diff --git a/type/__nextcloud_user/explorer/password b/type/__nextcloud_user/explorer/password new file mode 100755 index 0000000..88260ec --- /dev/null +++ b/type/__nextcloud_user/explorer/password @@ -0,0 +1,49 @@ +#!/bin/sh +# __nextcloud/explorer/password + +# Checks if the given password is working by hacking somehow into the nextcloud +# php libary. +# +# Outputs: +# - "noop" if no password given as parameter +# - "matched" if the given parameter matched the password +# - "mismatched" if the given parameter did not matched +# - "" if no nextcloud directory could be detected + + +# Check if the password exists, else this is nonsense +password="$__object/parameter/password" +if [ -f "$password" ]; then + password="$(cat "$password")" +else + # no password to compare - it's managed by someone other + echo noop + exit +fi + +# Get parameters +user="$__object/parameter/user" +if [ -f "$user" ]; then + user="$(cat "$user")" +else + user="$__object_id" +fi +cloud="$(cat "$__object/parameter/cloud")" +www_user="$(cat "$__object/parameter/www-user")" + + + +# Check if there exists the installation +if [ -d "$cloud" ]; then + # if those files exist, everything should be good + if [ -f "$cloud/occ" ] && [ -f "$cloud/config/config.php" ]; then + # Output the information from the custom php + # change the user to be on the safe side if something is written + su -s /bin/sh -l "$www_user" -- -e <getUserSession()->getManager()->checkPasswordNoLogging("$user", getenv("pw")) ? "matched" : "mismatched");' +SU + fi +fi diff --git a/type/__nextcloud_user/explorer/user b/type/__nextcloud_user/explorer/user new file mode 100755 index 0000000..ab97a1f --- /dev/null +++ b/type/__nextcloud_user/explorer/user @@ -0,0 +1,39 @@ +#!/bin/sh -e +# __nextcloud_user/explorer/user + +# Outputs the raw nextcloud command output of the given user + + +# Parameters +user="$__object/parameter/user" +if [ -f "$user" ]; then + user="$(cat "$user")" +else + user="$__object_id" +fi +cloud="$(cat "$__object/parameter/cloud")" +www_user="$(cat "$__object/parameter/www-user")" + + +# Check if there exists the installation +if [ -d "$cloud" ]; then + # if those files exist, everything should be good + if [ -f "$cloud/occ" ] && [ -f "$cloud/config/config.php" ]; then + # Content could be gathered through php code directly, too. This can + # be done if more parameters are required than user:info will output + # or if there will be too much fuzz in the output. + + # Output the information of the user + # type will abort if explorer is empty, not if occ aborts + su -s /bin/sh -l "$www_user" -- -e <getUserSession()->getManager()->userExists("$user") ? 0 : 1);' +then + php occ --no-interaction --no-ansi --output=plain user:info '$user' +fi +SU + fi +fi diff --git a/type/__nextcloud_user/gencode-remote b/type/__nextcloud_user/gencode-remote new file mode 100644 index 0000000..f5cdaf5 --- /dev/null +++ b/type/__nextcloud_user/gencode-remote @@ -0,0 +1,239 @@ +#!/bin/sh -e +# __nextcloud_user/gencode-remote + + +# Call the nextcloud occ script as the designed user. Maybe this can be a bit +# more effictive with user switching, but currently the easiest way of doing +# it. +# +# All arguments are directly passed to occ (injection alarm ;-) ) +occ() { + # su creates a new shell, so it does not affect the current session + # will not use -q as it supresses errors, too + cat << SHELL +su -s /bin/sh -l "$www_user" -- -e <<'SU' +cd '$cloud' && php occ --no-interaction --no-ansi $@ +SU +SHELL +} + +# Creates the output for the nextcloud command to create a user. Takes all +# required parameters from existing variables. +occ_create() { + cat <> "$__messages_out" + else + occ_create + echo created >> "$__messages_out" + fi + ;; + + disabled) + if [ "$state_is" = "absent" ]; then + occ_create + echo created >> "$__messages_out" + fi + + occ user:disable "'$user'" + echo disabled >> "$__messages_out" + ;; + + present) + if [ "$state_is" = "absent" ]; then + occ_create + echo created >> "$__messages_out" + fi + # else, everything is ok + ;; + + absent) + occ user:delete "'$user'" + echo removed >> "$__messages_out" + ;; + esac +fi + + +# Check if some user configuration should be changed +# do not run this code if the user will be created in the previous code +if [ "$state_should" != "absent" ] && [ "$occ_created" != "yes" ]; then + # Check if the display name is correct if someone is set + if [ -f "$__object/parameter/displayname" ]; then + displayname="$(cat "$__object/parameter/displayname")" + if ! match_param display_name "$displayname"; then + cat <getUserSession()->getManager()->get("$user")->setDisplayName("$displayname") + or die("Couldn'\''t modify $user display name! Maybe unsupported or already set ..".PHP_EOL);' +SU +SHELL + fi + fi + + # Check if the email address is correct + if [ -f "$__object/parameter/email" ]; then + email="$(cat "$__object/parameter/email")" + if ! match_param email "$email"; then + occ user:setting -- "'$user'" settings email "'$email'" + fi + else + # remove if it doesn't exist + if ! match_param email ""; then + occ user:setting --delete -- "'$user'" settings email + fi + fi + + # Check state of the password + # explorer handles missing passwords already + if [ "$(cat "$__object/explorer/password")" = "mismatched" ]; then + cat < "$__object/files/explorer_groups" + + # Add/Remove groups not set via the parameter + if [ -s "$__object/parameter/group" ]; then + # Get all groups to remove + grep -Fxv -f "$__object/parameter/group" \ + "$__object/files/explorer_groups" > "$__object/files/group.del" || true + # Get all groups to add + grep -Fxv -f "$__object/files/explorer_groups" \ + "$__object/parameter/group" > "$__object/files/group.add" || true + + # No user groups at all if nothing wanted by the user + else + # remove all groups to stay inline with the user parameter + cp "$__object/files/explorer_groups" "$__object/files/group.del" + fi + + # Remove all groups not exist anymore + if [ -s "$__object/files/group.del" ]; then + while read -r GROUP; do + cat <getGroupManager()->get("$GROUP"); + \$user = \\OC::\$server->getUserSession()->getManager()->get("$user"); + if (\$group === NULL || \$user === NULL) + die("Can'\''t delete $user from group $GROUP! User or group doesn'\''t exist in nextcloud!".PHP_EOL); + \$group->removeUser(\$user);' +SU +SHELL + done < "$__object/files/group.del" + fi + + # Add all existing groups + if [ -s "$__object/files/group.add" ]; then + while read -r GROUP; do + cat <getGroupManager()->get("$GROUP"); + \$user = \\OC::\$server->getUserSession()->getManager()->get("$user"); + if (\$group === NULL || \$user === NULL) + die("Can'\''t delete $user from group $GROUP! User or group doesn'\''t exist in nextcloud!".PHP_EOL); + \$group->addUser(\$user);' +SU +SHELL + done < "$__object/files/group.add" + fi +fi diff --git a/type/__nextcloud_user/parameter/default/state b/type/__nextcloud_user/parameter/default/state new file mode 100644 index 0000000..e7f6134 --- /dev/null +++ b/type/__nextcloud_user/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/type/__nextcloud_user/parameter/default/www-user b/type/__nextcloud_user/parameter/default/www-user new file mode 100644 index 0000000..5bbad18 --- /dev/null +++ b/type/__nextcloud_user/parameter/default/www-user @@ -0,0 +1 @@ +www-data diff --git a/type/__nextcloud_user/parameter/optional b/type/__nextcloud_user/parameter/optional new file mode 100644 index 0000000..aaf31d0 --- /dev/null +++ b/type/__nextcloud_user/parameter/optional @@ -0,0 +1,7 @@ +user +www-user +state +displayname +email +password +quota diff --git a/type/__nextcloud_user/parameter/optional_multiple b/type/__nextcloud_user/parameter/optional_multiple new file mode 100644 index 0000000..3a60cce --- /dev/null +++ b/type/__nextcloud_user/parameter/optional_multiple @@ -0,0 +1 @@ +group diff --git a/type/__nextcloud_user/parameter/required b/type/__nextcloud_user/parameter/required new file mode 100644 index 0000000..c3de202 --- /dev/null +++ b/type/__nextcloud_user/parameter/required @@ -0,0 +1 @@ +cloud