "files", "l10n", "lib", "ocs", "search", "settings", "tests") as $dir) {
self::$content->addDir(OC::$SERVERROOT . '/' . $dir, true, "/");
}
break;
}
if (!($info = self::getExportInfo($exportdata))) {
return json_encode(array('success' => false));
}
// Add the export info json to the export zip
self::$content->addFromString($info, 'export_info.json');
if (!self::$content->finish()) {
return json_encode(array('success' => false));
}
return json_encode(array('success' => true, 'data' => self::$zippath));
}
