Merge branch 'release/v4.0.0'

Author: mlojewski-me

CHANGELOG.md

@@ -4,18 +4,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [v4.0.0-rc2]
+## [4.0.0] - 2018-08-11
+### Added
+- SHA512 Whirlpool hash algorithm
+- WoltLab Community Framework 2.x hash algorithm
+- phpass hash implementation
+- Support for salt column
+- User quota synchronization
+
+### Changed
+- Example SQL script in README file
+- Fixed misspelling
+
+### Changed
+- Support for Nextcloud 14 only
+- Group backend implementation
+- User backend implementation
+
+### Fixed
+- Table and column autocomplete in settings panel
+
+## [4.0.0-rc2] - 2018-06-14
 ### Added
 - User active column
 
 ### Changed
 - Fixed "Use of undefined constant" error for Argon2 Crypt with PHP below 7.2.
 
-## [4.0.0-rc1]
+## [4.0.0-rc1] - 2018-06-13
 ### Added
-- New hashing algorithms: Argon2 Crypt (PHP 7.2 and above), Blowfish Crypt, Courier base64-encoded MD5, Courier base64-encoded SHA1,
-  Courier base64-encoded SHA256, Courier hexadecimal MD5, Extended DES Crypt, SHA256 Crypt,
-  SHA512 Crypt, SSHA512, Standard DES Crypt
+- New hash algorithms: Argon2 Crypt (PHP 7.2 and above), Blowfish Crypt, Courier base64-encoded MD5, Courier base64-encoded SHA1, Courier base64-encoded SHA256, Courier hexadecimal MD5, Extended DES Crypt, SHA256 Crypt, SHA512 Crypt, SSHA512, Standard DES Crypt
 - Option to allow users to change their display names
 - Option to allow user to change its avatar 
 - Database query results cache
@@ -26,10 +44,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - The whole core implementation, which is NOT COMPATIBLE with the previous versions.
 - Minimum supported PHP version - 7.0
 
-## Removed
-- MySQL ENCRYPT() hashing implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
-- MySQL PASSWORD() hashing implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
-- Redmine hashing implementation - Cannot implement in new core system.
+### Removed
+- MySQL ENCRYPT() hash implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
+- MySQL PASSWORD() hash implementation - Function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.
+- Redmine hash implementation - Cannot implement in new core system.
 - User active column - Use database view instead
 - Domain support
 
@@ -65,6 +83,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 - Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12
 
-[v4.0.0-rc2]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc1...v4.0.0-rc2
+[4.0.0]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc2...v4.0.0
+[4.0.0-rc2]: https://github.com/nextcloud/user_sql/compare/v4.0.0-rc1...v4.0.0-rc2
 [4.0.0-rc1]: https://github.com/nextcloud/user_sql/compare/v3.1.0...v4.0.0-rc1
 [3.1.0]: https://github.com/nextcloud/user_sql/compare/v2.4.0...v3.1.0

README.md

@@ -50,10 +50,11 @@ Name | Description | Details
 **Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
 **Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
 **Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
-**Hashing algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
-**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud storage if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud storage. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
-**Home mode** | User storage path.<br/>- *Default* - Let the Nextcloud manage this. The default option.<br/>- *Query* - Use location from the user table pointed by the *home* column.<br/>- *Static* - Use static location. The `%u` variable is replaced with the username of the user. | Optional<br/>Default: *Default*.
-**Home Location** | User storage path for the `static` *home mode*. | Mandatory if the *Home mode* is set to `Static`.
+**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
+**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
+**Quota sync** | Sync user quota with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the user quota to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the user quota to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the user quota to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Quota* column.
+**Home mode** | User storage path.<br/>- *Default* - Let the Nextcloud manage this. The default option.<br/>- *Query* - Use location from the user table pointed by the *home* column.<br/>- *Static* - Use static location pointed by the *Home Location* option. | Optional<br/>Default: *Default*.
+**Home Location** | User storage path for the `Static` *Home mode*. The `%u` variable is replaced with the username of the user. | Mandatory if the *Home mode* is set to `Static`.
 
 #### User table
 
@@ -64,11 +65,13 @@ Name | Description | Details
 **Table name** | The table name. | Mandatory for user backend.
 **Username** | Username column. | Mandatory for user backend.
 **Email** | E-mail column. | Mandatory for *Email sync* option.
+**Quota** | Quota column. | Mandatory for *Quota sync* option.
 **Home** | Home path column. | Mandatory for `Query` *Home sync* option.
 **Password** | Password hash column. | Mandatory for user backend.
 **Display name** | Display name column. | Optional.
 **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
-**Can change avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
+**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
+**Salt** | Salt which is appended to password when checking or changing the password. | Optional.
 
 #### Group table
 
@@ -105,36 +108,34 @@ but be aware that some functionalities requires data changes (update queries).
 
 If you don't have any database model yet you can use below tables (MySQL):
 ```
-CREATE TABLE sql_users
+CREATE TABLE sql_user
 (
-  id                INT         AUTO_INCREMENT PRIMARY KEY,
-  username          VARCHAR(16) NOT NULL,
-  display_name      TEXT        NULL,
-  email             TEXT        NULL,
-  home              TEXT        NULL,
-  password          TEXT        NOT NULL,
-  active            TINYINT(1)  NOT NULL DEFAULT '1',
-  can_change_avatar BOOLEAN     NOT NULL DEFAULT FALSE,
-  CONSTRAINT users_username_uindex UNIQUE (username)
+  username       VARCHAR(16) PRIMARY KEY,
+  display_name   TEXT        NULL,
+  email          TEXT        NULL,
+  quota          TEXT        NULL,
+  home           TEXT        NULL,
+  password       TEXT        NOT NULL,
+  active         TINYINT(1)  NOT NULL DEFAULT '1',
+  provide_avatar BOOLEAN     NOT NULL DEFAULT FALSE
 );
 
 CREATE TABLE sql_group
 (
-  id           INT         AUTO_INCREMENT PRIMARY KEY,
-  name         VARCHAR(16) NOT NULL,
+  name         VARCHAR(16) PRIMARY KEY,
   display_name TEXT        NULL,
-  admin        BOOLEAN     NOT NULL DEFAULT FALSE,
-  CONSTRAINT group_name_uindex UNIQUE (name)
+  admin        BOOLEAN     NOT NULL DEFAULT FALSE
 );
 
 CREATE TABLE sql_user_group
 (
-  id         INT         AUTO_INCREMENT PRIMARY KEY,
-  group_name VARCHAR(16) NOT NULL,
   username   VARCHAR(16) NOT NULL,
-  CONSTRAINT user_group_group_name_username_uindex UNIQUE (group_name, username),
-  INDEX user_group_group_name_index (group_name),
-  INDEX user_group_username_index (username)
+  group_name VARCHAR(16) NOT NULL,
+  PRIMARY KEY (username, group_name),
+  FOREIGN KEY (username) REFERENCES sql_user (username),
+  FOREIGN KEY (group_name) REFERENCES sql_group (name),
+  INDEX sql_user_group_username_idx (username),
+  INDEX sql_user_group_group_name_idx (group_name)
 );
 ```
 
@@ -148,7 +149,7 @@ User table: wp_users
 Username column: user_login
 Password column: user_pass
 
-Hashing algorithm: Unix (Crypt)
+Hash algorithm: Unix (Crypt) or Portable PHP password
 ```
 
 #### JHipster
@@ -165,7 +166,7 @@ Password column: password_hash
 Email column: email
 Active column: activated
 
-Hashing algorithm: Unix (Crypt)
+Hash algorithm: Unix (Crypt)
 ```
 
 ## Hash algorithms
@@ -190,9 +191,12 @@ SHA512 (Crypt) | Generates hash with 5000 rounds. | $6$rounds=5000$yH.Q0OL4qbCOU
 Standard DES (Crypt) | | yTBnb7ab/N072
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us
 MD5 | No salt supported. | 5f4dcc3b5aa765d61d8327deb882cf99
+Portable PHP password | See [phpass](http://www.openwall.com/phpass/). | $P$BxrwraqNTi4as0EI.IpiA/K.muk9ke/
 SHA1 | No salt supported. | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+SHA512 Whirlpool | No salt supported. | a96b16ebb691dbe968b0d66d0d924cff5cf5de5e0885181d00761d87f295b2bf3d3c66187c050fc01c196ff3acaa48d3561ffd170413346e934a32280d632f2e
 SSHA256 | Generates 32 chars salt. | {SSHA256}+WxTB3JxprNteeovsuSYtgI+UkVPA9lfwGoYkz3Ff7hjd1FSdmlTMkNsSExyR21KM3NvNTZ5V0p4WXJMUjFzUg==
 SSHA512 | Generates 32 chars salt. | {SSHA512}It+v1kAEUBbhMJYJ2swAtz+RLE6ispv/FB6G/ALhK/YWwEmrloY+0jzrWIfmu+rWUXp8u0Tg4jLXypC5oXAW00IyYnRVdEZJbE9wak96bkNRVWFCYmlJNWxrdTA0QmhL
+WoltLab Community Framework 2.x | Double salted bcrypt. | $2a$08$XEQDKNU/Vbootwxv5Gp7gujxFX/RUFsZLvQPYM435Dd3/p17fto02
 
 ## Development
 
@@ -202,7 +206,7 @@ Add a new class in the `OCA\UserSQL\Platform` namespace which extends the `Abstr
 Add this driver in `admin.php` template  to `$drivers` variable and in method `getPlatform(Connection $connection)`
 of `PlatformFactory` class.
 
-#### New hashing algorithm support
+#### New hash algorithm support
 
 Create a new class in `OCA\UserSQL\Crypto` namespace which implements `IPasswordAlgorithm` interface.
 Do not forget to write unit tests.

appinfo/info.xml

@@ -8,10 +8,10 @@
         Retrieve the users and groups info. Allow the users to change their passwords.
         Sync the users' email addresses with the addresses stored by Nextcloud.
     </description>
-    <version>4.0.0-rc2</version>
+    <version>4.0.0</version>
     <licence>agpl</licence>
-    <author>Andreas Böhler &lt;dev (at) aboehler (dot) at&gt;</author>
-    <author>Marcin Łojewski &lt;dev@mlojewski.me&gt;</author>
+    <author>Marcin Łojewski</author>
+    <author>Andreas Böhler</author>
     <namespace>UserSQL</namespace>
     <bugs>https://github.com/nextcloud/user_sql/issues</bugs>
     <repository>https://github.com/nextcloud/user_sql</repository>
@@ -22,7 +22,7 @@
     <category>auth</category>
     <dependencies>
         <php min-version="7.0"/>
-        <nextcloud min-version="13" max-version="13"/>
+        <nextcloud min-version="14" max-version="14"/>
     </dependencies>
     <settings>
         <admin>\OCA\UserSQL\Settings\Admin</admin>

img/screenshot.png

@@ -41,6 +41,7 @@ user_sql.adminSettingsUI = function () {
             $(ids).autocomplete({
                 source: function (request, response) {
                     var post = $(form_id).serializeArray();
+                    post.push({name: "input", value: request["term"]});
                     $.post(OC.generateUrl(path), post, response, "json");
                 },
                 minLength: 0,
@@ -75,7 +76,7 @@ user_sql.adminSettingsUI = function () {
         );
 
         autocomplete(
-            "#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar",
+            "#db-table-user-column-uid, #db-table-user-column-email, #db-table-user-column-quota, #db-table-user-column-home, #db-table-user-column-password, #db-table-user-column-name, #db-table-user-column-active, #db-table-user-column-avatar, #db-table-user-column-salt",
             "/apps/user_sql/settings/autocomplete/table/user"
         );
 

js/settings.js

@@ -94,7 +94,7 @@ public function doAction(User $user)
         $result = false;
 
         switch ($this->properties[Opt::EMAIL_SYNC]) {
-        case App::EMAIL_INITIAL:
+        case App::SYNC_INITIAL:
             if (empty($ncMail) && !empty($user->email)) {
                 $this->config->setUserValue(
                     $user->uid, "settings", "email", $user->email
@@ -103,7 +103,7 @@ public function doAction(User $user)
 
             $result = true;
             break;
-        case App::EMAIL_FORCE_NC:
+        case App::SYNC_FORCE_NC:
             if (!empty($ncMail) && $user->email !== $ncMail) {
                 $user = $this->userRepository->findByUid($user->uid);
                 if (!($user instanceof User)) {
@@ -115,7 +115,7 @@ public function doAction(User $user)
             }
 
             break;
-        case App::EMAIL_FORCE_SQL:
+        case App::SYNC_FORCE_SQL:
             if (!empty($user->email) && $user->email !== $ncMail) {
                 $this->config->setUserValue(
                     $user->uid, "settings", "email", $user->email

lib/Action/EmailSync.php

@@ -0,0 +1,137 @@
+<?php
+/**
+ * Nextcloud - user_sql
+ *
+ * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @author    Marcin Łojewski <dev@mlojewski.me>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\UserSQL\Action;
+
+use OCA\UserSQL\Constant\App;
+use OCA\UserSQL\Constant\Opt;
+use OCA\UserSQL\Model\User;
+use OCA\UserSQL\Properties;
+use OCA\UserSQL\Repository\UserRepository;
+use OCP\IConfig;
+use OCP\ILogger;
+
+/**
+ * Synchronizes the user quota.
+ *
+ * @author Marcin Łojewski <dev@mlojewski.me>
+ */
+class QuotaSync implements IUserAction
+{
+    /**
+     * @var string The application name.
+     */
+    private $appName;
+    /**
+     * @var ILogger The logger instance.
+     */
+    private $logger;
+    /**
+     * @var Properties The properties array.
+     */
+    private $properties;
+    /**
+     * @var IConfig The config instance.
+     */
+    private $config;
+    /**
+     * @var UserRepository The user repository.
+     */
+    private $userRepository;
+
+    /**
+     * The default constructor.
+     *
+     * @param string         $appName        The application name.
+     * @param ILogger        $logger         The logger instance.
+     * @param Properties     $properties     The properties array.
+     * @param IConfig        $config         The config instance.
+     * @param UserRepository $userRepository The user repository.
+     */
+    public function __construct(
+        $appName, ILogger $logger, Properties $properties, IConfig $config,
+        UserRepository $userRepository
+    ) {
+        $this->appName = $appName;
+        $this->logger = $logger;
+        $this->properties = $properties;
+        $this->config = $config;
+        $this->userRepository = $userRepository;
+    }
+
+    /**
+     * @inheritdoc
+     * @throws \OCP\PreConditionNotMetException
+     */
+    public function doAction(User $user)
+    {
+        $this->logger->debug(
+            "Entering QuotaSync#doAction($user->uid)", ["app" => $this->appName]
+        );
+
+        $ncQuota = $this->config->getUserValue(
+            $user->uid, "files", "quota", ""
+        );
+
+        $result = false;
+
+        switch ($this->properties[Opt::QUOTA_SYNC]) {
+        case App::SYNC_INITIAL:
+            if (empty($ncQuota) && !empty($user->quota)) {
+                $this->config->setUserValue(
+                    $user->uid, "files", "quota", $user->quota
+                );
+            }
+
+            $result = true;
+            break;
+        case App::SYNC_FORCE_NC:
+            if (!empty($ncQuota) && $user->quota !== $ncQuota) {
+                $user = $this->userRepository->findByUid($user->uid);
+                if (!($user instanceof User)) {
+                    break;
+                }
+
+                $user->quota = $ncQuota;
+                $result = $this->userRepository->save($user);
+            }
+
+            break;
+        case App::SYNC_FORCE_SQL:
+            if (!empty($user->quota) && $user->quota !== $ncQuota) {
+                $this->config->setUserValue(
+                    $user->uid, "files", "quota", $user->quota
+                );
+            }
+
+            $result = true;
+            break;
+        }
+
+        $this->logger->debug(
+            "Returning QuotaSync#doAction($user->uid): " . ($result ? "true"
+                : "false"),
+            ["app" => $this->appName]
+        );
+
+        return $result;
+    }
+}