diff options
| author | Aleksander Machniak <alec@alec.pl> | 2013-10-25 11:37:03 (GMT) |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2013-10-25 11:37:03 (GMT) |
| commit | 3238415d840973b82ce2e91e45585181a4f33b4a (patch) | |
| tree | 2ff38fddec0efc82d42e88a491c678b64989ba90 | |
| parent | 528954fff0cd5c33db10d9a868eaa566603370ca (diff) | |
| download | kolab-wap-3238415d840973b82ce2e91e45585181a4f33b4a.tar.gz | |
Add support for validate='extended' in 'alias' field, which if set
will check for availability of provided email addresses.
Added in-memory cache for entrydn-to-nsuniqueid resolving.
Code improvements
Conflicts:
lib/api/kolab_api_service_form_value.php
| -rw-r--r-- | lib/api/kolab_api_service_form_value.php | 97 | ||||
| -rw-r--r-- | lib/kolab_api_service.php | 20 |
2 files changed, 72 insertions, 45 deletions
diff --git a/lib/api/kolab_api_service_form_value.php b/lib/api/kolab_api_service_form_value.php index c31a05d..cb7fa34 100644 --- a/lib/api/kolab_api_service_form_value.php +++ b/lib/api/kolab_api_service_form_value.php @@ -28,9 +28,10 @@ */ class kolab_api_service_form_value extends kolab_api_service { - const VALIDATE_DEFAULT = 'default'; - const VALIDATE_BASIC = 'basic'; - const VALIDATE_NONE = 'none'; + const VALIDATE_DEFAULT = 'default'; + const VALIDATE_BASIC = 'basic'; + const VALIDATE_EXTENDED = 'extended'; + const VALIDATE_NONE = 'none'; /** @@ -421,15 +422,14 @@ class kolab_api_service_form_value extends kolab_api_service } } - $auth = Auth::get_instance($_SESSION['user']->get_domain()); - $unique_attr = $this->unique_attribute(); - $cn = $postdata['cn']; + $auth = Auth::get_instance($_SESSION['user']->get_domain()); + $cn = $postdata['cn']; $x = 2; while (($resource_found = $auth->resource_find_by_attribute(array('cn' => $cn)))) { if (!empty($postdata['id'])) { - $resource_found_dn = key($resource_found); - $resource_found_unique_attr = $auth->get_entry_attribute($resource_found_dn, $unique_attr); + $resource_found_dn = key($resource_found); + $resource_found_unique_attr = $this->unique_attribute_value($resource_found_dn); //console("resource with mail $mail found", $resource_found_unique_attr); if ($resource_found_unique_attr == $postdata['id']) { //console("that's us."); @@ -609,13 +609,12 @@ class kolab_api_service_form_value extends kolab_api_service $mail_domain = $_SESSION['user']->get_domain(); $mail = $mail_local . '@' . $mail_domain; $auth = Auth::get_instance($_SESSION['user']->get_domain()); - $unique_attr = $this->unique_attribute(); $x = 2; while (($resource_found = $auth->resource_find_by_attribute(array('mail' => $mail)))) { if (!empty($postdata['id'])) { - $resource_found_dn = key($resource_found); - $resource_found_unique_attr = $auth->get_entry_attribute($resource_found_dn, $unique_attr); + $resource_found_dn = key($resource_found); + $resource_found_unique_attr = $this->unique_attribute_value($resource_found_dn); //console("resource with mail $mail found", $resource_found_unique_attr); if ($resource_found_unique_attr == $postdata['id']) { //console("that's us."); @@ -725,33 +724,10 @@ class kolab_api_service_form_value extends kolab_api_service } } - $_secondary_mail_addresses = kolab_recipient_policy::secondary_mail($postdata); - - // TODO: Check for uniqueness. Not sure what to do if not unique. - $secondary_mail_addresses = Array(); - - $auth = Auth::get_instance(); - $conf = Conf::get_instance(); - $unique_attr = $this->unique_attribute(); - - // Find the authentication mechanism in order to be able to fall back from a - // '[$domain]' section setting for the mail attributes list, to an '[$auth_mech]' - // section setting - $auth_mech = $conf->get($_SESSION['user']->get_domain(), 'auth_mechanism'); - if (empty($auth_mech)) { - $auth_mech = $conf->get('kolab', 'auth_mechanism'); - } - if (empty($auth_mech)) { - $auth_mech = 'ldap'; - } + $auth = Auth::get_instance(); - $mail_attrs = $conf->get_list($_SESSION['user']->get_domain(), 'mail_attributes'); - if (empty($mail_attrs)) { - $mail_attrs = $conf->get_list($auth_mech, 'mail_attributes'); - } - if (empty($mail_attrs)) { - $mail_attrs = array('mail', 'alias'); - } + $_secondary_mail_addresses = kolab_recipient_policy::secondary_mail($postdata); + $secondary_mail_addresses = array(); foreach ($_secondary_mail_addresses as $num => $alias) { list($_local, $_domain) = explode("@", $alias); @@ -762,8 +738,9 @@ class kolab_api_service_form_value extends kolab_api_service Log::trace(__FUNCTION__ . ": An entry with address " . $local . "@" . $_domain . " was found."); if (!empty($postdata['id'])) { - $user_found_dn = key($user_found); - $user_found_unique_attr = $auth->get_entry_attribute($user_found_dn, $unique_attr); + $user_found_dn = key($user_found); + $user_found_unique_attr = $this->unique_attribute_value($user_found_dn); + if ($user_found_unique_attr == $postdata['id']) { Log::trace(__FUNCTION__ . ": Entry with address " . $local . "@" . $_domain . " is actually us."); break; @@ -807,20 +784,18 @@ class kolab_api_service_form_value extends kolab_api_service } $userdata = kolab_recipient_policy::normalize_userdata($postdata); + $uid = kolab_recipient_policy::uid($userdata); - $uid = kolab_recipient_policy::uid($userdata); Log::debug("uid from recipient policy: " . var_export($uid, TRUE)); $orig_uid = $uid; - - $auth = Auth::get_instance($_SESSION['user']->get_domain()); - $unique_attr = $this->unique_attribute(); + $auth = Auth::get_instance($_SESSION['user']->get_domain()); $x = 2; while (($user_found = $auth->user_find_by_attribute(array('uid' => $uid)))) { if (!empty($postdata['id'])) { - $user_found_dn = key($user_found); - $user_found_unique_attr = $auth->get_entry_attribute($user_found_dn, $unique_attr); + $user_found_dn = key($user_found); + $user_found_unique_attr = $this->unique_attribute_value($user_found_dn); //console("user with uid $uid found", $user_found_unique_attr); if ($user_found_unique_attr == $postdata['id']) { //console("that's us."); @@ -1091,6 +1066,33 @@ class kolab_api_service_form_value extends kolab_api_service return $options; } + /** + * Checks if specified list of email addresses is already + * in use by another user + */ + private function _email_addresses_in_use($addresses, $postdata) + { + $auth = Auth::get_instance(); + + foreach ($addresses as $addr) { + if ($users = $auth->find_recipient($addr)) { + Log::trace(__FUNCTION__ . ": An entry with address $addr was found."); + + if (!empty($postdata['id']) && count($users) == 1) { + $user_found_dn = key($users); + $user_found_unique_attr = $this->unique_attribute_value($user_found_dn); + + if ($user_found_unique_attr == $postdata['id']) { + Log::trace(__FUNCTION__ . ": Entry with address $addr is actually us."); + continue; + } + } + + throw new Exception("Email address '$addr' is already in use", 694); + } + } + } + private function validate_alias($value, $postdata = null, $validation_type = null) { $conf = Conf::get_instance(); @@ -1117,6 +1119,11 @@ class kolab_api_service_form_value extends kolab_api_service } } + // Check if addresses are not already in use + if ($validation_type == self::VALIDATE_EXTENDED) { + $this->_email_addresses_in_use($value, $postdata); + } + return 'OK'; } diff --git a/lib/kolab_api_service.php b/lib/kolab_api_service.php index 751b61a..8affdd4 100644 --- a/lib/kolab_api_service.php +++ b/lib/kolab_api_service.php @@ -559,4 +559,24 @@ abstract class kolab_api_service return $unique_attr; } + + /** + * Returns unique attribute for specified entry DN + * + * @return string Unique attribute value + */ + protected function unique_attribute_value($dn) + { + // this method can be called internally quite often + // let's cache results in memory + if (!empty($this->cache['unique_attributes'][$dn])) { + return $this->cache['unique_attributes'][$dn]; + } + + $unique_attr = $this->unique_attribute(); + $auth = Auth::get_instance(); + $result = $auth->get_entry_attribute($dn, $unique_attr); + + return $this->cache['unique_attributes'][$dn] = $result; + } } |