display a warning if the user has enabled file recovery but the admin tries to change...

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 6b5bf9c66bdde3f45ae42045b33031357051fd9e..cb66c57c743bcb9fc4fcb9bfb5bbff50a0b9753d 100644 (file)
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -28,8 +28,13 @@ if(is_null($userstatus)) {
        exit();
 }
 
-$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
-if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
+$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
+$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
+$recoveryEnabledForUser = $util->recoveryEnabledForUser();
+
+if ($recoveryAdminEnabled && $recoveryEnabledForUser && $recoveryPassword == '') {
+       OC_JSON::error(array("data" => array( "message" => "Please provide a admin recovery password, otherwise all user data will be lost" )));
+}elseif ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
        OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." )));
 }elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
        OC_JSON::success(array("data" => array( "username" => $username )));
@@ -37,4 +42,3 @@ if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
 else{
        OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
 }
-error_log("bliub");