Commit | Line | Data |
---|---|---|
bb0727ea VZ |
1 | <?php |
2 | /*************************************************************************** | |
3 | * Copyright (C) 2003-2008 Polytechnique.org * | |
4 | * http://opensource.polytechnique.org/ * | |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
f5c4bf30 | 22 | // Post-processes the successful Google Apps account creation queue job. |
bb0727ea VZ |
23 | function post_queue_u_create($job) { |
24 | global $globals; | |
25 | ||
d56cb887 | 26 | // Retrieves the user parameters (GoogleApps username and user_id). |
bb0727ea | 27 | $parameters = json_decode($job['j_parameters'], true); |
d56cb887 VZ |
28 | $username = isset($parameters['username']) ? $parameters['username'] : null; |
29 | if (!($user = User::getSilent($username))) { | |
bb0727ea VZ |
30 | return; |
31 | } | |
32 | ||
f5c4bf30 VZ |
33 | // Adds a redirection to the Google Apps delivery address, if requested by |
34 | // the user at creation time. | |
d56cb887 | 35 | $account = new GoogleAppsAccount($user); |
bb0727ea VZ |
36 | if ($account->activate_mail_redirection) { |
37 | require_once('emails.inc.php'); | |
12a587df | 38 | $storage = new EmailStorage($user, 'googleapps'); |
94c6c788 | 39 | $storage->activate(); |
bb0727ea VZ |
40 | } |
41 | ||
f5c4bf30 | 42 | // Sends the 'account created' email to the user, with basic documentation. |
bb0727ea VZ |
43 | $res = XDB::query( |
44 | "SELECT FIND_IN_SET('femme', u.flags), prenom | |
45 | FROM auth_user_md5 AS u | |
d56cb887 | 46 | WHERE u.user_id = {?}", $user->id()); |
bb0727ea VZ |
47 | list($sexe, $prenom) = $res->fetchOneRow(); |
48 | ||
49 | $mailer = new PlMailer('googleapps/create.mail.tpl'); | |
50 | $mailer->assign('account', $account); | |
d56cb887 | 51 | $mailer->assign('email', $user->bestEmail()); |
bb0727ea VZ |
52 | $mailer->assign('googleapps_domain', $globals->mailstorage->googleapps_domain); |
53 | $mailer->assign('prenom', $prenom); | |
54 | $mailer->assign('sexe', $sexe); | |
55 | $mailer->send(); | |
56 | } | |
57 | ||
f5c4bf30 | 58 | // Post-processes the successful Google Apps account update queue job. |
bb0727ea VZ |
59 | function post_queue_u_update($job) { |
60 | global $globals; | |
61 | ||
62 | // If the u_update job was an unsuspend request, re-adds the redirection | |
63 | // to the Google Apps delivery address, provided the account is active (it might | |
64 | // have been deleted between the unsuspension and the post-queue processing). | |
65 | $parameters = json_decode($job['j_parameters'], true); | |
d56cb887 VZ |
66 | $username = isset($parameters['username']) ? $parameters['username'] : null; |
67 | if (!($user = User::getSilent($username))) { | |
bb0727ea VZ |
68 | return; |
69 | } | |
70 | ||
71 | if (isset($parameters['suspended']) && $parameters['suspended'] == false) { | |
72 | require_once('emails.inc.php'); | |
d56cb887 | 73 | $account = new GoogleAppsAccount($user); |
f5c4bf30 | 74 | if ($account->active()) { |
bb0727ea VZ |
75 | // Re-adds the email redirection (if the user did request it). |
76 | if ($account->activate_mail_redirection) { | |
12a587df | 77 | $storage = new EmailStorage($user, 'googleapps'); |
94c6c788 | 78 | $storage->activate(); |
bb0727ea VZ |
79 | } |
80 | ||
81 | // Sends an email to the account owner. | |
82 | $res = XDB::query( | |
83 | "SELECT FIND_IN_SET('femme', u.flags), prenom | |
84 | FROM auth_user_md5 AS u | |
d56cb887 | 85 | WHERE u.user_id = {?}", $user->id()); |
bb0727ea VZ |
86 | list($sexe, $prenom) = $res->fetchOneRow(); |
87 | ||
88 | $mailer = new PlMailer('googleapps/unsuspend.mail.tpl'); | |
89 | $mailer->assign('account', $account); | |
d56cb887 | 90 | $mailer->assign('email', $user->bestEmail()); |
bb0727ea VZ |
91 | $mailer->assign('prenom', $prenom); |
92 | $mailer->assign('sexe', $sexe); | |
93 | $mailer->send(); | |
94 | } | |
95 | } | |
96 | } | |
97 | ||
98 | // Reprensentation of an SQL-stored Google Apps account. | |
f5c4bf30 VZ |
99 | // This class is the interface with the gappsd SQL tables: gappsd is the python |
100 | // daemon which deals with Google Apps provisioning APIs. | |
101 | // TODO(vincent.zanotti): add the url of gappsd, when available. | |
bb0727ea VZ |
102 | class GoogleAppsAccount |
103 | { | |
90c614cd | 104 | // User identification: user id, and hruid. |
d56cb887 | 105 | private $user; |
bb0727ea VZ |
106 | public $g_account_name; |
107 | ||
f5c4bf30 | 108 | // Local account parameters. |
bb0727ea VZ |
109 | public $sync_password; |
110 | public $activate_mail_redirection; | |
f5c4bf30 VZ |
111 | |
112 | // Account status, obtained from Google Apps provisioning & reporting APIs. | |
0089e594 | 113 | public $g_account_id; |
bb0727ea VZ |
114 | public $g_status; |
115 | public $g_suspension; | |
116 | public $r_disk_usage; | |
117 | public $r_creation; | |
118 | public $r_last_login; | |
119 | public $r_last_webmail; | |
120 | public $reporting_date; | |
121 | ||
f5c4bf30 | 122 | // Pending requests in the gappsd job queue (cf. top note). |
bb0727ea VZ |
123 | public $pending_create; |
124 | public $pending_delete; | |
125 | public $pending_update; | |
126 | public $pending_update_admin; | |
127 | public $pending_update_other; | |
128 | public $pending_update_password; | |
129 | public $pending_update_suspension; | |
130 | ||
f5c4bf30 | 131 | // Pending requests in plat/al validation queue. |
bb0727ea VZ |
132 | public $pending_validation_unsuspend; |
133 | ||
f5c4bf30 VZ |
134 | // Constructs the account object, by retrieving all informations from the |
135 | // GApps account table, from GApps job queue, and from plat/al validation queue. | |
d56cb887 | 136 | public function __construct(User &$user) |
bb0727ea | 137 | { |
d56cb887 VZ |
138 | $this->user = &$user; |
139 | if (!$this->user || !$this->user->login()) { | |
140 | return; | |
f5c4bf30 VZ |
141 | } |
142 | ||
d56cb887 VZ |
143 | // TODO: switch to multi-domain Google Apps, and use $this->user->forlifeEmail() |
144 | // as Google Apps idenfiant (requires changes in gappsd). | |
145 | $this->g_account_name = $this->user->login(); | |
bb0727ea VZ |
146 | $this->g_status = NULL; |
147 | ||
148 | $res = XDB::query( | |
149 | "SELECT l_sync_password, l_activate_mail_redirection, | |
0089e594 | 150 | g_account_name, g_account_id, g_status, g_suspension, r_disk_usage, |
bb0727ea VZ |
151 | UNIX_TIMESTAMP(r_creation) as r_creation, |
152 | UNIX_TIMESTAMP(r_last_login) as r_last_login, | |
153 | UNIX_TIMESTAMP(r_last_webmail) as r_last_webmail | |
154 | FROM gapps_accounts | |
d56cb887 | 155 | WHERE g_account_name = {?}", $this->g_account_name); |
bb0727ea VZ |
156 | if ($account = $res->fetchOneAssoc()) { |
157 | $this->sync_password = $account['l_sync_password']; | |
158 | $this->activate_mail_redirection = $account['l_activate_mail_redirection']; | |
0089e594 | 159 | $this->g_account_id = $account['g_account_id']; |
bb0727ea VZ |
160 | $this->g_status = $account['g_status']; |
161 | $this->g_suspension = $account['g_suspension']; | |
162 | $this->r_disk_usage = $account['r_disk_usage']; | |
163 | $this->r_creation = $account['r_creation']; | |
164 | $this->r_last_login = $account['r_last_webmail']; | |
165 | $this->r_last_webmail = $account['r_last_webmail']; | |
166 | ||
167 | $this->load_pending_counts(); | |
168 | $this->load_pending_validations(); | |
169 | if ($this->pending_update) { | |
170 | $this->load_pending_updates(); | |
171 | } | |
172 | ||
173 | $res = XDB::query("SELECT MAX(date) FROM gapps_reporting"); | |
174 | $this->reporting_date = $res->fetchOneCell(); | |
175 | } | |
176 | } | |
177 | ||
f5c4bf30 VZ |
178 | // Determines if changes to the Google Account are currently waiting in the |
179 | // GApps job queue, and initializes the local values accordingly. | |
bb0727ea VZ |
180 | private function load_pending_counts() |
181 | { | |
bb0727ea VZ |
182 | $res = XDB::query( |
183 | "SELECT SUM(j_type = 'u_create') AS pending_create, | |
184 | SUM(j_type = 'u_update') AS pending_update, | |
185 | SUM(j_type = 'u_delete') AS pending_delete | |
186 | FROM gapps_queue | |
187 | WHERE q_recipient_id = {?} AND | |
188 | p_status IN ('idle', 'active', 'softfail') | |
d56cb887 | 189 | GROUP BY j_type", $this->user->id()); |
bb0727ea VZ |
190 | $pending = $res->fetchOneAssoc(); |
191 | $this->pending_create = $pending['pending_create']; | |
192 | $this->pending_update = $pending['pending_update']; | |
193 | $this->pending_delete = $pending['pending_delete']; | |
194 | ||
195 | $this->pending_update_admin = false; | |
196 | $this->pending_update_other = false; | |
197 | $this->pending_update_password = false; | |
198 | $this->pending_update_suspension = false; | |
199 | } | |
200 | ||
f5c4bf30 VZ |
201 | // Checks for unsuspend requests waiting for validation in plat/al |
202 | // validation queue. | |
bb0727ea VZ |
203 | private function load_pending_validations() |
204 | { | |
205 | require_once('validations.inc.php'); | |
206 | $this->pending_validation_unsuspend = | |
d56cb887 | 207 | Validate::get_typed_requests_count($this->user->id(), 'gapps-unsuspend'); |
bb0727ea VZ |
208 | } |
209 | ||
f5c4bf30 VZ |
210 | // Retrieves all the pending update job in the gappsd queue for the current |
211 | // user, and analyzes the scope of the update (ie. the fields in the user | |
212 | // account which are going to be updated). | |
bb0727ea VZ |
213 | private function load_pending_updates() |
214 | { | |
bb0727ea VZ |
215 | $res = XDB::iterator( |
216 | "SELECT j_parameters | |
217 | FROM gapps_queue | |
218 | WHERE q_recipient_id = {?} AND | |
219 | p_status IN ('idle', 'active', 'softfail') AND | |
d56cb887 | 220 | j_type = 'u_update'", $this->user->id()); |
bb0727ea VZ |
221 | while ($update = $res->next()) { |
222 | $update_data = json_decode($update["j_parameters"], true); | |
223 | ||
224 | if (isset($update_data["suspended"])) { | |
225 | $this->pending_update_suspension = true; | |
226 | } elseif (isset($update_data["password"])) { | |
227 | $this->pending_update_password = true; | |
228 | } elseif (isset($update_data["admin"])) { | |
229 | $this->pending_update_admin = true; | |
230 | } else { | |
231 | $this->pending_update_other = true; | |
232 | } | |
233 | } | |
234 | } | |
235 | ||
236 | // Creates a queue job of the @p type, for the user represented by this | |
f5c4bf30 VZ |
237 | // GoogleAppsAccount object, using @p parameters. @p parameters is supposed |
238 | // to be a one-dimension array of key-value mappings. | |
d93451de | 239 | // The created job as a 'immediate' priority, and is scheduled for immediate |
f5c4bf30 | 240 | // execution. |
bb0727ea VZ |
241 | private function create_queue_job($type, $parameters) { |
242 | $parameters["username"] = $this->g_account_name; | |
243 | XDB::execute( | |
244 | "INSERT INTO gapps_queue | |
245 | SET q_owner_id = {?}, q_recipient_id = {?}, | |
246 | p_entry_date = NOW(), p_notbefore_date = NOW(), | |
d93451de | 247 | p_priority = 'immediate', |
bb0727ea VZ |
248 | j_type = {?}, j_parameters = {?}", |
249 | S::v('uid'), | |
d56cb887 | 250 | $this->user->id(), |
bb0727ea VZ |
251 | $type, |
252 | json_encode($parameters)); | |
253 | } | |
254 | ||
f5c4bf30 VZ |
255 | |
256 | // Returns true if the account is currently active. | |
257 | public function active() | |
258 | { | |
259 | return $this->g_status == 'active'; | |
260 | } | |
261 | ||
262 | // Returns true if the account exists in Google Apps. | |
263 | public function provisioned() | |
264 | { | |
265 | return $this->g_status == 'active' or $this->g_status == 'disabled'; | |
266 | } | |
267 | ||
268 | // Returns true if the account exists, but cannot be used (user-requested | |
269 | // suspension, or Google-requested suspension). | |
270 | public function suspended() | |
271 | { | |
272 | return $this->g_status == 'disabled'; | |
273 | } | |
274 | ||
275 | ||
bb0727ea VZ |
276 | // Changes the GoogleApps password. |
277 | public function set_password($password) { | |
f5c4bf30 | 278 | if (!$this->provisioned()) { |
bb0727ea VZ |
279 | return; |
280 | } | |
281 | ||
282 | if (!$this->pending_update_password) { | |
283 | $this->create_queue_job('u_update', array('password' => $password)); | |
d73f885f | 284 | $this->pending_update_password = true; |
bb0727ea VZ |
285 | } |
286 | } | |
287 | ||
f5c4bf30 | 288 | |
bb0727ea VZ |
289 | // Changes the password synchronization status ("sync = true" means that the |
290 | // Polytechnique.org password will be replicated to the Google Apps account). | |
291 | public function set_password_sync($sync) { | |
f5c4bf30 | 292 | if (!$this->provisioned()) { |
bb0727ea VZ |
293 | return; |
294 | } | |
295 | ||
296 | $this->sync_password = $sync; | |
297 | XDB::execute( | |
298 | "UPDATE gapps_accounts | |
299 | SET l_sync_password = {?} | |
300 | WHERE g_account_name = {?}", | |
301 | $sync, | |
302 | $this->g_account_name); | |
303 | } | |
304 | ||
305 | // Suspends the Google Apps account. | |
306 | public function suspend() { | |
f5c4bf30 | 307 | if (!$this->provisioned()) { |
bb0727ea VZ |
308 | return; |
309 | } | |
310 | ||
311 | if (!$this->pending_update_suspension) { | |
312 | $this->create_queue_job('u_update', array('suspended' => true)); | |
313 | $this->pending_update_suspension = true; | |
5656271f VZ |
314 | XDB::execute( |
315 | "UPDATE gapps_accounts | |
316 | SET g_status = 'disabled' | |
317 | WHERE g_account_name = {?} AND g_status = 'active'", | |
318 | $this->g_account_name); | |
bb0727ea VZ |
319 | } |
320 | } | |
321 | ||
322 | // Adds an unsuspension request to the validation queue (used on user-request). | |
323 | public function unsuspend($activate_mail_redirection = NULL) { | |
f5c4bf30 | 324 | if (!$this->provisioned()) { |
bb0727ea VZ |
325 | return; |
326 | } | |
327 | if ($activate_mail_redirection !== NULL) { | |
328 | $this->activate_mail_redirection = $activate_mail_redirection; | |
329 | XDB::execute( | |
330 | "UPDATE gapps_accounts | |
331 | SET l_activate_mail_redirection = {?} | |
332 | WHERE g_account_name = {?}", | |
f5c4bf30 VZ |
333 | $activate_mail_redirection, |
334 | $this->g_account_name); | |
bb0727ea VZ |
335 | } |
336 | ||
337 | if (!$this->pending_update_suspension && !$this->pending_validation_unsuspend) { | |
338 | require_once('validations.inc.php'); | |
5daf68f6 | 339 | $unsuspend = new GoogleAppsUnsuspendReq($this->user); |
bb0727ea VZ |
340 | $unsuspend->submit(); |
341 | $this->pending_validation_unsuspend = true; | |
342 | } | |
343 | } | |
344 | ||
345 | // Unsuspends the Google Apps account (used on admin-request, or on validation of | |
346 | // an user-request). | |
347 | public function do_unsuspend() { | |
f5c4bf30 | 348 | if (!$this->provisioned()) { |
bb0727ea VZ |
349 | return; |
350 | } | |
351 | ||
352 | if (!$this->pending_update_suspension) { | |
353 | if ($this->sync_password) { | |
354 | $res = XDB::query( | |
355 | "SELECT password | |
356 | FROM auth_user_md5 | |
d56cb887 | 357 | WHERE user_id = {?}", $this->user->id()); |
bb0727ea VZ |
358 | $password = ($res->numRows() > 0 ? $res->fetchOneCell() : false); |
359 | } else { | |
360 | $password = false; | |
361 | } | |
362 | ||
363 | if ($password) { | |
364 | $this->create_queue_job('u_update', array('suspended' => false, 'password' => $password)); | |
365 | } else { | |
366 | $this->create_queue_job('u_update', array('suspended' => false)); | |
367 | } | |
368 | $this->pending_update_suspension = true; | |
369 | return true; | |
370 | } | |
371 | return false; | |
372 | } | |
373 | ||
f5c4bf30 | 374 | // Creates a new Google Apps account with the @p local parameters. |
bb0727ea VZ |
375 | public function create($password_sync, $password, $redirect_mails) { |
376 | if ($this->g_status != NULL) { | |
377 | return; | |
378 | } | |
379 | ||
380 | if (!$this->pending_create) { | |
381 | // Retrieves information on the new account. | |
382 | $res = XDB::query( | |
383 | "SELECT nom, nom_usage, prenom | |
384 | FROM auth_user_md5 | |
d56cb887 | 385 | WHERE user_id = {?}", $this->user->id()); |
bb0727ea VZ |
386 | list($nom, $nom_usage, $prenom) = $res->fetchOneRow(); |
387 | ||
f5c4bf30 | 388 | // Adds an 'unprovisioned' entry in the gapps_accounts table. |
bb0727ea VZ |
389 | XDB::execute( |
390 | "INSERT INTO gapps_accounts | |
391 | SET l_userid = {?}, | |
392 | l_sync_password = {?}, | |
393 | l_activate_mail_redirection = {?}, | |
394 | g_account_name = {?}, | |
395 | g_first_name = {?}, | |
396 | g_last_name = {?}, | |
397 | g_status = 'unprovisioned'", | |
d56cb887 | 398 | $this->user->id(), |
bb0727ea VZ |
399 | $password_sync, |
400 | $redirect_mails, | |
401 | $this->g_account_name, | |
402 | $prenom, | |
403 | ($nom_usage ? $nom_usage : $nom)); | |
404 | ||
405 | // Adds the creation job in the GApps queue. | |
406 | $this->create_queue_job( | |
407 | 'u_create', | |
408 | array( | |
409 | 'username' => $this->g_account_name, | |
410 | 'first_name' => $prenom, | |
411 | 'last_name' => ($nom_usage ? $nom_usage : $nom), | |
412 | 'password' => $password, | |
413 | )); | |
414 | ||
415 | // Updates the GoogleAppsAccount status. | |
d56cb887 | 416 | $this->__construct($this->user); |
bb0727ea VZ |
417 | } |
418 | } | |
f5c4bf30 VZ |
419 | |
420 | ||
421 | // Returns the status of the Google Apps account for @p user, or false | |
422 | // when no account exists. | |
423 | static public function account_status($uid) { | |
424 | $res = XDB::query( | |
425 | "SELECT g_status | |
426 | FROM gapps_accounts | |
427 | WHERE l_userid = {?}", $uid); | |
428 | return ($res->numRows() > 0 ? $res->fetchOneCell() : false); | |
429 | } | |
430 | ||
431 | // Returns true if the @p user is an administrator of the Google Apps domain. | |
432 | static public function is_administrator($uid) { | |
433 | $res = XDB::query( | |
434 | "SELECT g_admin | |
435 | FROM gapps_accounts | |
436 | WHERE l_userid = {?} AND g_status = 'active'", $uid); | |
4b67332c | 437 | return ($res->numRows() > 0 ? (bool)$res->fetchOneCell() : false); |
f5c4bf30 | 438 | } |
bb0727ea VZ |
439 | } |
440 | ||
441 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: | |
442 | ?> |