10 years ago · 23ed038a27
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -0,0 +1,134 @@

 OC.Lostpassword = {
 	sendErrorMsg : t('core', 'Couldn’t send reset email. Please contact your administrator.'),
 			
 	sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'),
 	
 	encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?")
 			+ ('<br /><input type="checkbox" id="encrypted-continue" value="Yes" />')
 			+ '<label for="encrypted-continue">'
 			+ t('core', 'I know what I\'m doing')
 			+ '</label><br />'
 			+ '<a id="lost-password-encryption" href>'
 			+ t('core', 'Reset password')
 			+ '</a>',
 			
 	resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
 	
 	init : function() {
 		if ($('#lost-password-encryption').length){
 			$('#lost-password-encryption').click(OC.Lostpassword.sendLink);
 		} else {
 			$('#lost-password').click(OC.Lostpassword.sendLink);
 		}
 		$('#reset-password #submit').click(OC.Lostpassword.resetPassword);
 	},
 			
 	sendLink : function(event){
 		event.preventDefault();
 		if (!$('#user').val().length){
 			$('#submit').trigger('click');
 		} else {
 			$.post(
 					OC.filePath('core', 'ajax', 'password/lost'), 
 					{ 
 						user : $('#user').val(),
 						proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
 					}, 
 					OC.Lostpassword.sendLinkDone
 			);
 		}
 	},
 			
 	sendLinkDone : function(result){
 		if (result && result.status === 'success'){
 			OC.Lostpassword.sendLinkSuccess();
 		} else {
 			if (result && result.msg){
 				var sendErrorMsg = result.msg;
 			} else if (result && result.encryption) {
 				var sendErrorMsg = OC.Lostpassword.encryptedMsg;
 			} else {
 				var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
 			}
 			OC.Lostpassword.sendLinkError(sendErrorMsg);
 		}
 	},
 			
 	sendLinkSuccess : function(msg){
 		var node = OC.Lostpassword.getSendStatusNode();
 		node.addClass('success').css({width:'auto'});
 		node.html(OC.Lostpassword.sendSuccessMsg);
 	},
 			
 	sendLinkError : function(msg){
 		var node = OC.Lostpassword.getSendStatusNode();
 		node.addClass('warning');
 		node.html(msg);
 		OC.Lostpassword.init();
 	},
 			
 	getSendStatusNode : function(){
 		if (!$('#lost-password').length){
 			$('<p id="lost-password"></p>').insertBefore($('#remember_login'));
 		} else {
 			$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
 		}
 		return $('#lost-password');
 	},
 	
 	resetPassword : function(event){
 		event.preventDefault();
 		if ($('#password').val()){
 			$.post(
 					$('#password').parents('form').attr('action'),
 					{ 
 						password : $('#password').val()
 					},
 					OC.Lostpassword.resetDone
 			);
 		}
 	},
 			
 	resetDone : function(result){
 		if (result && result.status === 'success'){
 			$.post(
 					OC.webroot + '/',
 					{
 						user : window.location.href.split('/').pop(),
 						password : $('#password').val()
 					},
 					OC.Lostpassword.redirect
 			);
 		} else {
 			if (result && result.msg){
 				var resetErrorMsg = result.msg;
 			} else {
 				var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
 			}
 			OC.Lostpassword.resetError(resetErrorMsg);
 		}
 	},
 	
 	redirect : function(msg){
 		window.location = OC.webroot;
 	},
 			
 	resetError : function(msg){
 		var node = OC.Lostpassword.getResetStatusNode();
 		node.addClass('warning');
 		node.html(msg);
 	},
 	
 	getResetStatusNode : function (){
 		if (!$('#lost-password').length){
 			$('<p id="lost-password"></p>').insertAfter($('#submit'));
 		} else {
 			$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
 		}
 		return $('#lost-password');
 	}

 };

 $(document).ready(OC.Lostpassword.init);
--- a/core/lostpassword/ajaxcontroller.php
+++ b/core/lostpassword/ajaxcontroller.php
@@ -0,0 +1,45 @@
 <?php
 /**
 * @author Victor Dubiniuk
 * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */
 
 namespace OC\Core\LostPassword;

 class AjaxController {
 	public static function lost()	{
 		\OCP\JSON::callCheck();
 	
 		try {
 			Controller::sendEmail(@$_POST['user'], @$_POST['proceed']);
 			\OCP\JSON::success();
 		} catch (EncryptedDataException $e){
 			\OCP\JSON::error(
 				array('encryption' => '1')
 			);
 		} catch (\Exception $e){
 			\OCP\JSON::error(
 				array('msg'=> $e->getMessage())
 			);
 		}
 		
 		exit();
 	}
 	
 	public static function resetPassword($args) {
 		\OCP\JSON::callCheck();
 		try {
 			Controller::resetPassword($args);
 			\OCP\JSON::success();
 		} catch (Exception $e){
 			\OCP\JSON::error(
 				array('msg'=> $e->getMessage())
 			);
 		}
 		exit();
 	}
 }
--- a/core/lostpassword/controller.php
+++ b/core/lostpassword/controller.php
@@ -36,47 +36,37 @@ class Controller {
 		return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
 	}

 	public static function index($args) {
 		self::displayLostPasswordPage(false, false);
 	}

 	public static function sendEmail($args) {

 	public static function sendEmail($user, $proceed) {
 		$l = \OC_L10N::get('core');
 		$isEncrypted = \OC_App::isEnabled('files_encryption');

 		if(!$isEncrypted || isset($_POST['continue'])) {
 			$continue = true;
 		} else {
 			$continue = false;
 		if ($isEncrypted && $proceed !== 'Yes'){
 			throw new EncryptedDataException();
 		}

 		if (\OC_User::userExists($_POST['user']) && $continue) {
 			$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
 			\OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
 				hash('sha256', $token)); // Hash the token again to prevent timing attacks
 			$email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
 			if (!empty($email)) {
 				$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
 					array('user' => $_POST['user'], 'token' => $token));
 				$link = \OC_Helper::makeURLAbsolute($link);
 		if (!\OC_User::userExists($user)) {
 			throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
 		}
 		$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
 		\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
 			hash('sha256', $token)); // Hash the token again to prevent timing attacks
 		$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
 		if (empty($email)) {
 			throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
 		}
 		$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
 			array('user' => $user, 'token' => $token));
 		$link = \OC_Helper::makeURLAbsolute($link);

 				$tmpl = new \OC_Template('core/lostpassword', 'email');
 				$tmpl->assign('link', $link, false);
 				$msg = $tmpl->fetchPage();
 				$l = \OC_L10N::get('core');
 				$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
 				try {
 					$defaults = new \OC_Defaults();
 					\OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
 				} catch (Exception $e) {
 					\OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') );
 				}
 				self::displayLostPasswordPage(false, true);
 			} else {
 				self::displayLostPasswordPage(true, false);
 			}
 		} else {
 			self::displayLostPasswordPage(true, false);
 		$tmpl = new \OC_Template('core/lostpassword', 'email');
 		$tmpl->assign('link', $link, false);
 		$msg = $tmpl->fetchPage();
 		$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
 		try {
 			$defaults = new \OC_Defaults();
 			\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
 		} catch (\Exception $e) {
 			throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
 		}
 	}

--- a/core/lostpassword/encrypteddataexception.php
+++ b/core/lostpassword/encrypteddataexception.php
@@ -0,0 +1,14 @@
 <?php
 /**
 * @author Victor Dubiniuk
 * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
 *
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

 namespace OC\Core\LostPassword;
 
 class EncryptedDataException extends \Exception{
 }
--- a/core/lostpassword/templates/lostpassword.php
+++ b/core/lostpassword/templates/lostpassword.php
@@ -8,7 +8,7 @@ OCP\Util::addStyle('lostpassword', 'lostpassword');
 	?>
 	</p></div>
 <?php else: ?>
 	<form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
 	<form action="<?php //print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
 		<fieldset>
 			<?php if ($_['error']): ?>
 				<div class="error"><p>
--- a/core/routes.php
+++ b/core/routes.php
@@ -70,18 +70,15 @@ $this->create('core_ajax_preview', '/core/preview')
 	->actionInclude('core/ajax/preview.php');
 $this->create('core_ajax_preview', '/core/preview.png')
 	->actionInclude('core/ajax/preview.php');
 $this->create('core_lostpassword_index', '/lostpassword/')
 	->get()
 	->action('OC\Core\LostPassword\Controller', 'index');
 $this->create('core_lostpassword_send_email', '/lostpassword/')
 $this->create('core_ajax_password_lost', '/core/ajax/password/lost')
 	->post()
 	->action('OC\Core\Lostpassword\AjaxController', 'lost');
 $this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}')
 	->post()
 	->action('OC\Core\LostPassword\Controller', 'sendEmail');
 	->action('OC\Core\LostPassword\AjaxController', 'resetPassword');
 $this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
 	->get()
 	->action('OC\Core\LostPassword\Controller', 'reset');
 $this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}')
 	->post()
 	->action('OC\Core\LostPassword\Controller', 'resetPassword');

 // Avatar routes
 $this->create('core_avatar_get_tmp', '/avatar/tmp')
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -46,8 +46,8 @@
 		</p>

 		<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
 		<a class="warning" href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>">
 			<?php p($l->t('Lost your password?')); ?>
 		<a id="lost-password" class="warning" href="">
 			<?php p($l->t('Forgot your password? Reset it!')); ?>
 		</a>
 		<?php endif; ?>
 		<?php if ($_['rememberLoginAllowed'] === true) : ?>
@@ -74,4 +74,4 @@

 <?php
 OCP\Util::addscript('core', 'visitortimezone');

 OCP\Util::addScript('core', 'lostpassword');