user.php 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701
  1. <?php
  2. /**
  3. * @author Aldo "xoen" Giambelluca <xoen@xoen.org>
  4. * @author Andreas Fischer <bantu@owncloud.com>
  5. * @author Arthur Schiwon <blizzz@owncloud.com>
  6. * @author Bartek Przybylski <bart.p.pl@gmail.com>
  7. * @author Bart Visscher <bartv@thisnet.nl>
  8. * @author Björn Schießle <schiessle@owncloud.com>
  9. * @author Dominik Schmidt <dev@dominik-schmidt.de>
  10. * @author Florian Preinstorfer <nblock@archlinux.us>
  11. * @author Georg Ehrke <georg@owncloud.com>
  12. * @author Jakob Sack <mail@jakobsack.de>
  13. * @author Joas Schilling <nickvergessen@owncloud.com>
  14. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  15. * @author Lukas Reschke <lukas@owncloud.com>
  16. * @author Morris Jobke <hey@morrisjobke.de>
  17. * @author Robin Appelman <icewind@owncloud.com>
  18. * @author Robin McCorkell <rmccorkell@karoshi.org.uk>
  19. * @author Scrutinizer Auto-Fixer <auto-fixer@scrutinizer-ci.com>
  20. * @author shkdee <louis.traynard@m4x.org>
  21. * @author Thomas Müller <thomas.mueller@tmit.eu>
  22. * @author Tom Needham <tom@owncloud.com>
  23. * @author Victor Dubiniuk <dubiniuk@owncloud.com>
  24. *
  25. * @copyright Copyright (c) 2015, ownCloud, Inc.
  26. * @license AGPL-3.0
  27. *
  28. * This code is free software: you can redistribute it and/or modify
  29. * it under the terms of the GNU Affero General Public License, version 3,
  30. * as published by the Free Software Foundation.
  31. *
  32. * This program is distributed in the hope that it will be useful,
  33. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  34. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  35. * GNU Affero General Public License for more details.
  36. *
  37. * You should have received a copy of the GNU Affero General Public License, version 3,
  38. * along with this program. If not, see <http://www.gnu.org/licenses/>
  39. *
  40. */
  41. /**
  42. * This class provides wrapper methods for user management. Multiple backends are
  43. * supported. User management operations are delegated to the configured backend for
  44. * execution.
  45. *
  46. * Hooks provided:
  47. * pre_createUser(&run, uid, password)
  48. * post_createUser(uid, password)
  49. * pre_deleteUser(&run, uid)
  50. * post_deleteUser(uid)
  51. * pre_setPassword(&run, uid, password, recoveryPassword)
  52. * post_setPassword(uid, password, recoveryPassword)
  53. * pre_login(&run, uid, password)
  54. * post_login(uid)
  55. * logout()
  56. */
  57. class OC_User {
  58. /**
  59. * @return \OC\User\Session
  60. */
  61. public static function getUserSession() {
  62. return OC::$server->getUserSession();
  63. }
  64. /**
  65. * @return \OC\User\Manager
  66. * @deprecated Use \OC::$server->getUserManager()
  67. */
  68. public static function getManager() {
  69. return OC::$server->getUserManager();
  70. }
  71. private static $_backends = array();
  72. private static $_usedBackends = array();
  73. private static $_setupedBackends = array();
  74. // bool, stores if a user want to access a resource anonymously, e.g if he opens a public link
  75. private static $incognitoMode = false;
  76. /**
  77. * registers backend
  78. *
  79. * @param string $backend name of the backend
  80. * @deprecated Add classes by calling OC_User::useBackend() with a class instance instead
  81. * @return bool
  82. *
  83. * Makes a list of backends that can be used by other modules
  84. */
  85. public static function registerBackend($backend) {
  86. self::$_backends[] = $backend;
  87. return true;
  88. }
  89. /**
  90. * gets available backends
  91. *
  92. * @deprecated
  93. * @return array an array of backends
  94. *
  95. * Returns the names of all backends.
  96. */
  97. public static function getBackends() {
  98. return self::$_backends;
  99. }
  100. /**
  101. * gets used backends
  102. *
  103. * @deprecated
  104. * @return array an array of backends
  105. *
  106. * Returns the names of all used backends.
  107. */
  108. public static function getUsedBackends() {
  109. return array_keys(self::$_usedBackends);
  110. }
  111. /**
  112. * Adds the backend to the list of used backends
  113. *
  114. * @param string|OC_User_Interface $backend default: database The backend to use for user management
  115. * @return bool
  116. *
  117. * Set the User Authentication Module
  118. */
  119. public static function useBackend($backend = 'database') {
  120. if ($backend instanceof OC_User_Interface) {
  121. self::$_usedBackends[get_class($backend)] = $backend;
  122. self::getManager()->registerBackend($backend);
  123. } else {
  124. // You'll never know what happens
  125. if (null === $backend OR !is_string($backend)) {
  126. $backend = 'database';
  127. }
  128. // Load backend
  129. switch ($backend) {
  130. case 'database':
  131. case 'mysql':
  132. case 'sqlite':
  133. OC_Log::write('core', 'Adding user backend ' . $backend . '.', OC_Log::DEBUG);
  134. self::$_usedBackends[$backend] = new OC_User_Database();
  135. self::getManager()->registerBackend(self::$_usedBackends[$backend]);
  136. break;
  137. default:
  138. OC_Log::write('core', 'Adding default user backend ' . $backend . '.', OC_Log::DEBUG);
  139. $className = 'OC_USER_' . strToUpper($backend);
  140. self::$_usedBackends[$backend] = new $className();
  141. self::getManager()->registerBackend(self::$_usedBackends[$backend]);
  142. break;
  143. }
  144. }
  145. return true;
  146. }
  147. /**
  148. * remove all used backends
  149. */
  150. public static function clearBackends() {
  151. self::$_usedBackends = array();
  152. self::getManager()->clearBackends();
  153. }
  154. /**
  155. * setup the configured backends in config.php
  156. */
  157. public static function setupBackends() {
  158. OC_App::loadApps(array('prelogin'));
  159. $backends = OC_Config::getValue('user_backends', array());
  160. foreach ($backends as $i => $config) {
  161. $class = $config['class'];
  162. $arguments = $config['arguments'];
  163. if (class_exists($class)) {
  164. if (array_search($i, self::$_setupedBackends) === false) {
  165. // make a reflection object
  166. $reflectionObj = new ReflectionClass($class);
  167. // use Reflection to create a new instance, using the $args
  168. $backend = $reflectionObj->newInstanceArgs($arguments);
  169. self::useBackend($backend);
  170. self::$_setupedBackends[] = $i;
  171. } else {
  172. OC_Log::write('core', 'User backend ' . $class . ' already initialized.', OC_Log::DEBUG);
  173. }
  174. } else {
  175. OC_Log::write('core', 'User backend ' . $class . ' not found.', OC_Log::ERROR);
  176. }
  177. }
  178. }
  179. /**
  180. * Create a new user
  181. *
  182. * @param string $uid The username of the user to create
  183. * @param string $password The password of the new user
  184. * @throws Exception
  185. * @return bool true/false
  186. *
  187. * Creates a new user. Basic checking of username is done in OC_User
  188. * itself, not in its subclasses.
  189. *
  190. * Allowed characters in the username are: "a-z", "A-Z", "0-9" and "_.@-"
  191. * @deprecated Use \OC::$server->getUserManager()->createUser($uid, $password)
  192. */
  193. public static function createUser($uid, $password) {
  194. return self::getManager()->createUser($uid, $password);
  195. }
  196. /**
  197. * delete a user
  198. *
  199. * @param string $uid The username of the user to delete
  200. * @return bool
  201. *
  202. * Deletes a user
  203. * @deprecated Use \OC::$server->getUserManager()->get() and then run delete() on the return
  204. */
  205. public static function deleteUser($uid) {
  206. $user = self::getManager()->get($uid);
  207. if ($user) {
  208. return $user->delete();
  209. } else {
  210. return false;
  211. }
  212. }
  213. /**
  214. * Try to login a user
  215. *
  216. * @param string $loginname The login name of the user to log in
  217. * @param string $password The password of the user
  218. * @return boolean|null
  219. *
  220. * Log in a user and regenerate a new session - if the password is ok
  221. */
  222. public static function login($loginname, $password) {
  223. session_regenerate_id(true);
  224. $result = self::getUserSession()->login($loginname, $password);
  225. if ($result) {
  226. //we need to pass the user name, which may differ from login name
  227. $user = self::getUserSession()->getUser()->getUID();
  228. OC_Util::setupFS($user);
  229. //trigger creation of user home and /files folder
  230. \OC::$server->getUserFolder($user);
  231. }
  232. return $result;
  233. }
  234. /**
  235. * Try to login a user using the magic cookie (remember login)
  236. *
  237. * @param string $uid The username of the user to log in
  238. * @param string $token
  239. * @return bool
  240. */
  241. public static function loginWithCookie($uid, $token) {
  242. return self::getUserSession()->loginWithCookie($uid, $token);
  243. }
  244. /**
  245. * Try to login a user, assuming authentication
  246. * has already happened (e.g. via Single Sign On).
  247. *
  248. * Log in a user and regenerate a new session.
  249. *
  250. * @param \OCP\Authentication\IApacheBackend $backend
  251. * @return bool
  252. */
  253. public static function loginWithApache(\OCP\Authentication\IApacheBackend $backend) {
  254. $uid = $backend->getCurrentUserId();
  255. $run = true;
  256. OC_Hook::emit("OC_User", "pre_login", array("run" => &$run, "uid" => $uid));
  257. if ($uid) {
  258. self::setUserId($uid);
  259. self::setDisplayName($uid);
  260. self::getUserSession()->setLoginName($uid);
  261. OC_Hook::emit("OC_User", "post_login", array("uid" => $uid, 'password' => ''));
  262. return true;
  263. }
  264. return false;
  265. }
  266. /**
  267. * Verify with Apache whether user is authenticated.
  268. *
  269. * @return boolean|null
  270. * true: authenticated
  271. * false: not authenticated
  272. * null: not handled / no backend available
  273. */
  274. public static function handleApacheAuth() {
  275. $backend = self::findFirstActiveUsedBackend();
  276. if ($backend) {
  277. OC_App::loadApps();
  278. //setup extra user backends
  279. self::setupBackends();
  280. self::unsetMagicInCookie();
  281. return self::loginWithApache($backend);
  282. }
  283. return null;
  284. }
  285. /**
  286. * Sets user id for session and triggers emit
  287. */
  288. public static function setUserId($uid) {
  289. $userSession = \OC::$server->getUserSession();
  290. $userManager = \OC::$server->getUserManager();
  291. if ($user = $userManager->get($uid)) {
  292. $userSession->setUser($user);
  293. } else {
  294. \OC::$server->getSession()->set('user_id', $uid);
  295. }
  296. }
  297. /**
  298. * Sets user display name for session
  299. *
  300. * @param string $uid
  301. * @param null $displayName
  302. * @return bool Whether the display name could get set
  303. */
  304. public static function setDisplayName($uid, $displayName = null) {
  305. if (is_null($displayName)) {
  306. $displayName = $uid;
  307. }
  308. $user = self::getManager()->get($uid);
  309. if ($user) {
  310. return $user->setDisplayName($displayName);
  311. } else {
  312. return false;
  313. }
  314. }
  315. /**
  316. * Logs the current user out and kills all the session data
  317. *
  318. * Logout, destroys session
  319. */
  320. public static function logout() {
  321. self::getUserSession()->logout();
  322. }
  323. /**
  324. * Tries to login the user with HTTP Basic Authentication
  325. */
  326. public static function tryBasicAuthLogin() {
  327. if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
  328. \OC_User::login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
  329. }
  330. }
  331. /**
  332. * Check if the user is logged in, considers also the HTTP basic credentials
  333. *
  334. * @return bool
  335. */
  336. public static function isLoggedIn() {
  337. if (\OC::$server->getSession()->get('user_id') !== null && self::$incognitoMode === false) {
  338. return self::userExists(\OC::$server->getSession()->get('user_id'));
  339. }
  340. return false;
  341. }
  342. /**
  343. * set incognito mode, e.g. if a user wants to open a public link
  344. *
  345. * @param bool $status
  346. */
  347. public static function setIncognitoMode($status) {
  348. self::$incognitoMode = $status;
  349. }
  350. /**
  351. * get incognito mode status
  352. *
  353. * @return bool
  354. */
  355. public static function isIncognitoMode() {
  356. return self::$incognitoMode;
  357. }
  358. /**
  359. * Supplies an attribute to the logout hyperlink. The default behaviour
  360. * is to return an href with '?logout=true' appended. However, it can
  361. * supply any attribute(s) which are valid for <a>.
  362. *
  363. * @return string with one or more HTML attributes.
  364. */
  365. public static function getLogoutAttribute() {
  366. $backend = self::findFirstActiveUsedBackend();
  367. if ($backend) {
  368. return $backend->getLogoutAttribute();
  369. }
  370. return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
  371. }
  372. /**
  373. * Check if the user is an admin user
  374. *
  375. * @param string $uid uid of the admin
  376. * @return bool
  377. */
  378. public static function isAdminUser($uid) {
  379. if (OC_Group::inGroup($uid, 'admin') && self::$incognitoMode === false) {
  380. return true;
  381. }
  382. return false;
  383. }
  384. /**
  385. * get the user id of the user currently logged in.
  386. *
  387. * @return string|bool uid or false
  388. */
  389. public static function getUser() {
  390. $uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null;
  391. if (!is_null($uid) && self::$incognitoMode === false) {
  392. return $uid;
  393. } else {
  394. return false;
  395. }
  396. }
  397. /**
  398. * get the display name of the user currently logged in.
  399. *
  400. * @param string $uid
  401. * @return string uid or false
  402. */
  403. public static function getDisplayName($uid = null) {
  404. if ($uid) {
  405. $user = self::getManager()->get($uid);
  406. if ($user) {
  407. return $user->getDisplayName();
  408. } else {
  409. return $uid;
  410. }
  411. } else {
  412. $user = self::getUserSession()->getUser();
  413. if ($user) {
  414. return $user->getDisplayName();
  415. } else {
  416. return false;
  417. }
  418. }
  419. }
  420. /**
  421. * Autogenerate a password
  422. *
  423. * @return string
  424. *
  425. * generates a password
  426. */
  427. public static function generatePassword() {
  428. return \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(30);
  429. }
  430. /**
  431. * Set password
  432. *
  433. * @param string $uid The username
  434. * @param string $password The new password
  435. * @param string $recoveryPassword for the encryption app to reset encryption keys
  436. * @return bool
  437. *
  438. * Change the password of a user
  439. */
  440. public static function setPassword($uid, $password, $recoveryPassword = null) {
  441. $user = self::getManager()->get($uid);
  442. if ($user) {
  443. return $user->setPassword($password, $recoveryPassword);
  444. } else {
  445. return false;
  446. }
  447. }
  448. /**
  449. * Check whether user can change his avatar
  450. *
  451. * @param string $uid The username
  452. * @return bool
  453. *
  454. * Check whether a specified user can change his avatar
  455. */
  456. public static function canUserChangeAvatar($uid) {
  457. $user = self::getManager()->get($uid);
  458. if ($user) {
  459. return $user->canChangeAvatar();
  460. } else {
  461. return false;
  462. }
  463. }
  464. /**
  465. * Check whether user can change his password
  466. *
  467. * @param string $uid The username
  468. * @return bool
  469. *
  470. * Check whether a specified user can change his password
  471. */
  472. public static function canUserChangePassword($uid) {
  473. $user = self::getManager()->get($uid);
  474. if ($user) {
  475. return $user->canChangePassword();
  476. } else {
  477. return false;
  478. }
  479. }
  480. /**
  481. * Check whether user can change his display name
  482. *
  483. * @param string $uid The username
  484. * @return bool
  485. *
  486. * Check whether a specified user can change his display name
  487. */
  488. public static function canUserChangeDisplayName($uid) {
  489. $user = self::getManager()->get($uid);
  490. if ($user) {
  491. return $user->canChangeDisplayName();
  492. } else {
  493. return false;
  494. }
  495. }
  496. /**
  497. * Check if the password is correct
  498. *
  499. * @param string $uid The username
  500. * @param string $password The password
  501. * @return string|false user id a string on success, false otherwise
  502. *
  503. * Check if the password is correct without logging in the user
  504. * returns the user id or false
  505. */
  506. public static function checkPassword($uid, $password) {
  507. $manager = self::getManager();
  508. $username = $manager->checkPassword($uid, $password);
  509. if ($username !== false) {
  510. return $username->getUID();
  511. }
  512. return false;
  513. }
  514. /**
  515. * @param string $uid The username
  516. * @return string
  517. *
  518. * returns the path to the users home directory
  519. * @deprecated Use \OC::$server->getUserManager->getHome()
  520. */
  521. public static function getHome($uid) {
  522. $user = self::getManager()->get($uid);
  523. if ($user) {
  524. return $user->getHome();
  525. } else {
  526. return OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $uid;
  527. }
  528. }
  529. /**
  530. * Get a list of all users
  531. *
  532. * @return array an array of all uids
  533. *
  534. * Get a list of all users.
  535. * @param string $search
  536. * @param integer $limit
  537. * @param integer $offset
  538. */
  539. public static function getUsers($search = '', $limit = null, $offset = null) {
  540. $users = self::getManager()->search($search, $limit, $offset);
  541. $uids = array();
  542. foreach ($users as $user) {
  543. $uids[] = $user->getUID();
  544. }
  545. return $uids;
  546. }
  547. /**
  548. * Get a list of all users display name
  549. *
  550. * @param string $search
  551. * @param int $limit
  552. * @param int $offset
  553. * @return array associative array with all display names (value) and corresponding uids (key)
  554. *
  555. * Get a list of all display names and user ids.
  556. * @deprecated Use \OC::$server->getUserManager->searchDisplayName($search, $limit, $offset) instead.
  557. */
  558. public static function getDisplayNames($search = '', $limit = null, $offset = null) {
  559. $displayNames = array();
  560. $users = self::getManager()->searchDisplayName($search, $limit, $offset);
  561. foreach ($users as $user) {
  562. $displayNames[$user->getUID()] = $user->getDisplayName();
  563. }
  564. return $displayNames;
  565. }
  566. /**
  567. * check if a user exists
  568. *
  569. * @param string $uid the username
  570. * @return boolean
  571. */
  572. public static function userExists($uid) {
  573. return self::getManager()->userExists($uid);
  574. }
  575. /**
  576. * disables a user
  577. *
  578. * @param string $uid the user to disable
  579. */
  580. public static function disableUser($uid) {
  581. $user = self::getManager()->get($uid);
  582. if ($user) {
  583. $user->setEnabled(false);
  584. }
  585. }
  586. /**
  587. * enable a user
  588. *
  589. * @param string $uid
  590. */
  591. public static function enableUser($uid) {
  592. $user = self::getManager()->get($uid);
  593. if ($user) {
  594. $user->setEnabled(true);
  595. }
  596. }
  597. /**
  598. * checks if a user is enabled
  599. *
  600. * @param string $uid
  601. * @return bool
  602. */
  603. public static function isEnabled($uid) {
  604. $user = self::getManager()->get($uid);
  605. if ($user) {
  606. return $user->isEnabled();
  607. } else {
  608. return false;
  609. }
  610. }
  611. /**
  612. * Set cookie value to use in next page load
  613. *
  614. * @param string $username username to be set
  615. * @param string $token
  616. */
  617. public static function setMagicInCookie($username, $token) {
  618. self::getUserSession()->setMagicInCookie($username, $token);
  619. }
  620. /**
  621. * Remove cookie for "remember username"
  622. */
  623. public static function unsetMagicInCookie() {
  624. self::getUserSession()->unsetMagicInCookie();
  625. }
  626. /**
  627. * Returns the first active backend from self::$_usedBackends.
  628. *
  629. * @return OCP\Authentication\IApacheBackend|null if no backend active, otherwise OCP\Authentication\IApacheBackend
  630. */
  631. private static function findFirstActiveUsedBackend() {
  632. foreach (self::$_usedBackends as $backend) {
  633. if ($backend instanceof OCP\Authentication\IApacheBackend) {
  634. if ($backend->isSessionActive()) {
  635. return $backend;
  636. }
  637. }
  638. }
  639. return null;
  640. }
  641. }