Changes according to review
This commit is contained in:
parent
a7fbd91e53
commit
218d0add36
|
@ -41,13 +41,15 @@ OC.Lostpassword = {
|
||||||
},
|
},
|
||||||
|
|
||||||
sendLinkDone : function(result){
|
sendLinkDone : function(result){
|
||||||
|
var sendErrorMsg;
|
||||||
|
|
||||||
if (result && result.status === 'success'){
|
if (result && result.status === 'success'){
|
||||||
OC.Lostpassword.sendLinkSuccess();
|
OC.Lostpassword.sendLinkSuccess();
|
||||||
} else {
|
} else {
|
||||||
if (result && result.msg){
|
if (result && result.msg){
|
||||||
var sendErrorMsg = result.msg;
|
sendErrorMsg = result.msg;
|
||||||
} else {
|
} else {
|
||||||
var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
|
sendErrorMsg = OC.Lostpassword.sendErrorMsg;
|
||||||
}
|
}
|
||||||
OC.Lostpassword.sendLinkError(sendErrorMsg);
|
OC.Lostpassword.sendLinkError(sendErrorMsg);
|
||||||
}
|
}
|
||||||
|
@ -89,6 +91,7 @@ OC.Lostpassword = {
|
||||||
},
|
},
|
||||||
|
|
||||||
resetDone : function(result){
|
resetDone : function(result){
|
||||||
|
var resetErrorMsg;
|
||||||
if (result && result.status === 'success'){
|
if (result && result.status === 'success'){
|
||||||
$.post(
|
$.post(
|
||||||
OC.webroot + '/',
|
OC.webroot + '/',
|
||||||
|
@ -100,11 +103,11 @@ OC.Lostpassword = {
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
if (result && result.msg){
|
if (result && result.msg){
|
||||||
var resetErrorMsg = result.msg;
|
resetErrorMsg = result.msg;
|
||||||
} else if (result && result.encryption) {
|
} else if (result && result.encryption) {
|
||||||
var sendErrorMsg = OC.Lostpassword.encryptedMsg;
|
resetErrorMsg = OC.Lostpassword.encryptedMsg;
|
||||||
} else {
|
} else {
|
||||||
var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
|
resetErrorMsg = OC.Lostpassword.resetErrorMsg;
|
||||||
}
|
}
|
||||||
OC.Lostpassword.resetError(resetErrorMsg);
|
OC.Lostpassword.resetError(resetErrorMsg);
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @author Victor Dubiniuk
|
||||||
|
* @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
|
||||||
|
*
|
||||||
|
* This file is licensed under the Affero General Public License version 3 or
|
||||||
|
* later.
|
||||||
|
* See the COPYING-README file.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OC\Core\LostPassword;
|
||||||
|
|
||||||
|
use \OCP\AppFramework\App;
|
||||||
|
use OC\Core\LostPassword\Controller\LostController;
|
||||||
|
|
||||||
|
class Application extends App {
|
||||||
|
public function __construct(array $urlParams=array()){
|
||||||
|
parent::__construct('core', $urlParams);
|
||||||
|
|
||||||
|
$container = $this->getContainer();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Controllers
|
||||||
|
*/
|
||||||
|
$container->registerService('LostController', function($c) {
|
||||||
|
return new LostController(
|
||||||
|
$c->query('AppName'),
|
||||||
|
$c->query('ServerContainer')->getRequest(),
|
||||||
|
$c->query('ServerContainer')->getURLGenerator(),
|
||||||
|
$c->query('ServerContainer')->getUserManager(),
|
||||||
|
new \OC_Defaults(),
|
||||||
|
$c->query('ServerContainer')->getL10N('core'),
|
||||||
|
\OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
|
||||||
|
\OC_App::isEnabled('files_encryption')
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,101 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* @author Victor Dubiniuk
|
|
||||||
* @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
|
|
||||||
*
|
|
||||||
* This file is licensed under the Affero General Public License version 3 or
|
|
||||||
* later.
|
|
||||||
* See the COPYING-README file.
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace OC\Core\LostPassword\Controller;
|
|
||||||
|
|
||||||
use \OCP\AppFramework\Controller;
|
|
||||||
use \OCP\AppFramework\Http\JSONResponse;
|
|
||||||
|
|
||||||
class AjaxController extends LostController {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @PublicPage
|
|
||||||
*/
|
|
||||||
public function lost(){
|
|
||||||
$response = new JSONResponse(array('status'=>'success'));
|
|
||||||
try {
|
|
||||||
$this->sendEmail($this->params('user', ''), $this->params('proceed', ''));
|
|
||||||
} catch (EncryptedDataException $e){
|
|
||||||
$response->setData(array(
|
|
||||||
'status' => 'error',
|
|
||||||
'encryption' => '1'
|
|
||||||
));
|
|
||||||
} catch (\Exception $e){
|
|
||||||
$response->setData(array(
|
|
||||||
'status' => 'error',
|
|
||||||
'msg' => $e->getMessage()
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @PublicPage
|
|
||||||
*/
|
|
||||||
public function resetPassword() {
|
|
||||||
$response = new JSONResponse(array('status'=>'success'));
|
|
||||||
try {
|
|
||||||
$user = $this->params('user');
|
|
||||||
$newPassword = $this->params('password');
|
|
||||||
if (!$this->checkToken()) {
|
|
||||||
throw new \RuntimeException('');
|
|
||||||
}
|
|
||||||
if (!\OC_User::setPassword($user, $newPassword)) {
|
|
||||||
throw new \RuntimeException('');
|
|
||||||
}
|
|
||||||
\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
|
|
||||||
\OC_User::unsetMagicInCookie();
|
|
||||||
} catch (Exception $e){
|
|
||||||
$response->setData(array(
|
|
||||||
'status' => 'error',
|
|
||||||
'msg' => $e->getMessage()
|
|
||||||
));
|
|
||||||
}
|
|
||||||
return $response;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function sendEmail($user, $proceed) {
|
|
||||||
$l = \OC_L10N::get('core');
|
|
||||||
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
|
||||||
|
|
||||||
if ($isEncrypted && $proceed !== 'Yes'){
|
|
||||||
throw new EncryptedDataException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!\OC_User::userExists($user)) {
|
|
||||||
throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
|
|
||||||
}
|
|
||||||
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
|
|
||||||
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
|
|
||||||
hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
|
||||||
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
|
|
||||||
if (empty($email)) {
|
|
||||||
throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
|
|
||||||
}
|
|
||||||
|
|
||||||
$parameters = array('token' => $token, 'user' => $user);
|
|
||||||
$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
|
|
||||||
$link = $this->urlGenerator->getAbsoluteUrl($link);
|
|
||||||
|
|
||||||
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
|
||||||
$tmpl->assign('link', $link, false);
|
|
||||||
$msg = $tmpl->fetchPage();
|
|
||||||
echo $link;
|
|
||||||
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
|
|
||||||
try {
|
|
||||||
$defaults = new \OC_Defaults();
|
|
||||||
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
|
|
||||||
} catch (\Exception $e) {
|
|
||||||
throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -5,27 +5,43 @@
|
||||||
* later.
|
* later.
|
||||||
* See the COPYING-README file.
|
* See the COPYING-README file.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace OC\Core\LostPassword\Controller;
|
namespace OC\Core\LostPassword\Controller;
|
||||||
|
|
||||||
use \OCP\AppFramework\Controller;
|
use \OCP\AppFramework\Controller;
|
||||||
|
use \OCP\AppFramework\Http\JSONResponse;
|
||||||
use \OCP\AppFramework\Http\TemplateResponse;
|
use \OCP\AppFramework\Http\TemplateResponse;
|
||||||
|
|
||||||
class LostController extends Controller {
|
class LostController extends Controller {
|
||||||
|
|
||||||
protected $urlGenerator;
|
protected $urlGenerator;
|
||||||
|
protected $userManager;
|
||||||
|
protected $defaults;
|
||||||
|
protected $l10n;
|
||||||
|
protected $from;
|
||||||
|
protected $isDataEncrypted;
|
||||||
|
|
||||||
public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator) {
|
public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator, $userManager,
|
||||||
|
$defaults, $l10n, $from, $isDataEncrypted) {
|
||||||
parent::__construct($appName, $request);
|
parent::__construct($appName, $request);
|
||||||
$this->urlGenerator = $urlGenerator;
|
$this->urlGenerator = $urlGenerator;
|
||||||
|
$this->userManager = $userManager;
|
||||||
|
$this->defaults = $defaults;
|
||||||
|
$this->l10n = $l10n;
|
||||||
|
$this->from = $from;
|
||||||
|
$this->isDataEncrypted = $isDataEncrypted;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @PublicPage
|
* @PublicPage
|
||||||
* @NoCSRFRequired
|
* @NoCSRFRequired
|
||||||
|
*
|
||||||
|
* @param string $token
|
||||||
|
* @param string $uid
|
||||||
*/
|
*/
|
||||||
public function reset() {
|
public function reset($token, $uid) {
|
||||||
// Someone wants to reset their password:
|
// Someone wants to reset their password:
|
||||||
if($this->checkToken()) {
|
if($this->checkToken($uid, $token)) {
|
||||||
return new TemplateResponse(
|
return new TemplateResponse(
|
||||||
'core/lostpassword',
|
'core/lostpassword',
|
||||||
'resetpassword',
|
'resetpassword',
|
||||||
|
@ -36,31 +52,102 @@ class LostController extends Controller {
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
// Someone lost their password
|
// Someone lost their password
|
||||||
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
|
||||||
return new TemplateResponse(
|
return new TemplateResponse(
|
||||||
'core/lostpassword',
|
'core/lostpassword',
|
||||||
'lostpassword',
|
'lostpassword',
|
||||||
array(
|
array(
|
||||||
'isEncrypted' => $isEncrypted,
|
'isEncrypted' => $this->isDataEncrypted,
|
||||||
'link' => $this->getResetPasswordLink()
|
'link' => $this->getResetPasswordLink($uid, $token)
|
||||||
),
|
),
|
||||||
'guest'
|
'guest'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getResetPasswordLink(){
|
/**
|
||||||
|
* @PublicPage
|
||||||
|
*
|
||||||
|
* @param bool $proceed
|
||||||
|
*/
|
||||||
|
public function lost($user, $proceed){
|
||||||
|
$response = new JSONResponse(array('status'=>'success'));
|
||||||
|
try {
|
||||||
|
$this->sendEmail($user, $proceed);
|
||||||
|
} catch (EncryptedDataException $e){
|
||||||
|
$response->setData(array(
|
||||||
|
'status' => 'error',
|
||||||
|
'encryption' => '1'
|
||||||
|
));
|
||||||
|
} catch (\Exception $e){
|
||||||
|
$response->setData(array(
|
||||||
|
'status' => 'error',
|
||||||
|
'msg' => $e->getMessage()
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @PublicPage
|
||||||
|
*/
|
||||||
|
public function resetPassword($user, $password, $token) {
|
||||||
|
$response = new JSONResponse(array('status'=>'success'));
|
||||||
|
try {
|
||||||
|
if (!$this->checkToken($user, $token)) {
|
||||||
|
throw new \RuntimeException('');
|
||||||
|
}
|
||||||
|
if (!$this->userManager->setPassword($user, $newPassword)) {
|
||||||
|
throw new \RuntimeException('');
|
||||||
|
}
|
||||||
|
\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
|
||||||
|
$this->userManager->unsetMagicInCookie();
|
||||||
|
} catch (Exception $e){
|
||||||
|
$response->setData(array(
|
||||||
|
'status' => 'error',
|
||||||
|
'msg' => $e->getMessage()
|
||||||
|
));
|
||||||
|
}
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function sendEmail($user, $proceed) {
|
||||||
|
if ($this->isDataEncrypted && $proceed !== 'Yes'){
|
||||||
|
throw new EncryptedDataException();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$this->userManager->userExists($user)) {
|
||||||
|
throw new \Exception($this->l10n->t('Couldn’t send reset email. Please make sure your username is correct.'));
|
||||||
|
}
|
||||||
|
$token = hash('sha256', \OC_Util::generateRandomBytes(30));
|
||||||
|
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
||||||
|
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
|
||||||
|
if (empty($email)) {
|
||||||
|
throw new \Exception($this->l10n->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$link = $this->getResetPasswordLink($user, $token);
|
||||||
|
echo $link;
|
||||||
|
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
||||||
|
$tmpl->assign('link', $link, false);
|
||||||
|
$msg = $tmpl->fetchPage();
|
||||||
|
try {
|
||||||
|
\OC_Mail::send($email, $user, $this->l10n->t('%s password reset', array($this->defaults->getName())), $msg, $this->from, $this->defaults->getName());
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
throw new \Exception( $this->l10n->t('Couldn’t send reset email. Please contact your administrator.'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getResetPasswordLink($user, $token){
|
||||||
$parameters = array(
|
$parameters = array(
|
||||||
'token' => $this->params('token'),
|
'token' => $token,
|
||||||
'user' => $this->params('user')
|
'uid' => $user
|
||||||
);
|
);
|
||||||
$link = $this->urlGenerator->linkToRoute('core.ajax.reset', $parameters);
|
$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
|
||||||
return $this->urlGenerator->getAbsoluteUrl($link);
|
return $this->urlGenerator->getAbsoluteUrl($link);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function checkToken() {
|
protected function checkToken($user, $token) {
|
||||||
$user = $this->params('user');
|
|
||||||
$token = $this->params('token');
|
|
||||||
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,45 +6,16 @@
|
||||||
* See the COPYING-README file.
|
* See the COPYING-README file.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
use \OCP\AppFramework\App;
|
use OC\Core\LostPassword\Application;
|
||||||
use OC\Core\LostPassword\Controller\LostController;
|
|
||||||
use OC\Core\LostPassword\Controller\AjaxController;
|
|
||||||
|
|
||||||
class Application extends App {
|
|
||||||
public function __construct(array $urlParams=array()){
|
|
||||||
parent::__construct('core', $urlParams);
|
|
||||||
|
|
||||||
$container = $this->getContainer();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Controllers
|
|
||||||
*/
|
|
||||||
$container->registerService('LostController', function($c) {
|
|
||||||
return new LostController(
|
|
||||||
$c->query('AppName'),
|
|
||||||
$c->query('ServerContainer')->getRequest(),
|
|
||||||
$c->query('ServerContainer')->getURLGenerator()
|
|
||||||
);
|
|
||||||
});
|
|
||||||
$container->registerService('AjaxController', function($c) {
|
|
||||||
return new AjaxController(
|
|
||||||
$c->query('AppName'),
|
|
||||||
$c->query('ServerContainer')->getRequest(),
|
|
||||||
$c->query('ServerContainer')->getURLGenerator()
|
|
||||||
);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$application = new Application();
|
$application = new Application();
|
||||||
$application->registerRoutes($this, array('routes' => array(
|
$application->registerRoutes($this, array('routes' => array(
|
||||||
array('name' => 'ajax#lost', 'url' => '/core/ajax/password/lost', 'verb' => 'POST'),
|
array('name' => 'lost#lost', 'url' => '/core/ajax/password/lost', 'verb' => 'POST'),
|
||||||
array('name' => 'ajax#reset', 'url' => '/core/ajax/password/reset/{token}/{user}', 'verb' => 'POST'),
|
array('name' => 'lost#reset', 'url' => '/lostpassword/reset/{token}/{uid}', 'verb' => 'GET'),
|
||||||
array('name' => 'lost#reset', 'url' => '/lostpassword/reset/{token}/{user}', 'verb' => 'GET'),
|
array('name' => 'lost#resetPassword', 'url' => '/core/ajax/password/reset/{token}/{user}', 'verb' => 'POST'),
|
||||||
)
|
)
|
||||||
));
|
));
|
||||||
|
|
||||||
|
|
||||||
// Post installation check
|
// Post installation check
|
||||||
|
|
||||||
/** @var $this OCP\Route\IRouter */
|
/** @var $this OCP\Route\IRouter */
|
||||||
|
|
Loading…
Reference in New Issue