Create local VO groups after user authenticates with AAI

Author: smesterheide

.php-cs-fixer.cache

@@ -1 +1 @@
-{"php":"8.1.8","version":"3.4.0:v3.4.0#47177af1cfb9dab5d1cc4daf91b7179c2efe7fad","indent":"\t","lineEnding":"\n","rules":{"encoding":true,"full_opening_tag":true,"blank_line_after_namespace":true,"braces":{"position_after_anonymous_constructs":"same","position_after_control_structures":"same","position_after_functions_and_oop_constructs":"same"},"class_definition":true,"constant_case":true,"elseif":true,"function_declaration":{"closure_function_spacing":"one"},"indentation_type":true,"line_ending":true,"lowercase_keywords":true,"method_argument_space":{"on_multiline":"ignore"},"no_break_comment":true,"no_closing_tag":true,"no_space_around_double_colon":true,"no_spaces_after_function_name":true,"no_spaces_inside_parenthesis":true,"no_trailing_whitespace":true,"no_trailing_whitespace_in_comment":true,"single_blank_line_at_eof":true,"single_class_element_per_statement":true,"single_import_per_statement":true,"single_line_after_imports":true,"switch_case_semicolon_to_colon":true,"switch_case_space":true,"visibility_required":{"elements":["property","method","const"]},"align_multiline_comment":true,"array_indentation":true,"binary_operator_spaces":{"default":"single_space"},"blank_line_after_opening_tag":true,"no_unused_imports":true},"hashes":{"tests\/Unit\/Controller\/PageControllerTest.php":2207155758,"tests\/Integration\/AppTest.php":2950225233,"tests\/bootstrap.php":41908297,"appinfo\/routes.php":2458579438,"templates\/adminSettings.php":805129342,"templates\/personalSettings.php":1395204514,"templates\/index.php":2734865279,"node_modules\/flatted\/php\/flatted.php":3670498728,"lib\/Settings\/Admin.php":4177689181,"lib\/Settings\/AdminSection.php":3667266050,"lib\/Settings\/Personal.php":774712035,"lib\/Settings\/PersonalSection.php":237427933,"lib\/Vendor\/Firebase\/JWT\/BeforeValidException.php":3387887423,"lib\/Vendor\/Firebase\/JWT\/Key.php":2086644246,"lib\/Vendor\/Firebase\/JWT\/ExpiredException.php":1091148461,"lib\/Vendor\/Firebase\/JWT\/SignatureInvalidException.php":3046842981,"lib\/Vendor\/Firebase\/JWT\/JWT.php":23558362,"lib\/Vendor\/Firebase\/JWT\/JWK.php":909127881,"lib\/Controller\/LoginController.php":3892407794,"lib\/Controller\/PageController.php":4113731223,"lib\/Controller\/ConfigController.php":2824957717,"lib\/Service\/ProviderService.php":661513495,"lib\/AppInfo\/Application.php":4168035612}}
+{"php":"8.1.8","version":"3.4.0:v3.4.0#47177af1cfb9dab5d1cc4daf91b7179c2efe7fad","indent":"\t","lineEnding":"\n","rules":{"encoding":true,"full_opening_tag":true,"blank_line_after_namespace":true,"braces":{"position_after_anonymous_constructs":"same","position_after_control_structures":"same","position_after_functions_and_oop_constructs":"same"},"class_definition":true,"constant_case":true,"elseif":true,"function_declaration":{"closure_function_spacing":"one"},"indentation_type":true,"line_ending":true,"lowercase_keywords":true,"method_argument_space":{"on_multiline":"ignore"},"no_break_comment":true,"no_closing_tag":true,"no_space_around_double_colon":true,"no_spaces_after_function_name":true,"no_spaces_inside_parenthesis":true,"no_trailing_whitespace":true,"no_trailing_whitespace_in_comment":true,"single_blank_line_at_eof":true,"single_class_element_per_statement":true,"single_import_per_statement":true,"single_line_after_imports":true,"switch_case_semicolon_to_colon":true,"switch_case_space":true,"visibility_required":{"elements":["property","method","const"]},"align_multiline_comment":true,"array_indentation":true,"binary_operator_spaces":{"default":"single_space"},"blank_line_after_opening_tag":true,"no_unused_imports":true},"hashes":{"tests\/Unit\/Controller\/PageControllerTest.php":2207155758,"tests\/Integration\/AppTest.php":2950225233,"tests\/bootstrap.php":41908297,"appinfo\/routes.php":2458579438,"templates\/adminSettings.php":805129342,"templates\/personalSettings.php":1395204514,"templates\/index.php":2734865279,"node_modules\/flatted\/php\/flatted.php":3670498728,"lib\/Settings\/Admin.php":4177689181,"lib\/Settings\/AdminSection.php":3667266050,"lib\/Settings\/Personal.php":774712035,"lib\/Settings\/PersonalSection.php":237427933,"lib\/Vendor\/Firebase\/JWT\/BeforeValidException.php":3387887423,"lib\/Vendor\/Firebase\/JWT\/Key.php":2086644246,"lib\/Vendor\/Firebase\/JWT\/ExpiredException.php":1091148461,"lib\/Vendor\/Firebase\/JWT\/SignatureInvalidException.php":3046842981,"lib\/Vendor\/Firebase\/JWT\/JWT.php":23558362,"lib\/Vendor\/Firebase\/JWT\/JWK.php":909127881,"lib\/Controller\/LoginController.php":2413542052,"lib\/Controller\/PageController.php":4113731223,"lib\/Controller\/ConfigController.php":2824957717,"lib\/Service\/ProviderService.php":661513495,"lib\/AppInfo\/Application.php":3846310732,"lib\/Backend\/GroupBackend.php":986210557,"lib\/Service\/VirtualOrganisationService.php":3422386287}}

lib/AppInfo/Application.php

@@ -10,10 +10,13 @@
 
 namespace OCA\VO_Federation\AppInfo;
 
+use OCA\VO_Federation\Backend\GroupBackend;
+
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
+use OCP\IGroupManager;
 
 /**
  * Class Application
@@ -37,5 +40,11 @@ public function register(IRegistrationContext $context): void {
 	}
 
 	public function boot(IBootContext $context): void {
+		$context->injectFn(function (
+			IGroupManager $groupManager,
+			GroupBackend $groupBackend
+		) {
+			$groupManager->addBackend($groupBackend);
+		});
 	}
 }

lib/Backend/GroupBackend.php

@@ -0,0 +1,120 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ *
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @author Knut Ahlers <knut@ahlers.me>
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ * @author Vincent Petry <vincent@nextcloud.com>
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCA\VO_Federation\Backend;
+
+use OCP\Group\Backend\ABackend;
+use OCP\Group\Backend\IGetDisplayNameBackend;
+use OCP\Group\Backend\IGroupDetailsBackend;
+
+use OCP\ILogger;
+
+/**
+ * Abstract base class for user management
+ */
+class GroupBackend extends ABackend implements
+	IGetDisplayNameBackend,
+	IGroupDetailsBackend {
+
+	/**
+	 * @var string The application name.
+	 */
+	private $appName;
+	/**
+	 * @var ILogger The logger instance.
+	 */
+	private $logger;
+
+	public function __construct($AppName, ILogger $logger) {
+		$this->appName = $AppName;
+		$this->logger = $logger;
+	}
+
+	/**
+	 * is user in group?
+	 * @param string $uid uid of the user
+	 * @param string $gid gid of the group
+	 * @return bool
+	 *
+	 * Checks whether the user is member of a group or not.
+	 */
+	public function inGroup($uid, $gid) {
+		return in_array($gid, $this->getUserGroups($uid));
+	}
+
+	/**
+	 * Get all groups a user belongs to
+	 * @param string $uid Name of the user
+	 * @return array an array of group names
+	 *
+	 * This function fetches all groups a user belongs to. It does not check
+	 * if the user exists at all.
+	 */
+	public function getUserGroups($uid) {
+		return [];
+	}
+
+	/**
+	 * get a list of all groups
+	 * @param string $search
+	 * @param int $limit
+	 * @param int $offset
+	 * @return array an array of group names
+	 *
+	 * Returns a list with all groups
+	 */
+
+	public function getGroups($search = '', $limit = -1, $offset = 0) {
+		return [];
+	}
+
+	/**
+	 * check if a group exists
+	 * @param string $gid
+	 * @return bool
+	 */
+	public function groupExists($gid) {
+		return in_array($gid, $this->getGroups($gid, 1));
+	}
+
+	/**
+	 * get a list of all users in a group
+	 * @param string $gid
+	 * @param string $search
+	 * @param int $limit
+	 * @param int $offset
+	 * @return array an array of user ids
+	 */
+	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
+		return [];
+	}
+
+	public function getDisplayName(string $gid): string {
+		return $gid;
+	}
+
+	public function getGroupDetails(string $gid): array {
+		return [];
+	}
+}

lib/Controller/LoginController.php

@@ -31,6 +31,8 @@
 use OCA\VO_Federation\Vendor\Firebase\JWT\JWK;
 use OCA\VO_Federation\AppInfo\Application;
 use OCA\VO_Federation\Service\ProviderService;
+use OCA\VO_Federation\Service\VirtualOrganisationService;
+
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
@@ -75,6 +77,9 @@ class LoginController extends Controller {
 	/** @var ProviderService */
 	private $providerService;
 
+	/** @var ProviderService */
+	private $voService;
+
 	/** @var ILogger */
 	private $logger;
 
@@ -99,6 +104,7 @@ public function __construct(
 		ITimeFactory $timeFactory,
 		IConfig $config,
 		ProviderService $providerService,
+		VirtualOrganisationService $voService,
 		ILogger $logger,
 		?string $userId
 	) {
@@ -112,6 +118,7 @@ public function __construct(
 		$this->userManager = $userManager;
 		$this->timeFactory = $timeFactory;
 		$this->providerService = $providerService;
+		$this->voService = $voService;
 		$this->logger = $logger;
 		$this->config = $config;
 		$this->userId = $userId;
@@ -308,6 +315,10 @@ public function code($state = '', $code = '', $scope = '', $error = '', $error_d
 		$this->config->setUserValue($this->userId, Application::APP_ID, 'displayName', $displayName);
 		$this->config->setUserValue($this->userId, Application::APP_ID, 'groups', implode($groups, "\n"));
 
+		foreach ($groups as $gid) {
+			$this->voService->addVOUser($gid, $this->userId, $clientId);
+		}
+
 		return new RedirectResponse(
 			$this->urlGenerator->linkToRoute('settings.PersonalSettings.index', ['section' => 'connected-accounts']) .
 			'?aaiToken=success#vo_federation-personal-settings'

lib/Service/VirtualOrganisationService.php

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\VO_Federation\Service;
+
+use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IUserManager;
+
+class VirtualOrganisationService {
+	/** @var IConfig */
+	private $config;
+
+	private $groupManager;
+	private $userManager;
+
+	public function __construct(IConfig $config, IGroupManager $groupManager, IUserManager $userManager) {
+		$this->config = $config;
+		$this->groupManager = $groupManager;
+		$this->userManager = $userManager;
+	}
+
+	public function addVOUser($gid, $userId, $clientId) {
+		$gid = mb_substr($gid, 0, 64);
+		$group = $this->groupManager->createGroup($gid);
+		$group->addUser($this->userManager->get($userId));
+	}
+}