Loading README.md +9 −0 Original line number Diff line number Diff line Loading @@ -143,3 +143,12 @@ The values should be set as follows: - `occ config:system:set newsletter_list_ids eos --value=1234`: should be set to the list ID for the eOS newsletter - `occ config:system:set newsletter_list_ids product --value=1234 --type=integer` should be set to the list ID for the shop newsletter - `occ config:system:set newsletter_list_ids b2b --value=1234 --type=integer` should be set to the list ID for the B2B newsletter ## Vault account delete configuration: Needs configuration variables to be set: ``` oidc_vault_account_delete_url=vault-full-url oidc_vault_account_delete_token=vault-token ``` No newline at end of file lib/Listeners/BeforeUserDeletedListener.php +45 −1 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ use Exception; use OCA\EcloudAccounts\Exception\DeletingUserWithActiveSubscriptionException; use OCA\EcloudAccounts\Service\LDAPConnectionService; use OCA\EcloudAccounts\Service\ShopAccountService; use OCA\EcloudAccounts\Service\SSOService; use OCA\EcloudAccounts\Service\UserService; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\IEventListener; Loading @@ -21,13 +22,15 @@ class BeforeUserDeletedListener implements IEventListener { private $LDAPConnectionService; private $shopAccountService; private $userService; private SSOService $ssoService; public function __construct(LoggerInterface $logger, IConfig $config, LDAPConnectionService $LDAPConnectionService, UserService $userService, ShopAccountService $shopAccountService) { public function __construct(LoggerInterface $logger, IConfig $config, LDAPConnectionService $LDAPConnectionService, UserService $userService, ShopAccountService $shopAccountService, SSOService $ssoService) { $this->logger = $logger; $this->config = $config; $this->LDAPConnectionService = $LDAPConnectionService; $this->shopAccountService = $shopAccountService; $this->userService = $userService; $this->ssoService = $ssoService; } Loading @@ -51,6 +54,16 @@ class BeforeUserDeletedListener implements IEventListener { } catch (Exception $e) { $this->logger->error('Error deleting mail folder for user '. $uid . ' :' . $e->getMessage()); } $this->logger->info('Deleting vault account of user '.$uid); $this->ssoService->setupUserId($uid); //will retrieve id if not already in user settings $oidcUid = $this->ssoService->getCurrentUserId(); if (!empty($oidcUid)) { $this->triggerVaultAccountDelete($oidcUid); } else { $this->logger->error('Error deleting vault account: No ssoid for '.$uid); } try { if ($this->LDAPConnectionService->isLDAPEnabled() && $isUserOnLDAP) { $conn = $this->LDAPConnectionService->getLDAPConnection(); Loading Loading @@ -113,4 +126,35 @@ class BeforeUserDeletedListener implements IEventListener { return $aliasEntries; } private function triggerVaultAccountDelete(string $oidcUid): void { $webhookUrl = $this->config->getSystemValue('oidc_vault_account_delete_url', ''); if ('' === trim($webhookUrl)) { return; } $token = $this->config->getSystemValue('oidc_vault_account_delete_token', ''); if ('' === trim($token)) { return; } $authorization = "Authorization: Bearer ".$token; $payload = http_build_query(['ssoId' => $oidcUid]); $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => $webhookUrl."?".$payload, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => array($authorization), CURLOPT_TIMEOUT => 10, ]); $response = curl_exec($curl); if (false === $response) { $this->logger->error('Failed to call vault account delete api', [ 'error' => curl_error($curl), ]); } else { $this->logger->info('Vault account delete successfully called'); } curl_close($curl); } } lib/Service/SSOService.php +5 −1 Original line number Diff line number Diff line Loading @@ -253,6 +253,10 @@ class SSOService { $this->migrateCredential($username, $secret); } public function getCurrentUserId() : String { return $this->currentUserId; } private function getCredentialIds() : array { $url = $this->ssoConfig['admin_rest_api_url'] . self::CREDENTIALS_ENDPOINT; $url = str_replace('{USER_ID}', $this->currentUserId, $url); Loading Loading @@ -303,7 +307,7 @@ class SSOService { return $credentialEntry; } private function setupUserId(string $username) : void { public function setupUserId(string $username) : void { $user = $this->userManager->get($username); $savedOIDCUid = $this->config->getUserValue($user->getUID(), 'oidc_login', 'oidc_uid'); Loading Loading
README.md +9 −0 Original line number Diff line number Diff line Loading @@ -143,3 +143,12 @@ The values should be set as follows: - `occ config:system:set newsletter_list_ids eos --value=1234`: should be set to the list ID for the eOS newsletter - `occ config:system:set newsletter_list_ids product --value=1234 --type=integer` should be set to the list ID for the shop newsletter - `occ config:system:set newsletter_list_ids b2b --value=1234 --type=integer` should be set to the list ID for the B2B newsletter ## Vault account delete configuration: Needs configuration variables to be set: ``` oidc_vault_account_delete_url=vault-full-url oidc_vault_account_delete_token=vault-token ``` No newline at end of file
lib/Listeners/BeforeUserDeletedListener.php +45 −1 Original line number Diff line number Diff line Loading @@ -8,6 +8,7 @@ use Exception; use OCA\EcloudAccounts\Exception\DeletingUserWithActiveSubscriptionException; use OCA\EcloudAccounts\Service\LDAPConnectionService; use OCA\EcloudAccounts\Service\ShopAccountService; use OCA\EcloudAccounts\Service\SSOService; use OCA\EcloudAccounts\Service\UserService; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\IEventListener; Loading @@ -21,13 +22,15 @@ class BeforeUserDeletedListener implements IEventListener { private $LDAPConnectionService; private $shopAccountService; private $userService; private SSOService $ssoService; public function __construct(LoggerInterface $logger, IConfig $config, LDAPConnectionService $LDAPConnectionService, UserService $userService, ShopAccountService $shopAccountService) { public function __construct(LoggerInterface $logger, IConfig $config, LDAPConnectionService $LDAPConnectionService, UserService $userService, ShopAccountService $shopAccountService, SSOService $ssoService) { $this->logger = $logger; $this->config = $config; $this->LDAPConnectionService = $LDAPConnectionService; $this->shopAccountService = $shopAccountService; $this->userService = $userService; $this->ssoService = $ssoService; } Loading @@ -51,6 +54,16 @@ class BeforeUserDeletedListener implements IEventListener { } catch (Exception $e) { $this->logger->error('Error deleting mail folder for user '. $uid . ' :' . $e->getMessage()); } $this->logger->info('Deleting vault account of user '.$uid); $this->ssoService->setupUserId($uid); //will retrieve id if not already in user settings $oidcUid = $this->ssoService->getCurrentUserId(); if (!empty($oidcUid)) { $this->triggerVaultAccountDelete($oidcUid); } else { $this->logger->error('Error deleting vault account: No ssoid for '.$uid); } try { if ($this->LDAPConnectionService->isLDAPEnabled() && $isUserOnLDAP) { $conn = $this->LDAPConnectionService->getLDAPConnection(); Loading Loading @@ -113,4 +126,35 @@ class BeforeUserDeletedListener implements IEventListener { return $aliasEntries; } private function triggerVaultAccountDelete(string $oidcUid): void { $webhookUrl = $this->config->getSystemValue('oidc_vault_account_delete_url', ''); if ('' === trim($webhookUrl)) { return; } $token = $this->config->getSystemValue('oidc_vault_account_delete_token', ''); if ('' === trim($token)) { return; } $authorization = "Authorization: Bearer ".$token; $payload = http_build_query(['ssoId' => $oidcUid]); $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => $webhookUrl."?".$payload, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => array($authorization), CURLOPT_TIMEOUT => 10, ]); $response = curl_exec($curl); if (false === $response) { $this->logger->error('Failed to call vault account delete api', [ 'error' => curl_error($curl), ]); } else { $this->logger->info('Vault account delete successfully called'); } curl_close($curl); } }
lib/Service/SSOService.php +5 −1 Original line number Diff line number Diff line Loading @@ -253,6 +253,10 @@ class SSOService { $this->migrateCredential($username, $secret); } public function getCurrentUserId() : String { return $this->currentUserId; } private function getCredentialIds() : array { $url = $this->ssoConfig['admin_rest_api_url'] . self::CREDENTIALS_ENDPOINT; $url = str_replace('{USER_ID}', $this->currentUserId, $url); Loading Loading @@ -303,7 +307,7 @@ class SSOService { return $credentialEntry; } private function setupUserId(string $username) : void { public function setupUserId(string $username) : void { $user = $this->userManager->get($username); $savedOIDCUid = $this->config->getUserValue($user->getUID(), 'oidc_login', 'oidc_uid'); Loading
