Unify the core sync logic #29669
Unify the core sync logic #29669
Conversation
|
Tests hate you 😢 |
lib/private/User/Manager.php
Outdated
| @@ -216,10 +221,13 @@ public function checkPassword($loginName, $password) { | |||
| if ($uid !== false) { | |||
| try { | |||
| $account = $this->accountMapper->getByUid($uid); | |||
| $this->syncService->setupAccount($account, $backend, $account->getUserId()); | |||
There was a problem hiding this comment.
- move to a different place that is also executed after login via apache / saml
|
|
butonic
force-pushed
the
sync-after-login
branch
from
d7b45f9
to
d4c795d
Compare
Codecov Report
@@ Coverage Diff @@
## master #29669 +/- ##
=============================================
+ Coverage 15.82% 60.84% +45.02%
- Complexity 920 18549 +17629
=============================================
Files 51 1092 +1041
Lines 3356 61280 +57924
=============================================
+ Hits 531 37287 +36756
- Misses 2825 23993 +21168
Continue to review full report at Codecov.
|
tomneedham
force-pushed
the
sync-after-login
branch
2 times, most recently
from
de3e1ca
to
a905cdf
Compare
tomneedham
force-pushed
the
sync-after-login
branch
from
b08999b
to
8444b7f
Compare
|
I most definitely just broke stuff - but I hope the logic is right.... LDAP login works, DB users work, saml seems to die. Made PRs in LDAP owncloud/user_ldap#156 and Shibboleth https://github.com/owncloud/user_shibboleth/pull/208 to move sync to core |
|
|
tomneedham
force-pushed
the
sync-after-login
branch
from
0fe0976
to
b4acfb3
Compare
|
Ok - fixed saml. But, for some reason the home path is not set so when you login with a new user they done have a home and you get some weird error about symlinks Edit: checked with master of core and user_shibboleth: by default, we somehow get a default home path |
|
Fixed to use default home path if backend does not provide one. However - this could break the home path during a sync if the backend suddently cannot provide a path or provides an invalid path.... I will add a check to not reset it |
|
|
|
Since the syncservice now does user creation, maybe the hooks wont be connected properly anymore... |
tomneedham
force-pushed
the
sync-after-login
branch
from
92c4d63
to
75a728c
Compare
|
I did slightly re-order the hooks here, preCreateUser is now called after the validatePassword GenericEvent... |
lib/private/User/Session.php
Outdated
|
|
||
| $uid = $backend->getCurrentUserId(); | ||
| if ($uid === $this->getUser()->getUID()) { | ||
|
|
||
| if ($this->getUser() != null && $uid === $this->getUser()->getUID()) { |
There was a problem hiding this comment.
If session is active and current session uid matches the request user id then we are authenticated and have nothing more to do
lib/private/User/Session.php
Outdated
| // Die here if not valid | ||
| if(!$backend->isSessionActive()) { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
This is redundant. OC_User::handleApacheAuth will only call this method if there is already an active IApacheBackend with an active session
lib/private/User/SyncService.php
Outdated
| private function syncHome(Account $a, UserInterface $backend) { | ||
| // Home is handled differently, it should only be set on account creation, when there is no home already set | ||
| // Otherwise it could change on a sync and result in a new user folder being created | ||
| if($a->getHome() === null) { |
There was a problem hiding this comment.
I'm not sure if we should do something if the home is different between the account and the backend. As annoying as it will likely be, a warning message saying that we're refusing to update the home folder might be a good idea, specially if the admin expects the home to be updated. Since we don't have any command to change the home folder of a user, I think this is enough; the admin should revert the change in the backend.
There was a problem hiding this comment.
Makes sense to at least output something here - because the admin should be aware.
lib/private/User/Session.php
Outdated
| // completed before we can safely create the users folder. | ||
| // For example encryption needs to initialize the users keys first | ||
| // before we can create the user folder with the skeleton files | ||
| //OC_Hook::emit("OC_User", "post_login", ["uid" => $uid, 'password' => '']); |
There was a problem hiding this comment.
@tomneedham wrong hook? remove line?
|
Started writing tests. Couldn't mock $backend->getHome because it doesnt exist in |
butonic
force-pushed
the
sync-after-login
branch
from
ce3144a
to
23a7db2
Compare
tomneedham
force-pushed
the
sync-after-login
branch
from
23a7db2
to
ce3144a
Compare
butonic
force-pushed
the
sync-after-login
branch
from
1e077d4
to
a4ddcbc
Compare
tomneedham
force-pushed
the
sync-after-login
branch
from
a4ddcbc
to
05a82b5
Compare
| } | ||
|
|
||
| // Now we try to create the account or sync | ||
| $this->userSyncService->createOrSyncAccount($uid, $backend); |
There was a problem hiding this comment.
This means each new login with result in sync, right?
| * @param UserInterface $backend of the user | ||
| * @return Account | ||
| */ | ||
| public function syncAccount(Account $a, UserInterface $backend) { |
There was a problem hiding this comment.
Isnt it 10 calls to LDAP just for one login? @DeepDiver1975 @butonic @tomneedham
There was a problem hiding this comment.
I guess no way it can be 1 call right?
|
Well have to admit, this PR cleaned up a lot of things... code looks now... like a code and not spaghetti ;d |
| $this->mapper->update($a); | ||
| } catch(DoesNotExistException $ex) { | ||
| $a = $this->createNewAccount($uid); |
There was a problem hiding this comment.
change in this line fixed/reverted by #30367
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
remove some code duplication and get the core to run a proper sync on the user metadata during a login
@DeepDiver1975 @PVince81 note that the account table introduced a change in behavior:
setDisplayName()was no longer called on the backend whilecanChangeDisplayName()would still check the backend if it implemented that function. With the account table we can always change display name, email, avatar ... but we may want to prevent that.canChangeDisplayName()already contains a check on the system valueallow_user_to_change_display_name.canChangeAvatar()andcanChangePassword()already exist, but email is missing.Conceptually there are now two cases for setDisplayName:
The current User object code is intended only for the first case.
@tomneedham we need to add a codepath for the second case. AFAICT we should directly work on the accounts... the sync case bypasses any end user limitations.