[stable13] allow admin to disable fetching of avatars as well as a specific attribute

apps/user_ldap/lib/Configuration.php

@@ -35,8 +35,13 @@
 
 /**
  * @property int ldapPagingSize holds an integer
+ * @property string ldapUserAvatarRule
  */
 class Configuration {
+	const AVATAR_PREFIX_DEFAULT = 'default';
+	const AVATAR_PREFIX_NONE = 'none';
+	const AVATAR_PREFIX_DATA_ATTRIBUTE = 'data:';
+
 	protected $configPrefix = null;
 	protected $configRead = false;
 	/**
@@ -61,6 +66,7 @@ class Configuration {
 		'ldapIgnoreNamingRules' => null,
 		'ldapUserDisplayName' => null,
 		'ldapUserDisplayName2' => null,
+		'ldapUserAvatarRule' => null,
 		'ldapGidNumber' => null,
 		'ldapUserFilterObjectclass' => null,
 		'ldapUserFilterGroups' => null,
@@ -472,6 +478,7 @@ public function getDefaults() {
 			'ldap_experienced_admin'            => 0,
 			'ldap_dynamic_group_member_url'     => '',
 			'ldap_default_ppolicy_dn'           => '',
+			'ldap_user_avatar_rule'             => 'default',
 		);
 	}
 
@@ -495,6 +502,7 @@ public function getConfigTranslationArray() {
 			'ldap_userfilter_groups'            => 'ldapUserFilterGroups',
 			'ldap_userlist_filter'              => 'ldapUserFilter',
 			'ldap_user_filter_mode'             => 'ldapUserFilterMode',
+			'ldap_user_avatar_rule'             => 'ldapUserAvatarRule',
 			'ldap_login_filter'                 => 'ldapLoginFilter',
 			'ldap_login_filter_mode'            => 'ldapLoginFilterMode',
 			'ldap_loginfilter_email'            => 'ldapLoginFilterEmail',
@@ -535,4 +543,36 @@ public function getConfigTranslationArray() {
 		return $array;
 	}
 
+	/**
+	 * @param string $rule
+	 * @return array
+	 * @throws \RuntimeException
+	 */
+	public function resolveRule($rule) {
+		if($rule === 'avatar') {
+			return $this->getAvatarAttributes();
+		}
+		throw new \RuntimeException('Invalid rule');
+	}
+
+	public function getAvatarAttributes() {
+		$value = $this->ldapUserAvatarRule ?: self::AVATAR_PREFIX_DEFAULT;
+		$defaultAttributes = ['jpegphoto', 'thumbnailphoto'];
+
+		if($value === self::AVATAR_PREFIX_NONE) {
+			return [];
+		}
+		if(strpos($value, self::AVATAR_PREFIX_DATA_ATTRIBUTE) === 0) {
+			$attribute = trim(substr($value, strlen(self::AVATAR_PREFIX_DATA_ATTRIBUTE)));
+			if($attribute === '') {
+				return $defaultAttributes;
+			}
+			return [strtolower($attribute)];
+		}
+		if($value !== self::AVATAR_PREFIX_DEFAULT) {
+			\OC::$server->getLogger()->warning('Invalid config value to ldapUserAvatarRule; falling back to default.');
+		}
+		return $defaultAttributes;
+	}
+
 }

apps/user_ldap/lib/Connection.php

@@ -47,6 +47,7 @@
  * @property string ldapUserFilter
  * @property string ldapUserDisplayName
  * @property string ldapUserDisplayName2
+ * @property string ldapUserAvatarRule
  * @property boolean turnOnPasswordChange
  * @property boolean hasPagedResultSupport
  * @property string[] ldapBaseUsers
@@ -168,6 +169,15 @@ public function __set($name, $value) {
 		}
 	}
 
+	/**
+	 * @param string $rule
+	 * @return array
+	 * @throws \RuntimeException
+	 */
+	public function resolveRule($rule) {
+		return $this->configuration->resolveRule($rule);
+	}
+
 	/**
 	 * sets whether the result of the configuration validation shall
 	 * be ignored when establishing the connection. Used by the Wizard

apps/user_ldap/lib/User/Manager.php

@@ -163,6 +163,7 @@ private function checkAccess() {
 	/**
 	 * returns a list of attributes that will be processed further, e.g. quota,
 	 * email, displayname, or others.
+	 *
 	 * @param bool $minimal - optional, set to true to skip attributes with big
 	 * payload
 	 * @return string[]
@@ -190,10 +191,10 @@ public function getAttributes($minimal = false) {
 		if(!$minimal) {
 			// attributes that are not really important but may come with big
 			// payload.
-			$attributes = array_merge($attributes, array(
-				'jpegphoto',
-				'thumbnailphoto'
-			));
+			$attributes = array_merge(
+				$attributes,
+				$this->access->getConnection()->resolveRule('avatar')
+			);
 		}
 
 		return $attributes;

apps/user_ldap/lib/User/User.php

@@ -245,10 +245,12 @@ public function processAttributes($ldapEntry) {
 		$this->connection->writeToCache($cacheKey, $groups);
 
 		//Avatar
-		$attrs = array('jpegphoto', 'thumbnailphoto');
-		foreach ($attrs as $attr)  {
-			if(isset($ldapEntry[$attr])) {
-				$this->avatarImage = $ldapEntry[$attr][0];
+		/** @var Connection $connection */
+		$connection = $this->access->getConnection();
+		$attributes = $connection->resolveRule('avatar');
+		foreach ($attributes as $attribute)  {
+			if(isset($ldapEntry[$attribute])) {
+				$this->avatarImage = $ldapEntry[$attribute][0];
 				// the call to the method that saves the avatar in the file
 				// system must be postponed after the login. It is to ensure
 				// external mounts are mounted properly (e.g. with login
@@ -348,7 +350,9 @@ public function getAvatarImage() {
 		}
 
 		$this->avatarImage = false;
-		$attributes = array('jpegPhoto', 'thumbnailPhoto');
+		/** @var Connection $connection */
+		$connection = $this->access->getConnection();
+		$attributes = $connection->resolveRule('avatar');
 		foreach($attributes as $attribute) {
 			$result = $this->access->readAttribute($this->dn, $attribute);
 			if($result !== false && is_array($result) && isset($result[0])) {
@@ -575,7 +579,7 @@ public function updateAvatar($force = false) {
 	 */
 	private function setOwnCloudAvatar() {
 		if(!$this->image->valid()) {
-			$this->log->log('jpegPhoto data invalid for '.$this->dn, Util::ERROR);
+			$this->log->log('avatar image data from LDAP invalid for '.$this->dn, Util::ERROR);
 			return false;
 		}
 		//make sure it is a square and not bigger than 128x128

apps/user_ldap/lib/User_LDAP.php

@@ -102,6 +102,10 @@ public function canChangeAvatar($uid) {
 			return $this->userPluginManager->canChangeAvatar($uid);
 		}
 
+		if(!$this->implementsActions(Backend::PROVIDE_AVATAR)) {
+			return true;
+		}
+
 		$user = $this->access->userManager->get($uid);
 		if(!$user instanceof User) {
 			return false;
@@ -549,7 +553,7 @@ public function implementsActions($actions) {
 		return (bool)((Backend::CHECK_PASSWORD
 			| Backend::GET_HOME
 			| Backend::GET_DISPLAYNAME
-			| Backend::PROVIDE_AVATAR
+			| (($this->access->connection->ldapUserAvatarRule !== 'none') ? Backend::PROVIDE_AVATAR : 0)
 			| Backend::COUNT_USERS
 			| ((intval($this->access->connection->turnOnPasswordChange) === 1)?(Backend::SET_PASSWORD):0)
 			| $this->userPluginManager->getImplementedActions())

apps/user_ldap/tests/ConfigurationTest.php

@@ -23,7 +23,16 @@
 
 namespace OCA\User_LDAP\Tests;
 
+use OCA\User_LDAP\Configuration;
+
 class ConfigurationTest extends \Test\TestCase {
+	/** @var Configuration */
+	protected $configuration;
+
+	public function setUp() {
+		parent::setUp();
+		$this->configuration = new Configuration('t01', false);
+	}
 
 	public function configurationDataProvider() {
 		$inputWithDN = array(
@@ -84,17 +93,47 @@ public function configurationDataProvider() {
 			// default behaviour, one case is enough, special needs must be tested
 			// individually
 			'set string value' => array('ldapHost', $inputString, $expectedString),
+
+			'set avatar rule, default' => ['ldapUserAvatarRule', 'default', 'default'],
+			'set avatar rule, none' => ['ldapUserAvatarRule', 'none', 'none'],
+			'set avatar rule, data attribute' => ['ldapUserAvatarRule', 'data:jpegPhoto', 'data:jpegPhoto'],
 		);
 	}
 
 	/**
 	 * @dataProvider configurationDataProvider
 	 */
 	public function testSetValue($key, $input, $expected) {
-		$configuration = new \OCA\User_LDAP\Configuration('t01', false);
+		$this->configuration->setConfiguration([$key => $input]);
+		$this->assertSame($this->configuration->$key, $expected);
+	}
+
+	public function avatarRuleValueProvider() {
+		return [
+			['none', []],
+			['data:selfie', ['selfie']],
+			['data:sELFie', ['selfie']],
+			['data:', ['jpegphoto', 'thumbnailphoto']],
+			['default', ['jpegphoto', 'thumbnailphoto']],
+			['invalid#', ['jpegphoto', 'thumbnailphoto']],
+		];
+	}
 
-		$configuration->setConfiguration([$key => $input]);
-		$this->assertSame($configuration->$key, $expected);
+	/**
+	 * @dataProvider avatarRuleValueProvider
+	 */
+	public function testGetAvatarAttributes($setting, $expected) {
+		$this->configuration->setConfiguration(['ldapUserAvatarRule' => $setting]);
+		$this->assertSame($expected, $this->configuration->getAvatarAttributes());
+	}
+
+	/**
+	 * @dataProvider avatarRuleValueProvider
+	 */
+	public function testResolveRule($setting, $expected) {
+		$this->configuration->setConfiguration(['ldapUserAvatarRule' => $setting]);
+		// so far the only thing that can get resolved :)
+		$this->assertSame($expected, $this->configuration->resolveRule('avatar'));
 	}
 
 }

apps/user_ldap/tests/User/ManagerTest.php

@@ -238,36 +238,32 @@ public function testGetByUidNotExisting() {
 		$this->assertNull($user);
 	}
 
-	public function testGetAttributesAll() {
+	public function attributeRequestProvider() {
+		return [
+			[ false ],
+			[ true ],
+		];
+	}
+
+	/**
+	 * @dataProvider attributeRequestProvider
+	 */
+	public function testGetAttributes($minimal) {
 		list($access, $config, $filesys, $image, $log, $avaMgr, $dbc, $userMgr, $notiMgr) =
 			$this->getTestInstances();
 
 		$manager = new Manager($config, $filesys, $log, $avaMgr, $image, $dbc, $userMgr, $notiMgr);
 		$manager->setLdapAccess($access);
 
 		$connection = $access->getConnection();
-		$connection->setConfiguration(array('ldapEmailAttribute' => 'mail'));
+		$connection->setConfiguration(['ldapEmailAttribute' => 'mail', 'ldapUserAvatarRule' => 'default']);
 
-		$attributes = $manager->getAttributes();
+		$attributes = $manager->getAttributes($minimal);
 
 		$this->assertTrue(in_array('dn', $attributes));
 		$this->assertTrue(in_array($access->getConnection()->ldapEmailAttribute, $attributes));
-		$this->assertTrue(in_array('jpegphoto', $attributes));
-		$this->assertTrue(in_array('thumbnailphoto', $attributes));
-	}
-
-	public function testGetAttributesMinimal() {
-		list($access, $config, $filesys, $image, $log, $avaMgr, $dbc, $userMgr, $notiMgr) =
-			$this->getTestInstances();
-
-		$manager = new Manager($config, $filesys, $log, $avaMgr, $image, $dbc, $userMgr, $notiMgr);
-		$manager->setLdapAccess($access);
-
-		$attributes = $manager->getAttributes(true);
-
-		$this->assertTrue(in_array('dn', $attributes));
-		$this->assertTrue(!in_array('jpegphoto', $attributes));
-		$this->assertTrue(!in_array('thumbnailphoto', $attributes));
+		$this->assertSame(!$minimal, in_array('jpegphoto', $attributes));
+		$this->assertSame(!$minimal, in_array('thumbnailphoto', $attributes));
 	}
 
 }