LDAP to no register new users when outside of fair use or over limits

Signed-off-by: Arthur Schiwon <[email protected]>
nextcloud · szaimen · Oct 21, 2022 · Sep 6, 2022 · Oct 18, 2022 · Oct 18, 2022
commit 8e8acf2d9087523ac8f8bf3aeac8daa0c17add91
@@ -35,7 +35,7 @@
 $mapping = null;
 try {
 	if ($subject === 'user') {
-		$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
+		$mapping = \OCP\Server::get(UserMapping::class);
 		$result = $mapping->clearCb(
 			function ($uid) {
 				\OC::$server->getUserManager()->emit('\OC\User', 'preUnassignedUserId', [$uid]);

@@ -34,18 +34,32 @@
 
 class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend, IDeleteGroupBackend {
 	private $backends = [];
-	private $refBackend = null;
+	private ?Group_LDAP $refBackend = null;
+	private Helper $helper;
+	private GroupPluginManager $groupPluginManager;
+	private bool $isSetUp = false;
 
 	public function __construct(Helper $helper, ILDAPWrapper $ldap, GroupPluginManager $groupPluginManager) {
 		parent::__construct($ldap);
-		$serverConfigPrefixes = $helper->getServerConfigurationPrefixes(true);
+		$this->helper = $helper;
+		$this->groupPluginManager = $groupPluginManager;
+	}
+
+	protected function setup(): void {
+		if ($this->isSetUp) {
+			return;
+		}
+
+		$serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);
 		foreach ($serverConfigPrefixes as $configPrefix) {
 			$this->backends[$configPrefix] =
-				new \OCA\User_LDAP\Group_LDAP($this->getAccess($configPrefix), $groupPluginManager);
+				new Group_LDAP($this->getAccess($configPrefix), $this->groupPluginManager);
 			if (is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}
 		}
+
+		$this->isSetUp = true;
 	}
 
 	/**
@@ -57,6 +71,8 @@ public function __construct(Helper $helper, ILDAPWrapper $ldap, GroupPluginManag
 	 * @return mixed the result of the method or false
 	 */
 	protected function walkBackends($id, $method, $parameters) {
+		$this->setup();
+
 		$gid = $id;
 		$cacheKey = $this->getGroupCacheKey($gid);
 		foreach ($this->backends as $configPrefix => $backend) {
@@ -80,6 +96,8 @@ protected function walkBackends($id, $method, $parameters) {
 	 * @return mixed the result of the method or false
 	 */
 	protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
+		$this->setup();
+
 		$gid = $id;
 		$cacheKey = $this->getGroupCacheKey($gid);
 		$prefix = $this->getFromCache($cacheKey);
@@ -105,6 +123,7 @@ protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
 	}
 
 	protected function activeBackends(): int {
+		$this->setup();
 		return count($this->backends);
 	}
 
@@ -131,8 +150,9 @@ public function inGroup($uid, $gid) {
 	 * if the user exists at all.
 	 */
 	public function getUserGroups($uid) {
-		$groups = [];
+		$this->setup();
 
+		$groups = [];
 		foreach ($this->backends as $backend) {
 			$backendGroups = $backend->getUserGroups($uid);
 			if (is_array($backendGroups)) {
@@ -149,8 +169,9 @@ public function getUserGroups($uid) {
 	 * @return string[] with user ids
 	 */
 	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
-		$users = [];
+		$this->setup();
 
+		$users = [];
 		foreach ($this->backends as $backend) {
 			$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
 			if (is_array($backendUsers)) {
@@ -237,8 +258,9 @@ public function getGroupDetails($gid) {
 	 * Returns a list with all groups
 	 */
 	public function getGroups($search = '', $limit = -1, $offset = 0) {
-		$groups = [];
+		$this->setup();
 
+		$groups = [];
 		foreach ($this->backends as $backend) {
 			$backendGroups = $backend->getGroups($search, $limit, $offset);
 			if (is_array($backendGroups)) {
@@ -269,6 +291,7 @@ public function groupExists($gid) {
 	 * compared with \OCP\GroupInterface::CREATE_GROUP etc.
 	 */
 	public function implementsActions($actions) {
+		$this->setup();
 		//it's the same across all our user backends obviously
 		return $this->refBackend->implementsActions($actions);
 	}

@@ -107,7 +107,7 @@ public function setArguments($arguments): void {
 		if (isset($arguments['mapping'])) {
 			$this->mapping = $arguments['mapping'];
 		} else {
-			$this->mapping = new UserMapping($this->db);
+			$this->mapping = \OCP\Server::get(UserMapping::class);
 		}
 
 		if (isset($arguments['deletedUsersIndex'])) {

@@ -357,7 +357,7 @@ public function setArgument($argument) {
 		if (isset($argument['mapper'])) {
 			$this->mapper = $argument['mapper'];
 		} else {
-			$this->mapper = new UserMapping($this->dbc);
+			$this->mapper = \OCP\Server::get(UserMapping::class);
 		}
 
 		if (isset($argument['connectionFactory'])) {

@@ -22,12 +22,32 @@
  */
 namespace OCA\User_LDAP\Mapping;
 
+use OCP\HintException;
+use OCP\IDBConnection;
+use OCP\Support\Subscription\IAssertion;
+
 /**
  * Class UserMapping
+ *
  * @package OCA\User_LDAP\Mapping
  */
 class UserMapping extends AbstractMapping {
 
+	private IAssertion $assertion;
+
+	public function __construct(IDBConnection $dbc, IAssertion $assertion) {
+		$this->assertion = $assertion;
+		parent::__construct($dbc);
+	}
+
+	/**
+	 * @throws HintException
+	 */
+	public function map($fdn, $name, $uuid): bool {
+		$this->assertion->createUserIsLegit();
+		return parent::map($fdn, $name, $uuid);
+	}
+
 	/**
 	 * returns the DB table name which holds the mappings
 	 * @return string

@@ -35,7 +35,9 @@
 use OCA\User_LDAP\Mapping\GroupMapping;
 use OCA\User_LDAP\Mapping\UserMapping;
 use OCA\User_LDAP\User\Manager;
-use OCP\Share\IManager;
+use OCP\IConfig;
+use OCP\IUserManager;
+use OCP\Server;
 use Psr\Log\LoggerInterface;
 
 abstract class Proxy {
@@ -61,34 +63,18 @@ public function __construct(ILDAPWrapper $ldap) {
 	/**
 	 * @param string $configPrefix
 	 */
-	private function addAccess($configPrefix) {
-		static $ocConfig;
-		static $fs;
-		static $log;
-		static $avatarM;
-		static $userMap;
-		static $groupMap;
-		static $shareManager;
-		static $coreUserManager;
-		static $coreNotificationManager;
-		static $logger;
-		if ($fs === null) {
-			$ocConfig = \OC::$server->getConfig();
-			$fs = new FilesystemHelper();
-			$avatarM = \OC::$server->getAvatarManager();
-			$db = \OC::$server->getDatabaseConnection();
-			$userMap = new UserMapping($db);
-			$groupMap = new GroupMapping($db);
-			$coreUserManager = \OC::$server->getUserManager();
-			$coreNotificationManager = \OC::$server->getNotificationManager();
-			$shareManager = \OC::$server->get(IManager::class);
-			$logger = \OC::$server->get(LoggerInterface::class);
-		}
-		$userManager =
-			new Manager($ocConfig, $fs, $logger, $avatarM, new \OCP\Image(),
-				$coreUserManager, $coreNotificationManager, $shareManager);
+	private function addAccess(string $configPrefix): void {
+		$ocConfig = Server::get(IConfig::class);
+		$userMap = Server::get(UserMapping::class);
+		$groupMap = Server::get(GroupMapping::class);
+		$coreUserManager = Server::get(IUserManager::class);
+		$logger = Server::get(LoggerInterface::class);
+		$helper = Server::get(Helper::class);
+
+		$userManager = Server::get(Manager::class);
+
 		$connector = new Connection($this->ldap, $configPrefix);
-		$access = new Access($connector, $this->ldap, $userManager, new Helper($ocConfig, \OC::$server->getDatabaseConnection()), $ocConfig, $coreUserManager, $logger);
+		$access = new Access($connector, $this->ldap, $userManager, $helper, $ocConfig, $coreUserManager, $logger);
 		$access->setUserMapper($userMap);
 		$access->setGroupMapper($groupMap);
 		self::$accesses[$configPrefix] = $access;

@@ -42,6 +42,13 @@ class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface,
 	/** @var User_LDAP */
 	private $refBackend = null;
 
+	private bool $isSetUp = false;
+	private Helper $helper;
+	private IConfig $ocConfig;
+	private INotificationManager $notificationManager;
+	private IUserSession $userSession;
+	private UserPluginManager $userPluginManager;
+
 	public function __construct(
 		Helper $helper,
 		ILDAPWrapper $ldap,
@@ -51,15 +58,29 @@ public function __construct(
 		UserPluginManager $userPluginManager
 	) {
 		parent::__construct($ldap);
-		$serverConfigPrefixes = $helper->getServerConfigurationPrefixes(true);
+		$this->helper = $helper;
+		$this->ocConfig = $ocConfig;
+		$this->notificationManager = $notificationManager;
+		$this->userSession = $userSession;
+		$this->userPluginManager = $userPluginManager;
+	}
+
+	protected function setup(): void {
+		if ($this->isSetUp) {
+			return;
+		}
+
+		$serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);
 		foreach ($serverConfigPrefixes as $configPrefix) {
 			$this->backends[$configPrefix] =
-				new User_LDAP($this->getAccess($configPrefix), $ocConfig, $notificationManager, $userSession, $userPluginManager);
+				new User_LDAP($this->getAccess($configPrefix), $this->ocConfig, $this->notificationManager, $this->userSession, $this->userPluginManager);
 
 			if (is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}
 		}
+
+		$this->isSetUp = true;
 	}
 
 	/**
@@ -71,6 +92,8 @@ public function __construct(
 	 * @return mixed the result of the method or false
 	 */
 	protected function walkBackends($id, $method, $parameters) {
+		$this->setup();
+
 		$uid = $id;
 		$cacheKey = $this->getUserCacheKey($uid);
 		foreach ($this->backends as $configPrefix => $backend) {
@@ -99,6 +122,8 @@ protected function walkBackends($id, $method, $parameters) {
 	 * @return mixed the result of the method or false
 	 */
 	protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
+		$this->setup();
+
 		$uid = $id;
 		$cacheKey = $this->getUserCacheKey($uid);
 		$prefix = $this->getFromCache($cacheKey);
@@ -129,6 +154,7 @@ protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
 	}
 
 	protected function activeBackends(): int {
+		$this->setup();
 		return count($this->backends);
 	}
 
@@ -142,6 +168,7 @@ protected function activeBackends(): int {
 	 * compared with \OC\User\Backend::CREATE_USER etc.
 	 */
 	public function implementsActions($actions) {
+		$this->setup();
 		//it's the same across all our user backends obviously
 		return $this->refBackend->implementsActions($actions);
 	}
@@ -152,6 +179,7 @@ public function implementsActions($actions) {
 	 * @return string the name of the backend to be shown
 	 */
 	public function getBackendName() {
+		$this->setup();
 		return $this->refBackend->getBackendName();
 	}
 
@@ -164,6 +192,8 @@ public function getBackendName() {
 	 * @return string[] an array of all uids
 	 */
 	public function getUsers($search = '', $limit = 10, $offset = 0) {
+		$this->setup();
+
 		//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
 		$users = [];
 		foreach ($this->backends as $backend) {
@@ -296,6 +326,8 @@ public function canChangeAvatar($uid) {
 	 * @return array an array of all displayNames (value) and the corresponding uids (key)
 	 */
 	public function getDisplayNames($search = '', $limit = null, $offset = null) {
+		$this->setup();
+
 		//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
 		$users = [];
 		foreach ($this->backends as $backend) {
@@ -335,6 +367,7 @@ public function setPassword($uid, $password) {
 	 * @return bool
 	 */
 	public function hasUserListings() {
+		$this->setup();
 		return $this->refBackend->hasUserListings();
 	}
 
@@ -344,6 +377,8 @@ public function hasUserListings() {
 	 * @return int|bool
 	 */
 	public function countUsers() {
+		$this->setup();
+
 		$users = false;
 		foreach ($this->backends as $backend) {
 			$backendUsers = $backend->countUsers();

@@ -24,6 +24,7 @@
 namespace OCA\User_LDAP\Tests\Mapping;
 
 use OCA\User_LDAP\Mapping\UserMapping;
+use OCP\Support\Subscription\IAssertion;
 
 /**
  * Class UserMappingTest
@@ -34,6 +35,6 @@
  */
 class UserMappingTest extends AbstractMappingTest {
 	public function getMapper(\OCP\IDBConnection $dbMock) {
-		return new UserMapping($dbMock);
+		return new UserMapping($dbMock, $this->createMock(IAssertion::class));
 	}
 }
@@ -566,6 +566,7 @@
     'OCP\\Support\\CrashReport\\IRegistry' => $baseDir . '/lib/public/Support/CrashReport/IRegistry.php',
     'OCP\\Support\\CrashReport\\IReporter' => $baseDir . '/lib/public/Support/CrashReport/IReporter.php',
     'OCP\\Support\\Subscription\\Exception\\AlreadyRegisteredException' => $baseDir . '/lib/public/Support/Subscription/Exception/AlreadyRegisteredException.php',
+    'OCP\\Support\\Subscription\\IAssertion' => $baseDir . '/lib/public/Support/Subscription/IAssertion.php',
     'OCP\\Support\\Subscription\\IRegistry' => $baseDir . '/lib/public/Support/Subscription/IRegistry.php',
     'OCP\\Support\\Subscription\\ISubscription' => $baseDir . '/lib/public/Support/Subscription/ISubscription.php',
     'OCP\\Support\\Subscription\\ISupportedApps' => $baseDir . '/lib/public/Support/Subscription/ISupportedApps.php',
@@ -1552,6 +1553,7 @@
     'OC\\Streamer' => $baseDir . '/lib/private/Streamer.php',
     'OC\\SubAdmin' => $baseDir . '/lib/private/SubAdmin.php',
     'OC\\Support\\CrashReport\\Registry' => $baseDir . '/lib/private/Support/CrashReport/Registry.php',
+    'OC\\Support\\Subscription\\Assertion' => $baseDir . '/lib/private/Support/Subscription/Assertion.php',
     'OC\\Support\\Subscription\\Registry' => $baseDir . '/lib/private/Support/Subscription/Registry.php',
     'OC\\SystemConfig' => $baseDir . '/lib/private/SystemConfig.php',
     'OC\\SystemTag\\ManagerFactory' => $baseDir . '/lib/private/SystemTag/ManagerFactory.php',

@@ -599,6 +599,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OCP\\Support\\CrashReport\\IRegistry' => __DIR__ . '/../../..' . '/lib/public/Support/CrashReport/IRegistry.php',
         'OCP\\Support\\CrashReport\\IReporter' => __DIR__ . '/../../..' . '/lib/public/Support/CrashReport/IReporter.php',
         'OCP\\Support\\Subscription\\Exception\\AlreadyRegisteredException' => __DIR__ . '/../../..' . '/lib/public/Support/Subscription/Exception/AlreadyRegisteredException.php',
+        'OCP\\Support\\Subscription\\IAssertion' => __DIR__ . '/../../..' . '/lib/public/Support/Subscription/IAssertion.php',
         'OCP\\Support\\Subscription\\IRegistry' => __DIR__ . '/../../..' . '/lib/public/Support/Subscription/IRegistry.php',
         'OCP\\Support\\Subscription\\ISubscription' => __DIR__ . '/../../..' . '/lib/public/Support/Subscription/ISubscription.php',
         'OCP\\Support\\Subscription\\ISupportedApps' => __DIR__ . '/../../..' . '/lib/public/Support/Subscription/ISupportedApps.php',
@@ -1585,6 +1586,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\Streamer' => __DIR__ . '/../../..' . '/lib/private/Streamer.php',
         'OC\\SubAdmin' => __DIR__ . '/../../..' . '/lib/private/SubAdmin.php',
         'OC\\Support\\CrashReport\\Registry' => __DIR__ . '/../../..' . '/lib/private/Support/CrashReport/Registry.php',
+        'OC\\Support\\Subscription\\Assertion' => __DIR__ . '/../../..' . '/lib/private/Support/Subscription/Assertion.php',
         'OC\\Support\\Subscription\\Registry' => __DIR__ . '/../../..' . '/lib/private/Support/Subscription/Registry.php',
         'OC\\SystemConfig' => __DIR__ . '/../../..' . '/lib/private/SystemConfig.php',
         'OC\\SystemTag\\ManagerFactory' => __DIR__ . '/../../..' . '/lib/private/SystemTag/ManagerFactory.php',

@@ -795,6 +795,7 @@ public function __construct($webRoot, \OC\Config $config) {
 
 		$this->registerAlias(\OCP\Support\CrashReport\IRegistry::class, \OC\Support\CrashReport\Registry::class);
 		$this->registerAlias(\OCP\Support\Subscription\IRegistry::class, \OC\Support\Subscription\Registry::class);
+		$this->registerAlias(\OCP\Support\Subscription\IAssertion::class, \OC\Support\Subscription\Assertion::class);
 
 		$this->registerService(\OC\Log::class, function (Server $c) {
 			$logType = $c->get(AllConfig::class)->getSystemValue('log_type', 'file');