Merge branch 'release/v4.3.0'

Author: mlojewski-me

CHANGELOG.md

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [4.3.0] - 2018-12-30
+### Added
+- Reverse active column option
+- Support for Nextcloud 16
+- Set default value for "provide avatar" option
+- Set hash algorithm parameters
+
 ## [4.2.1] - 2018-12-22
 ### Fixed
 - SQL error when same column names given in several tables
@@ -112,6 +119,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 - Supported version of ownCloud, Nextcloud: ownCloud 10, Nextcloud 12
 
+[4.3.0]: https://github.com/nextcloud/user_sql/compare/v4.2.1...v4.3.0
 [4.2.1]: https://github.com/nextcloud/user_sql/compare/v4.2.0...v4.2.1
 [4.2.0]: https://github.com/nextcloud/user_sql/compare/v4.1.0...v4.2.0
 [4.1.0]: https://github.com/nextcloud/user_sql/compare/v4.0.1...v4.1.0

README.md

@@ -49,7 +49,9 @@ Name | Description | Details
 --- | --- | ---
 **Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
 **Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
+**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.<br/>Default: false.
 **Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: false.
+**Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: false.
 **Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
 **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
 **Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
@@ -186,12 +188,12 @@ Courier hexadecimal MD5 | No salt supported. | {MD5}X03MO1qnZdYdgyfeuILPmQ==
 Courier base64-encoded SHA1 | No salt supported. | {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
 Courier base64-encoded SHA256 | No salt supported. | {SHA256}XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=
 Unix (Crypt) | See [crypt](http://php.net/manual/en/function.crypt.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
-Argon2 (Crypt) | Requires PHP >= 7.2.<br/>Uses default parameters. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2i$v=19$m=1024,t=2,p=2$NnpSNlRNLlZobnJHUDh0Sw$oW5E1cfdPzLWfkTvQFUyzTR00R0aLwEdYwldcqW6Pmo
-Blowfish (Crypt) | Uses default parameters. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
+Argon2 (Crypt) | Requires PHP >= 7.2. See [password_hash](http://php.net/manual/en/function.password-hash.php). | $argon2i$v=19$m=1024,t=2,p=2$NnpSNlRNLlZobnJHUDh0Sw$oW5E1cfdPzLWfkTvQFUyzTR00R0aLwEdYwldcqW6Pmo
+Blowfish (Crypt) | See [password_hash](http://php.net/manual/en/function.password-hash.php). | $2y$10$5rsN1fmoSkaRy9bqhozAXOr0mn0QiVIfd2L04Bbk1Go9MjdvotwBq
 Extended DES (Crypt) | | cDRpdxPmHpzS.
 MD5 (Crypt) | | $1$RzaFbNcU$u9adfTY/Q6za6nu0Ogrl1/
-SHA256 (Crypt) | Generates hash with 5000 rounds. | $5$rounds=5000$VIYD0iHkg7uY9SRc$v2XLS/9dvfFN84mzGvW9wxnVt9Xd/urXaaTkpW8EwD1
-SHA512 (Crypt) | Generates hash with 5000 rounds. | $6$rounds=5000$yH.Q0OL4qbCOUJ3q$Xry5EVFva3wKnfo8/ktrugmBd8tcl34NK6rXInv1HhmdSUNLEm0La9JnA57rqwQ.9/Bz513MD4tvmmISLUIHs/
+SHA256 (Crypt) | | $5$rounds=5000$VIYD0iHkg7uY9SRc$v2XLS/9dvfFN84mzGvW9wxnVt9Xd/urXaaTkpW8EwD1
+SHA512 (Crypt) | | $6$rounds=5000$yH.Q0OL4qbCOUJ3q$Xry5EVFva3wKnfo8/ktrugmBd8tcl34NK6rXInv1HhmdSUNLEm0La9JnA57rqwQ.9/Bz513MD4tvmmISLUIHs/
 Standard DES (Crypt) | | yTBnb7ab/N072
 Drupal 7 | See [phpass](http://www.openwall.com/phpass/). | $S$DC7eCpJQ3SUQtW4Bp.vKb2rpeaffi4iqk9OpYwJyEoSMsezn67Sl
 Joomla MD5 Encryption | Generates 32 chars salt. | 14d21b49b0f13e2acba962b6b0039edd:haJK0yTvBXTNMh76xwEw5RYEVpJsN8us

appinfo/info.xml

@@ -8,7 +8,7 @@
         Retrieve the users and groups info. Allow the users to change their passwords.
         Sync the users' email addresses with the addresses stored by Nextcloud.
     </description>
-    <version>4.2.1</version>
+    <version>4.3.0</version>
     <licence>agpl</licence>
     <author>Marcin Łojewski</author>
     <author>Andreas Böhler</author>
@@ -22,7 +22,7 @@
     <category>auth</category>
     <dependencies>
         <php min-version="7.0"/>
-        <nextcloud min-version="14" max-version="15"/>
+        <nextcloud min-version="14" max-version="16"/>
     </dependencies>
     <settings>
         <admin>\OCA\UserSQL\Settings\Admin</admin>

appinfo/routes.php

@@ -61,6 +61,11 @@
                 "url" => "/settings/autocomplete/table/group",
                 "verb" => "POST"
             ],
+            [
+                "name" => "settings#cryptoParams",
+                "url" => "/settings/crypto/params",
+                "verb" => "GET"
+            ],
         ]
     ]
 );

css/settings.css

@@ -33,6 +33,13 @@
     float: right;
 }
 
+#user_sql .main .inner-fieldset {
+    border-bottom: 1px solid var(--color-border);
+    border-top: 1px solid var(--color-border);
+    margin: 8px 0;
+    padding: 8px 0 8px 16px;
+}
+
 #user_sql .msg {
     left: 0;
     padding: 3px;
@@ -43,16 +50,23 @@
 }
 
 #user_sql .msg.error {
-    background-color: #d2322d;
-    color: #fff;
+    background-color: var(--color-error);
+    color: var(--color-primary-text);
 }
 
 #user_sql .msg.success {
-    background-color: #47a447;
-    color: #fff;
+    background-color: var(--color-success);
+    color: var(--color-primary-text);
 }
 
 #user_sql .msg.waiting {
-    background-color: #ff8f00;
-    color: #fff;
-}
+    background-color: var(--color-warning);
+    color: var(--color-primary-text);
+}
+
+#user_sql .loading {
+    display: inline-block;
+    height: 32px;
+    margin: 5px 0;
+    width: 32px;
+}

js/settings.js

@@ -58,6 +58,49 @@ user_sql.adminSettingsUI = function () {
             });
         };
 
+        var cryptoParams = function () {
+            var cryptoChanged = function () {
+                var content = $("#opt-crypto_params_content");
+                var loading = $("#opt-crypto_params_loading");
+
+                content.hide();
+                loading.show();
+
+                $.get(OC.generateUrl("/apps/user_sql/settings/crypto/params"), {cryptoClass: $("#opt-crypto_class").val()},
+                    function (data) {
+                        content.empty();
+                        loading.hide();
+
+                        if (data.status === "success") {
+                            for (var index = 0, length = data.data.length; index < length; ++index) {
+                                var param = $("<div></div>");
+                                var label = $("<label></label>").attr({for: "opt-crypto_param_" + index});
+                                var title = $("<span></span>").text(data.data[index]["name"]);
+                                var input = $("<input/>").attr({
+                                    type: "number",
+                                    id: "opt-crypto_param_" + index,
+                                    name: "opt-crypto_param_" + index,
+                                    step: 1,
+                                    min: data.data[index]["min"],
+                                    max: data.data[index]["max"],
+                                    value: data.data[index]["value"]
+                                });
+
+                                label.append(title);
+                                param.append(label);
+                                param.append(input);
+                                content.append(param);
+                                content.show();
+                            }
+                        }
+                    }, "json");
+            };
+            $("#opt-crypto_class").change(function () {
+                cryptoChanged();
+            });
+            cryptoChanged();
+        };
+
         $("#user_sql-db_connection_verify").click(function (event) {
             return click(event, "/apps/user_sql/settings/db/verify");
         });
@@ -89,11 +132,13 @@ user_sql.adminSettingsUI = function () {
             "#db-table-group-column-admin, #db-table-group-column-name, #db-table-group-column-gid",
             "/apps/user_sql/settings/autocomplete/table/group"
         );
+
+        cryptoParams();
     }
 };
 
 $(document).ready(function () {
     if ($(form_id)) {
         user_sql.adminSettingsUI();
     }
-});
+});

lib/Backend/UserBackend.php

@@ -343,7 +343,12 @@ public function checkPassword(string $uid, string $password)
     private function getPasswordAlgorithm()
     {
         $cryptoType = $this->properties[Opt::CRYPTO_CLASS];
-        $passwordAlgorithm = new $cryptoType($this->localization);
+        $cryptoParam0 = $this->properties[Opt::CRYPTO_PARAM_0];
+        $cryptoParam1 = $this->properties[Opt::CRYPTO_PARAM_1];
+        $cryptoParam2 = $this->properties[Opt::CRYPTO_PARAM_2];
+        $passwordAlgorithm = new $cryptoType(
+            $this->localization, $cryptoParam0, $cryptoParam1, $cryptoParam2
+        );
 
         if ($passwordAlgorithm === null) {
             $this->logger->error(
@@ -555,7 +560,7 @@ public function canChangeAvatar(string $uid): bool
         );
 
         if (empty($this->properties[DB::USER_AVATAR_COLUMN])) {
-            return false;
+            return !empty($this->properties[Opt::PROVIDE_AVATAR]);
         }
 
         $user = $this->userRepository->findByUid($uid);

lib/Constant/Opt.php

@@ -31,12 +31,17 @@ final class Opt
     const APPEND_SALT = "opt.append_salt";
     const CASE_INSENSITIVE_USERNAME = "opt.case_insensitive_username";
     const CRYPTO_CLASS = "opt.crypto_class";
+    const CRYPTO_PARAM_0 = "opt.crypto_param_0";
+    const CRYPTO_PARAM_1 = "opt.crypto_param_1";
+    const CRYPTO_PARAM_2 = "opt.crypto_param_2";
     const EMAIL_SYNC = "opt.email_sync";
     const HOME_LOCATION = "opt.home_location";
     const HOME_MODE = "opt.home_mode";
     const NAME_CHANGE = "opt.name_change";
     const PASSWORD_CHANGE = "opt.password_change";
     const PREPEND_SALT = "opt.prepend_salt";
+    const PROVIDE_AVATAR = "opt.provide_avatar";
     const QUOTA_SYNC = "opt.quota_sync";
+    const REVERSE_ACTIVE = "opt.reverse_active";
     const USE_CACHE = "opt.use_cache";
 }

lib/Controller/SettingsController.php

@@ -28,12 +28,16 @@
 use OC\DB\ConnectionFactory;
 use OCA\UserSQL\Cache;
 use OCA\UserSQL\Constant\App;
+use OCA\UserSQL\Constant\Opt;
+use OCA\UserSQL\Crypto\IPasswordAlgorithm;
 use OCA\UserSQL\Platform\PlatformFactory;
 use OCA\UserSQL\Properties;
 use OCP\AppFramework\Controller;
 use OCP\IL10N;
 use OCP\ILogger;
 use OCP\IRequest;
+use ReflectionClass;
+use ReflectionException;
 
 /**
  * The settings controller.
@@ -72,7 +76,8 @@ class SettingsController extends Controller
     public function __construct(
         $appName, IRequest $request, ILogger $logger, IL10N $localization,
         Properties $properties, Cache $cache
-    ) {
+    )
+    {
         parent::__construct($appName, $request);
         $this->appName = $appName;
         $this->logger = $logger;
@@ -193,6 +198,16 @@ public function saveProperties()
             ];
         }
 
+        if (!$this->validateCryptoParams()) {
+            return [
+                "status" => "error", "data" => [
+                    "message" => $this->localization->t(
+                        "Hash algorithm parameter is out of range."
+                    )
+                ]
+            ];
+        }
+
         foreach ($properties as $key => $value) {
             $reqValue = $this->request->getParam(str_replace(".", "-", $key));
             $appValue = $this->properties[$key];
@@ -208,6 +223,9 @@ public function saveProperties()
                     "Property '$key' has been set to: " . $value,
                     ["app" => $this->appName]
                 );
+            } elseif (!is_bool($appValue) && !isset($reqValue)) {
+                unset($this->properties[$key]);
+
             }
         }
 
@@ -225,6 +243,48 @@ public function saveProperties()
         ];
     }
 
+    /**
+     * Validate request crypto params.
+     *
+     * @return bool TRUE if crypto params are correct FALSE otherwise.
+     */
+    private function validateCryptoParams()
+    {
+        $cryptoClass = $this->request->getParam("opt-crypto_class");
+        $configuration = $this->cryptoClassConfiguration($cryptoClass);
+
+        for ($i = 0; $i < count($configuration); ++$i) {
+            $reqParam = $this->request->getParam(
+                "opt-crypto_param_" . $i, null
+            );
+            $cryptoParam = $configuration[$i];
+
+            if (is_null($reqParam) || $reqParam < $cryptoParam->min
+                || $reqParam > $cryptoParam->max
+            ) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Get a crypto class configuration from request.
+     *
+     * @param $cryptoClass string Crypto class name.
+     *
+     * @return array A crypto class configuration.
+     */
+    private function cryptoClassConfiguration($cryptoClass)
+    {
+        /**
+         * @var $passwordAlgorithm IPasswordAlgorithm
+         */
+        $passwordAlgorithm = new $cryptoClass($this->localization);
+        return $passwordAlgorithm->configuration();
+    }
+
     /**
      * Clear the application cache memory.
      *
@@ -367,4 +427,40 @@ public function groupTableAutocomplete()
 
         return $columns;
     }
+
+    /**
+     * Get parameters for a password algorithm.
+     *
+     * @return array Password algorithm parameters.
+     * @throws ReflectionException Whenever Opt class cannot be initiated.
+     */
+    public function cryptoParams()
+    {
+        $this->logger->debug(
+            "Entering cryptoParams()", ["app" => $this->appName]
+        );
+
+        $cryptoClass = $this->request->getParam("cryptoClass");
+        $configuration = $this->cryptoClassConfiguration($cryptoClass);
+
+        if ($cryptoClass === $this->properties[Opt::CRYPTO_CLASS]) {
+            foreach ($configuration as $key => $value) {
+                $opt = new ReflectionClass("OCA\UserSQL\Constant\Opt");
+                $param = $this->properties[$opt->getConstant(
+                    "CRYPTO_PARAM_" . $key
+                )];
+
+                if (!is_null($param)) {
+                    $value->value = $param;
+                }
+            }
+        }
+
+        $this->logger->debug(
+            "Returning cryptoParams(): count(" . count($configuration) . ")",
+            ["app" => $this->appName]
+        );
+
+        return ["status" => "success", "data" => (array)$configuration];
+    }
 }

lib/Crypto/AbstractAlgorithm.php

@@ -74,4 +74,12 @@ public function checkPassword($password, $dbHash, $salt = null)
      * @inheritdoc
      */
     public abstract function getPasswordHash($password, $salt = null);
+
+    /**
+     * @inheritdoc
+     */
+    public function configuration()
+    {
+        return [];
+    }
 }