|
|
|
|
@ -125,7 +125,7 @@ class User { |
|
|
|
|
IConfig $config, FilesystemHelper $fs, Image $image, |
|
|
|
|
LogWrapper $log, IAvatarManager $avatarManager, IUserManager $userManager, |
|
|
|
|
INotificationManager $notificationManager) { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($username === null) { |
|
|
|
|
$log->log("uid for '$dn' must not be null!", ILogger::ERROR); |
|
|
|
|
throw new \InvalidArgumentException('uid must not be null!'); |
|
|
|
|
@ -683,7 +683,7 @@ class User { |
|
|
|
|
* @throws \OC\ServerNotAvailableException |
|
|
|
|
*/ |
|
|
|
|
public function updateExtStorageHome(string $valueFromLDAP = null):string { |
|
|
|
|
if($valueFromLDAP === null) { |
|
|
|
|
if ($valueFromLDAP === null) { |
|
|
|
|
$extHomeValues = $this->access->readAttribute($this->getDN(), $this->connection->ldapExtStorageHomeAttribute); |
|
|
|
|
} else { |
|
|
|
|
$extHomeValues = [$valueFromLDAP]; |
|
|
|
|
@ -709,21 +709,21 @@ class User { |
|
|
|
|
return;//password expiry handling disabled |
|
|
|
|
} |
|
|
|
|
$uid = $params['uid']; |
|
|
|
|
if(isset($uid) && $uid === $this->getUsername()) { |
|
|
|
|
if (isset($uid) && $uid === $this->getUsername()) { |
|
|
|
|
//retrieve relevant user attributes |
|
|
|
|
$result = $this->access->search('objectclass=*', array($this->dn), ['pwdpolicysubentry', 'pwdgraceusetime', 'pwdreset', 'pwdchangedtime']); |
|
|
|
|
|
|
|
|
|
if(array_key_exists('pwdpolicysubentry', $result[0])) { |
|
|
|
|
|
|
|
|
|
if (array_key_exists('pwdpolicysubentry', $result[0])) { |
|
|
|
|
$pwdPolicySubentry = $result[0]['pwdpolicysubentry']; |
|
|
|
|
if($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ |
|
|
|
|
if ($pwdPolicySubentry && (count($pwdPolicySubentry) > 0)){ |
|
|
|
|
$ppolicyDN = $pwdPolicySubentry[0];//custom ppolicy DN |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : null; |
|
|
|
|
$pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : null; |
|
|
|
|
$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : null; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$pwdGraceUseTime = array_key_exists('pwdgraceusetime', $result[0]) ? $result[0]['pwdgraceusetime'] : []; |
|
|
|
|
$pwdReset = array_key_exists('pwdreset', $result[0]) ? $result[0]['pwdreset'] : []; |
|
|
|
|
$pwdChangedTime = array_key_exists('pwdchangedtime', $result[0]) ? $result[0]['pwdchangedtime'] : []; |
|
|
|
|
|
|
|
|
|
//retrieve relevant password policy attributes |
|
|
|
|
$cacheKey = 'ppolicyAttributes' . $ppolicyDN; |
|
|
|
|
$result = $this->connection->getFromCache($cacheKey); |
|
|
|
|
@ -731,17 +731,15 @@ class User { |
|
|
|
|
$result = $this->access->search('objectclass=*', array($ppolicyDN), ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']); |
|
|
|
|
$this->connection->writeToCache($cacheKey, $result); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : null; |
|
|
|
|
$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : null; |
|
|
|
|
$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : null; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : []; |
|
|
|
|
$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : []; |
|
|
|
|
$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : []; |
|
|
|
|
|
|
|
|
|
//handle grace login |
|
|
|
|
$pwdGraceUseTimeCount = count($pwdGraceUseTime); |
|
|
|
|
if($pwdGraceUseTime && $pwdGraceUseTimeCount > 0) { //was this a grace login? |
|
|
|
|
if($pwdGraceAuthNLimit |
|
|
|
|
&& (count($pwdGraceAuthNLimit) > 0) |
|
|
|
|
&&($pwdGraceUseTimeCount < (int)$pwdGraceAuthNLimit[0])) { //at least one more grace login available? |
|
|
|
|
if (!empty($pwdGraceUseTime)) { //was this a grace login? |
|
|
|
|
if (!empty($pwdGraceAuthNLimit) |
|
|
|
|
&& count($pwdGraceUseTime) < (int)$pwdGraceAuthNLimit[0]) { //at least one more grace login available? |
|
|
|
|
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
|
|
|
|
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
|
|
|
'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid))); |
|
|
|
|
@ -752,24 +750,24 @@ class User { |
|
|
|
|
exit(); |
|
|
|
|
} |
|
|
|
|
//handle pwdReset attribute |
|
|
|
|
if($pwdReset && (count($pwdReset) > 0) && $pwdReset[0] === 'TRUE') { //user must change his password |
|
|
|
|
if (!empty($pwdReset) && $pwdReset[0] === 'TRUE') { //user must change his password |
|
|
|
|
$this->config->setUserValue($uid, 'user_ldap', 'needsPasswordReset', 'true'); |
|
|
|
|
header('Location: '.\OC::$server->getURLGenerator()->linkToRouteAbsolute( |
|
|
|
|
'user_ldap.renewPassword.showRenewPasswordForm', array('user' => $uid))); |
|
|
|
|
exit(); |
|
|
|
|
} |
|
|
|
|
//handle password expiry warning |
|
|
|
|
if($pwdChangedTime && (count($pwdChangedTime) > 0)) { |
|
|
|
|
if($pwdMaxAge && (count($pwdMaxAge) > 0) |
|
|
|
|
&& $pwdExpireWarning && (count($pwdExpireWarning) > 0)) { |
|
|
|
|
if (!empty($pwdChangedTime)) { |
|
|
|
|
if (!empty($pwdMaxAge) |
|
|
|
|
&& !empty($pwdExpireWarning)) { |
|
|
|
|
$pwdMaxAgeInt = (int)$pwdMaxAge[0]; |
|
|
|
|
$pwdExpireWarningInt = (int)$pwdExpireWarning[0]; |
|
|
|
|
if($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){ |
|
|
|
|
if ($pwdMaxAgeInt > 0 && $pwdExpireWarningInt > 0){ |
|
|
|
|
$pwdChangedTimeDt = \DateTime::createFromFormat('YmdHisZ', $pwdChangedTime[0]); |
|
|
|
|
$pwdChangedTimeDt->add(new \DateInterval('PT'.$pwdMaxAgeInt.'S')); |
|
|
|
|
$currentDateTime = new \DateTime(); |
|
|
|
|
$secondsToExpiry = $pwdChangedTimeDt->getTimestamp() - $currentDateTime->getTimestamp(); |
|
|
|
|
if($secondsToExpiry <= $pwdExpireWarningInt) { |
|
|
|
|
if ($secondsToExpiry <= $pwdExpireWarningInt) { |
|
|
|
|
//remove last password expiry warning if any |
|
|
|
|
$notification = $this->notificationManager->createNotification(); |
|
|
|
|
$notification->setApp('user_ldap') |
|
|
|
|
@ -782,7 +780,7 @@ class User { |
|
|
|
|
$notification->setApp('user_ldap') |
|
|
|
|
->setUser($uid) |
|
|
|
|
->setDateTime($currentDateTime) |
|
|
|
|
->setObject('pwd_exp_warn', $uid) |
|
|
|
|
->setObject('pwd_exp_warn', $uid) |
|
|
|
|
->setSubject('pwd_exp_warn_days', [(int) ceil($secondsToExpiry / 60 / 60 / 24)]) |
|
|
|
|
; |
|
|
|
|
$this->notificationManager->notify($notification); |
|
|
|
|
|
blizzz
6 years ago
committed by