Skip to content

Commit

Permalink
Merge branch 'release/v4.0.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
@mlojewski-me
mlojewski-me committed Aug 11, 2018
2 parents b1b1ffb + 4be294e commit 880416a
Show file tree
Hide file tree
Showing 63 changed files with 1,000 additions and 190 deletions.
39 changes: 29 additions & 10 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,36 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [v4.0.0-rc2]
## [4.0.0] - 2018-08-11
### Added
- SHA512 Whirlpool hash algorithm
- WoltLab Community Framework 2.x hash algorithm
- phpass hash implementation
- Support for salt column
- User quota synchronization

### Changed
- Example SQL script in README file
- Fixed misspelling

### Changed
- Support for Nextcloud 14 only
- Group backend implementation
- User backend implementation

### Fixed
- Table and column autocomplete in settings panel

## [4.0.0-rc2] - 2018-06-14
### Added
- User active column

### Changed
- Fixed "Use of undefined constant" error for Argon2 Crypt with PHP below 7.2.

## [4.0.0-rc1]
## [4.0.0-rc1] - 2018-06-13
### Added
- New hashing algorithms: Argon2 Crypt (PHP 7.2 and above), Blowfish Crypt, Courier base64-encoded MD5, Courier base64-encoded SHA1,
Courier base64-encoded SHA256, Courier hexadecimal MD5, Extended DES Crypt, SHA256 Crypt,
SHA512 Crypt, SSHA512, Standard DES Crypt
- New hash algorithms: Argon2 Crypt (PHP 7.2 and above), Blowfish Crypt, Courier base64-encoded MD5, Courier base64-encoded SHA1, Courier base64-encoded SHA256, Courier hexadecimal MD5, Extended DES Crypt, SHA256 Crypt, SHA512 Crypt, SSHA512, Standard DES Crypt
- Option to allow users to change their display names
- Option to allow user to change its avatar
- Database query results cache
Expand All @@ -26,10 +44,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- The whole core implementation, which is NOT COMPATIBLE with the previous versions.
- Minimum supported PHP version - 7.0

## Removed
- MySQL ENCRYPT() hashing implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- MySQL PASSWORD() hashing implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- Redmine hashing implementation - Cannot implement in new core system.
### Removed
- MySQL ENCRYPT() hash implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- MySQL PASSWORD() hash implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
- Redmine hash implementation - Cannot implement in new core system.
- User active column - Use database view instead
- Domain support

Expand Down Expand Up @@ -65,6 +83,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Changed
- Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12

[v4.0.0-rc2]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc1...v4.0.0-rc2
[4.0.0]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc2...v4.0.0
[4.0.0-rc2]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc1...v4.0.0-rc2
[4.0.0-rc1]: https://github.com/nextcloud/user_sql/compare/v3.1.0...v4.0.0-rc1
[3.1.0]: https://github.com/nextcloud/user_sql/compare/v2.4.0...v3.1.0
58 changes: 31 additions & 27 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,11 @@ Name | Description | Details
**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
**Hashing algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud storage if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud storage. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
**Home mode** | User storage path.<br/>- *Default* - Let the Nextcloud manage this. The default option.<br/>- *Query* - Use location from the user table pointed by the *home* column.<br/>- *Static* - Use static location. The `%u` variable is replaced with the username of the user. | Optional<br/>Default: *Default*.
**Home Location** | User storage path for the `static` *home mode*. | Mandatory if the *Home mode* is set to `Static`.
**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
**Quota sync** | Sync user quota with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the user quota to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the user quota to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the user quota to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Quota* column.
**Home mode** | User storage path.<br/>- *Default* - Let the Nextcloud manage this. The default option.<br/>- *Query* - Use location from the user table pointed by the *home* column.<br/>- *Static* - Use static location pointed by the *Home Location* option. | Optional<br/>Default: *Default*.
**Home Location** | User storage path for the `Static` *Home mode*. The `%u` variable is replaced with the username of the user. | Mandatory if the *Home mode* is set to `Static`.

#### User table

Expand All @@ -64,11 +65,13 @@ Name | Description | Details
**Table name** | The table name. | Mandatory for user backend.
**Username** | Username column. | Mandatory for user backend.
**Email** | E-mail column. | Mandatory for *Email sync* option.
**Quota** | Quota column. | Mandatory for *Quota sync* option.
**Home** | Home path column. | Mandatory for `Query` *Home sync* option.
**Password** | Password hash column. | Mandatory for user backend.
**Display name** | Display name column. | Optional.
**Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
**Can change avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
**Salt** | Salt which is appended to password when checking or changing the password. | Optional.

#### Group table

Expand Down Expand Up @@ -105,36 +108,34 @@ but be aware that some functionalities requires data changes (update queries).

If you don't have any database model yet you can use below tables (MySQL):
```
CREATE TABLE sql_users
CREATE TABLE sql_user
(
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(16) NOT NULL,
display_name TEXT NULL,
email TEXT NULL,
home TEXT NULL,
password TEXT NOT NULL,
active TINYINT(1) NOT NULL DEFAULT '1',
can_change_avatar BOOLEAN NOT NULL DEFAULT FALSE,
CONSTRAINT users_username_uindex UNIQUE (username)
username VARCHAR(16) PRIMARY KEY,
display_name TEXT NULL,
email TEXT NULL,
quota TEXT NULL,
home TEXT NULL,
password TEXT NOT NULL,
active TINYINT(1) NOT NULL DEFAULT '1',
provide_avatar BOOLEAN NOT NULL DEFAULT FALSE
);
CREATE TABLE sql_group
(
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(16) NOT NULL,
name VARCHAR(16) PRIMARY KEY,
display_name TEXT NULL,
admin BOOLEAN NOT NULL DEFAULT FALSE,
CONSTRAINT group_name_uindex UNIQUE (name)
admin BOOLEAN NOT NULL DEFAULT FALSE
);
CREATE TABLE sql_user_group
(
id INT AUTO_INCREMENT PRIMARY KEY,
group_name VARCHAR(16) NOT NULL,
username VARCHAR(16) NOT NULL,
CONSTRAINT user_group_group_name_username_uindex UNIQUE (group_name, username),
INDEX user_group_group_name_index (group_name),
INDEX user_group_username_index (username)
group_name VARCHAR(16) NOT NULL,
PRIMARY KEY (username, group_name),
FOREIGN KEY (username) REFERENCES sql_user (username),
FOREIGN KEY (group_name) REFERENCES sql_group (name),
INDEX sql_user_group_username_idx (username),
INDEX sql_user_group_group_name_idx (group_name)
);
```

Expand All @@ -148,7 +149,7 @@ User table: wp_users
Username column: user_login
Password column: user_pass
Hashing algorithm: Unix (Crypt)
Hash algorithm: Unix (Crypt) or Portable PHP password
```

#### JHipster
Expand All @@ -165,7 +166,7 @@ Password column: password_hash
Email column: email
Active column: activated
Hashing algorithm: Unix (Crypt)
Hash algorithm: Unix (Crypt)
```

## Hash algorithms
Expand All @@ -190,9 +191,12 @@ SHA512 (Crypt) | Generates hash with 5000 rounds. | $6$rounds=5000$yH.Q0OL4qbCOU
Standard DES (Crypt) | | yTBnb7ab/N072
Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02

## Development

Expand All @@ -202,7 +206,7 @@ Add a new class in the `OCA\UserSQL\Platform` namespace which extends the `Abstr
Add this driver in `admin.php` template to `$drivers` variable and in method `getPlatform(Connection $connection)`
of `PlatformFactory` class.

#### New hashing algorithm support
#### New hash algorithm support

Create a new class in `OCA\UserSQL\Crypto` namespace which implements `IPasswordAlgorithm` interface.
Do not forget to write unit tests.
Expand Down
8 changes: 4 additions & 4 deletions appinfo/info.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@
Retrieve the users and groups info. Allow the users to change their passwords.
Sync the users' email addresses with the addresses stored by Nextcloud.
</description>
<version>4.0.0-rc2</version>
<version>4.0.0</version>
<licence>agpl</licence>
<author>Andreas Böhler &lt;dev (at) aboehler (dot) at&gt;</author>
<author>Marcin Łojewski &lt;[email protected]&gt;</author>
<author>Marcin Łojewski</author>
<author>Andreas Böhler</author>
<namespace>UserSQL</namespace>
<bugs>https://github.com/nextcloud/user_sql/issues</bugs>
<repository>https://github.com/nextcloud/user_sql</repository>
Expand All @@ -22,7 +22,7 @@
<category>auth</category>
<dependencies>
<php min-version="7.0"/>
<nextcloud min-version="13" max-version="13"/>
<nextcloud min-version="14" max-version="14"/>
</dependencies>
<settings>
<admin>\OCA\UserSQL\Settings\Admin</admin>
Expand Down
Binary file modified img/screenshot.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 2 additions & 1 deletion js/settings.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ user_sql.adminSettingsUI = function () {
$(ids).autocomplete({
source: function (request, response) {
var post = $(form_id).serializeArray();
post.push({name: "input", value: request["term"]});
$.post(OC.generateUrl(path), post, response, "json");
},
minLength: 0,
Expand Down Expand Up @@ -75,7 +76,7 @@ user_sql.adminSettingsUI = function () {
);

autocomplete(
"#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar",
"#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-quota, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar, #db-table-user-column-salt",
"/apps/user_sql/settings/autocomplete/table/user"
);

Expand Down
6 changes: 3 additions & 3 deletions lib/Action/EmailSync.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ public function doAction(User $user)
$result = false;

switch ($this->properties[Opt::EMAIL_SYNC]) {
case App::EMAIL_INITIAL:
case App::SYNC_INITIAL:
if (empty($ncMail) && !empty($user->email)) {
$this->config->setUserValue(
$user->uid, "settings", "email", $user->email
Expand All @@ -103,7 +103,7 @@ public function doAction(User $user)

$result = true;
break;
case App::EMAIL_FORCE_NC:
case App::SYNC_FORCE_NC:
if (!empty($ncMail) && $user->email !== $ncMail) {
$user = $this->userRepository->findByUid($user->uid);
if (!($user instanceof User)) {
Expand All @@ -115,7 +115,7 @@ public function doAction(User $user)
}

break;
case App::EMAIL_FORCE_SQL:
case App::SYNC_FORCE_SQL:
if (!empty($user->email) && $user->email !== $ncMail) {
$this->config->setUserValue(
$user->uid, "settings", "email", $user->email
Expand Down
137 changes: 137 additions & 0 deletions lib/Action/QuotaSync.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
<?php
/**
* Nextcloud - user_sql
*
* @copyright 2018 Marcin Łojewski <[email protected]>
* @author Marcin Łojewski <[email protected]>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/

namespace OCA\UserSQL\Action;

use OCA\UserSQL\Constant\App;
use OCA\UserSQL\Constant\Opt;
use OCA\UserSQL\Model\User;
use OCA\UserSQL\Properties;
use OCA\UserSQL\Repository\UserRepository;
use OCP\IConfig;
use OCP\ILogger;

/**
* Synchronizes the user quota.
*
* @author Marcin Łojewski <[email protected]>
*/
class QuotaSync implements IUserAction
{
/**
* @var string The application name.
*/
private $appName;
/**
* @var ILogger The logger instance.
*/
private $logger;
/**
* @var Properties The properties array.
*/
private $properties;
/**
* @var IConfig The config instance.
*/
private $config;
/**
* @var UserRepository The user repository.
*/
private $userRepository;

/**
* The default constructor.
*
* @param string $appName The application name.
* @param ILogger $logger The logger instance.
* @param Properties $properties The properties array.
* @param IConfig $config The config instance.
* @param UserRepository $userRepository The user repository.
*/
public function __construct(
$appName, ILogger $logger, Properties $properties, IConfig $config,
UserRepository $userRepository
) {
$this->appName = $appName;
$this->logger = $logger;
$this->properties = $properties;
$this->config = $config;
$this->userRepository = $userRepository;
}

/**
* @inheritdoc
* @throws \OCP\PreConditionNotMetException
*/
public function doAction(User $user)
{
$this->logger->debug(
"Entering QuotaSync#doAction($user->uid)", ["app" => $this->appName]
);

$ncQuota = $this->config->getUserValue(
$user->uid, "files", "quota", ""
);

$result = false;

switch ($this->properties[Opt::QUOTA_SYNC]) {
case App::SYNC_INITIAL:
if (empty($ncQuota) && !empty($user->quota)) {
$this->config->setUserValue(
$user->uid, "files", "quota", $user->quota
);
}

$result = true;
break;
case App::SYNC_FORCE_NC:
if (!empty($ncQuota) && $user->quota !== $ncQuota) {
$user = $this->userRepository->findByUid($user->uid);
if (!($user instanceof User)) {
break;
}

$user->quota = $ncQuota;
$result = $this->userRepository->save($user);
}

break;
case App::SYNC_FORCE_SQL:
if (!empty($user->quota) && $user->quota !== $ncQuota) {
$this->config->setUserValue(
$user->uid, "files", "quota", $user->quota
);
}

$result = true;
break;
}

$this->logger->debug(
"Returning QuotaSync#doAction($user->uid): " . ($result ? "true"
: "false"),
["app" => $this->appName]
);

return $result;
}
}
Loading

0 comments on commit 880416a

Please sign in to comment.