Merge pull request #44111 from nextcloud/backport/43946/stable28

[stable28] fix: changed login-page to reflect correct LDAP settings
nextcloud · Mar 11, 2024 · 47a1914 · 47a1914
2 parents 01a7d45 + 7b4d98f
commit 47a1914
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 9 deletions.
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -41,6 +41,9 @@
 use OC\Authentication\WebAuthn\Manager as WebAuthnManager;
 use OC\User\Session;
 use OC_App;
+use OCA\User_LDAP\Configuration;
+use OCA\User_LDAP\Helper;
+use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
@@ -81,6 +84,7 @@ public function __construct(
 		private WebAuthnManager $webAuthnManager,
 		private IManager $manager,
 		private IL10N $l10n,
+		private IAppManager $appManager,
 	) {
 		parent::__construct($appName, $request);
 	}
@@ -172,6 +176,8 @@ public function showLoginForm(string $user = null, string $redirect_url = null):
 
 		$this->setPasswordResetInitialState($user);
 
+		$this->setEmailStates();
+
 		$this->initialStateService->provideInitialState('core', 'webauthn-available', $this->webAuthnManager->isWebAuthnAvailable());
 
 		$this->initialStateService->provideInitialState('core', 'hideLoginForm', $this->config->getSystemValueBool('hide_login_form', false));
@@ -226,6 +232,31 @@ private function setPasswordResetInitialState(?string $username): void {
 			$this->canResetPassword($passwordLink, $user)
 		);
 	}
+
+	/**
+	 * Sets the initial state of whether or not a user is allowed to login with their email
+	 * initial state is passed in the array of 1 for email allowed and 0 for not allowed
+	 */
+	private function setEmailStates(): void {
+		$emailStates = []; // true: can login with email, false otherwise - default to true
+
+		// check if user_ldap is enabled, and the required classes exist
+		if ($this->appManager->isAppLoaded('user_ldap')
+			&& class_exists(Helper::class)) {
+			$helper = \OCP\Server::get(Helper::class);
+			$allPrefixes = $helper->getServerConfigurationPrefixes();
+			// check each LDAP server the user is connected too
+			foreach ($allPrefixes as $prefix) {
+				$emailConfig = new Configuration($prefix);
+				array_push($emailStates, $emailConfig->__get('ldapLoginFilterEmail'));
+			}
+		}
+		$this->initialStateService->
+			provideInitialState(
+				'core',
+				'emailStates',
+				$emailStates);
+	}
 
 	/**
 	 * @param string|null $passwordLink

diff --git a/core/src/components/login/LoginForm.vue b/core/src/components/login/LoginForm.vue
@@ -60,7 +60,7 @@
 			<h2 class="login-form__headline" data-login-form-headline v-html="headline" />
 			<NcTextField id="user"
 				ref="user"
-				:label="t('core', 'Account name or email')"
+				:label="loginText"
 				name="user"
 				:value.sync="user"
 				:class="{shake: invalidPassword}"
@@ -156,6 +156,12 @@ export default {
 			type: Boolean,
 			default: false,
 		},
+		emailStates: {
+			type: Array,
+			default() {
+				return []
+			}
+		},
 	},
 
 	data() {
@@ -207,6 +213,15 @@ export default {
 		loginActionUrl() {
 			return generateUrl('login')
 		},
+		emailEnabled() {
+			return this.emailStates ? this.emailStates.every((state) => state === '1') : 1
+		},
+		loginText() {
+			if (this.emailEnabled) {
+				return t('core', 'Login with username or email')
+			}
+			return t('core', 'Login with username')
+		},
 	},
 
 	mounted() {

diff --git a/core/src/views/Login.vue b/core/src/views/Login.vue
@@ -32,6 +32,7 @@
 						:errors="errors"
 						:throttle-delay="throttleDelay"
 						:auto-complete-allowed="autoCompleteAllowed"
+						:email-states="emailStates"
 						@submit="loading = true" />
 					<a v-if="canResetPassword && resetPasswordLink !== ''"
 						id="lost-password"
@@ -179,6 +180,7 @@ export default {
 			isLocalhost: window.location.hostname === 'localhost',
 			hasPublicKeyCredential: typeof (window.PublicKeyCredential) !== 'undefined',
 			hideLoginForm: loadState('core', 'hideLoginForm', false),
+			emailStates: loadState('core', 'emailStates', []),
 		}
 	},
 

diff --git a/dist/core-login.js b/dist/core-login.js
diff --git a/dist/core-login.js.map b/dist/core-login.js.map
diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
@@ -30,6 +30,7 @@
 use OC\Authentication\TwoFactorAuth\Manager;
 use OC\Core\Controller\LoginController;
 use OC\User\Session;
+use OCP\App\IAppManager;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\Defaults;
@@ -89,6 +90,9 @@ class LoginControllerTest extends TestCase {
 	/** @var IL10N|MockObject */
 	private $l;
 
+	/** @var IAppManager|MockObject */
+	private $appManager;
+
 	protected function setUp(): void {
 		parent::setUp();
 		$this->request = $this->createMock(IRequest::class);
@@ -104,6 +108,8 @@ protected function setUp(): void {
 		$this->webAuthnManager = $this->createMock(\OC\Authentication\WebAuthn\Manager::class);
 		$this->notificationManager = $this->createMock(IManager::class);
 		$this->l = $this->createMock(IL10N::class);
+		$this->appManager = $this->createMock(IAppManager::class);
+
 		$this->l->expects($this->any())
 			->method('t')
 			->willReturnCallback(function ($text, $parameters = []) {
@@ -132,7 +138,8 @@ protected function setUp(): void {
 			$this->initialStateService,
 			$this->webAuthnManager,
 			$this->notificationManager,
-			$this->l
+			$this->l,
+			$this->appManager,
 		);
 	}
 
@@ -258,7 +265,7 @@ public function testShowLoginFormWithErrorsInSession() {
 					],
 				]
 			);
-		$this->initialStateService->expects($this->exactly(11))
+		$this->initialStateService->expects($this->exactly(12))
 			->method('provideInitialState')
 			->withConsecutive([
 				'core',
@@ -300,7 +307,7 @@ public function testShowLoginFormForFlowAuth() {
 			->expects($this->once())
 			->method('isLoggedIn')
 			->willReturn(false);
-		$this->initialStateService->expects($this->exactly(12))
+		$this->initialStateService->expects($this->exactly(13))
 			->method('provideInitialState')
 			->withConsecutive([], [], [], [
 				'core',
@@ -371,7 +378,7 @@ public function testShowLoginFormWithPasswordResetOption($canChangePassword,
 			->method('get')
 			->with('LdapUser')
 			->willReturn($user);
-		$this->initialStateService->expects($this->exactly(11))
+		$this->initialStateService->expects($this->exactly(12))
 			->method('provideInitialState')
 			->withConsecutive([], [], [
 				'core',
@@ -421,7 +428,7 @@ public function testShowLoginFormForUserNamed0() {
 			->method('get')
 			->with('0')
 			->willReturn($user);
-		$this->initialStateService->expects($this->exactly(11))
+		$this->initialStateService->expects($this->exactly(12))
 			->method('provideInitialState')
 			->withConsecutive([], [], [], [
 				'core',