Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4adf9eaa authored by Akhil's avatar Akhil 🙂
Browse files

Merge branch 'ldap-check-pwd-patch' into 'main' 

Ldap check pwd patch

See merge request !152
parents f70da530 49fdf7ab

Dockerfile

+11 −27
Original line number Diff line number Diff line 
FROM nextcloud:24.0.8-fpm AS nextcloud

ARG BASE_DIR="/usr/src/nextcloud"

ARG TMP_PATCH_DIR="/tmp/build_patches"

ARG THEME_HELPER_JOB_ID="446245"

ARG NEWS_VERSION="20.0.0"

ARG QUOTA_WARN_VERSION="1.15.0"

ARG THEME_HELPER_JOB_ID="471836"

ARG NOTES_VERSION="4.5.1"

ARG CONTACTS_JOB_ID="471108"

ARG CALENDAR_JOB_ID="471116"

ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0"

ARG EMAIL_RECOVERY_JOB_ID="445958"

ARG RAINLOOP_VERSION="7.2.5"

ARG RAINLOOP_COMMIT_SHA="523518ba"

ARG EA_JOB_ID="445966"

ARG RAINLOOP_COMMIT_SHA="28a5d603"

ARG EA_JOB_ID="471828"

ARG ECLOUD_LAUNCHER_JOB_ID="458901"

ARG GOOGLE_INTEGRATION_VERSION="1.0.8"

ARG ECLOUD_DASHBOARD_JOB_ID="485170"
@@ -23,17 +20,6 @@ RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images 
# Install unzip for unzipping artifacts

RUN apt-get update && apt-get install unzip



# Custom apps

RUN curl -fsSL -o news.tar.gz \

    "https://github.com/nextcloud/news/releases/download/${NEWS_VERSION}/news.tar.gz" && \

    tar -xf news.tar.gz -C ${BASE_DIR}/custom_apps/ && \

    rm news.tar.gz;



RUN curl -fsSL -o quota_warning.tar.gz \

    "https://github.com/nextcloud-releases/quota_warning/releases/download/v${QUOTA_WARN_VERSION}/quota_warning-v${QUOTA_WARN_VERSION}.tar.gz" && \

    tar -xf quota_warning.tar.gz -C ${BASE_DIR}/custom_apps/ && \

    rm quota_warning.tar.gz;



RUN curl -fsSL -o notes.tar.gz \

    "https://github.com/nextcloud/notes/releases/download/v${NOTES_VERSION}/notes.tar.gz" && \

    tar -xf notes.tar.gz -C ${BASE_DIR}/custom_apps/ && \
@@ -46,18 +32,12 @@ RUN curl -fsSL -o contacts.zip \ 
    mv dist/contacts ${BASE_DIR}/custom_apps/ && \

    rm contacts.zip;



# custom Calendar 3.2.4

RUN curl -fsSL -o calendar.zip \

    "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/calendar/-/jobs/${CALENDAR_JOB_ID}/artifacts/download" && \

    unzip calendar.zip && \

    mv dist/calendar ${BASE_DIR}/custom_apps/ && \

    rm calendar.zip;



RUN curl -fsSL -o user_backend_sql_raw.tar.gz \

    "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \

    tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \

    rm user_backend_sql_raw.tar.gz;



RUN curl -fsSL -o email-recovery.zip \

    "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/email-recovery/-/jobs/${EMAIL_RECOVERY_JOB_ID}/artifacts/download" && \

    unzip email-recovery.zip && \
@@ -113,6 +93,7 @@ From nextcloud as selfhost 
ARG BASE_DIR="/usr/src/nextcloud"

ARG TMP_PATCH_DIR="/tmp/build_patches"

ARG THEME_VERSION="selfhost-22.0.0"

ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0"



# Patches

COPY patches/ ${TMP_PATCH_DIR}/
@@ -141,6 +122,12 @@ RUN curl -fsSL -o eCloud-theme.tar.gz \ 
    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \

    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/



# User Backend

RUN curl -fsSL -o user_backend_sql_raw.tar.gz \

    "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \

    tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \

    rm user_backend_sql_raw.tar.gz;



# Set default class of hidden to settings-hint

RUN sed -i 's/settings-hint/settings-hint hidden/' ${BASE_DIR}/apps/settings/templates/settings/personal/security/twofactor.php

# change notifications icon src
@@ -165,9 +152,9 @@ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003- 
RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch

RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch

RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch

RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch

RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch

RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch

RUN rm -rf ${TMP_PATCH_DIR}



RUN curl -fsSL -o ldap_write_support.tar.gz \
@@ -198,9 +185,6 @@ RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/"GROUP","INDIVIDUAL"/"INDIV 
RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/calendar-main.js

RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/{name:\[o,"displayname"\]},//' js/calendar-main.js



# Set default widgets to calendar, tasks and notes

RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php



# Remove colored background from email template logo

RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php

custom_entrypoint.sh

+0 −2
Original line number Diff line number Diff line
@@ -18,9 +18,7 @@ fi 
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"



if version_greater "$image_version" "$installed_version"; then

    rsync $rsync_options --include "/news/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/

    rsync $rsync_options --include "/notes/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/

    rsync $rsync_options --include "/quota_warning/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/

    rsync $rsync_options --include "/calendar/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/

    rsync $rsync_options --include "/contacts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/

    rsync $rsync_options --include "/user_backend_sql_raw/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/

patches/012-remove-user-status-widget.patch

deleted100644 → 0
+0 −18
Original line number Diff line number Diff line 
From: Akhil <akhil@e.email>

Date: Fri, 17 Sep 2021 13:00 +0530

Subject: [PATCH] Removes user status widget from Dashboard



This patch removes user status widget from available widgets in dashboard



--- DashboardController.php	2021-09-17 12:56:19.691685082 +0530

+++ DashboardController-new.php	2021-09-17 12:59:18.906502554 +0530

@@ -108,6 +108,9 @@

 				'url' => $widget->getUrl()

 			];

 		}, $this->dashboardManager->getWidgets());

+                $widgets = array_filter($widgets, function($widget) {

+                        return($widget['id'] !== "user_status");

+                });

 		$configStatuses = $this->config->getUserValue($this->userId, 'dashboard', 'statuses', '');

 		$statuses = json_decode($configStatuses, true);

 		// We avoid getting an empty array as it will not produce an object in UI's JS

patches/023-ldap-check-pwd-optimization.patch

0 → 100644
+59 −0
Original line number Diff line number Diff line 
From: Akhil <akhil@e.email>

Date: Wed, 04 Jan 2023 16:24 +0530

Subject: [PATCH] This patch optimize the ldap checkPassword function to reduce number of LDAP binds and SQL UPDATE operations per password check



--- ./apps/user_ldap/lib/User_LDAP.php	2023-01-04 16:20:02.747181606 +0530

+++ ./apps/user_ldap/lib/User_LDAP-new.php	2023-01-17 19:22:51.776857415 +0530

@@ -114,11 +114,12 @@

 	 * @return string|false

 	 * @throws \Exception

 	 */

-	public function loginName2UserName($loginName) {

+	public function loginName2UserName($loginName, bool $forceLdapRefetch = false) {

 		$cacheKey = 'loginName2UserName-' . $loginName;

 		$username = $this->access->connection->getFromCache($cacheKey);

 

-		if ($username !== null) {

+		$ignoreCache = ($username === false && $forceLdapRefetch);

+		if ($username !== null && !$ignoreCache) {

 			return $username;

 		}

 

@@ -133,6 +134,9 @@

 			}

 			$username = $user->getUsername();

 			$this->access->connection->writeToCache($cacheKey, $username);

+			if($forceLdapRefetch) {

+				$user->processAttributes($ldapRecord);

+			}

 			return $username;

 		} catch (NotOnLDAP $e) {

 			$this->access->connection->writeToCache($cacheKey, false);

@@ -176,16 +180,11 @@

 	 * @return false|string

 	 */

 	public function checkPassword($uid, $password) {

-		try {

-			$ldapRecord = $this->getLDAPUserByLoginName($uid);

-		} catch (NotOnLDAP $e) {

-			$this->logger->debug(

-				$e->getMessage(),

-				['app' => 'user_ldap', 'exception' => $e]

-			);

+		$username = $this->loginName2UserName($uid, true);

+		if(!$username) {

 			return false;

 		}

-		$dn = $ldapRecord['dn'][0];

+		$dn = $this->access->username2dn($username);

 		$user = $this->access->userManager->get($dn);

 

 		if (!$user instanceof User) {

@@ -203,7 +202,6 @@

 			}

 

 			$this->access->cacheUserExists($user->getUsername());

-			$user->processAttributes($ldapRecord);

 			$user->markLogin();

 

 			return $user->getUsername();