New occ command to create guest users

Create guest user with optional password without sending an email.

Signed-off-by: Vincent Petry <[email protected]>

Author: PVince81

appinfo/info.xml

@@ -26,6 +26,7 @@ Guests users can only access files shared to them and can't create any files out
 	</dependencies>
 	<commands>
 		<command>OCA\Guests\Command\ListCommand</command>
+		<command>OCA\Guests\Command\AddCommand</command>
 	</commands>
 	<settings>
 		<admin>OCA\Guests\Settings\Admin</admin>

lib/Command/AddCommand.php

@@ -0,0 +1,165 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2020 Vincent Petry <[email protected]>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Guests\Command;
+
+use OC\Core\Command\Base;
+use OCA\Guests\GuestManager;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\Mail\IMailer;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\Question;
+
+class AddCommand extends Base {
+	private $guestManager;
+	private $mailer;
+
+	public function __construct(IUserManager $userManager, IMailer $mailer, GuestManager $guestManager) {
+		parent::__construct();
+		$this->userManager = $userManager;
+		$this->guestManager = $guestManager;
+		$this->mailer = $mailer;
+	}
+
+	protected function configure() {
+		$this
+			->setName('guests:add')
+			->setDescription('Add a new guest account')
+			->addArgument(
+				'created-by',
+				InputArgument::REQUIRED,
+				'User ID who is set as creator'
+			)
+			->addArgument(
+				'uid',
+				InputArgument::REQUIRED,
+				'User ID used to login (must only contain a-z, A-Z, 0-9, -, _ and @)'
+			)
+			->addArgument(
+				'email',
+				InputArgument::REQUIRED,
+				'Email address'
+			)
+			->addOption(
+				'generate-password',
+				null,
+				InputOption::VALUE_NONE,
+				'Do not set an initial password'
+			)
+			->addOption(
+				'password-from-env',
+				null,
+				InputOption::VALUE_NONE,
+				'Read password from environment variable OC_PASS'
+			)
+			->addOption(
+				'display-name',
+				null,
+				InputOption::VALUE_OPTIONAL,
+				'User name used in the web UI (can contain any characters)',
+				''
+			)
+			->addOption(
+				'language',
+				null,
+				InputOption::VALUE_OPTIONAL,
+				'Language',
+				''
+			);
+		parent::configure();
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output) {
+		$creatorUser = $this->userManager->get($input->getArgument('created-by'));
+		if ($creatorUser === null) {
+			$output->writeln('<error>The user "' . $input->getArgument('created-by') . '" does not exist.</error>');
+			return 1;
+		}
+
+		$uid = $input->getArgument('uid');
+		if ($this->userManager->userExists($uid)) {
+			$output->writeln('<error>The user "' . $uid . '" already exists.</error>');
+			return 1;
+		}
+
+		$password = null;
+		if (!$input->getOption('generate-password')) {
+			if ($input->getOption('password-from-env')) {
+				$password = getenv('OC_PASS');
+				if (!$password) {
+					$output->writeln('<error>--password-from-env given, but OC_PASS is empty!</error>');
+					return 1;
+				}
+			} elseif ($input->isInteractive()) {
+				/** @var QuestionHelper $helper */
+				$helper = $this->getHelper('question');
+
+				$question = new Question('Enter password: ');
+				$question->setHidden(true);
+				$password = $helper->ask($input, $output, $question);
+
+				$question = new Question('Confirm password: ');
+				$question->setHidden(true);
+				$confirm = $helper->ask($input, $output,$question);
+
+				if ($password !== $confirm) {
+					$output->writeln("<error>Passwords did not match!</error>");
+					return 1;
+				}
+			} else {
+				$output->writeln("<error>Interactive input or --password-from-env is needed for entering a password!</error>");
+				return 1;
+			}
+		}
+
+		if (!$this->mailer->validateMailAddress($input->getArgument('email'))) {
+			$output->writeln('<error>Invalid email address</error>');
+			return 1;
+		}
+
+		try {
+			$user = $this->guestManager->createGuest(
+				$creatorUser,
+				$input->getArgument('uid'),
+				$input->getArgument('email'),
+				$input->getOption('display-name'),
+				$input->getOption('language'),
+				$password
+			);
+		} catch (\Exception $e) {
+			$output->writeln('<error>' . $e->getMessage() . '</error>');
+			return 1;
+		}
+
+		if ($user instanceof IUser) {
+			$output->writeln('<info>The guest account user "' . $user->getUID() . '" was created successfully</info>');
+		} else {
+			$output->writeln('<error>An error occurred while creating the user</error>');
+			return 1;
+		}
+	}
+}

lib/GuestManager.php

@@ -97,12 +97,19 @@ public function isGuest($user = null) {
 		return false;
 	}
 
-	public function createGuest(IUser $createdBy, $userId, $email, $displayName = '', $language = '') {
-		$passwordEvent = new GenerateSecurePasswordEvent();
-		$this->eventDispatcher->dispatchTyped($passwordEvent);
-		$this->userManager->createUserFromBackend(
+	public function createGuest(IUser $createdBy, $userId, $email, $displayName = '', $language = '', $initialPassword = null) : IUser {
+		if ($initialPassword === null) {
+			$passwordEvent = new GenerateSecurePasswordEvent();
+			$this->eventDispatcher->dispatchTyped($passwordEvent);
+			$password = $passwordEvent->getPassword() ?? $this->secureRandom->generate(20);
+		} else {
+			$password = $initialPassword;
+		}
+
+		/** @var IUser */
+		$user = $this->userManager->createUserFromBackend(
 			$userId,
-			$passwordEvent->getPassword() ?? $this->secureRandom->generate(20),
+			$password,
 			$this->userBackend
 		);
 
@@ -117,25 +124,30 @@ public function createGuest(IUser $createdBy, $userId, $email, $displayName = ''
 			$this->config->setUserValue($userId, 'core', 'lang', $language);
 		}
 
-		$token = $this->secureRandom->generate(
-			21,
-			ISecureRandom::CHAR_DIGITS .
-			ISecureRandom::CHAR_LOWER .
-			ISecureRandom::CHAR_UPPER);
-
-		$endOfTime = PHP_INT_MAX - 50000;
-		$token = sprintf('%s:%s', $endOfTime, $token);
-
-		$encryptedValue = $this->crypto->encrypt($token, $email . $this->config->getSystemValue('secret'));
-
-		$this->config->setUserValue(
-			$userId,
-			'core',
-			'lostpassword',
-			$encryptedValue
-		);
+		if ($initialPassword === null) {
+			// generate token for lost password so that a link can be sent by email
+			$token = $this->secureRandom->generate(
+				21,
+				ISecureRandom::CHAR_DIGITS .
+				ISecureRandom::CHAR_LOWER .
+				ISecureRandom::CHAR_UPPER);
+
+			$endOfTime = PHP_INT_MAX - 50000;
+			$token = sprintf('%s:%s', $endOfTime, $token);
+
+			$encryptedValue = $this->crypto->encrypt($token, $email . $this->config->getSystemValue('secret'));
+
+			$this->config->setUserValue(
+				$userId,
+				'core',
+				'lostpassword',
+				$encryptedValue
+			);
+		}
 
 		$this->config->setUserValue($userId, 'files', 'quota', '0 B');
+
+		return $user;
 	}
 
 	public function listGuests() {