use more stuff from core :)
This commit is contained in:
parent
e026b1dc19
commit
a6e45a8d0e
|
@ -14,6 +14,8 @@ use \OCP\AppFramework\App;
|
||||||
use OC\Core\LostPassword\Controller\LostController;
|
use OC\Core\LostPassword\Controller\LostController;
|
||||||
|
|
||||||
class Application extends App {
|
class Application extends App {
|
||||||
|
|
||||||
|
|
||||||
public function __construct(array $urlParams=array()){
|
public function __construct(array $urlParams=array()){
|
||||||
parent::__construct('core', $urlParams);
|
parent::__construct('core', $urlParams);
|
||||||
|
|
||||||
|
@ -27,12 +29,16 @@ class Application extends App {
|
||||||
$c->query('AppName'),
|
$c->query('AppName'),
|
||||||
$c->query('Request'),
|
$c->query('Request'),
|
||||||
$c->query('ServerContainer')->getURLGenerator(),
|
$c->query('ServerContainer')->getURLGenerator(),
|
||||||
'\OC_User',
|
$c->query('ServerContainer')->getUserManager(),
|
||||||
new \OC_Defaults(),
|
new \OC_Defaults(),
|
||||||
$c->query('ServerContainer')->getL10N('core'),
|
$c->query('ServerContainer')->getL10N('core'),
|
||||||
|
$c->query('ServerContainer')->getConfig(),
|
||||||
|
$c->query('ServerContainer')->getUserSession(),
|
||||||
\OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
|
\OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
|
||||||
\OC_App::isEnabled('files_encryption')
|
\OC_App::isEnabled('files_encryption')
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,146 +11,177 @@ namespace OC\Core\LostPassword\Controller;
|
||||||
use \OCP\AppFramework\Controller;
|
use \OCP\AppFramework\Controller;
|
||||||
use \OCP\AppFramework\Http\JSONResponse;
|
use \OCP\AppFramework\Http\JSONResponse;
|
||||||
use \OCP\AppFramework\Http\TemplateResponse;
|
use \OCP\AppFramework\Http\TemplateResponse;
|
||||||
|
use \OCP\IURLGenerator;
|
||||||
|
use \OCP\IRequest;
|
||||||
|
use \OCP\IL10N;
|
||||||
|
use \OCP\IConfig;
|
||||||
|
use \OCP\IUserSession;
|
||||||
use \OC\Core\LostPassword\EncryptedDataException;
|
use \OC\Core\LostPassword\EncryptedDataException;
|
||||||
|
|
||||||
class LostController extends Controller {
|
class LostController extends Controller {
|
||||||
|
|
||||||
protected $urlGenerator;
|
protected $urlGenerator;
|
||||||
protected $userClass;
|
protected $userManager;
|
||||||
protected $defaults;
|
protected $defaults;
|
||||||
protected $l10n;
|
protected $l10n;
|
||||||
protected $from;
|
protected $from;
|
||||||
protected $isDataEncrypted;
|
protected $isDataEncrypted;
|
||||||
|
protected $config;
|
||||||
public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator, $userClass,
|
protected $userSession;
|
||||||
$defaults, $l10n, $from, $isDataEncrypted) {
|
|
||||||
|
public function __construct($appName,
|
||||||
|
IRequest $request,
|
||||||
|
IURLGenerator $urlGenerator,
|
||||||
|
$userManager,
|
||||||
|
$defaults,
|
||||||
|
IL10N $l10n,
|
||||||
|
IConfig $config,
|
||||||
|
IUserSession $userSession,
|
||||||
|
$from,
|
||||||
|
$isDataEncrypted) {
|
||||||
parent::__construct($appName, $request);
|
parent::__construct($appName, $request);
|
||||||
$this->urlGenerator = $urlGenerator;
|
$this->urlGenerator = $urlGenerator;
|
||||||
$this->userClass = $userClass;
|
$this->userManager = $userManager;
|
||||||
$this->defaults = $defaults;
|
$this->defaults = $defaults;
|
||||||
$this->l10n = $l10n;
|
$this->l10n = $l10n;
|
||||||
$this->from = $from;
|
$this->from = $from;
|
||||||
$this->isDataEncrypted = $isDataEncrypted;
|
$this->isDataEncrypted = $isDataEncrypted;
|
||||||
|
$this->config = $config;
|
||||||
|
$this->userSession = $userSession;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Someone wants to reset their password:
|
||||||
|
*
|
||||||
* @PublicPage
|
* @PublicPage
|
||||||
* @NoCSRFRequired
|
* @NoCSRFRequired
|
||||||
*
|
*
|
||||||
* @param string $token
|
* @param string $token
|
||||||
* @param string $uid
|
* @param string $uid
|
||||||
*/
|
*/
|
||||||
public function resetform($token, $uid) {
|
public function resetform($token, $uid) {
|
||||||
// Someone wants to reset their password:
|
return new TemplateResponse(
|
||||||
if($this->checkToken($uid, $token)) {
|
'core/lostpassword',
|
||||||
return new TemplateResponse(
|
'resetpassword',
|
||||||
'core/lostpassword',
|
array(
|
||||||
'resetpassword',
|
'isEncrypted' => $this->isDataEncrypted,
|
||||||
array(
|
'link' => $this->getLink('core.lost.setPassword', $uid, $token),
|
||||||
'link' => $this->getLink('core.lost.setPassword', $uid, $token),
|
),
|
||||||
'isEncrypted' => $this->isDataEncrypted,
|
'guest'
|
||||||
),
|
);
|
||||||
'guest'
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
// Someone lost their password
|
|
||||||
return new TemplateResponse(
|
|
||||||
'core/lostpassword',
|
|
||||||
'lostpassword',
|
|
||||||
array(
|
|
||||||
'isEncrypted' => $this->isDataEncrypted,
|
|
||||||
'link' => $this->getLink('core.lost.setPassword', $uid, $token)
|
|
||||||
),
|
|
||||||
'guest'
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @PublicPage
|
* @PublicPage
|
||||||
*
|
*
|
||||||
|
* @param string $user
|
||||||
* @param bool $proceed
|
* @param bool $proceed
|
||||||
*/
|
*/
|
||||||
public function email($user, $proceed){
|
public function email($user, $proceed){
|
||||||
$response = new JSONResponse(array('status'=>'success'));
|
// FIXME: use HTTP error codes
|
||||||
try {
|
try {
|
||||||
$this->sendEmail($user, $proceed);
|
$this->sendEmail($user, $proceed);
|
||||||
} catch (EncryptedDataException $e){
|
} catch (EncryptedDataException $e){
|
||||||
$response->setData(array(
|
array('status' => 'error', 'encryption' => '1');
|
||||||
'status' => 'error',
|
|
||||||
'encryption' => '1'
|
|
||||||
));
|
|
||||||
} catch (\Exception $e){
|
} catch (\Exception $e){
|
||||||
$response->setData(array(
|
return array('status' => 'error', 'msg' => $e->getMessage());
|
||||||
'status' => 'error',
|
|
||||||
'msg' => $e->getMessage()
|
|
||||||
));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $response;
|
return array('status'=>'success');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @PublicPage
|
* @PublicPage
|
||||||
*/
|
*/
|
||||||
public function setPassword($token, $uid, $password) {
|
public function setPassword($token, $uid, $password) {
|
||||||
$response = new JSONResponse(array('status'=>'success'));
|
|
||||||
try {
|
try {
|
||||||
if (!$this->checkToken($uid, $token)) {
|
if (!$this->checkToken($uid, $token)) {
|
||||||
throw new \RuntimeException('');
|
throw new \Exception();
|
||||||
}
|
}
|
||||||
$userClass = $this->userClass;
|
|
||||||
if (!$userClass::setPassword($uid, $password)) {
|
$user = $this->userManager->get($uid);
|
||||||
throw new \RuntimeException('');
|
if (!$user->setPassword($uid, $password)) {
|
||||||
|
|
||||||
|
throw new \Exception();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FIXME: should be added to the all config at some point
|
||||||
\OC_Preferences::deleteKey($uid, 'owncloud', 'lostpassword');
|
\OC_Preferences::deleteKey($uid, 'owncloud', 'lostpassword');
|
||||||
$userClass::unsetMagicInCookie();
|
$this->userSession->unsetMagicInCookie();
|
||||||
} catch (Exception $e){
|
|
||||||
$response->setData(array(
|
} catch (\Exception $e){
|
||||||
'status' => 'error',
|
return array('status' => 'error','msg' => $e->getMessage());
|
||||||
'msg' => $e->getMessage()
|
|
||||||
));
|
|
||||||
}
|
}
|
||||||
return $response;
|
|
||||||
|
return array('status'=>'success');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
protected function sendEmail($user, $proceed) {
|
protected function sendEmail($user, $proceed) {
|
||||||
if ($this->isDataEncrypted && $proceed !== 'Yes'){
|
if ($this->isDataEncrypted && !$proceed){
|
||||||
throw new EncryptedDataException();
|
throw new EncryptedDataException();
|
||||||
}
|
}
|
||||||
|
|
||||||
$userClass = $this->userClass;
|
if (!$this->userManager->userExists($user)) {
|
||||||
if (!$userClass::userExists($user)) {
|
throw new \Exception(
|
||||||
throw new \Exception($this->l10n->t('Couldn’t send reset email. Please make sure your username is correct.'));
|
$this->l10n->t('Couldn’t send reset email. Please make sure '.
|
||||||
|
'your username is correct.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$token = hash('sha256', \OC_Util::generateRandomBytes(30));
|
$token = hash('sha256', \OC_Util::generateRandomBytes(30));
|
||||||
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
|
||||||
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
|
// Hash the token again to prevent timing attacks
|
||||||
|
$this->config->setUserValue(
|
||||||
|
$user, 'owncloud', 'lostpassword', hash('sha256', $token)
|
||||||
|
);
|
||||||
|
|
||||||
|
$email = $this->config->getUserValue($user, 'settings', 'email');
|
||||||
|
|
||||||
if (empty($email)) {
|
if (empty($email)) {
|
||||||
throw new \Exception($this->l10n->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
|
throw new \Exception(
|
||||||
|
$this->l10n->t('Couldn’t send reset email because there is no '.
|
||||||
|
'email address for this username. Please ' .
|
||||||
|
'contact your administrator.')
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$link = $this->getLink('core.lost.resetform', $user, $token);
|
$link = $this->getLink('core.lost.resetform', $user, $token);
|
||||||
|
|
||||||
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
||||||
$tmpl->assign('link', $link, false);
|
$tmpl->assign('link', $link, false);
|
||||||
$msg = $tmpl->fetchPage();
|
$msg = $tmpl->fetchPage();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
\OC_Mail::send($email, $user, $this->l10n->t('%s password reset', array($this->defaults->getName())), $msg, $this->from, $this->defaults->getName());
|
\OC_Mail::send($email, $user, $this->l10n->t(
|
||||||
|
'%s password reset',
|
||||||
|
array(
|
||||||
|
$this->defaults->getName())),
|
||||||
|
$msg,
|
||||||
|
$this->from,
|
||||||
|
$this->defaults->getName()
|
||||||
|
));
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
throw new \Exception( $this->l10n->t('Couldn’t send reset email. Please contact your administrator.'));
|
throw new \Exception($this->l10n->t('Couldn’t send reset email. ' .
|
||||||
|
'Please contact your administrator.'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
protected function getLink($route, $user, $token){
|
protected function getLink($route, $user, $token){
|
||||||
$parameters = array(
|
$parameters = array(
|
||||||
'token' => $token,
|
'token' => $token,
|
||||||
'uid' => $user
|
'uid' => $user
|
||||||
);
|
);
|
||||||
$link = $this->urlGenerator->linkToRoute($route, $parameters);
|
$link = $this->urlGenerator->linkToRoute($route, $parameters);
|
||||||
return $this->urlGenerator->getAbsoluteUrl($link);
|
return $this->urlGenerator->getAbsoluteUrl($link);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
protected function checkToken($user, $token) {
|
protected function checkToken($user, $token) {
|
||||||
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
return $this->config->getUserValue(
|
||||||
|
$user, 'owncloud', 'lostpassword'
|
||||||
|
) === hash('sha256', $token);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,18 +3,18 @@
|
||||||
OCP\Util::addStyle('lostpassword', 'lostpassword'); ?>
|
OCP\Util::addStyle('lostpassword', 'lostpassword'); ?>
|
||||||
<form action="<?php print_unescaped($_['link']) ?>" method="post">
|
<form action="<?php print_unescaped($_['link']) ?>" method="post">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<div class="update"><?php print_unescaped($l->t('You will receive a link to reset your password via Email.')); ?></div>
|
<div class="update"><?php p($l->t('You will receive a link to reset your password via Email.')); ?></div>
|
||||||
<p>
|
<p>
|
||||||
<input type="text" name="user" id="user" placeholder="<?php print_unescaped($l->t( 'Username' )); ?>" value="" autocomplete="off" required autofocus />
|
<input type="text" name="user" id="user" placeholder="<?php p($l->t( 'Username' )); ?>" value="" autocomplete="off" required autofocus />
|
||||||
<label for="user" class="infield"><?php print_unescaped($l->t( 'Username' )); ?></label>
|
<label for="user" class="infield"><?php p($l->t( 'Username' )); ?></label>
|
||||||
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
|
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
|
||||||
<?php if ($_['isEncrypted']): ?>
|
<?php if ($_['isEncrypted']): ?>
|
||||||
<br />
|
<br />
|
||||||
<p class="warning"><?php print_unescaped($l->t("Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset. If you are not sure what to do, please contact your administrator before you continue. Do you really want to continue?")); ?><br />
|
<p class="warning"><?php p($l->t("Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset. If you are not sure what to do, please contact your administrator before you continue. Do you really want to continue?")); ?><br />
|
||||||
<input type="checkbox" name="continue" value="Yes" />
|
<input type="checkbox" name="continue" value="Yes" />
|
||||||
<?php print_unescaped($l->t('Yes, I really want to reset my password now')); ?></p>
|
<?php p($l->t('Yes, I really want to reset my password now')); ?></p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</p>
|
</p>
|
||||||
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Reset')); ?>" />
|
<input type="submit" id="submit" value="<?php p($l->t('Reset')); ?>" />
|
||||||
</fieldset>
|
</fieldset>
|
||||||
</form>
|
</form>
|
||||||
|
|
Loading…
Reference in New Issue