In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure.
Thus the error message should not directly get displayed to the user and instead be logged.
As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
This patch wil warn the user of the consequences when resetting the password and requires checking a checkbox (as we had in the past) to reset a password.
Furthermore I updated the code to use our new classes and added some unit tests for it 👯
Fixes https://github.com/owncloud/core/issues/11438
Lukas Reschke
Roeland Jago Douma
Morris Jobke
Thomas Müller
Jenkins for ownCloud