Don't put the SMTP password into the HTML code

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2017-04-18 15:44:20 +02:00
parent b072d2c49d
commit a5b4308a51
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
4 changed files with 77 additions and 74 deletions

View File

@ -65,6 +65,10 @@ class Additional implements ISettings {
'mail_smtppassword' => $this->config->getSystemValue('mail_smtppassword', ''),
];
if ($parameters['mail_smtppassword'] !== '') {
$parameters['mail_smtppassword'] = '********';
}
return new TemplateResponse('settings', 'admin/additional-mail', $parameters, '');
}

View File

@ -25,6 +25,8 @@
namespace OC\Settings\Controller;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\IRequest;
use OCP\IL10N;
use OCP\IConfig;
@ -84,7 +86,7 @@ class MailSettingsController extends Controller {
* @param string $mail_smtpauthtype
* @param int $mail_smtpauth
* @param string $mail_smtpport
* @return array
* @return DataResponse
*/
public function setMailSettings($mail_domain,
$mail_from_address,
@ -109,12 +111,7 @@ class MailSettingsController extends Controller {
$this->config->setSystemValues($configs);
return array('data' =>
array('message' =>
(string) $this->l10n->t('Saved')
),
'status' => 'success'
);
return new DataResponse();
}
/**
@ -124,25 +121,24 @@ class MailSettingsController extends Controller {
*
* @param string $mail_smtpname
* @param string $mail_smtppassword
* @return array
* @return DataResponse
*/
public function storeCredentials($mail_smtpname, $mail_smtppassword) {
if ($mail_smtppassword === '********') {
return new DataResponse($this->l10n->t('Invalid SMTP password.'), Http::STATUS_BAD_REQUEST);
}
$this->config->setSystemValues([
'mail_smtpname' => $mail_smtpname,
'mail_smtppassword' => $mail_smtppassword,
]);
return array('data' =>
array('message' =>
(string) $this->l10n->t('Saved')
),
'status' => 'success'
);
return new DataResponse();
}
/**
* Send a mail to test the settings
* @return array
* @return array|DataResponse
*/
public function sendTestMail() {
$email = $this->config->getUserValue($this->userSession->getUser()->getUID(), $this->appName, 'email', '');
@ -158,28 +154,13 @@ class MailSettingsController extends Controller {
throw new \RuntimeException($this->l10n->t('Mail could not be sent. Check your mail server log'));
}
} catch (\Exception $e) {
return [
'data' => [
'message' => (string) $this->l10n->t('A problem occurred while sending the email. Please revise your settings. (Error: %s)', [$e->getMessage()]),
],
'status' => 'error',
];
return new DataResponse($this->l10n->t('A problem occurred while sending the email. Please revise your settings. (Error: %s)', [$e->getMessage()]));
}
return array('data' =>
array('message' =>
(string) $this->l10n->t('Email sent')
),
'status' => 'success'
);
return new DataResponse();
}
return array('data' =>
array('message' =>
(string) $this->l10n->t('You need to set your user email before being able to send test emails.'),
),
'status' => 'error'
);
return new DataResponse($this->l10n->t('You need to set your user email before being able to send test emails.'));
}
}

View File

@ -186,11 +186,11 @@ $(document).ready(function(){
url: OC.generateUrl('/settings/admin/mailsettings'),
type: 'POST',
data: $('#mail_general_settings_form').serialize(),
success: function(data){
OC.msg.finishedSaving('#mail_settings_msg', data);
success: function(){
OC.msg.finishedSuccess('#mail_settings_msg', t('settings', 'Saved'));
},
error: function(data){
OC.msg.finishedError('#mail_settings_msg', data.responseJSON.message);
error: function(xhr){
OC.msg.finishedError('#mail_settings_msg', xhr.responseJSON);
}
});
};
@ -206,21 +206,39 @@ $(document).ready(function(){
url: OC.generateUrl('/settings/admin/mailsettings/credentials'),
type: 'POST',
data: $('#mail_credentials_settings').serialize(),
success: function(data){
OC.msg.finishedSaving('#mail_settings_msg', data);
success: function(){
OC.msg.finishedSuccess('#mail_settings_msg', t('settings', 'Saved'));
},
error: function(data){
OC.msg.finishedError('#mail_settings_msg', data.responseJSON.message);
error: function(xhr){
OC.msg.finishedError('#mail_settings_msg', xhr.responseJSON);
}
});
};
$('#mail_general_settings_form').change(changeEmailSettings);
$('#mail_credentials_settings_submit').click(toggleEmailCredentials);
$('#mail_smtppassword').click(function() {
if (this.type === 'text' && this.value === '********') {
this.type = 'password';
this.value = '';
}
});
$('#sendtestemail').click(function(event){
event.preventDefault();
OC.msg.startAction('#sendtestmail_msg', t('settings', 'Sending...'));
OC.msg.startAction('#sendtestmail_msg', t('settings', 'Sending…'));
$.ajax({
url: OC.generateUrl('/settings/admin/mailtest'),
type: 'POST',
data: $('#mail_credentials_settings').serialize(),
success: function(){
OC.msg.finishedSuccess('#sendtestmail_msg', t('settings', 'Email sent'));
},
error: function(xhr){
OC.msg.finishedError('#sendtestmail_msg', xhr.responseJSON);
}
});
$.post(OC.generateUrl('/settings/admin/mailtest'), '', function(data){
OC.msg.finishedAction('#sendtestmail_msg', data);
});

View File

@ -44,7 +44,7 @@ $mail_smtpmode = [
if ($_['sendmail_is_available']) {
$mail_smtpmode[] = ['sendmail', 'Sendmail'];
}
if ($_['mail_smtpmode'] == 'qmail') {
if ($_['mail_smtpmode'] === 'qmail') {
$mail_smtpmode[] = ['qmail', 'qmail'];
}
@ -60,81 +60,81 @@ if ($_['mail_smtpmode'] == 'qmail') {
<p><?php p($l->t('This is used for sending out notifications.')); ?> <span id="mail_settings_msg" class="msg"></span></p>
<p>
<label for="mail_smtpmode"><?php p($l->t( 'Send mode' )); ?></label>
<select name='mail_smtpmode' id='mail_smtpmode'>
<label for="mail_smtpmode"><?php p($l->t('Send mode')); ?></label>
<select name="mail_smtpmode" id="mail_smtpmode'>
<?php foreach ($mail_smtpmode as $smtpmode):
$selected = '';
if ($smtpmode[0] == $_['mail_smtpmode']):
$selected = 'selected="selected"';
endif; ?>
<option value='<?php p($smtpmode[0])?>' <?php p($selected) ?>><?php p($smtpmode[1]) ?></option>
<option value="<?php p($smtpmode[0])?>" <?php p($selected) ?>><?php p($smtpmode[1]) ?></option>
<?php endforeach;?>
</select>
<label id="mail_smtpsecure_label" for="mail_smtpsecure"
<?php if ($_['mail_smtpmode'] != 'smtp') print_unescaped(' class="hidden"'); ?>>
<?php p($l->t( 'Encryption' )); ?>
<?php if ($_['mail_smtpmode'] !== 'smtp') print_unescaped(' class="hidden"'); ?>>
<?php p($l->t('Encryption')); ?>
</label>
<select name="mail_smtpsecure" id="mail_smtpsecure"
<?php if ($_['mail_smtpmode'] != 'smtp') print_unescaped(' class="hidden"'); ?>>
<?php if ($_['mail_smtpmode'] !== 'smtp') print_unescaped(' class="hidden"'); ?>>
<?php foreach ($mail_smtpsecure as $secure => $name):
$selected = '';
if ($secure == $_['mail_smtpsecure']):
$selected = 'selected="selected"';
endif; ?>
<option value='<?php p($secure)?>' <?php p($selected) ?>><?php p($name) ?></option>
<option value="<?php p($secure)?>" <?php p($selected) ?>><?php p($name) ?></option>
<?php endforeach;?>
</select>
</p>
<p>
<label for="mail_from_address"><?php p($l->t( 'From address' )); ?></label>
<input type="text" name='mail_from_address' id="mail_from_address" placeholder="<?php p($l->t('mail'))?>"
value='<?php p($_['mail_from_address']) ?>' />@
<input type="text" name='mail_domain' id="mail_domain" placeholder="example.com"
value='<?php p($_['mail_domain']) ?>' />
<label for="mail_from_address"><?php p($l->t('From address')); ?></label>
<input type="text" name="mail_from_address" id="mail_from_address" placeholder="<?php p($l->t('mail'))?>"
value="<?php p($_['mail_from_address']) ?>" />@
<input type="text" name="mail_domain" id="mail_domain" placeholder="example.com"
value="<?php p($_['mail_domain']) ?>" />
</p>
<p id="setting_smtpauth" <?php if ($_['mail_smtpmode'] != 'smtp') print_unescaped(' class="hidden"'); ?>>
<label for="mail_smtpauthtype"><?php p($l->t( 'Authentication method' )); ?></label>
<select name='mail_smtpauthtype' id='mail_smtpauthtype'>
<p id="setting_smtpauth" <?php if ($_['mail_smtpmode'] !== 'smtp') print_unescaped(' class="hidden"'); ?>>
<label for="mail_smtpauthtype"><?php p($l->t('Authentication method')); ?></label>
<select name="mail_smtpauthtype" id="mail_smtpauthtype'>
<?php foreach ($mail_smtpauthtype as $authtype => $name):
$selected = '';
if ($authtype == $_['mail_smtpauthtype']):
$selected = 'selected="selected"';
endif; ?>
<option value='<?php p($authtype)?>' <?php p($selected) ?>><?php p($name) ?></option>
<option value="<?php p($authtype)?>" <?php p($selected) ?>><?php p($name) ?></option>
<?php endforeach;?>
</select>
<input type="checkbox" name="mail_smtpauth" id="mail_smtpauth" class="checkbox" value="1"
<?php if ($_['mail_smtpauth']) print_unescaped('checked="checked"'); ?> />
<label for="mail_smtpauth"><?php p($l->t( 'Authentication required' )); ?></label>
<label for="mail_smtpauth"><?php p($l->t('Authentication required')); ?></label>
</p>
<p id="setting_smtphost" <?php if ($_['mail_smtpmode'] != 'smtp') print_unescaped(' class="hidden"'); ?>>
<label for="mail_smtphost"><?php p($l->t( 'Server address' )); ?></label>
<input type="text" name='mail_smtphost' id="mail_smtphost" placeholder="smtp.example.com"
value='<?php p($_['mail_smtphost']) ?>' />
<p id="setting_smtphost" <?php if ($_['mail_smtpmode'] !== 'smtp') print_unescaped(' class="hidden"'); ?>>
<label for="mail_smtphost"><?php p($l->t('Server address')); ?></label>
<input type="text" name="mail_smtphost" id="mail_smtphost" placeholder="smtp.example.com"
value="<?php p($_['mail_smtphost']) ?>" />
:
<input type="text" name='mail_smtpport' id="mail_smtpport" placeholder="<?php p($l->t('Port'))?>"
value='<?php p($_['mail_smtpport']) ?>' />
<input type="text" name="mail_smtpport" id="mail_smtpport" placeholder="<?php p($l->t('Port'))?>"
value="<?php p($_['mail_smtpport']) ?>" />
</p>
</form>
<form class="mail_settings" id="mail_credentials_settings">
<p id="mail_credentials" <?php if (!$_['mail_smtpauth'] || $_['mail_smtpmode'] != 'smtp') print_unescaped(' class="hidden"'); ?>>
<label for="mail_smtpname"><?php p($l->t( 'Credentials' )); ?></label>
<input type="text" name='mail_smtpname' id="mail_smtpname" placeholder="<?php p($l->t('SMTP Username'))?>"
value='<?php p($_['mail_smtpname']) ?>' />
<input type="password" name='mail_smtppassword' id="mail_smtppassword" autocomplete="off"
placeholder="<?php p($l->t('SMTP Password'))?>" value='<?php p($_['mail_smtppassword']) ?>' />
<p id="mail_credentials" <?php if (!$_['mail_smtpauth'] || $_['mail_smtpmode'] !== 'smtp') print_unescaped(' class="hidden"'); ?>>
<label for="mail_smtpname"><?php p($l->t('Credentials')); ?></label>
<input type="text" name="mail_smtpname" id="mail_smtpname" placeholder="<?php p($l->t('SMTP Username'))?>"
value="<?php p($_['mail_smtpname']) ?>" />
<input type="text" name="mail_smtppassword" id="mail_smtppassword" autocomplete="off"
placeholder="<?php p($l->t('SMTP Password'))?>" value="<?php p($_['mail_smtppassword']) ?>" />
<input id="mail_credentials_settings_submit" type="button" value="<?php p($l->t('Store credentials')) ?>">
</p>
</form>
<br />
<em><?php p($l->t( 'Test email settings' )); ?></em>
<input type="submit" name="sendtestemail" id="sendtestemail" value="<?php p($l->t( 'Send email' )); ?>"/>
<em><?php p($l->t('Test email settings')); ?></em>
<input type="submit" name="sendtestemail" id="sendtestemail" value="<?php p($l->t('Send email')); ?>"/>
<span id="sendtestmail_msg" class="msg"></span>
</div>