Use appframework
This commit is contained in:
parent
23ed038a27
commit
a7fbd91e53
|
@ -46,8 +46,6 @@ OC.Lostpassword = {
|
|||
} else {
|
||||
if (result && result.msg){
|
||||
var sendErrorMsg = result.msg;
|
||||
} else if (result && result.encryption) {
|
||||
var sendErrorMsg = OC.Lostpassword.encryptedMsg;
|
||||
} else {
|
||||
var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
|
||||
}
|
||||
|
@ -103,6 +101,8 @@ OC.Lostpassword = {
|
|||
} else {
|
||||
if (result && result.msg){
|
||||
var resetErrorMsg = result.msg;
|
||||
} else if (result && result.encryption) {
|
||||
var sendErrorMsg = OC.Lostpassword.encryptedMsg;
|
||||
} else {
|
||||
var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
|
||||
}
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Victor Dubiniuk
|
||||
* @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
|
||||
*
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
namespace OC\Core\LostPassword;
|
||||
|
||||
class AjaxController {
|
||||
public static function lost() {
|
||||
\OCP\JSON::callCheck();
|
||||
|
||||
try {
|
||||
Controller::sendEmail(@$_POST['user'], @$_POST['proceed']);
|
||||
\OCP\JSON::success();
|
||||
} catch (EncryptedDataException $e){
|
||||
\OCP\JSON::error(
|
||||
array('encryption' => '1')
|
||||
);
|
||||
} catch (\Exception $e){
|
||||
\OCP\JSON::error(
|
||||
array('msg'=> $e->getMessage())
|
||||
);
|
||||
}
|
||||
|
||||
exit();
|
||||
}
|
||||
|
||||
public static function resetPassword($args) {
|
||||
\OCP\JSON::callCheck();
|
||||
try {
|
||||
Controller::resetPassword($args);
|
||||
\OCP\JSON::success();
|
||||
} catch (Exception $e){
|
||||
\OCP\JSON::error(
|
||||
array('msg'=> $e->getMessage())
|
||||
);
|
||||
}
|
||||
exit();
|
||||
}
|
||||
}
|
|
@ -1,101 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
namespace OC\Core\LostPassword;
|
||||
|
||||
class Controller {
|
||||
|
||||
/**
|
||||
* @param boolean $error
|
||||
* @param boolean $requested
|
||||
*/
|
||||
protected static function displayLostPasswordPage($error, $requested) {
|
||||
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
||||
\OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
|
||||
array('error' => $error,
|
||||
'requested' => $requested,
|
||||
'isEncrypted' => $isEncrypted));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boolean $success
|
||||
*/
|
||||
protected static function displayResetPasswordPage($success, $args) {
|
||||
$route_args = array();
|
||||
$route_args['token'] = $args['token'];
|
||||
$route_args['user'] = $args['user'];
|
||||
\OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
|
||||
array('success' => $success, 'args' => $route_args));
|
||||
}
|
||||
|
||||
protected static function checkToken($user, $token) {
|
||||
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
||||
}
|
||||
|
||||
public static function sendEmail($user, $proceed) {
|
||||
$l = \OC_L10N::get('core');
|
||||
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
||||
|
||||
if ($isEncrypted && $proceed !== 'Yes'){
|
||||
throw new EncryptedDataException();
|
||||
}
|
||||
|
||||
if (!\OC_User::userExists($user)) {
|
||||
throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
|
||||
}
|
||||
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
|
||||
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
|
||||
hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
||||
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
|
||||
if (empty($email)) {
|
||||
throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
|
||||
}
|
||||
$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
|
||||
array('user' => $user, 'token' => $token));
|
||||
$link = \OC_Helper::makeURLAbsolute($link);
|
||||
|
||||
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
||||
$tmpl->assign('link', $link, false);
|
||||
$msg = $tmpl->fetchPage();
|
||||
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
|
||||
try {
|
||||
$defaults = new \OC_Defaults();
|
||||
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
|
||||
} catch (\Exception $e) {
|
||||
throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
|
||||
}
|
||||
}
|
||||
|
||||
public static function reset($args) {
|
||||
// Someone wants to reset their password:
|
||||
if(self::checkToken($args['user'], $args['token'])) {
|
||||
self::displayResetPasswordPage(false, $args);
|
||||
} else {
|
||||
// Someone lost their password
|
||||
self::displayLostPasswordPage(false, false);
|
||||
}
|
||||
}
|
||||
|
||||
public static function resetPassword($args) {
|
||||
if (self::checkToken($args['user'], $args['token'])) {
|
||||
if (isset($_POST['password'])) {
|
||||
if (\OC_User::setPassword($args['user'], $_POST['password'])) {
|
||||
\OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
|
||||
\OC_User::unsetMagicInCookie();
|
||||
self::displayResetPasswordPage(true, $args);
|
||||
} else {
|
||||
self::displayResetPasswordPage(false, $args);
|
||||
}
|
||||
} else {
|
||||
self::reset($args);
|
||||
}
|
||||
} else {
|
||||
// Someone lost their password
|
||||
self::displayLostPasswordPage(false, false);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,101 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Victor Dubiniuk
|
||||
* @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
|
||||
*
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
namespace OC\Core\LostPassword\Controller;
|
||||
|
||||
use \OCP\AppFramework\Controller;
|
||||
use \OCP\AppFramework\Http\JSONResponse;
|
||||
|
||||
class AjaxController extends LostController {
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*/
|
||||
public function lost(){
|
||||
$response = new JSONResponse(array('status'=>'success'));
|
||||
try {
|
||||
$this->sendEmail($this->params('user', ''), $this->params('proceed', ''));
|
||||
} catch (EncryptedDataException $e){
|
||||
$response->setData(array(
|
||||
'status' => 'error',
|
||||
'encryption' => '1'
|
||||
));
|
||||
} catch (\Exception $e){
|
||||
$response->setData(array(
|
||||
'status' => 'error',
|
||||
'msg' => $e->getMessage()
|
||||
));
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
*/
|
||||
public function resetPassword() {
|
||||
$response = new JSONResponse(array('status'=>'success'));
|
||||
try {
|
||||
$user = $this->params('user');
|
||||
$newPassword = $this->params('password');
|
||||
if (!$this->checkToken()) {
|
||||
throw new \RuntimeException('');
|
||||
}
|
||||
if (!\OC_User::setPassword($user, $newPassword)) {
|
||||
throw new \RuntimeException('');
|
||||
}
|
||||
\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
|
||||
\OC_User::unsetMagicInCookie();
|
||||
} catch (Exception $e){
|
||||
$response->setData(array(
|
||||
'status' => 'error',
|
||||
'msg' => $e->getMessage()
|
||||
));
|
||||
}
|
||||
return $response;
|
||||
}
|
||||
|
||||
protected function sendEmail($user, $proceed) {
|
||||
$l = \OC_L10N::get('core');
|
||||
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
||||
|
||||
if ($isEncrypted && $proceed !== 'Yes'){
|
||||
throw new EncryptedDataException();
|
||||
}
|
||||
|
||||
if (!\OC_User::userExists($user)) {
|
||||
throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
|
||||
}
|
||||
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
|
||||
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
|
||||
hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
||||
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
|
||||
if (empty($email)) {
|
||||
throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
|
||||
}
|
||||
|
||||
$parameters = array('token' => $token, 'user' => $user);
|
||||
$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
|
||||
$link = $this->urlGenerator->getAbsoluteUrl($link);
|
||||
|
||||
$tmpl = new \OC_Template('core/lostpassword', 'email');
|
||||
$tmpl->assign('link', $link, false);
|
||||
$msg = $tmpl->fetchPage();
|
||||
echo $link;
|
||||
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
|
||||
try {
|
||||
$defaults = new \OC_Defaults();
|
||||
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
|
||||
} catch (\Exception $e) {
|
||||
throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,66 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
namespace OC\Core\LostPassword\Controller;
|
||||
|
||||
use \OCP\AppFramework\Controller;
|
||||
use \OCP\AppFramework\Http\TemplateResponse;
|
||||
|
||||
class LostController extends Controller {
|
||||
|
||||
protected $urlGenerator;
|
||||
|
||||
public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
}
|
||||
|
||||
/**
|
||||
* @PublicPage
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function reset() {
|
||||
// Someone wants to reset their password:
|
||||
if($this->checkToken()) {
|
||||
return new TemplateResponse(
|
||||
'core/lostpassword',
|
||||
'resetpassword',
|
||||
array(
|
||||
'link' => $link
|
||||
),
|
||||
'guest'
|
||||
);
|
||||
} else {
|
||||
// Someone lost their password
|
||||
$isEncrypted = \OC_App::isEnabled('files_encryption');
|
||||
return new TemplateResponse(
|
||||
'core/lostpassword',
|
||||
'lostpassword',
|
||||
array(
|
||||
'isEncrypted' => $isEncrypted,
|
||||
'link' => $this->getResetPasswordLink()
|
||||
),
|
||||
'guest'
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
protected function getResetPasswordLink(){
|
||||
$parameters = array(
|
||||
'token' => $this->params('token'),
|
||||
'user' => $this->params('user')
|
||||
);
|
||||
$link = $this->urlGenerator->linkToRoute('core.ajax.reset', $parameters);
|
||||
return $this->urlGenerator->getAbsoluteUrl($link);
|
||||
}
|
||||
|
||||
protected function checkToken() {
|
||||
$user = $this->params('user');
|
||||
$token = $this->params('token');
|
||||
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
||||
}
|
||||
}
|
|
@ -1,35 +1,20 @@
|
|||
<?php
|
||||
//load the file we need
|
||||
OCP\Util::addStyle('lostpassword', 'lostpassword');
|
||||
if ($_['requested']): ?>
|
||||
<div class="update"><p>
|
||||
<?php
|
||||
print_unescaped($l->t('The link to reset your password has been sent to your email.<br>If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator .'));
|
||||
?>
|
||||
</p></div>
|
||||
<?php else: ?>
|
||||
<form action="<?php //print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
|
||||
<fieldset>
|
||||
<?php if ($_['error']): ?>
|
||||
<div class="error"><p>
|
||||
<?php print_unescaped($l->t('Request failed!<br>Did you make sure your email/username was right?')); ?>
|
||||
</p></div>
|
||||
<?php endif; ?>
|
||||
<div class="update"><?php print_unescaped($l->t('You will receive a link to reset your password via Email.')); ?></div>
|
||||
<p>
|
||||
<input type="text" name="user" id="user"
|
||||
placeholder="<?php print_unescaped($l->t( 'Username' )); ?>"
|
||||
value="" autocomplete="off" required autofocus />
|
||||
<label for="user" class="infield"><?php print_unescaped($l->t( 'Username' )); ?></label>
|
||||
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
|
||||
<?php if ($_['isEncrypted']): ?>
|
||||
OCP\Util::addStyle('lostpassword', 'lostpassword'); ?>
|
||||
<form action="<?php print_unescaped($_['link']) ?>" method="post">
|
||||
<fieldset>
|
||||
<div class="update"><?php print_unescaped($l->t('You will receive a link to reset your password via Email.')); ?></div>
|
||||
<p>
|
||||
<input type="text" name="user" id="user" placeholder="<?php print_unescaped($l->t( 'Username' )); ?>" value="" autocomplete="off" required autofocus />
|
||||
<label for="user" class="infield"><?php print_unescaped($l->t( 'Username' )); ?></label>
|
||||
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
|
||||
<?php if ($_['isEncrypted']): ?>
|
||||
<br />
|
||||
<p class="warning"><?php print_unescaped($l->t("Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset. If you are not sure what to do, please contact your administrator before you continue. Do you really want to continue?")); ?><br />
|
||||
<input type="checkbox" name="continue" value="Yes" />
|
||||
<?php print_unescaped($l->t('Yes, I really want to reset my password now')); ?></p>
|
||||
<?php endif; ?>
|
||||
</p>
|
||||
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Reset')); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
||||
<?php endif; ?>
|
||||
<?php print_unescaped($l->t('Yes, I really want to reset my password now')); ?></p>
|
||||
<?php endif; ?>
|
||||
</p>
|
||||
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Reset')); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
|
@ -1,16 +1,9 @@
|
|||
<form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_reset', $_['args'])) ?>" method="post">
|
||||
<form action="<?php print_unescaped($_['link']) ?>" method="post">
|
||||
<fieldset>
|
||||
<?php if($_['success']): ?>
|
||||
<h1><?php p($l->t('Your password was reset')); ?></h1>
|
||||
<p><a href="<?php print_unescaped(OC_Helper::linkTo('', 'index.php')) ?>/"><?php p($l->t('To login page')); ?></a></p>
|
||||
<?php else: ?>
|
||||
<p>
|
||||
<label for="password" class="infield"><?php p($l->t('New password')); ?></label>
|
||||
<input type="password" name="password" id="password"
|
||||
placeholder="<?php p($l->t('New password')); ?>"
|
||||
value="" required />
|
||||
</p>
|
||||
<input type="submit" id="submit" value="<?php p($l->t('Reset password')); ?>" />
|
||||
<?php endif; ?>
|
||||
<p>
|
||||
<label for="password" class="infield"><?php p($l->t('New password')); ?></label>
|
||||
<input type="password" name="password" id="password" value="" required />
|
||||
</p>
|
||||
<input type="submit" id="submit" value="<?php p($l->t('Reset password')); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
|
@ -6,6 +6,45 @@
|
|||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
use \OCP\AppFramework\App;
|
||||
use OC\Core\LostPassword\Controller\LostController;
|
||||
use OC\Core\LostPassword\Controller\AjaxController;
|
||||
|
||||
class Application extends App {
|
||||
public function __construct(array $urlParams=array()){
|
||||
parent::__construct('core', $urlParams);
|
||||
|
||||
$container = $this->getContainer();
|
||||
|
||||
/**
|
||||
* Controllers
|
||||
*/
|
||||
$container->registerService('LostController', function($c) {
|
||||
return new LostController(
|
||||
$c->query('AppName'),
|
||||
$c->query('ServerContainer')->getRequest(),
|
||||
$c->query('ServerContainer')->getURLGenerator()
|
||||
);
|
||||
});
|
||||
$container->registerService('AjaxController', function($c) {
|
||||
return new AjaxController(
|
||||
$c->query('AppName'),
|
||||
$c->query('ServerContainer')->getRequest(),
|
||||
$c->query('ServerContainer')->getURLGenerator()
|
||||
);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
$application = new Application();
|
||||
$application->registerRoutes($this, array('routes' => array(
|
||||
array('name' => 'ajax#lost', 'url' => '/core/ajax/password/lost', 'verb' => 'POST'),
|
||||
array('name' => 'ajax#reset', 'url' => '/core/ajax/password/reset/{token}/{user}', 'verb' => 'POST'),
|
||||
array('name' => 'lost#reset', 'url' => '/lostpassword/reset/{token}/{user}', 'verb' => 'GET'),
|
||||
)
|
||||
));
|
||||
|
||||
|
||||
// Post installation check
|
||||
|
||||
/** @var $this OCP\Route\IRouter */
|
||||
|
@ -70,15 +109,6 @@ $this->create('core_ajax_preview', '/core/preview')
|
|||
->actionInclude('core/ajax/preview.php');
|
||||
$this->create('core_ajax_preview', '/core/preview.png')
|
||||
->actionInclude('core/ajax/preview.php');
|
||||
$this->create('core_ajax_password_lost', '/core/ajax/password/lost')
|
||||
->post()
|
||||
->action('OC\Core\Lostpassword\AjaxController', 'lost');
|
||||
$this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}')
|
||||
->post()
|
||||
->action('OC\Core\LostPassword\AjaxController', 'resetPassword');
|
||||
$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
|
||||
->get()
|
||||
->action('OC\Core\LostPassword\Controller', 'reset');
|
||||
|
||||
// Avatar routes
|
||||
$this->create('core_avatar_get_tmp', '/avatar/tmp')
|
||||
|
|
Loading…
Reference in New Issue