feat: implement configurable SQL queries and CI/CD infrastructure#2
Merged
Conversation
Implement centralized SQL query configuration resolver with fallback defaults for WordPress integration. Supports: - getWordPressUserQuery(): Configure WordPress user authentication query - getDisabledUsersQuery(): Configure disabled users filter query - setWordPressPasswordQuery(): Configure password update query Queries can be overridden via system config key 'wordpress_queries' Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Update UserBackend to use the new QueryConfig class for database queries, enabling customization of: - WordPress user authentication query - Disabled users filter logic This allows administrators to adapt the backend to different WordPress database schemas without code changes. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Update BeforePasswordUpdatedListener to use QueryConfig for database queries when synchronizing password changes from Nextcloud to WordPress. Also fix database parameter binding to use bindValue() for safe variable reference passing. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add comprehensive unit tests for QueryConfig class covering: - Default query fallback when config missing - Custom query override via system config - Empty configuration handling Reorganize phpunit configuration to follow LibreSign structure with tests/phpunit.xml and bootstrap.php in tests directory. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Implement CI/CD workflows for automated testing and linting: - lint-info-xml: Validate appinfo/info.xml against Nextcloud schema - lint-php: PHP syntax validation for PHP 8.2 and 8.3 - phpunit: Unit test execution across PHP versions All workflows run on pull requests and pushes to main branch with concurrency control to cancel redundant runs. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add REUSE configuration for machine-readable licensing metadata following REUSE Software specifications. Declares: - Package: wordpress_login_backend - License: AGPL-3.0-or-later - Copyright: 2026 LibreCode coop and contributors - Supplier: LibreCode <contact@librecode.coop> Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Update composer.json with: - Lint, test, and test:unit scripts pointing to tests/phpunit.xml - Updated PHP linting and testing setup Sync composer.lock with latest dependencies. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add SPDX compliance headers to appinfo/info.xml Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Update README.md with: - Custom SQL query documentation with example occ commands - System configuration instructions for wordpress_dsn - Support and enterprise contact information - SPDX compliance headers Documents how administrators can override default SQL queries via system config key 'wordpress_queries' to adapt the backend to different WordPress database schemas. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Ignore PHPUnit generated files: - /build/: Test coverage and logs directory - .phpunit.cache/: PHPUnit cache directory Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add SPDX compliance headers to HashPassword helper class. Note: Correct SPDX date to 2026 as per creation timestamp Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add GitHub Actions workflow for REUSE compliance verification: - Runs on pull requests and pushes to main branch - Validates SPDX headers and licensing metadata - Uses fsfe/reuse-action for machine-readable licensing validation This ensures the project maintains compliance with SPDX standards and properly attributes copyright and licensing information. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Update GitHub Actions workflows to preserve original SPDX headers from Nextcloud organization templates: - lint-info-xml: 2021-2024 Nextcloud GmbH and Nextcloud contributors - lint-php: 2021-2024 Nextcloud GmbH and Nextcloud contributors - phpunit: 2022-2024 Nextcloud GmbH and Nextcloud contributors These workflows are provided via the Nextcloud organization template repository and should maintain proper attribution. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add LICENSES directory with: - AGPL-3.0-or-later.txt: Main project license - CC0-1.0.txt: Public domain dedication for config files - MIT.txt: License for Nextcloud template workflows This directory is required by REUSE.toml for SPDX compliance checking to properly validate and report licensing information. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Remove CC0-1.0 annotation for non-existent .github/CODEOWNERS file from REUSE.toml. This file is not part of the project and was causing REUSE compliance checks to fail. Remove unused CC0-1.0.txt license file from LICENSES directory as it is not referenced by any project files. Project now only uses: - AGPL-3.0-or-later: Main project code - MIT: Nextcloud template workflows Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Designate vitormattos as code owner for appinfo/info.xml. The CODEOWNERS file helps automate code review assignment and ensures proper oversight of critical configuration files. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Add CC0-1.0.txt to LICENSES directory and update REUSE.toml to reference the .github/CODEOWNERS file with CC0-1.0 license (public domain dedication). This ensures REUSE compliance for all configuration files. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR introduces a configurable SQL query layer for the WordPress-backed authentication flow and adds a baseline CI setup (linting, PHPUnit, REUSE, dependabot) for the app.
Changes:
- Added
QueryConfigto resolve WordPress SQL queries from system config with sane defaults. - Updated the authentication backend and password-sync listener to use
QueryConfigqueries. - Added PHPUnit test scaffolding (bootstrap + config) and unit tests, plus GitHub Actions workflows and REUSE metadata.
Reviewed changes
Copilot reviewed 23 out of 25 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
lib/Config/QueryConfig.php |
New resolver for default vs overridden SQL queries via wordpress_queries. |
lib/Backend/UserBackend.php |
Switched user lookup + disabled-user query sources to QueryConfig. |
lib/Listener/BeforePasswordUpdatedListener.php |
Switched password update query to QueryConfig and adjusted parameter binding. |
lib/Helper/HashPassword.php |
Added SPDX header. |
tests/Unit/Config/QueryConfigTest.php |
Unit tests for defaults/overrides and empty-config behavior. |
tests/Unit/Helper/HashPasswordTest.php |
Unit tests covering hashing prefix, validate behavior, and long-password behavior. |
tests/bootstrap.php |
PHPUnit bootstrap with minimal OCP\IConfig stub for unit tests. |
tests/phpunit.xml |
PHPUnit configuration (strict settings, unit suite discovery). |
composer.json |
Added PHPUnit dev dependency, test/lint scripts, and dev autoload mapping for tests. |
composer.lock |
Locked PHPUnit and related dev dependencies. |
.github/workflows/phpunit.yml |
CI job to run PHPUnit across PHP 8.2/8.3. |
.github/workflows/lint-php.yml |
CI job for composer validation + PHP lint across PHP 8.2/8.3. |
.github/workflows/lint-info-xml.yml |
CI job to validate appinfo/info.xml against Nextcloud schema. |
.github/workflows/reuse.yml |
CI job to enforce REUSE/SPDX compliance. |
.github/dependabot.yml |
Dependabot configuration for composer + GitHub Actions updates. |
.github/FUNDING.yml |
Funding metadata. |
.github/CODEOWNERS |
CODEOWNERS entry for appinfo/info.xml. |
REUSE.toml |
REUSE project metadata and annotations. |
LICENSES/AGPL-3.0-or-later.txt |
Added SPDX license text file. |
LICENSES/MIT.txt |
Added SPDX license text file. |
LICENSES/CC0-1.0.txt |
Added SPDX license text file. |
README.md |
Added SPDX header + documentation for configuring custom SQL queries and support info. |
appinfo/info.xml |
Updated Nextcloud dependency range. |
.gitignore |
Ignored build artifacts and PHPUnit cache. |
Comments suppressed due to low confidence (1)
lib/Backend/UserBackend.php:198
- With configurable disabled-user queries,
$db->prepare($sql)may return false (e.g., invalid custom SQL, trailing semicolon combined with appended LIMIT, etc.). The code assumes a PDOStatement and will fatal on subsequentbindParam(...)calls. Consider enabling PDO exceptions and/or checking the prepare result before binding.
$sql = $this->queryConfig->getDisabledUsersQuery();
$limit = $this->fixLimit($limit);
if (!is_null($limit) && $limit > 0) {
$sql.= ' LIMIT :offset,:limit';
}
$statement = $db->prepare($sql);
if (!is_null($limit) && $limit > 0) {
$statement->bindParam(':limit', $limit, PDO::PARAM_INT);
$statement->bindParam(':offset', $offset, PDO::PARAM_INT);
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Fix malformed SPDX-License-Identifier in .gitignore where '/vendor/' was accidentally concatenated to the license expression. This resolves REUSE CI failure: - Invalid SPDX License Expression: AGPL-3.0-or-later/vendor/ - Missing licensing information for .gitignore Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR implements comprehensive configuration system for SQL queries and establishes complete CI/CD infrastructure for the WordPress Login Backend app.