mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
52946 Commits
362 Branches
Tree: 53db05a1f6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '53db05a1f6'
${ noResults }
nextcloud/apps/settings/lib/Controller/UsersController.php

UsersController.php 17KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  6.  * @author Bjoern Schiessle <bjoern@schiessle.org>

  7.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  8.  * @author John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>

  9.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  10.  *

  11.  * @license AGPL-3.0

  12.  *

  13.  * This code is free software: you can redistribute it and/or modify

  14.  * it under the terms of the GNU Affero General Public License, version 3,

  15.  * as published by the Free Software Foundation.

  16.  *

  17.  * This program is distributed in the hope that it will be useful,

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  20.  * GNU Affero General Public License for more details.

  21.  *

  22.  * You should have received a copy of the GNU Affero General Public License, version 3,

  23.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  24.  *

  25.  */

  26. 

  27. // FIXME: disabled for now to be able to inject IGroupManager and also use

  28. // getSubAdmin()

  29. //declare(strict_types=1);

  30. 

  31. namespace OCA\Settings\Controller;

  32. 

  33. use OC\Accounts\AccountManager;

  34. use OC\AppFramework\Http;

  35. use OC\Encryption\Exceptions\ModuleDoesNotExistsException;

  36. use OC\ForbiddenException;

  37. use OC\Security\IdentityProof\Manager;

  38. use OCA\Settings\BackgroundJobs\VerifyUserData;

  39. use OCA\User_LDAP\User_Proxy;

  40. use OCP\App\IAppManager;

  41. use OCP\AppFramework\Controller;

  42. use OCP\AppFramework\Http\DataResponse;

  43. use OCP\AppFramework\Http\JSONResponse;

  44. use OCP\AppFramework\Http\TemplateResponse;

  45. use OCP\BackgroundJob\IJobList;

  46. use OCP\Encryption\IManager;

  47. use OCP\IConfig;

  48. use OCP\IGroupManager;

  49. use OCP\IL10N;

  50. use OCP\IRequest;

  51. use OCP\IUser;

  52. use OCP\IUserManager;

  53. use OCP\IUserSession;

  54. use OCP\L10N\IFactory;

  55. use OCP\Mail\IMailer;

  56. use function in_array;

  57. 

  58. class UsersController extends Controller {

  59. 	/** @var IUserManager */

  60. 	private $userManager;

  61. 	/** @var IGroupManager */

  62. 	private $groupManager;

  63. 	/** @var IUserSession */

  64. 	private $userSession;

  65. 	/** @var IConfig */

  66. 	private $config;

  67. 	/** @var bool */

  68. 	private $isAdmin;

  69. 	/** @var IL10N */

  70. 	private $l10n;

  71. 	/** @var IMailer */

  72. 	private $mailer;

  73. 	/** @var IFactory */

  74. 	private $l10nFactory;

  75. 	/** @var IAppManager */

  76. 	private $appManager;

  77. 	/** @var AccountManager */

  78. 	private $accountManager;

  79. 	/** @var Manager */

  80. 	private $keyManager;

  81. 	/** @var IJobList */

  82. 	private $jobList;

  83. 	/** @var IManager */

  84. 	private $encryptionManager;

  85. 

  86. 

  87. 	public function __construct(string $appName,

  88. 								IRequest $request,

  89. 								IUserManager $userManager,

  90. 								IGroupManager $groupManager,

  91. 								IUserSession $userSession,

  92. 								IConfig $config,

  93. 								bool $isAdmin,

  94. 								IL10N $l10n,

  95. 								IMailer $mailer,

  96. 								IFactory $l10nFactory,

  97. 								IAppManager $appManager,

  98. 								AccountManager $accountManager,

  99. 								Manager $keyManager,

  100. 								IJobList $jobList,

  101. 								IManager $encryptionManager) {

  102. 		parent::__construct($appName, $request);

  103. 		$this->userManager = $userManager;

  104. 		$this->groupManager = $groupManager;

  105. 		$this->userSession = $userSession;

  106. 		$this->config = $config;

  107. 		$this->isAdmin = $isAdmin;

  108. 		$this->l10n = $l10n;

  109. 		$this->mailer = $mailer;

  110. 		$this->l10nFactory = $l10nFactory;

  111. 		$this->appManager = $appManager;

  112. 		$this->accountManager = $accountManager;

  113. 		$this->keyManager = $keyManager;

  114. 		$this->jobList = $jobList;

  115. 		$this->encryptionManager = $encryptionManager;

  116. 	}

  117. 

  118. 

  119. 	/**

  120. 	 * @NoCSRFRequired

  121. 	 * @NoAdminRequired

  122. 	 *

  123. 	 * Display users list template

  124. 	 *

  125. 	 * @return TemplateResponse

  126. 	 */

  127. 	public function usersListByGroup() {

  128. 		return $this->usersList();

  129. 	}

  130. 

  131. 	/**

  132. 	 * @NoCSRFRequired

  133. 	 * @NoAdminRequired

  134. 	 *

  135. 	 * Display users list template

  136. 	 *

  137. 	 * @return TemplateResponse

  138. 	 */

  139. 	public function usersList() {

  140. 		$user = $this->userSession->getUser();

  141. 		$uid = $user->getUID();

  142. 

  143. 		\OC::$server->getNavigationManager()->setActiveEntry('core_users');

  144. 

  145. 		/* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */

  146. 		$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;

  147. 		$isLDAPUsed = false;

  148. 		if ($this->config->getSystemValue('sort_groups_by_name', false)) {

  149. 			$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;

  150. 		} else {

  151. 			if ($this->appManager->isEnabledForUser('user_ldap')) {

  152. 				$isLDAPUsed =

  153. 					$this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');

  154. 				if ($isLDAPUsed) {

  155. 					// LDAP user count can be slow, so we sort by group name here

  156. 					$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;

  157. 				}

  158. 			}

  159. 		}

  160. 

  161. 		$canChangePassword = $this->canAdminChangeUserPasswords();

  162. 

  163. 		/* GROUPS */

  164. 		$groupsInfo = new \OC\Group\MetaData(

  165. 			$uid,

  166. 			$this->isAdmin,

  167. 			$this->groupManager,

  168. 			$this->userSession

  169. 		);

  170. 

  171. 		$groupsInfo->setSorting($sortGroupsBy);

  172. 		list($adminGroup, $groups) = $groupsInfo->get();

  173. 

  174. 		if(!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {

  175. 			$isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {

  176. 				return $ldapFound || $backend instanceof User_Proxy;

  177. 			});

  178. 		}

  179. 

  180. 		$disabledUsers = -1;

  181. 		$userCount = 0;

  182. 

  183. 		if(!$isLDAPUsed) {

  184. 			if ($this->isAdmin) {

  185. 				$disabledUsers = $this->userManager->countDisabledUsers();

  186. 				$userCount = array_reduce($this->userManager->countUsers(), function($v, $w) {

  187. 					return $v + (int)$w;

  188. 				}, 0);

  189. 			} else {

  190. 				// User is subadmin !

  191. 				// Map group list to names to retrieve the countDisabledUsersOfGroups

  192. 				$userGroups = $this->groupManager->getUserGroups($user);

  193. 				$groupsNames = [];

  194. 

  195. 				foreach($groups as $key => $group) {

  196. 					// $userCount += (int)$group['usercount'];

  197. 					array_push($groupsNames, $group['name']);

  198. 					// we prevent subadmins from looking up themselves

  199. 					// so we lower the count of the groups he belongs to

  200. 					if (array_key_exists($group['id'], $userGroups)) {

  201. 						$groups[$key]['usercount']--;

  202. 						$userCount -= 1; // we also lower from one the total count

  203. 					}

  204. 				};

  205. 				$userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());

  206. 				$disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);

  207. 			}

  208. 

  209. 			$userCount -= $disabledUsers;

  210. 		}

  211. 

  212. 		$disabledUsersGroup = [

  213. 			'id' => 'disabled',

  214. 			'name' => 'Disabled users',

  215. 			'usercount' => $disabledUsers

  216. 		];

  217. 

  218. 		/* QUOTAS PRESETS */

  219. 		$quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));

  220. 		$defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');

  221. 

  222. 		\OC::$server->getEventDispatcher()->dispatch('OC\Settings\Users::loadAdditionalScripts');

  223. 

  224. 		/* LANGUAGES */

  225. 		$languages = $this->l10nFactory->getLanguages();

  226. 

  227. 		/* FINAL DATA */

  228. 		$serverData = [];

  229. 		// groups

  230. 		$serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);

  231. 		// Various data

  232. 		$serverData['isAdmin'] = $this->isAdmin;

  233. 		$serverData['sortGroups'] = $sortGroupsBy;

  234. 		$serverData['quotaPreset'] = $quotaPreset;

  235. 		$serverData['userCount'] = $userCount;

  236. 		$serverData['languages'] = $languages;

  237. 		$serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');

  238. 		// Settings

  239. 		$serverData['defaultQuota'] = $defaultQuota;

  240. 		$serverData['canChangePassword'] = $canChangePassword;

  241. 		$serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';

  242. 		$serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';

  243. 		$serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';

  244. 

  245. 		return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]);

  246. 	}

  247. 

  248. 	/**

  249. 	 * @param string $key

  250. 	 * @param string $value

  251. 	 *

  252. 	 * @return JSONResponse

  253. 	 */

  254. 	public function setPreference(string $key, string $value): JSONResponse {

  255. 		$allowed = ['newUser.sendEmail'];

  256. 		if (!in_array($key, $allowed, true)) {

  257. 			return new JSONResponse([], Http::STATUS_FORBIDDEN);

  258. 		}

  259. 

  260. 		$this->config->setAppValue('core', $key, $value);

  261. 

  262. 		return new JSONResponse([]);

  263. 	}

  264. 

  265. 	/**

  266. 	 * Parse the app value for quota_present

  267. 	 *

  268. 	 * @param string $quotaPreset

  269. 	 * @return array

  270. 	 */

  271. 	protected function parseQuotaPreset(string $quotaPreset): array {

  272. 		// 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]

  273. 		$presets = array_filter(array_map('trim', explode(',', $quotaPreset)));

  274. 		// Drop default and none, Make array indexes numerically

  275. 		return array_values(array_diff($presets, ['default', 'none']));

  276. 	}

  277. 

  278. 	/**

  279. 	 * check if the admin can change the users password

  280. 	 *

  281. 	 * The admin can change the passwords if:

  282. 	 *

  283. 	 *   - no encryption module is loaded and encryption is disabled

  284. 	 *   - encryption module is loaded but it doesn't require per user keys

  285. 	 *

  286. 	 * The admin can not change the passwords if:

  287. 	 *

  288. 	 *   - an encryption module is loaded and it uses per-user keys

  289. 	 *   - encryption is enabled but no encryption modules are loaded

  290. 	 *

  291. 	 * @return bool

  292. 	 */

  293. 	protected function canAdminChangeUserPasswords() {

  294. 		$isEncryptionEnabled = $this->encryptionManager->isEnabled();

  295. 		try {

  296. 			$noUserSpecificEncryptionKeys =!$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();

  297. 			$isEncryptionModuleLoaded = true;

  298. 		} catch (ModuleDoesNotExistsException $e) {

  299. 			$noUserSpecificEncryptionKeys = true;

  300. 			$isEncryptionModuleLoaded = false;

  301. 		}

  302. 

  303. 		$canChangePassword = ($isEncryptionEnabled && $isEncryptionModuleLoaded  && $noUserSpecificEncryptionKeys)

  304. 			|| (!$isEncryptionEnabled && !$isEncryptionModuleLoaded)

  305. 			|| (!$isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys);

  306. 

  307. 		return $canChangePassword;

  308. 	}

  309. 

  310. 	/**

  311. 	 * @NoAdminRequired

  312. 	 * @NoSubadminRequired

  313. 	 * @PasswordConfirmationRequired

  314. 	 *

  315. 	 * @param string $avatarScope

  316. 	 * @param string $displayname

  317. 	 * @param string $displaynameScope

  318. 	 * @param string $phone

  319. 	 * @param string $phoneScope

  320. 	 * @param string $email

  321. 	 * @param string $emailScope

  322. 	 * @param string $website

  323. 	 * @param string $websiteScope

  324. 	 * @param string $address

  325. 	 * @param string $addressScope

  326. 	 * @param string $twitter

  327. 	 * @param string $twitterScope

  328. 	 * @return DataResponse

  329. 	 */

  330. 	public function setUserSettings($avatarScope,

  331. 									$displayname,

  332. 									$displaynameScope,

  333. 									$phone,

  334. 									$phoneScope,

  335. 									$email,

  336. 									$emailScope,

  337. 									$website,

  338. 									$websiteScope,

  339. 									$address,

  340. 									$addressScope,

  341. 									$twitter,

  342. 									$twitterScope

  343. 	) {

  344. 		if (!empty($email) && !$this->mailer->validateMailAddress($email)) {

  345. 			return new DataResponse(

  346. 				[

  347. 					'status' => 'error',

  348. 					'data' => [

  349. 						'message' => $this->l10n->t('Invalid mail address')

  350. 					]

  351. 				],

  352. 				Http::STATUS_UNPROCESSABLE_ENTITY

  353. 			);

  354. 		}

  355. 		$user = $this->userSession->getUser();

  356. 		$data = $this->accountManager->getUser($user);

  357. 		$data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];

  358. 		if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {

  359. 			$data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];

  360. 			$data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];

  361. 		}

  362. 		if ($this->appManager->isEnabledForUser('federatedfilesharing')) {

  363. 			$federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();

  364. 			$shareProvider = $federatedFileSharing->getFederatedShareProvider();

  365. 			if ($shareProvider->isLookupServerUploadEnabled()) {

  366. 				$data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];

  367. 				$data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];

  368. 				$data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];

  369. 				$data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];

  370. 			}

  371. 		}

  372. 		try {

  373. 			$this->saveUserSettings($user, $data);

  374. 			return new DataResponse(

  375. 				[

  376. 					'status' => 'success',

  377. 					'data' => [

  378. 						'userId' => $user->getUID(),

  379. 						'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],

  380. 						'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],

  381. 						'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],

  382. 						'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],

  383. 						'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],

  384. 						'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],

  385. 						'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],

  386. 						'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],

  387. 						'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],

  388. 						'message' => $this->l10n->t('Settings saved')

  389. 					]

  390. 				],

  391. 				Http::STATUS_OK

  392. 			);

  393. 		} catch (ForbiddenException $e) {

  394. 			return new DataResponse([

  395. 				'status' => 'error',

  396. 				'data' => [

  397. 					'message' => $e->getMessage()

  398. 				],

  399. 			]);

  400. 		}

  401. 	}

  402. 	/**

  403. 	 * update account manager with new user data

  404. 	 *

  405. 	 * @param IUser $user

  406. 	 * @param array $data

  407. 	 * @throws ForbiddenException

  408. 	 */

  409. 	protected function saveUserSettings(IUser $user, array $data) {

  410. 		// keep the user back-end up-to-date with the latest display name and email

  411. 		// address

  412. 		$oldDisplayName = $user->getDisplayName();

  413. 		$oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;

  414. 		if (isset($data[AccountManager::PROPERTY_DISPLAYNAME]['value'])

  415. 			&& $oldDisplayName !== $data[AccountManager::PROPERTY_DISPLAYNAME]['value']

  416. 		) {

  417. 			$result = $user->setDisplayName($data[AccountManager::PROPERTY_DISPLAYNAME]['value']);

  418. 			if ($result === false) {

  419. 				throw new ForbiddenException($this->l10n->t('Unable to change full name'));

  420. 			}

  421. 		}

  422. 		$oldEmailAddress = $user->getEMailAddress();

  423. 		$oldEmailAddress = is_null($oldEmailAddress) ? '' : $oldEmailAddress;

  424. 		if (isset($data[AccountManager::PROPERTY_EMAIL]['value'])

  425. 			&& $oldEmailAddress !== $data[AccountManager::PROPERTY_EMAIL]['value']

  426. 		) {

  427. 			// this is the only permission a backend provides and is also used

  428. 			// for the permission of setting a email address

  429. 			if (!$user->canChangeDisplayName()) {

  430. 				throw new ForbiddenException($this->l10n->t('Unable to change email address'));

  431. 			}

  432. 			$user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);

  433. 		}

  434. 		$this->accountManager->updateUser($user, $data);

  435. 	}

  436. 

  437. 	/**

  438. 	 * Set the mail address of a user

  439. 	 *

  440. 	 * @NoAdminRequired

  441. 	 * @NoSubadminRequired

  442. 	 * @PasswordConfirmationRequired

  443. 	 *

  444. 	 * @param string $account

  445. 	 * @param bool $onlyVerificationCode only return verification code without updating the data

  446. 	 * @return DataResponse

  447. 	 */

  448. 	public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {

  449. 

  450. 		$user = $this->userSession->getUser();

  451. 

  452. 		if ($user === null) {

  453. 			return new DataResponse([], Http::STATUS_BAD_REQUEST);

  454. 		}

  455. 

  456. 		$accountData = $this->accountManager->getUser($user);

  457. 		$cloudId = $user->getCloudId();

  458. 		$message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;

  459. 		$signature = $this->signMessage($user, $message);

  460. 

  461. 		$code = $message . ' ' . $signature;

  462. 		$codeMd5 = $message . ' ' . md5($signature);

  463. 

  464. 		switch ($account) {

  465. 			case 'verify-twitter':

  466. 				$accountData[AccountManager::PROPERTY_TWITTER]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;

  467. 				$msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');

  468. 				$code = $codeMd5;

  469. 				$type = AccountManager::PROPERTY_TWITTER;

  470. 				$data = $accountData[AccountManager::PROPERTY_TWITTER]['value'];

  471. 				$accountData[AccountManager::PROPERTY_TWITTER]['signature'] = $signature;

  472. 				break;

  473. 			case 'verify-website':

  474. 				$accountData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;

  475. 				$msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');

  476. 				$type = AccountManager::PROPERTY_WEBSITE;

  477. 				$data = $accountData[AccountManager::PROPERTY_WEBSITE]['value'];

  478. 				$accountData[AccountManager::PROPERTY_WEBSITE]['signature'] = $signature;

  479. 				break;

  480. 			default:

  481. 				return new DataResponse([], Http::STATUS_BAD_REQUEST);

  482. 		}

  483. 

  484. 		if ($onlyVerificationCode === false) {

  485. 			$this->accountManager->updateUser($user, $accountData);

  486. 

  487. 			$this->jobList->add(VerifyUserData::class,

  488. 				[

  489. 					'verificationCode' => $code,

  490. 					'data' => $data,

  491. 					'type' => $type,

  492. 					'uid' => $user->getUID(),

  493. 					'try' => 0,

  494. 					'lastRun' => $this->getCurrentTime()

  495. 				]

  496. 			);

  497. 		}

  498. 

  499. 		return new DataResponse(['msg' => $msg, 'code' => $code]);

  500. 	}

  501. 

  502. 	/**

  503. 	 * get current timestamp

  504. 	 *

  505. 	 * @return int

  506. 	 */

  507. 	protected function getCurrentTime(): int {

  508. 		return time();

  509. 	}

  510. 

  511. 	/**

  512. 	 * sign message with users private key

  513. 	 *

  514. 	 * @param IUser $user

  515. 	 * @param string $message

  516. 	 *

  517. 	 * @return string base64 encoded signature

  518. 	 */

  519. 	protected function signMessage(IUser $user, string $message): string {

  520. 		$privateKey = $this->keyManager->getKey($user)->getPrivate();

  521. 		openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);

  522. 		return base64_encode($signature);

  523. 	}

  524. }