From 25c551caa129d3f3df1a5ab5aa42a9c4e1e16214 Mon Sep 17 00:00:00 2001 From: Julius Knorr Date: Mon, 13 Jan 2025 13:28:51 +0100 Subject: [PATCH] fix: Avoid slow queries in scenarios where we do not need a search Signed-off-by: Julius Knorr --- lib/Controller/LoginController.php | 11 +++++++---- lib/Service/LdapService.php | 10 ++++++++++ lib/Service/ProvisioningService.php | 11 +++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index f68eafbf..6e8d0957 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -467,10 +467,13 @@ public function code(string $state = '', string $code = '', string $scope = '', $autoProvisionAllowed = (!isset($oidcSystemConfig['auto_provision']) || $oidcSystemConfig['auto_provision']); - // in case user is provisioned by user_ldap, userManager->search() triggers an ldap search which syncs the results - // so new users will be directly available even if they were not synced before this login attempt - $this->userManager->search($userId); - $this->ldapService->syncUser($userId); + if (!$this->provisioningService->hasOidcUserProvisitioned($userId) && $this->ldapService->isLDAPEnabled()) { + // in case user is provisioned by user_ldap, userManager->search() triggers an ldap search which syncs the results + // so new users will be directly available even if they were not synced before this login attempt + $this->userManager->search($userId, 1, 0); + $this->ldapService->syncUser($userId); + } + $userFromOtherBackend = $this->userManager->get($userId); if ($userFromOtherBackend !== null && $this->ldapService->isLdapDeletedUser($userFromOtherBackend)) { $userFromOtherBackend = null; diff --git a/lib/Service/LdapService.php b/lib/Service/LdapService.php index 53cf80fa..356abc76 100644 --- a/lib/Service/LdapService.php +++ b/lib/Service/LdapService.php @@ -8,6 +8,7 @@ namespace OCA\UserOIDC\Service; +use OCP\App\IAppManager; use OCP\AppFramework\QueryException; use OCP\IUser; use Psr\Log\LoggerInterface; @@ -16,9 +17,14 @@ class LdapService { public function __construct( private LoggerInterface $logger, + private IAppManager $appManager, ) { } + public function isLDAPEnabled(): bool { + return $this->appManager->isAppLoaded('user_ldap'); + } + /** * @param IUser $user * @return bool @@ -26,6 +32,10 @@ public function __construct( * @throws \Psr\Container\NotFoundExceptionInterface */ public function isLdapDeletedUser(IUser $user): bool { + if ($this->isLDAPEnabled()) { + return false; + } + $className = $user->getBackendClassName(); if ($className !== 'LDAP') { return false; diff --git a/lib/Service/ProvisioningService.php b/lib/Service/ProvisioningService.php index 342ef17c..8d6ba9dc 100644 --- a/lib/Service/ProvisioningService.php +++ b/lib/Service/ProvisioningService.php @@ -10,6 +10,8 @@ use OCA\UserOIDC\Db\UserMapper; use OCA\UserOIDC\Event\AttributeMappedEvent; use OCP\Accounts\IAccountManager; +use OCP\AppFramework\Db\DoesNotExistException; +use OCP\AppFramework\Db\MultipleObjectsReturnedException; use OCP\DB\Exception; use OCP\EventDispatcher\IEventDispatcher; use OCP\Http\Client\IClientService; @@ -40,6 +42,15 @@ public function __construct( ) { } + public function hasOidcUserProvisitioned(string $userId): bool { + try { + $this->userMapper->getUser($userId); + return true; + } catch (DoesNotExistException|MultipleObjectsReturnedException) { + } + return false; + } + /** * @param string $tokenUserId * @param int $providerId