mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use appframework

This commit is contained in:
Victor Dubiniuk 2014-05-28 00:09:08 +03:00 committed by Morris Jobke
parent 23ed038a27
commit a7fbd91e53
8 changed files with 229 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/js/lostpassword.js
View File

@ -46,8 +46,6 @@ OC.Lostpassword = {
} else {
if (result && result.msg){
var sendErrorMsg = result.msg;
} else if (result && result.encryption) {
var sendErrorMsg = OC.Lostpassword.encryptedMsg;
} else {
var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
}
@ -103,6 +101,8 @@ OC.Lostpassword = {
} else {
if (result && result.msg){
var resetErrorMsg = result.msg;
} else if (result && result.encryption) {
var sendErrorMsg = OC.Lostpassword.encryptedMsg;
} else {
var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
}

45
core/lostpassword/ajaxcontroller.php
View File

@ -1,45 +0,0 @@
<?php
/**
* @author Victor Dubiniuk
* @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
*
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword;
class AjaxController {
public static function lost() {
\OCP\JSON::callCheck();
try {
Controller::sendEmail(@$_POST['user'], @$_POST['proceed']);
\OCP\JSON::success();
} catch (EncryptedDataException $e){
\OCP\JSON::error(
array('encryption' => '1')
);
} catch (\Exception $e){
\OCP\JSON::error(
array('msg'=> $e->getMessage())
);
}
exit();
}
public static function resetPassword($args) {
\OCP\JSON::callCheck();
try {
Controller::resetPassword($args);
\OCP\JSON::success();
} catch (Exception $e){
\OCP\JSON::error(
array('msg'=> $e->getMessage())
);
}
exit();
}
}

101
core/lostpassword/controller.php
View File

@ -1,101 +0,0 @@
<?php
/**
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword;
class Controller {
/**
* @param boolean $error
* @param boolean $requested
*/
protected static function displayLostPasswordPage($error, $requested) {
$isEncrypted = \OC_App::isEnabled('files_encryption');
\OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
array('error' => $error,
'requested' => $requested,
'isEncrypted' => $isEncrypted));
}
/**
* @param boolean $success
*/
protected static function displayResetPasswordPage($success, $args) {
$route_args = array();
$route_args['token'] = $args['token'];
$route_args['user'] = $args['user'];
\OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
array('success' => $success, 'args' => $route_args));
}
protected static function checkToken($user, $token) {
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
}
public static function sendEmail($user, $proceed) {
$l = \OC_L10N::get('core');
$isEncrypted = \OC_App::isEnabled('files_encryption');
if ($isEncrypted && $proceed !== 'Yes'){
throw new EncryptedDataException();
}
if (!\OC_User::userExists($user)) {
throw new \Exception($l->t('Couldnt send reset email. Please make sure your username is correct.'));
}
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
hash('sha256', $token)); // Hash the token again to prevent timing attacks
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
if (empty($email)) {
throw new \Exception($l->t('Couldnt send reset email because there is no email address for this username. Please contact your administrator.'));
}
$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
array('user' => $user, 'token' => $token));
$link = \OC_Helper::makeURLAbsolute($link);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
try {
$defaults = new \OC_Defaults();
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
} catch (\Exception $e) {
throw new \Exception( $l->t('Couldnt send reset email. Please contact your administrator.'));
}
}
public static function reset($args) {
// Someone wants to reset their password:
if(self::checkToken($args['user'], $args['token'])) {
self::displayResetPasswordPage(false, $args);
} else {
// Someone lost their password
self::displayLostPasswordPage(false, false);
}
}
public static function resetPassword($args) {
if (self::checkToken($args['user'], $args['token'])) {
if (isset($_POST['password'])) {
if (\OC_User::setPassword($args['user'], $_POST['password'])) {
\OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
\OC_User::unsetMagicInCookie();
self::displayResetPasswordPage(true, $args);
} else {
self::displayResetPasswordPage(false, $args);
}
} else {
self::reset($args);
}
} else {
// Someone lost their password
self::displayLostPasswordPage(false, false);
}
}
}

101
core/lostpassword/controller/ajaxcontroller.php Normal file
View File

@ -0,0 +1,101 @@
<?php
/**
* @author Victor Dubiniuk
* @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
*
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword\Controller;
use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\JSONResponse;
class AjaxController extends LostController {
/**
* @PublicPage
*/
public function lost(){
$response = new JSONResponse(array('status'=>'success'));
try {
$this->sendEmail($this->params('user', ''), $this->params('proceed', ''));
} catch (EncryptedDataException $e){
$response->setData(array(
'status' => 'error',
'encryption' => '1'
));
} catch (\Exception $e){
$response->setData(array(
'status' => 'error',
'msg' => $e->getMessage()
));
}
return $response;
}
/**
* @PublicPage
*/
public function resetPassword() {
$response = new JSONResponse(array('status'=>'success'));
try {
$user = $this->params('user');
$newPassword = $this->params('password');
if (!$this->checkToken()) {
throw new \RuntimeException('');
}
if (!\OC_User::setPassword($user, $newPassword)) {
throw new \RuntimeException('');
}
\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
\OC_User::unsetMagicInCookie();
} catch (Exception $e){
$response->setData(array(
'status' => 'error',
'msg' => $e->getMessage()
));
}
return $response;
}
protected function sendEmail($user, $proceed) {
$l = \OC_L10N::get('core');
$isEncrypted = \OC_App::isEnabled('files_encryption');
if ($isEncrypted && $proceed !== 'Yes'){
throw new EncryptedDataException();
}
if (!\OC_User::userExists($user)) {
throw new \Exception($l->t('Couldnt send reset email. Please make sure your username is correct.'));
}
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
hash('sha256', $token)); // Hash the token again to prevent timing attacks
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
if (empty($email)) {
throw new \Exception($l->t('Couldnt send reset email because there is no email address for this username. Please contact your administrator.'));
}
$parameters = array('token' => $token, 'user' => $user);
$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
$link = $this->urlGenerator->getAbsoluteUrl($link);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
echo $link;
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
try {
$defaults = new \OC_Defaults();
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
} catch (\Exception $e) {
throw new \Exception( $l->t('Couldnt send reset email. Please contact your administrator.'));
}
}
}

66
core/lostpassword/controller/lostcontroller.php Normal file
View File

@ -0,0 +1,66 @@
<?php
/**
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword\Controller;
use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\TemplateResponse;
class LostController extends Controller {
protected $urlGenerator;
public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator) {
parent::__construct($appName, $request);
$this->urlGenerator = $urlGenerator;
}
/**
* @PublicPage
* @NoCSRFRequired
*/
public function reset() {
// Someone wants to reset their password:
if($this->checkToken()) {
return new TemplateResponse(
'core/lostpassword',
'resetpassword',
array(
'link' => $link
),
'guest'
);
} else {
// Someone lost their password
$isEncrypted = \OC_App::isEnabled('files_encryption');
return new TemplateResponse(
'core/lostpassword',
'lostpassword',
array(
'isEncrypted' => $isEncrypted,
'link' => $this->getResetPasswordLink()
),
'guest'
);
}
}
protected function getResetPasswordLink(){
$parameters = array(
'token' => $this->params('token'),
'user' => $this->params('user')
);
$link = $this->urlGenerator->linkToRoute('core.ajax.reset', $parameters);
return $this->urlGenerator->getAbsoluteUrl($link);
}
protected function checkToken() {
$user = $this->params('user');
$token = $this->params('token');
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
}
}

23
core/lostpassword/templates/lostpassword.php
View File

@ -1,25 +1,11 @@
<?php
//load the file we need
OCP\Util::addStyle('lostpassword', 'lostpassword');
if ($_['requested']): ?>
<div class="update"><p>
<?php
print_unescaped($l->t('The link to reset your password has been sent to your email.<br>If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator .'));
?>
</p></div>
<?php else: ?>
<form action="<?php //print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
OCP\Util::addStyle('lostpassword', 'lostpassword'); ?>
<form action="<?php print_unescaped($_['link']) ?>" method="post">
<fieldset>
<?php if ($_['error']): ?>
<div class="error"><p>
<?php print_unescaped($l->t('Request failed!<br>Did you make sure your email/username was right?')); ?>
</p></div>
<?php endif; ?>
<div class="update"><?php print_unescaped($l->t('You will receive a link to reset your password via Email.')); ?></div>
<p>
<input type="text" name="user" id="user"
placeholder="<?php print_unescaped($l->t( 'Username' )); ?>"
value="" autocomplete="off" required autofocus />
<input type="text" name="user" id="user" placeholder="<?php print_unescaped($l->t( 'Username' )); ?>" value="" autocomplete="off" required autofocus />
<label for="user" class="infield"><?php print_unescaped($l->t( 'Username' )); ?></label>
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
<?php if ($_['isEncrypted']): ?>
@ -31,5 +17,4 @@ OCP\Util::addStyle('lostpassword', 'lostpassword');
</p>
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Reset')); ?>" />
</fieldset>
</form>
<?php endif; ?>
</form>

11
core/lostpassword/templates/resetpassword.php
View File

@ -1,16 +1,9 @@
<form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_reset', $_['args'])) ?>" method="post">
<form action="<?php print_unescaped($_['link']) ?>" method="post">
<fieldset>
<?php if($_['success']): ?>
<h1><?php p($l->t('Your password was reset')); ?></h1>
<p><a href="<?php print_unescaped(OC_Helper::linkTo('', 'index.php')) ?>/"><?php p($l->t('To login page')); ?></a></p>
<?php else: ?>
<p>
<label for="password" class="infield"><?php p($l->t('New password')); ?></label>
<input type="password" name="password" id="password"
placeholder="<?php p($l->t('New password')); ?>"
value="" required />
<input type="password" name="password" id="password" value="" required />
</p>
<input type="submit" id="submit" value="<?php p($l->t('Reset password')); ?>" />
<?php endif; ?>
</fieldset>
</form>

48
core/routes.php
View File

@ -6,6 +6,45 @@
* See the COPYING-README file.
*/
use \OCP\AppFramework\App;
use OC\Core\LostPassword\Controller\LostController;
use OC\Core\LostPassword\Controller\AjaxController;
class Application extends App {
public function __construct(array $urlParams=array()){
parent::__construct('core', $urlParams);
$container = $this->getContainer();
/**
* Controllers
*/
$container->registerService('LostController', function($c) {
return new LostController(
$c->query('AppName'),
$c->query('ServerContainer')->getRequest(),
$c->query('ServerContainer')->getURLGenerator()
);
});
$container->registerService('AjaxController', function($c) {
return new AjaxController(
$c->query('AppName'),
$c->query('ServerContainer')->getRequest(),
$c->query('ServerContainer')->getURLGenerator()
);
});
}
}
$application = new Application();
$application->registerRoutes($this, array('routes' => array(
array('name' => 'ajax#lost', 'url' => '/core/ajax/password/lost', 'verb' => 'POST'),
array('name' => 'ajax#reset', 'url' => '/core/ajax/password/reset/{token}/{user}', 'verb' => 'POST'),
array('name' => 'lost#reset', 'url' => '/lostpassword/reset/{token}/{user}', 'verb' => 'GET'),
)
));
// Post installation check
/** @var $this OCP\Route\IRouter */
@ -70,15 +109,6 @@ $this->create('core_ajax_preview', '/core/preview')
->actionInclude('core/ajax/preview.php');
$this->create('core_ajax_preview', '/core/preview.png')
->actionInclude('core/ajax/preview.php');
$this->create('core_ajax_password_lost', '/core/ajax/password/lost')
->post()
->action('OC\Core\Lostpassword\AjaxController', 'lost');
$this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}')
->post()
->action('OC\Core\LostPassword\AjaxController', 'resetPassword');
$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
->get()
->action('OC\Core\LostPassword\Controller', 'reset');
// Avatar routes
$this->create('core_avatar_get_tmp', '/avatar/tmp')