fix: Avoid slow queries in scenarios where we do not need a search

Signed-off-by: Julius Knorr <[email protected]>
nextcloud · Jan 13, 2025 · 25c551c · 25c551c
1 parent 60d84ee
commit 25c551c
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 4 deletions.
diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
@@ -467,10 +467,13 @@ public function code(string $state = '', string $code = '', string $scope = '',
 
 		$autoProvisionAllowed = (!isset($oidcSystemConfig['auto_provision']) || $oidcSystemConfig['auto_provision']);
 
-		// in case user is provisioned by user_ldap, userManager->search() triggers an ldap search which syncs the results
-		// so new users will be directly available even if they were not synced before this login attempt
-		$this->userManager->search($userId);
-		$this->ldapService->syncUser($userId);
+		if (!$this->provisioningService->hasOidcUserProvisitioned($userId) && $this->ldapService->isLDAPEnabled()) {
+			// in case user is provisioned by user_ldap, userManager->search() triggers an ldap search which syncs the results
+			// so new users will be directly available even if they were not synced before this login attempt
+			$this->userManager->search($userId, 1, 0);
+			$this->ldapService->syncUser($userId);
+		}
+
 		$userFromOtherBackend = $this->userManager->get($userId);
 		if ($userFromOtherBackend !== null && $this->ldapService->isLdapDeletedUser($userFromOtherBackend)) {
 			$userFromOtherBackend = null;

diff --git a/lib/Service/LdapService.php b/lib/Service/LdapService.php
@@ -8,6 +8,7 @@
 
 namespace OCA\UserOIDC\Service;
 
+use OCP\App\IAppManager;
 use OCP\AppFramework\QueryException;
 use OCP\IUser;
 use Psr\Log\LoggerInterface;
@@ -16,16 +17,25 @@ class LdapService {
 
 	public function __construct(
 		private LoggerInterface $logger,
+		private IAppManager $appManager,
 	) {
 	}
 
+	public function isLDAPEnabled(): bool {
+		return $this->appManager->isAppLoaded('user_ldap');
+	}
+
 	/**
 	 * @param IUser $user
 	 * @return bool
 	 * @throws \Psr\Container\ContainerExceptionInterface
 	 * @throws \Psr\Container\NotFoundExceptionInterface
 	 */
 	public function isLdapDeletedUser(IUser $user): bool {
+		if ($this->isLDAPEnabled()) {
+			return false;
+		}
+
 		$className = $user->getBackendClassName();
 		if ($className !== 'LDAP') {
 			return false;

diff --git a/lib/Service/ProvisioningService.php b/lib/Service/ProvisioningService.php
@@ -10,6 +10,8 @@
 use OCA\UserOIDC\Db\UserMapper;
 use OCA\UserOIDC\Event\AttributeMappedEvent;
 use OCP\Accounts\IAccountManager;
+use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\AppFramework\Db\MultipleObjectsReturnedException;
 use OCP\DB\Exception;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Http\Client\IClientService;
@@ -40,6 +42,15 @@ public function __construct(
 	) {
 	}
 
+	public function hasOidcUserProvisitioned(string $userId): bool {
+		try {
+			$this->userMapper->getUser($userId);
+			return true;
+		} catch (DoesNotExistException|MultipleObjectsReturnedException) {
+		}
+		return false;
+	}
+
 	/**
 	 * @param string $tokenUserId
 	 * @param int $providerId