Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4adf9eaa authored by Akhil's avatar Akhil 🙂
Browse files

Merge branch 'ldap-check-pwd-patch' into 'main'

Ldap check pwd patch

See merge request !152
parents f70da530 49fdf7ab
Loading
Loading
Loading
Loading
Loading
+11 −27
Original line number Diff line number Diff line
FROM nextcloud:24.0.8-fpm AS nextcloud
ARG BASE_DIR="/usr/src/nextcloud"
ARG TMP_PATCH_DIR="/tmp/build_patches"
ARG THEME_HELPER_JOB_ID="446245"
ARG NEWS_VERSION="20.0.0"
ARG QUOTA_WARN_VERSION="1.15.0"
ARG THEME_HELPER_JOB_ID="471836"
ARG NOTES_VERSION="4.5.1"
ARG CONTACTS_JOB_ID="471108"
ARG CALENDAR_JOB_ID="471116"
ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0"
ARG EMAIL_RECOVERY_JOB_ID="445958"
ARG RAINLOOP_VERSION="7.2.5"
ARG RAINLOOP_COMMIT_SHA="523518ba"
ARG EA_JOB_ID="445966"
ARG RAINLOOP_COMMIT_SHA="28a5d603"
ARG EA_JOB_ID="471828"
ARG ECLOUD_LAUNCHER_JOB_ID="458901"
ARG GOOGLE_INTEGRATION_VERSION="1.0.8"
ARG ECLOUD_DASHBOARD_JOB_ID="485170"
@@ -23,17 +20,6 @@ RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images
# Install unzip for unzipping artifacts
RUN apt-get update && apt-get install unzip

# Custom apps
RUN curl -fsSL -o news.tar.gz \
    "https://github.com/nextcloud/news/releases/download/${NEWS_VERSION}/news.tar.gz" && \
    tar -xf news.tar.gz -C ${BASE_DIR}/custom_apps/ && \
    rm news.tar.gz;

RUN curl -fsSL -o quota_warning.tar.gz \
    "https://github.com/nextcloud-releases/quota_warning/releases/download/v${QUOTA_WARN_VERSION}/quota_warning-v${QUOTA_WARN_VERSION}.tar.gz" && \
    tar -xf quota_warning.tar.gz -C ${BASE_DIR}/custom_apps/ && \
    rm quota_warning.tar.gz;

RUN curl -fsSL -o notes.tar.gz \
    "https://github.com/nextcloud/notes/releases/download/v${NOTES_VERSION}/notes.tar.gz" && \
    tar -xf notes.tar.gz -C ${BASE_DIR}/custom_apps/ && \
@@ -46,18 +32,12 @@ RUN curl -fsSL -o contacts.zip \
    mv dist/contacts ${BASE_DIR}/custom_apps/ && \
    rm contacts.zip;

# custom Calendar 3.2.4
RUN curl -fsSL -o calendar.zip \
    "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/calendar/-/jobs/${CALENDAR_JOB_ID}/artifacts/download" && \
    unzip calendar.zip && \
    mv dist/calendar ${BASE_DIR}/custom_apps/ && \
    rm calendar.zip;

RUN curl -fsSL -o user_backend_sql_raw.tar.gz \
    "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \
    tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \
    rm user_backend_sql_raw.tar.gz;

RUN curl -fsSL -o email-recovery.zip \
    "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/email-recovery/-/jobs/${EMAIL_RECOVERY_JOB_ID}/artifacts/download" && \
    unzip email-recovery.zip && \
@@ -113,6 +93,7 @@ From nextcloud as selfhost
ARG BASE_DIR="/usr/src/nextcloud"
ARG TMP_PATCH_DIR="/tmp/build_patches"
ARG THEME_VERSION="selfhost-22.0.0"
ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0"

# Patches
COPY patches/ ${TMP_PATCH_DIR}/
@@ -141,6 +122,12 @@ RUN curl -fsSL -o eCloud-theme.tar.gz \
    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \
    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/

# User Backend
RUN curl -fsSL -o user_backend_sql_raw.tar.gz \
    "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \
    tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \
    rm user_backend_sql_raw.tar.gz;

# Set default class of hidden to settings-hint
RUN sed -i 's/settings-hint/settings-hint hidden/' ${BASE_DIR}/apps/settings/templates/settings/personal/security/twofactor.php
# change notifications icon src
@@ -165,9 +152,9 @@ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-
RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch
RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch
RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch
RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch
RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch
RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch
RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch
RUN rm -rf ${TMP_PATCH_DIR}

RUN curl -fsSL -o ldap_write_support.tar.gz \
@@ -198,9 +185,6 @@ RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/"GROUP","INDIVIDUAL"/"INDIV
RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/calendar-main.js
RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/{name:\[o,"displayname"\]},//' js/calendar-main.js

# Set default widgets to calendar, tasks and notes
RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php

# Remove colored background from email template logo
RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php

+0 −2
Original line number Diff line number Diff line
@@ -18,9 +18,7 @@ fi
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"

if version_greater "$image_version" "$installed_version"; then
    rsync $rsync_options --include "/news/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
    rsync $rsync_options --include "/notes/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
    rsync $rsync_options --include "/quota_warning/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
    rsync $rsync_options --include "/calendar/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
    rsync $rsync_options --include "/contacts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
    rsync $rsync_options --include "/user_backend_sql_raw/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
+0 −18
Original line number Diff line number Diff line
From: Akhil <akhil@e.email>
Date: Fri, 17 Sep 2021 13:00 +0530
Subject: [PATCH] Removes user status widget from Dashboard

This patch removes user status widget from available widgets in dashboard

--- DashboardController.php	2021-09-17 12:56:19.691685082 +0530
+++ DashboardController-new.php	2021-09-17 12:59:18.906502554 +0530
@@ -108,6 +108,9 @@
 				'url' => $widget->getUrl()
 			];
 		}, $this->dashboardManager->getWidgets());
+                $widgets = array_filter($widgets, function($widget) {
+                        return($widget['id'] !== "user_status");
+                });
 		$configStatuses = $this->config->getUserValue($this->userId, 'dashboard', 'statuses', '');
 		$statuses = json_decode($configStatuses, true);
 		// We avoid getting an empty array as it will not produce an object in UI's JS
+59 −0
Original line number Diff line number Diff line
From: Akhil <akhil@e.email>
Date: Wed, 04 Jan 2023 16:24 +0530
Subject: [PATCH] This patch optimize the ldap checkPassword function to reduce number of LDAP binds and SQL UPDATE operations per password check

--- ./apps/user_ldap/lib/User_LDAP.php	2023-01-04 16:20:02.747181606 +0530
+++ ./apps/user_ldap/lib/User_LDAP-new.php	2023-01-17 19:22:51.776857415 +0530
@@ -114,11 +114,12 @@
 	 * @return string|false
 	 * @throws \Exception
 	 */
-	public function loginName2UserName($loginName) {
+	public function loginName2UserName($loginName, bool $forceLdapRefetch = false) {
 		$cacheKey = 'loginName2UserName-' . $loginName;
 		$username = $this->access->connection->getFromCache($cacheKey);
 
-		if ($username !== null) {
+		$ignoreCache = ($username === false && $forceLdapRefetch);
+		if ($username !== null && !$ignoreCache) {
 			return $username;
 		}
 
@@ -133,6 +134,9 @@
 			}
 			$username = $user->getUsername();
 			$this->access->connection->writeToCache($cacheKey, $username);
+			if($forceLdapRefetch) {
+				$user->processAttributes($ldapRecord);
+			}
 			return $username;
 		} catch (NotOnLDAP $e) {
 			$this->access->connection->writeToCache($cacheKey, false);
@@ -176,16 +180,11 @@
 	 * @return false|string
 	 */
 	public function checkPassword($uid, $password) {
-		try {
-			$ldapRecord = $this->getLDAPUserByLoginName($uid);
-		} catch (NotOnLDAP $e) {
-			$this->logger->debug(
-				$e->getMessage(),
-				['app' => 'user_ldap', 'exception' => $e]
-			);
+		$username = $this->loginName2UserName($uid, true);
+		if(!$username) {
 			return false;
 		}
-		$dn = $ldapRecord['dn'][0];
+		$dn = $this->access->username2dn($username);
 		$user = $this->access->userManager->get($dn);
 
 		if (!$user instanceof User) {
@@ -203,7 +202,6 @@
 			}
 
 			$this->access->cacheUserExists($user->getUsername());
-			$user->processAttributes($ldapRecord);
 			$user->markLogin();
 
 			return $user->getUsername();