Merge pull request #4330 from nextcloud/activities-for-password-mail-change

Add activities when email or password is changed

lib/base.php

@@ -727,6 +727,9 @@ class OC {
 		self::registerAccountHooks();
 		self::registerSettingsHooks();
 
+		$settings = new \OC\Settings\Application();
+		$settings->register();
+
 		//make sure temporary files are cleaned up
 		$tmpManager = \OC::$server->getTempManager();
 		register_shutdown_function(array($tmpManager, 'clean'));

lib/composer/composer/autoload_classmap.php

@@ -760,6 +760,8 @@ return array(
     'OC\\Session\\Internal' => $baseDir . '/lib/private/Session/Internal.php',
     'OC\\Session\\Memory' => $baseDir . '/lib/private/Session/Memory.php',
     'OC\\Session\\Session' => $baseDir . '/lib/private/Session/Session.php',
+    'OC\\Settings\\Activity\\Provider' => $baseDir . '/settings/Activity/Provider.php',
+    'OC\\Settings\\Activity\\Setting' => $baseDir . '/settings/Activity/Setting.php',
     'OC\\Settings\\Admin\\Additional' => $baseDir . '/lib/private/Settings/Admin/Additional.php',
     'OC\\Settings\\Admin\\Encryption' => $baseDir . '/lib/private/Settings/Admin/Encryption.php',
     'OC\\Settings\\Admin\\Server' => $baseDir . '/lib/private/Settings/Admin/Server.php',
@@ -780,6 +782,7 @@ return array(
     'OC\\Settings\\Controller\\PersonalController' => $baseDir . '/settings/Controller/PersonalController.php',
     'OC\\Settings\\Controller\\SecuritySettingsController' => $baseDir . '/settings/Controller/SecuritySettingsController.php',
     'OC\\Settings\\Controller\\UsersController' => $baseDir . '/settings/Controller/UsersController.php',
+    'OC\\Settings\\Hooks' => $baseDir . '/settings/Hooks.php',
     'OC\\Settings\\Mailer\\NewUserMailHelper' => $baseDir . '/settings/Mailer/NewUserMailHelper.php',
     'OC\\Settings\\Manager' => $baseDir . '/lib/private/Settings/Manager.php',
     'OC\\Settings\\Mapper' => $baseDir . '/lib/private/Settings/Mapper.php',

lib/composer/composer/autoload_static.php

@@ -790,6 +790,8 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Session\\Internal' => __DIR__ . '/../../..' . '/lib/private/Session/Internal.php',
         'OC\\Session\\Memory' => __DIR__ . '/../../..' . '/lib/private/Session/Memory.php',
         'OC\\Session\\Session' => __DIR__ . '/../../..' . '/lib/private/Session/Session.php',
+        'OC\\Settings\\Activity\\Provider' => __DIR__ . '/../../..' . '/settings/Activity/Provider.php',
+        'OC\\Settings\\Activity\\Setting' => __DIR__ . '/../../..' . '/settings/Activity/Setting.php',
         'OC\\Settings\\Admin\\Additional' => __DIR__ . '/../../..' . '/lib/private/Settings/Admin/Additional.php',
         'OC\\Settings\\Admin\\Encryption' => __DIR__ . '/../../..' . '/lib/private/Settings/Admin/Encryption.php',
         'OC\\Settings\\Admin\\Server' => __DIR__ . '/../../..' . '/lib/private/Settings/Admin/Server.php',
@@ -810,6 +812,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Settings\\Controller\\PersonalController' => __DIR__ . '/../../..' . '/settings/Controller/PersonalController.php',
         'OC\\Settings\\Controller\\SecuritySettingsController' => __DIR__ . '/../../..' . '/settings/Controller/SecuritySettingsController.php',
         'OC\\Settings\\Controller\\UsersController' => __DIR__ . '/../../..' . '/settings/Controller/UsersController.php',
+        'OC\\Settings\\Hooks' => __DIR__ . '/../../..' . '/settings/Hooks.php',
         'OC\\Settings\\Mailer\\NewUserMailHelper' => __DIR__ . '/../../..' . '/settings/Mailer/NewUserMailHelper.php',
         'OC\\Settings\\Manager' => __DIR__ . '/../../..' . '/lib/private/Settings/Manager.php',
         'OC\\Settings\\Mapper' => __DIR__ . '/../../..' . '/lib/private/Settings/Mapper.php',

lib/private/Server.php

@@ -343,9 +343,9 @@ class Server extends ServerContainer implements IServerContainer {
 			$userSession->listen('\OC\User', 'logout', function () {
 				\OC_Hook::emit('OC_User', 'logout', array());
 			});
-			$userSession->listen('\OC\User', 'changeUser', function ($user, $feature, $value) {
+			$userSession->listen('\OC\User', 'changeUser', function ($user, $feature, $value, $oldValue) {
 				/** @var $user \OC\User\User */
-				\OC_Hook::emit('OC_User', 'changeUser', array('run' => true, 'user' => $user, 'feature' => $feature, 'value' => $value));
+				\OC_Hook::emit('OC_User', 'changeUser', array('run' => true, 'user' => $user, 'feature' => $feature, 'value' => $value, 'old_value' => $oldValue));
 			});
 			return $userSession;
 		});

lib/private/ServerContainer.php

@@ -102,6 +102,15 @@ class ServerContainer extends SimpleContainer {
 				// Didn't find the service or the respective app container,
 				// ignore it and fall back to the core container.
 			}
+		} else if (strpos($name, 'OC\\Settings\\') === 0 && substr_count($name, '\\') >= 3) {
+			$segments = explode('\\', $name);
+			try {
+				$appContainer = $this->getAppContainer(strtolower($segments[1]));
+				return $appContainer->queryNoFallback($name);
+			} catch (QueryException $e) {
+				// Didn't find the service or the respective app container,
+				// ignore it and fall back to the core container.
+			}
 		}
 
 		return parent::query($name);

lib/private/User/User.php

@@ -158,12 +158,13 @@ class User implements IUser {
 	 * @since 9.0.0
 	 */
 	public function setEMailAddress($mailAddress) {
+		$oldMailAddress = $this->getEMailAddress();
 		if($mailAddress === '') {
 			$this->config->deleteUserValue($this->uid, 'settings', 'email');
 		} else {
 			$this->config->setUserValue($this->uid, 'settings', 'email', $mailAddress);
 		}
-		$this->triggerChange('eMailAddress', $mailAddress);
+		$this->triggerChange('eMailAddress', $mailAddress, $oldMailAddress);
 	}
 
 	/**
@@ -435,9 +436,9 @@ class User implements IUser {
 		return $url;
 	}
 
-	public function triggerChange($feature, $value = null) {
+	public function triggerChange($feature, $value = null, $oldValue = null) {
 		if ($this->emitter) {
-			$this->emitter->emit('\OC\User', 'changeUser', array($this, $feature, $value));
+			$this->emitter->emit('\OC\User', 'changeUser', array($this, $feature, $value, $oldValue));
 		}
 	}
 }

settings/Activity/Provider.php

@@ -0,0 +1,178 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Settings\Activity;
+
+use OCP\Activity\IEvent;
+use OCP\Activity\IProvider;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\L10N\IFactory;
+
+class Provider implements IProvider {
+
+	const PASSWORD_CHANGED_BY = 'password_changed_by';
+	const PASSWORD_CHANGED_SELF = 'password_changed_self';
+	const PASSWORD_RESET = 'password_changed';
+	const EMAIL_CHANGED_BY = 'email_changed_by';
+	const EMAIL_CHANGED_SELF = 'email_changed_self';
+	const EMAIL_CHANGED = 'email_changed';
+
+	/** @var IFactory */
+	protected $languageFactory;
+
+	/** @var IL10N */
+	protected $l;
+
+	/** @var IURLGenerator */
+	protected $url;
+
+	/** @var IUserManager */
+	protected $userManager;
+
+	/** @var string[] cached displayNames - key is the UID and value the displayname */
+	protected $displayNames = [];
+
+	/**
+	 * @param IFactory $languageFactory
+	 * @param IURLGenerator $url
+	 * @param IUserManager $userManager
+	 */
+	public function __construct(IFactory $languageFactory, IURLGenerator $url, IUserManager $userManager) {
+		$this->languageFactory = $languageFactory;
+		$this->url = $url;
+		$this->userManager = $userManager;
+	}
+
+	/**
+	 * @param string $language
+	 * @param IEvent $event
+	 * @param IEvent|null $previousEvent
+	 * @return IEvent
+	 * @throws \InvalidArgumentException
+	 * @since 11.0.0
+	 */
+	public function parse($language, IEvent $event, IEvent $previousEvent = null) {
+		if ($event->getApp() !== 'settings') {
+			throw new \InvalidArgumentException();
+		}
+
+		$this->l = $this->languageFactory->get('settings', $language);
+
+		$event->setIcon($this->url->getAbsoluteURL($this->url->imagePath('settings', 'personal.svg')));
+
+		if ($event->getSubject() === self::PASSWORD_CHANGED_BY) {
+			$subject = $this->l->t('{actor} changed your password');
+		} else if ($event->getSubject() === self::PASSWORD_CHANGED_SELF) {
+			$subject = $this->l->t('You changed your password');
+		} else if ($event->getSubject() === self::PASSWORD_RESET) {
+			$subject = $this->l->t('Your password was reset by an administrator');
+
+		} else if ($event->getSubject() === self::EMAIL_CHANGED_BY) {
+			$subject = $this->l->t('{actor} changed your email');
+		} else if ($event->getSubject() === self::EMAIL_CHANGED_SELF) {
+			$subject = $this->l->t('You changed your email');
+		} else if ($event->getSubject() === self::EMAIL_CHANGED) {
+			$subject = $this->l->t('Your email was changed by an administrator');
+
+		} else {
+			throw new \InvalidArgumentException();
+		}
+
+		$parsedParameters = $this->getParameters($event);
+		$this->setSubjects($event, $subject, $parsedParameters);
+
+		return $event;
+	}
+
+	/**
+	 * @param IEvent $event
+	 * @return array
+	 * @throws \InvalidArgumentException
+	 */
+	protected function getParameters(IEvent $event) {
+		$subject = $event->getSubject();
+		$parameters = $event->getSubjectParameters();
+
+		switch ($subject) {
+			case self::PASSWORD_CHANGED_SELF:
+			case self::PASSWORD_RESET:
+			case self::EMAIL_CHANGED_SELF:
+			case self::EMAIL_CHANGED:
+				return [];
+			case self::PASSWORD_CHANGED_BY:
+			case self::EMAIL_CHANGED_BY:
+				return [
+					'actor' => $this->generateUserParameter($parameters[0]),
+				];
+		}
+
+		throw new \InvalidArgumentException();
+	}
+
+	/**
+	 * @param IEvent $event
+	 * @param string $subject
+	 * @param array $parameters
+	 * @throws \InvalidArgumentException
+	 */
+	protected function setSubjects(IEvent $event, $subject, array $parameters) {
+		$placeholders = $replacements = [];
+		foreach ($parameters as $placeholder => $parameter) {
+			$placeholders[] = '{' . $placeholder . '}';
+			$replacements[] = $parameter['name'];
+		}
+
+		$event->setParsedSubject(str_replace($placeholders, $replacements, $subject))
+			->setRichSubject($subject, $parameters);
+	}
+
+	/**
+	 * @param string $uid
+	 * @return array
+	 */
+	protected function generateUserParameter($uid) {
+		if (!isset($this->displayNames[$uid])) {
+			$this->displayNames[$uid] = $this->getDisplayName($uid);
+		}
+
+		return [
+			'type' => 'user',
+			'id' => $uid,
+			'name' => $this->displayNames[$uid],
+		];
+	}
+
+	/**
+	 * @param string $uid
+	 * @return string
+	 */
+	protected function getDisplayName($uid) {
+		$user = $this->userManager->get($uid);
+		if ($user instanceof IUser) {
+			return $user->getDisplayName();
+		}
+
+		return $uid;
+	}
+}

settings/Activity/Setting.php

@@ -0,0 +1,96 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Settings\Activity;
+
+use OCP\Activity\ISetting;
+use OCP\IL10N;
+
+class Setting implements ISetting {
+
+	/** @var IL10N */
+	protected $l;
+
+	/**
+	 * @param IL10N $l10n
+	 */
+	public function __construct(IL10N $l10n) {
+		$this->l = $l10n;
+	}
+
+	/**
+	 * @return string Lowercase a-z and underscore only identifier
+	 * @since 11.0.0
+	 */
+	public function getIdentifier() {
+		return 'personal_settings';
+	}
+
+	/**
+	 * @return string A translated string
+	 * @since 11.0.0
+	 */
+	public function getName() {
+		return $this->l->t('Your <strong>password</strong> or <strong>email</strong> was modified');
+	}
+
+	/**
+	 * @return int whether the filter should be rather on the top or bottom of
+	 * the admin section. The filters are arranged in ascending order of the
+	 * priority values. It is required to return a value between 0 and 100.
+	 * @since 11.0.0
+	 */
+	public function getPriority() {
+		return 0;
+	}
+
+	/**
+	 * @return bool True when the option can be changed for the stream
+	 * @since 11.0.0
+	 */
+	public function canChangeStream() {
+		return false;
+	}
+
+	/**
+	 * @return bool True when the option can be changed for the stream
+	 * @since 11.0.0
+	 */
+	public function isDefaultEnabledStream() {
+		return true;
+	}
+
+	/**
+	 * @return bool True when the option can be changed for the mail
+	 * @since 11.0.0
+	 */
+	public function canChangeMail() {
+		return false;
+	}
+
+	/**
+	 * @return bool True when the option can be changed for the stream
+	 * @since 11.0.0
+	 */
+	public function isDefaultEnabledMail() {
+		return false;
+	}
+}

settings/Application.php

@@ -35,6 +35,8 @@ use OC\App\AppStore\Fetcher\CategoryFetcher;
 use OC\AppFramework\Utility\TimeFactory;
 use OC\Authentication\Token\IProvider;
 use OC\Server;
+use OC\Settings\Activity\Provider;
+use OC\Settings\Activity\Setting;
 use OC\Settings\Mailer\NewUserMailHelper;
 use OC\Settings\Middleware\SubadminMiddleware;
 use OCP\AppFramework\App;
@@ -129,4 +131,43 @@ class Application extends App {
 			);
 		});
 	}
+
+	public function register() {
+		$activityManager = $this->getContainer()->getServer()->getActivityManager();
+		$activityManager->registerSetting(Setting::class); // FIXME move to info.xml
+		$activityManager->registerProvider(Provider::class); // FIXME move to info.xml
+
+		Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
+		Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
+	}
+
+	/**
+	 * @param array $parameters
+	 * @throws \InvalidArgumentException
+	 * @throws \BadMethodCallException
+	 * @throws \Exception
+	 * @throws \OCP\AppFramework\QueryException
+	 */
+	public function onChangePassword(array $parameters) {
+		/** @var Hooks $hooks */
+		$hooks = $this->getContainer()->query(Hooks::class);
+		$hooks->onChangePassword($parameters['uid']);
+	}
+
+	/**
+	 * @param array $parameters
+	 * @throws \InvalidArgumentException
+	 * @throws \BadMethodCallException
+	 * @throws \Exception
+	 * @throws \OCP\AppFramework\QueryException
+	 */
+	public function onChangeInfo(array $parameters) {
+		if ($parameters['feature'] !== 'eMailAddress') {
+			return;
+		}
+
+		/** @var Hooks $hooks */
+		$hooks = $this->getContainer()->query(Hooks::class);
+		$hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
+	}
 }

settings/Hooks.php

@@ -0,0 +1,165 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Settings;
+
+use OC\Settings\Activity\Provider;
+use OCP\Activity\IManager as IActivityManager;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use OCP\IUser;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\Mail\IMailer;
+
+class Hooks {
+
+	/** @var IActivityManager */
+	protected $activityManager;
+	/** @var IUserManager */
+	protected $userManager;
+	/** @var IUserSession */
+	protected $userSession;
+	/** @var IURLGenerator */
+	protected $urlGenerator;
+	/** @var IMailer */
+	protected $mailer;
+	/** @var IL10N */
+	protected $l;
+
+	public function __construct(IActivityManager $activityManager, IUserManager $userManager, IUserSession $userSession, IURLGenerator $urlGenerator, IMailer $mailer, IL10N $l) {
+		$this->activityManager = $activityManager;
+		$this->userManager = $userManager;
+		$this->userSession = $userSession;
+		$this->urlGenerator = $urlGenerator;
+		$this->mailer = $mailer;
+		$this->l = $l;
+	}
+
+	/**
+	 * @param string $uid
+	 * @throws \InvalidArgumentException
+	 * @throws \BadMethodCallException
+	 * @throws \Exception
+	 */
+	public function onChangePassword($uid) {
+		$user = $this->userManager->get($uid);
+
+		if (!$user instanceof IUser || $user->getEMailAddress() === null) {
+			return;
+		}
+
+		$event = $this->activityManager->generateEvent();
+		$event->setApp('settings')
+			->setType('personal_settings')
+			->setAffectedUser($user->getUID());
+
+		$instanceUrl = $this->urlGenerator->getAbsoluteURL('/');
+
+		$actor = $this->userSession->getUser();
+		if ($actor instanceof IUser) {
+			if ($actor->getUID() !== $user->getUID()) {
+				$text = $this->l->t('%1$s changed your password on %2$s.', [$actor->getDisplayName(), $instanceUrl]);
+				$event->setAuthor($actor->getUID())
+					->setSubject(Provider::PASSWORD_CHANGED_BY, [$actor->getUID()]);
+			} else {
+				$text = $this->l->t('Your password on %s was changed.', [$instanceUrl]);
+				$event->setAuthor($actor->getUID())
+					->setSubject(Provider::PASSWORD_CHANGED_SELF);
+			}
+		} else {
+			$text = $this->l->t('Your password on %s was reset by an administrator.', [$instanceUrl]);
+			$event->setSubject(Provider::PASSWORD_RESET);
+		}
+
+		$this->activityManager->publish($event);
+
+		if ($user->getEMailAddress() !== null) {
+			$template = $this->mailer->createEMailTemplate();
+			$template->addHeader();
+			$template->addHeading($this->l->t('Password changed for %s', $user->getDisplayName()), false);
+			$template->addBodyText($text . ' ' . $this->l->t('If you did not request this, please contact an administrator.'));
+			$template->addFooter();
+
+
+			$message = $this->mailer->createMessage();
+			$message->setTo([$user->getEMailAddress() => $user->getDisplayName()]);
+			$message->setSubject($this->l->t('Password for %1$s changed on %2$s', [$user->getDisplayName(), $instanceUrl]));
+			$message->setBody($template->renderText(), 'text/plain');
+			$message->setHtmlBody($template->renderHTML());
+
+			$this->mailer->send($message);
+		}
+	}
+
+	/**
+	 * @param IUser $user
+	 * @param string|null $oldMailAddress
+	 * @throws \InvalidArgumentException
+	 * @throws \BadMethodCallException
+	 */
+	public function onChangeEmail(IUser $user, $oldMailAddress) {
+		$event = $this->activityManager->generateEvent();
+		$event->setApp('settings')
+			->setType('personal_settings')
+			->setAffectedUser($user->getUID());
+
+		$instanceUrl = $this->urlGenerator->getAbsoluteURL('/');
+
+		$actor = $this->userSession->getUser();
+		if ($actor instanceof IUser) {
+			if ($actor->getUID() !== $user->getUID()) {
+				$text = $this->l->t('%1$s changed your email address on %2$s.', [$actor->getDisplayName(), $instanceUrl]);
+				$event->setAuthor($actor->getUID())
+					->setSubject(Provider::EMAIL_CHANGED_BY, [$actor->getUID()]);
+			} else {
+				$text = $this->l->t('Your email address on %s was changed.', [$instanceUrl]);
+				$event->setAuthor($actor->getUID())
+					->setSubject(Provider::EMAIL_CHANGED_SELF);
+			}
+		} else {
+			$text = $this->l->t('Your email address on %s was changed by an administrator.', [$instanceUrl]);
+			$event->setSubject(Provider::EMAIL_CHANGED);
+		}
+		$this->activityManager->publish($event);
+
+
+		if ($oldMailAddress !== null) {
+			$template = $this->mailer->createEMailTemplate();
+			$template->addHeader();
+			$template->addHeading($this->l->t('Email address changed for %s', $user->getDisplayName()), false);
+			$template->addBodyText($text . ' ' . $this->l->t('If you did not request this, please contact an administrator.'));
+			if ($user->getEMailAddress()) {
+				$template->addBodyText($this->l->t('The new email address is %s', $user->getEMailAddress()));
+			}
+			$template->addFooter();
+
+
+			$message = $this->mailer->createMessage();
+			$message->setTo([$oldMailAddress => $user->getDisplayName()]);
+			$message->setSubject($this->l->t('Email address for %1$s changed on %2$s', [$user->getDisplayName(), $instanceUrl]));
+			$message->setBody($template->renderText(), 'text/plain');
+			$message->setHtmlBody($template->renderHTML());
+
+			$this->mailer->send($message);
+		}
+	}
+}