Fire group events at login for LDAP groups

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2026-05-28 04:32:30 -04:00 · 2022-02-14 12:35:28 +01:00 · 2022-02-14 12:35:28 +01:00 · 800b1b7031
commit 800b1b7031
parent 6e38cb197a
7 changed files with 149 additions and 183 deletions
--- a/apps/user_ldap/composer/composer/autoload_classmap.php
+++ b/apps/user_ldap/composer/composer/autoload_classmap.php
@ -55,6 +55,7 @@ return array(
    'OCA\\User_LDAP\\LDAPProvider' => $baseDir . '/../lib/LDAPProvider.php',
    'OCA\\User_LDAP\\LDAPProviderFactory' => $baseDir . '/../lib/LDAPProviderFactory.php',
    'OCA\\User_LDAP\\LDAPUtility' => $baseDir . '/../lib/LDAPUtility.php',
+    'OCA\\User_LDAP\\LoginListener' => $baseDir . '/../lib/LoginListener.php',
    'OCA\\User_LDAP\\Mapping\\AbstractMapping' => $baseDir . '/../lib/Mapping/AbstractMapping.php',
    'OCA\\User_LDAP\\Mapping\\GroupMapping' => $baseDir . '/../lib/Mapping/GroupMapping.php',
    'OCA\\User_LDAP\\Mapping\\UserMapping' => $baseDir . '/../lib/Mapping/UserMapping.php',
--- a/apps/user_ldap/composer/composer/autoload_static.php
+++ b/apps/user_ldap/composer/composer/autoload_static.php
@ -70,6 +70,7 @@ class ComposerStaticInitUser_LDAP
        'OCA\\User_LDAP\\LDAPProvider' => __DIR__ . '/..' . '/../lib/LDAPProvider.php',
        'OCA\\User_LDAP\\LDAPProviderFactory' => __DIR__ . '/..' . '/../lib/LDAPProviderFactory.php',
        'OCA\\User_LDAP\\LDAPUtility' => __DIR__ . '/..' . '/../lib/LDAPUtility.php',
+        'OCA\\User_LDAP\\LoginListener' => __DIR__ . '/..' . '/../lib/LoginListener.php',
        'OCA\\User_LDAP\\Mapping\\AbstractMapping' => __DIR__ . '/..' . '/../lib/Mapping/AbstractMapping.php',
        'OCA\\User_LDAP\\Mapping\\GroupMapping' => __DIR__ . '/..' . '/../lib/Mapping/GroupMapping.php',
        'OCA\\User_LDAP\\Mapping\\UserMapping' => __DIR__ . '/..' . '/../lib/Mapping/UserMapping.php',
--- a/apps/user_ldap/composer/composer/installed.php
+++ b/apps/user_ldap/composer/composer/installed.php
@ -3,7 +3,7 @@
        'name' => '__root__',
        'pretty_version' => 'dev-master',
        'version' => 'dev-master',
-        'reference' => '0ecd81bfdcfcd878556de3485d292fb4ea340d9e',
+        'reference' => '722b062d3fb372799000591b8d23d3b65a4e50db',
        'type' => 'library',
        'install_path' => __DIR__ . '/../',
        'aliases' => array(),
@ -13,7 +13,7 @@
        '__root__' => array(
            'pretty_version' => 'dev-master',
            'version' => 'dev-master',
-            'reference' => '0ecd81bfdcfcd878556de3485d292fb4ea340d9e',
+            'reference' => '722b062d3fb372799000591b8d23d3b65a4e50db',
            'type' => 'library',
            'install_path' => __DIR__ . '/../',
            'aliases' => array(),
--- a/apps/user_ldap/lib/AppInfo/Application.php
+++ b/apps/user_ldap/lib/AppInfo/Application.php
@ -32,13 +32,13 @@ use OCA\User_LDAP\Controller\RenewPasswordController;
 use OCA\User_LDAP\Events\GroupBackendRegistered;
 use OCA\User_LDAP\Events\UserBackendRegistered;
 use OCA\User_LDAP\FilesystemHelper;
-use OCA\User_LDAP\FirstLoginListener;
 use OCA\User_LDAP\Group_Proxy;
 use OCA\User_LDAP\GroupPluginManager;
 use OCA\User_LDAP\Handler\ExtStorageConfigHandler;
 use OCA\User_LDAP\Helper;
 use OCA\User_LDAP\ILDAPWrapper;
 use OCA\User_LDAP\LDAP;
+use OCA\User_LDAP\LoginListener;
 use OCA\User_LDAP\Notification\Notifier;
 use OCA\User_LDAP\User\Manager;
 use OCA\User_LDAP\User_Proxy;
@ -115,7 +115,7 @@ class Application extends App implements IBootstrap {
 			// the instance is specific to a lazy bound Access instance, thus cannot be shared.
 			false
 		);
-		$context->registerEventListener(PostLoginEvent::class, FirstLoginListener::class);
+		$context->registerEventListener(PostLoginEvent::class, LoginListener::class);
 	}

 	public function boot(IBootContext $context): void {
@ -152,12 +152,6 @@ class Application extends App implements IBootstrap {
 			'\OCA\User_LDAP\Helper',
 			'loginName2UserName'
 		);
-		\OCP\Util::connectHook(
-			'\OC\User',
-			'assignedUserId',
-			FirstLoginListener::class,
-			'onAssignedId'
-		);
 	}

 	private function registerBackendDependents(IAppContainer $appContainer, IEventDispatcher $dispatcher): void {
--- a/apps/user_ldap/lib/Db/GroupMembershipMapper.php
+++ b/apps/user_ldap/lib/Db/GroupMembershipMapper.php
@ -64,6 +64,18 @@ class GroupMembershipMapper extends QBMapper {
 		return $this->findEntities($select);
 	}

+	/**
+	 * @return GroupMembership[]
+	 */
+	public function findGroupMembershipsForUser(string $userid): array {
+		$qb = $this->db->getQueryBuilder();
+		$select = $qb->select('*')
+			->from($this->getTableName())
+			->where($qb->expr()->eq('userid', $qb->createNamedParameter($userid)));
+
+		return $this->findEntities($select);
+	}
+
 	public function deleteGroups(array $removedGroups): void {
 		$query = $this->db->getQueryBuilder();
 		$query->delete($this->getTableName())
--- a/apps/user_ldap/lib/FirstLoginListener.php
+++ b/apps/user_ldap/lib/FirstLoginListener.php
@ -1,173 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * @copyright Copyright (c) 2022, Côme Chilliet <come.chilliet@nextcloud.com>
- *
- * @author Côme Chilliet <come.chilliet@nextcloud.com>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-namespace OCA\User_LDAP;
-
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventDispatcher;
-use OCP\EventDispatcher\IEventListener;
-use OCP\Group\Events\UserAddedEvent;
-use OCP\IDBConnection;
-use OCP\IGroupManager;
-use OCP\IUser;
-use OCP\IUserManager;
-use OCP\User\Events\PostLoginEvent;
-use Psr\Log\LoggerInterface;
-
-class FirstLoginListener implements IEventListener {
-	/** @var array<string,array<string, int>> */
-	private $eventHappened = [];
-
-	/** @var Group_Proxy */
-	private $groupBackend;
-	/** @var IEventDispatcher */
-	private $dispatcher;
-	/** @var IGroupManager */
-	private $groupManager;
-	/** @var IUserManager */
-	private $userManager;
-	/** @var LoggerInterface */
-	private $logger;
-	/** @var IDBConnection */
-	private $dbc;
-
-	public function __construct(
-		Group_Proxy $groupBackend,
-		IEventDispatcher $dispatcher,
-		IGroupManager $groupManager,
-		IUserManager $userManager,
-		LoggerInterface $logger,
-		IDBConnection $dbc
-	) {
-		$this->groupBackend = $groupBackend;
-		$this->dispatcher = $dispatcher;
-		$this->groupManager = $groupManager;
-		$this->userManager = $userManager;
-		$this->logger = $logger;
-		$this->dbc = $dbc;
-	}
-
-	public function handle(Event $event): void {
-		if ($event instanceof PostLoginEvent) {
-			$this->onPostLogin($event->getUser()->getUID());
-		}
-	}
-
-	public function onAssignedId(string $username): void {
-		$this->logger->info(
-			__CLASS__ . ' – {user} assignedId',
-			[
-				'app' => 'user_ldap',
-				'user' => $username,
-			]
-		);
-		$this->eventHappened[$username]['id'] = 1;
-		$this->triggerUpdateGroups($username);
-	}
-
-	public function onPostLogin(string $username): void {
-		$this->logger->info(
-			__CLASS__ . ' – {user} postLogin',
-			[
-				'app' => 'user_ldap',
-				'user' => $username,
-			]
-		);
-		$this->eventHappened[$username]['login'] = 1;
-		$this->triggerUpdateGroups($username);
-	}
-
-	private function triggerUpdateGroups(string $username): void {
-		if (array_sum($this->eventHappened[$username] ?? []) >= 2) {
-			$this->updateGroups($username);
-		}
-	}
-
-	private function updateGroups(string $username): void {
-		$this->logger->info(
-			__CLASS__ . ' – {user} updateGroups',
-			[
-				'app' => 'user_ldap',
-				'user' => $username,
-			]
-		);
-		$groups = $this->groupBackend->getUserGroups($username);
-
-		$qb = $this->dbc->getQueryBuilder();
-		$qb->select(['owncloudusers'])
-			->from('ldap_group_members')
-			->where($qb->expr()->eq('owncloudname', $qb->createParameter('groupId')));
-
-		$qbUpdate = $this->dbc->getQueryBuilder();
-		$qbUpdate->update('ldap_group_members')
-			->set('owncloudusers', $qb->createParameter('members'))
-			->where($qb->expr()->eq('owncloudname', $qb->createParameter('groupId')));
-
-		foreach ($groups as $group) {
-			$qb->setParameters([
-				'groupId' => $group
-			]);
-
-			$qResult = $qb->executeQuery();
-			$data = $qResult->fetchOne();
-			$qResult->closeCursor();
-
-			$knownUsers = unserialize($data['owncloudusers']);
-			$hasChanged = false;
-
-			$groupObject = $this->groupManager->get($group);
-			if ($groupObject === null) {
-				$this->logger->error(
-					__CLASS__ . ' – group {group} could not be found (user {user})',
-					[
-						'app' => 'user_ldap',
-						'user' => $username,
-						'group' => $group
-					]
-				);
-				continue;
-			}
-			if (!in_array($username, $knownUsers)) {
-				$userObject = $this->userManager->get($username);
-				if ($userObject instanceof IUser) {
-					$this->dispatcher->dispatchTyped(new UserAddedEvent($groupObject, $userObject));
-					$this->logger->info(
-						__CLASS__ . ' – {user} added to {group}',
-						[
-							'app' => 'user_ldap',
-							'user' => $username,
-							'group' => $group
-						]
-					);
-					$qbUpdate->setParameters([
-						'members' => serialize(array_merge($knownUsers, [$username])),
-						'groupId' => $group
-					]);
-					$qbUpdate->executeStatement();
-				}
-			}
-		}
-	}
-}
--- a/apps/user_ldap/lib/LoginListener.php
+++ b/apps/user_ldap/lib/LoginListener.php
@ -0,0 +1,131 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2023, Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @author Côme Chilliet <come.chilliet@nextcloud.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\User_LDAP;
+
+use OCA\User_LDAP\Db\GroupMembership;
+use OCA\User_LDAP\Db\GroupMembershipMapper;
+use OCP\EventDispatcher\Event;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\EventDispatcher\IEventListener;
+use OCP\Group\Events\UserAddedEvent;
+use OCP\Group\Events\UserRemovedEvent;
+use OCP\IGroupManager;
+use OCP\IUser;
+use OCP\User\Events\PostLoginEvent;
+use Psr\Log\LoggerInterface;
+
+/**
+ * @template-implements IEventListener<PostLoginEvent>
+ */
+class LoginListener implements IEventListener {
+	public function __construct(
+		private IEventDispatcher $dispatcher,
+		private Group_Proxy $groupBackend,
+		private IGroupManager $groupManager,
+		private LoggerInterface $logger,
+		private GroupMembershipMapper $groupMembershipMapper,
+	) {
+	}
+
+	public function handle(Event $event): void {
+		if ($event instanceof PostLoginEvent) {
+			$this->onPostLogin($event->getUser());
+		}
+	}
+
+	public function onPostLogin(IUser $user): void {
+		$this->logger->info(
+			__CLASS__ . ' – {user} postLogin',
+			[
+				'app' => 'user_ldap',
+				'user' => $user->getUID(),
+			]
+		);
+		$this->updateGroups($user);
+	}
+
+	private function updateGroups(IUser $userObject): void {
+		$userId = $userObject->getUID();
+		$groupMemberships = $this->groupMembershipMapper->findGroupMembershipsForUser($userId);
+		$knownGroups = array_map(
+			static fn (GroupMembership $groupMembership): string => $groupMembership->getGroupid(),
+			$groupMemberships
+		);
+		$groupMemberships = array_combine($knownGroups, $groupMemberships);
+		$actualGroups = $this->groupBackend->getUserGroups($userId);
+
+		$newGroups = array_diff($actualGroups, $knownGroups);
+		$oldGroups = array_diff($knownGroups, $actualGroups);
+		foreach ($newGroups as $groupId) {
+			$groupObject = $this->groupManager->get($groupId);
+			if ($groupObject === null) {
+				$this->logger->error(
+					__CLASS__ . ' – group {group} could not be found (user {user})',
+					[
+						'app' => 'user_ldap',
+						'user' => $userId,
+						'group' => $groupId
+					]
+				);
+				continue;
+			}
+			$this->groupMembershipMapper->insert(GroupMembership::fromParams(['groupid' => $groupId,'userid' => $userId]));
+			// TODO: empty cache to avoid crash
+			$this->dispatcher->dispatchTyped(new UserAddedEvent($groupObject, $userObject));
+			$this->logger->info(
+				__CLASS__ . ' – {user} added to {group}',
+				[
+					'app' => 'user_ldap',
+					'user' => $userId,
+					'group' => $groupId
+				]
+			);
+		}
+		foreach ($oldGroups as $groupId) {
+			$this->groupMembershipMapper->delete($groupMemberships[$groupId]);
+			$groupObject = $this->groupManager->get($groupId);
+			if ($groupObject === null) {
+				$this->logger->error(
+					__CLASS__ . ' – group {group} could not be found (user {user})',
+					[
+						'app' => 'user_ldap',
+						'user' => $userId,
+						'group' => $groupId
+					]
+				);
+				continue;
+			}
+			$this->dispatcher->dispatchTyped(new UserRemovedEvent($groupObject, $userObject));
+			$this->logger->info(
+				'service "updateGroups" – {user} removed from {group}',
+				[
+					'user' => $userId,
+					'group' => $groupId
+				]
+			);
+		}
+	}
+}