mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 997 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66057 Commits
365 Branches
Tree: dde5c46a3e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dde5c46a3e'
${ noResults }
nextcloud/apps/settings/lib/Controller/UsersController.php

UsersController.php 20KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  7.  *

  8.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  9.  * @author Bjoern Schiessle <bjoern@schiessle.org>

  10.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  11.  * @author Daniel Calviño Sánchez <danxuliu@gmail.com>

  12.  * @author Daniel Kesselberg <mail@danielkesselberg.de>

  13.  * @author GretaD <gretadoci@gmail.com>

  14.  * @author Joas Schilling <coding@schilljs.com>

  15.  * @author John Molakvoæ <skjnldsv@protonmail.com>

  16.  * @author Morris Jobke <hey@morrisjobke.de>

  17.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  18.  * @author Vincent Petry <vincent@nextcloud.com>

  19.  *

  20.  * @license AGPL-3.0

  21.  *

  22.  * This code is free software: you can redistribute it and/or modify

  23.  * it under the terms of the GNU Affero General Public License, version 3,

  24.  * as published by the Free Software Foundation.

  25.  *

  26.  * This program is distributed in the hope that it will be useful,

  27.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  28.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  29.  * GNU Affero General Public License for more details.

  30.  *

  31.  * You should have received a copy of the GNU Affero General Public License, version 3,

  32.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  33.  *

  34.  */

  35. // FIXME: disabled for now to be able to inject IGroupManager and also use

  36. // getSubAdmin()

  37. 

  38. namespace OCA\Settings\Controller;

  39. 

  40. use InvalidArgumentException;

  41. use OC\AppFramework\Http;

  42. use OC\Encryption\Exceptions\ModuleDoesNotExistsException;

  43. use OC\ForbiddenException;

  44. use OC\Group\Manager as GroupManager;

  45. use OC\KnownUser\KnownUserService;

  46. use OC\L10N\Factory;

  47. use OC\Security\IdentityProof\Manager;

  48. use OC\User\Manager as UserManager;

  49. use OCA\Settings\BackgroundJobs\VerifyUserData;

  50. use OCA\Settings\Events\BeforeTemplateRenderedEvent;

  51. use OCA\User_LDAP\User_Proxy;

  52. use OCP\Accounts\IAccount;

  53. use OCP\Accounts\IAccountManager;

  54. use OCP\Accounts\PropertyDoesNotExistException;

  55. use OCP\App\IAppManager;

  56. use OCP\AppFramework\Controller;

  57. use OCP\AppFramework\Http\DataResponse;

  58. use OCP\AppFramework\Http\JSONResponse;

  59. use OCP\AppFramework\Http\TemplateResponse;

  60. use OCP\BackgroundJob\IJobList;

  61. use OCP\Encryption\IManager;

  62. use OCP\EventDispatcher\IEventDispatcher;

  63. use OCP\IConfig;

  64. use OCP\IGroupManager;

  65. use OCP\IL10N;

  66. use OCP\IRequest;

  67. use OCP\IUser;

  68. use OCP\IUserManager;

  69. use OCP\IUserSession;

  70. use OCP\L10N\IFactory;

  71. use OCP\Mail\IMailer;

  72. use function in_array;

  73. 

  74. class UsersController extends Controller {

  75. 	/** @var UserManager */

  76. 	private $userManager;

  77. 	/** @var GroupManager */

  78. 	private $groupManager;

  79. 	/** @var IUserSession */

  80. 	private $userSession;

  81. 	/** @var IConfig */

  82. 	private $config;

  83. 	/** @var bool */

  84. 	private $isAdmin;

  85. 	/** @var IL10N */

  86. 	private $l10n;

  87. 	/** @var IMailer */

  88. 	private $mailer;

  89. 	/** @var Factory */

  90. 	private $l10nFactory;

  91. 	/** @var IAppManager */

  92. 	private $appManager;

  93. 	/** @var IAccountManager */

  94. 	private $accountManager;

  95. 	/** @var Manager */

  96. 	private $keyManager;

  97. 	/** @var IJobList */

  98. 	private $jobList;

  99. 	/** @var IManager */

  100. 	private $encryptionManager;

  101. 	/** @var KnownUserService */

  102. 	private $knownUserService;

  103. 	/** @var IEventDispatcher */

  104. 	private $dispatcher;

  105. 

  106. 

  107. 	public function __construct(

  108. 		string $appName,

  109. 		IRequest $request,

  110. 		IUserManager $userManager,

  111. 		IGroupManager $groupManager,

  112. 		IUserSession $userSession,

  113. 		IConfig $config,

  114. 		bool $isAdmin,

  115. 		IL10N $l10n,

  116. 		IMailer $mailer,

  117. 		IFactory $l10nFactory,

  118. 		IAppManager $appManager,

  119. 		IAccountManager $accountManager,

  120. 		Manager $keyManager,

  121. 		IJobList $jobList,

  122. 		IManager $encryptionManager,

  123. 		KnownUserService $knownUserService,

  124. 		IEventDispatcher $dispatcher

  125. 	) {

  126. 		parent::__construct($appName, $request);

  127. 		$this->userManager = $userManager;

  128. 		$this->groupManager = $groupManager;

  129. 		$this->userSession = $userSession;

  130. 		$this->config = $config;

  131. 		$this->isAdmin = $isAdmin;

  132. 		$this->l10n = $l10n;

  133. 		$this->mailer = $mailer;

  134. 		$this->l10nFactory = $l10nFactory;

  135. 		$this->appManager = $appManager;

  136. 		$this->accountManager = $accountManager;

  137. 		$this->keyManager = $keyManager;

  138. 		$this->jobList = $jobList;

  139. 		$this->encryptionManager = $encryptionManager;

  140. 		$this->knownUserService = $knownUserService;

  141. 		$this->dispatcher = $dispatcher;

  142. 	}

  143. 

  144. 

  145. 	/**

  146. 	 * @NoCSRFRequired

  147. 	 * @NoAdminRequired

  148. 	 *

  149. 	 * Display users list template

  150. 	 *

  151. 	 * @return TemplateResponse

  152. 	 */

  153. 	public function usersListByGroup(): TemplateResponse {

  154. 		return $this->usersList();

  155. 	}

  156. 

  157. 	/**

  158. 	 * @NoCSRFRequired

  159. 	 * @NoAdminRequired

  160. 	 *

  161. 	 * Display users list template

  162. 	 *

  163. 	 * @return TemplateResponse

  164. 	 */

  165. 	public function usersList(): TemplateResponse {

  166. 		$user = $this->userSession->getUser();

  167. 		$uid = $user->getUID();

  168. 

  169. 		\OC::$server->getNavigationManager()->setActiveEntry('core_users');

  170. 

  171. 		/* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */

  172. 		$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;

  173. 		$isLDAPUsed = false;

  174. 		if ($this->config->getSystemValue('sort_groups_by_name', false)) {

  175. 			$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;

  176. 		} else {

  177. 			if ($this->appManager->isEnabledForUser('user_ldap')) {

  178. 				$isLDAPUsed =

  179. 					$this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');

  180. 				if ($isLDAPUsed) {

  181. 					// LDAP user count can be slow, so we sort by group name here

  182. 					$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;

  183. 				}

  184. 			}

  185. 		}

  186. 

  187. 		$canChangePassword = $this->canAdminChangeUserPasswords();

  188. 

  189. 		/* GROUPS */

  190. 		$groupsInfo = new \OC\Group\MetaData(

  191. 			$uid,

  192. 			$this->isAdmin,

  193. 			$this->groupManager,

  194. 			$this->userSession

  195. 		);

  196. 

  197. 		$groupsInfo->setSorting($sortGroupsBy);

  198. 		[$adminGroup, $groups] = $groupsInfo->get();

  199. 

  200. 		if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {

  201. 			$isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {

  202. 				return $ldapFound || $backend instanceof User_Proxy;

  203. 			});

  204. 		}

  205. 

  206. 		$disabledUsers = -1;

  207. 		$userCount = 0;

  208. 

  209. 		if (!$isLDAPUsed) {

  210. 			if ($this->isAdmin) {

  211. 				$disabledUsers = $this->userManager->countDisabledUsers();

  212. 				$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {

  213. 					return $v + (int)$w;

  214. 				}, 0);

  215. 			} else {

  216. 				// User is subadmin !

  217. 				// Map group list to names to retrieve the countDisabledUsersOfGroups

  218. 				$userGroups = $this->groupManager->getUserGroups($user);

  219. 				$groupsNames = [];

  220. 

  221. 				foreach ($groups as $key => $group) {

  222. 					// $userCount += (int)$group['usercount'];

  223. 					array_push($groupsNames, $group['name']);

  224. 					// we prevent subadmins from looking up themselves

  225. 					// so we lower the count of the groups he belongs to

  226. 					if (array_key_exists($group['id'], $userGroups)) {

  227. 						$groups[$key]['usercount']--;

  228. 						$userCount -= 1; // we also lower from one the total count

  229. 					}

  230. 				}

  231. 				$userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());

  232. 				$disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);

  233. 			}

  234. 

  235. 			$userCount -= $disabledUsers;

  236. 		}

  237. 

  238. 		$disabledUsersGroup = [

  239. 			'id' => 'disabled',

  240. 			'name' => 'Disabled users',

  241. 			'usercount' => $disabledUsers

  242. 		];

  243. 

  244. 		/* QUOTAS PRESETS */

  245. 		$quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));

  246. 		$allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1';

  247. 		if (!$allowUnlimitedQuota && count($quotaPreset) > 0) {

  248. 			$defaultQuota = $this->config->getAppValue('files', 'default_quota', $quotaPreset[0]);

  249. 		} else {

  250. 			$defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');

  251. 		}

  252. 

  253. 		$event = new BeforeTemplateRenderedEvent();

  254. 		$this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);

  255. 		$this->dispatcher->dispatchTyped($event);

  256. 

  257. 		/* LANGUAGES */

  258. 		$languages = $this->l10nFactory->getLanguages();

  259. 

  260. 		/* FINAL DATA */

  261. 		$serverData = [];

  262. 		// groups

  263. 		$serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);

  264. 		// Various data

  265. 		$serverData['isAdmin'] = $this->isAdmin;

  266. 		$serverData['sortGroups'] = $sortGroupsBy;

  267. 		$serverData['quotaPreset'] = $quotaPreset;

  268. 		$serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;

  269. 		$serverData['userCount'] = $userCount;

  270. 		$serverData['languages'] = $languages;

  271. 		$serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');

  272. 		$serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);

  273. 		// Settings

  274. 		$serverData['defaultQuota'] = $defaultQuota;

  275. 		$serverData['canChangePassword'] = $canChangePassword;

  276. 		$serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';

  277. 		$serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';

  278. 		$serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';

  279. 

  280. 		return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]);

  281. 	}

  282. 

  283. 	/**

  284. 	 * @param string $key

  285. 	 * @param string $value

  286. 	 *

  287. 	 * @return JSONResponse

  288. 	 */

  289. 	public function setPreference(string $key, string $value): JSONResponse {

  290. 		$allowed = ['newUser.sendEmail'];

  291. 		if (!in_array($key, $allowed, true)) {

  292. 			return new JSONResponse([], Http::STATUS_FORBIDDEN);

  293. 		}

  294. 

  295. 		$this->config->setAppValue('core', $key, $value);

  296. 

  297. 		return new JSONResponse([]);

  298. 	}

  299. 

  300. 	/**

  301. 	 * Parse the app value for quota_present

  302. 	 *

  303. 	 * @param string $quotaPreset

  304. 	 * @return array

  305. 	 */

  306. 	protected function parseQuotaPreset(string $quotaPreset): array {

  307. 		// 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]

  308. 		$presets = array_filter(array_map('trim', explode(',', $quotaPreset)));

  309. 		// Drop default and none, Make array indexes numerically

  310. 		return array_values(array_diff($presets, ['default', 'none']));

  311. 	}

  312. 

  313. 	/**

  314. 	 * check if the admin can change the users password

  315. 	 *

  316. 	 * The admin can change the passwords if:

  317. 	 *

  318. 	 *   - no encryption module is loaded and encryption is disabled

  319. 	 *   - encryption module is loaded but it doesn't require per user keys

  320. 	 *

  321. 	 * The admin can not change the passwords if:

  322. 	 *

  323. 	 *   - an encryption module is loaded and it uses per-user keys

  324. 	 *   - encryption is enabled but no encryption modules are loaded

  325. 	 *

  326. 	 * @return bool

  327. 	 */

  328. 	protected function canAdminChangeUserPasswords(): bool {

  329. 		$isEncryptionEnabled = $this->encryptionManager->isEnabled();

  330. 		try {

  331. 			$noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();

  332. 			$isEncryptionModuleLoaded = true;

  333. 		} catch (ModuleDoesNotExistsException $e) {

  334. 			$noUserSpecificEncryptionKeys = true;

  335. 			$isEncryptionModuleLoaded = false;

  336. 		}

  337. 		$canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)

  338. 			|| (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);

  339. 

  340. 		return $canChangePassword;

  341. 	}

  342. 

  343. 	/**

  344. 	 * @NoAdminRequired

  345. 	 * @NoSubAdminRequired

  346. 	 * @PasswordConfirmationRequired

  347. 	 *

  348. 	 * @param string|null $avatarScope

  349. 	 * @param string|null $displayname

  350. 	 * @param string|null $displaynameScope

  351. 	 * @param string|null $phone

  352. 	 * @param string|null $phoneScope

  353. 	 * @param string|null $email

  354. 	 * @param string|null $emailScope

  355. 	 * @param string|null $website

  356. 	 * @param string|null $websiteScope

  357. 	 * @param string|null $address

  358. 	 * @param string|null $addressScope

  359. 	 * @param string|null $twitter

  360. 	 * @param string|null $twitterScope

  361. 	 * @param string|null $fediverse

  362. 	 * @param string|null $fediverseScope

  363. 	 *

  364. 	 * @return DataResponse

  365. 	 */

  366. 	public function setUserSettings(?string $avatarScope = null,

  367. 									?string $displayname = null,

  368. 									?string $displaynameScope = null,

  369. 									?string $phone = null,

  370. 									?string $phoneScope = null,

  371. 									?string $email = null,

  372. 									?string $emailScope = null,

  373. 									?string $website = null,

  374. 									?string $websiteScope = null,

  375. 									?string $address = null,

  376. 									?string $addressScope = null,

  377. 									?string $twitter = null,

  378. 									?string $twitterScope = null,

  379. 									?string $fediverse = null,

  380. 									?string $fediverseScope = null

  381. 	) {

  382. 		$user = $this->userSession->getUser();

  383. 		if (!$user instanceof IUser) {

  384. 			return new DataResponse(

  385. 				[

  386. 					'status' => 'error',

  387. 					'data' => [

  388. 						'message' => $this->l10n->t('Invalid user')

  389. 					]

  390. 				],

  391. 				Http::STATUS_UNAUTHORIZED

  392. 			);

  393. 		}

  394. 

  395. 		$email = !is_null($email) ? strtolower($email) : $email;

  396. 		if (!empty($email) && !$this->mailer->validateMailAddress($email)) {

  397. 			return new DataResponse(

  398. 				[

  399. 					'status' => 'error',

  400. 					'data' => [

  401. 						'message' => $this->l10n->t('Invalid mail address')

  402. 					]

  403. 				],

  404. 				Http::STATUS_UNPROCESSABLE_ENTITY

  405. 			);

  406. 		}

  407. 

  408. 		$userAccount = $this->accountManager->getAccount($user);

  409. 		$oldPhoneValue = $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();

  410. 

  411. 		$updatable = [

  412. 			IAccountManager::PROPERTY_AVATAR => ['value' => null, 'scope' => $avatarScope],

  413. 			IAccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],

  414. 			IAccountManager::PROPERTY_EMAIL => ['value' => $email, 'scope' => $emailScope],

  415. 			IAccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],

  416. 			IAccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],

  417. 			IAccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],

  418. 			IAccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope],

  419. 			IAccountManager::PROPERTY_FEDIVERSE => ['value' => $fediverse, 'scope' => $fediverseScope],

  420. 		];

  421. 		$allowUserToChangeDisplayName = $this->config->getSystemValueBool('allow_user_to_change_display_name', true);

  422. 		foreach ($updatable as $property => $data) {

  423. 			if ($allowUserToChangeDisplayName === false

  424. 				&& in_array($property, [IAccountManager::PROPERTY_DISPLAYNAME, IAccountManager::PROPERTY_EMAIL], true)) {

  425. 				continue;

  426. 			}

  427. 			$property = $userAccount->getProperty($property);

  428. 			if (null !== $data['value']) {

  429. 				$property->setValue($data['value']);

  430. 			}

  431. 			if (null !== $data['scope']) {

  432. 				$property->setScope($data['scope']);

  433. 			}

  434. 		}

  435. 

  436. 		try {

  437. 			$this->saveUserSettings($userAccount);

  438. 			if ($oldPhoneValue !== $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue()) {

  439. 				$this->knownUserService->deleteByContactUserId($user->getUID());

  440. 			}

  441. 			return new DataResponse(

  442. 				[

  443. 					'status' => 'success',

  444. 					'data' => [

  445. 						'userId' => $user->getUID(),

  446. 						'avatarScope' => $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR)->getScope(),

  447. 						'displayname' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue(),

  448. 						'displaynameScope' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getScope(),

  449. 						'phone' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue(),

  450. 						'phoneScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getScope(),

  451. 						'email' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue(),

  452. 						'emailScope' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getScope(),

  453. 						'website' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getValue(),

  454. 						'websiteScope' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getScope(),

  455. 						'address' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(),

  456. 						'addressScope' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getScope(),

  457. 						'twitter' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getValue(),

  458. 						'twitterScope' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getScope(),

  459. 						'fediverse' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue(),

  460. 						'fediverseScope' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getScope(),

  461. 						'message' => $this->l10n->t('Settings saved'),

  462. 					],

  463. 				],

  464. 				Http::STATUS_OK

  465. 			);

  466. 		} catch (ForbiddenException | InvalidArgumentException | PropertyDoesNotExistException $e) {

  467. 			return new DataResponse([

  468. 				'status' => 'error',

  469. 				'data' => [

  470. 					'message' => $e->getMessage()

  471. 				],

  472. 			]);

  473. 		}

  474. 	}

  475. 	/**

  476. 	 * update account manager with new user data

  477. 	 *

  478. 	 * @throws ForbiddenException

  479. 	 * @throws InvalidArgumentException

  480. 	 */

  481. 	protected function saveUserSettings(IAccount $userAccount): void {

  482. 		// keep the user back-end up-to-date with the latest display name and email

  483. 		// address

  484. 		$oldDisplayName = $userAccount->getUser()->getDisplayName();

  485. 		if ($oldDisplayName !== $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue()) {

  486. 			$result = $userAccount->getUser()->setDisplayName($userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue());

  487. 			if ($result === false) {

  488. 				throw new ForbiddenException($this->l10n->t('Unable to change full name'));

  489. 			}

  490. 		}

  491. 

  492. 		$oldEmailAddress = $userAccount->getUser()->getSystemEMailAddress();

  493. 		$oldEmailAddress = strtolower((string)$oldEmailAddress);

  494. 		if ($oldEmailAddress !== strtolower($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue())) {

  495. 			// this is the only permission a backend provides and is also used

  496. 			// for the permission of setting a email address

  497. 			if (!$userAccount->getUser()->canChangeDisplayName()) {

  498. 				throw new ForbiddenException($this->l10n->t('Unable to change email address'));

  499. 			}

  500. 			$userAccount->getUser()->setSystemEMailAddress($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue());

  501. 		}

  502. 

  503. 		try {

  504. 			$this->accountManager->updateAccount($userAccount);

  505. 		} catch (InvalidArgumentException $e) {

  506. 			if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {

  507. 				throw new InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));

  508. 			}

  509. 			if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {

  510. 				throw new InvalidArgumentException($this->l10n->t('Unable to set invalid website'));

  511. 			}

  512. 			throw new InvalidArgumentException($this->l10n->t('Some account data was invalid'));

  513. 		}

  514. 	}

  515. 

  516. 	/**

  517. 	 * Set the mail address of a user

  518. 	 *

  519. 	 * @NoAdminRequired

  520. 	 * @NoSubAdminRequired

  521. 	 * @PasswordConfirmationRequired

  522. 	 *

  523. 	 * @param string $account

  524. 	 * @param bool $onlyVerificationCode only return verification code without updating the data

  525. 	 * @return DataResponse

  526. 	 */

  527. 	public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {

  528. 		$user = $this->userSession->getUser();

  529. 

  530. 		if ($user === null) {

  531. 			return new DataResponse([], Http::STATUS_BAD_REQUEST);

  532. 		}

  533. 

  534. 		$userAccount = $this->accountManager->getAccount($user);

  535. 		$cloudId = $user->getCloudId();

  536. 		$message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;

  537. 		$signature = $this->signMessage($user, $message);

  538. 

  539. 		$code = $message . ' ' . $signature;

  540. 		$codeMd5 = $message . ' ' . md5($signature);

  541. 

  542. 		switch ($account) {

  543. 			case 'verify-twitter':

  544. 				$msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');

  545. 				$code = $codeMd5;

  546. 				$type = IAccountManager::PROPERTY_TWITTER;

  547. 				break;

  548. 			case 'verify-website':

  549. 				$msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');

  550. 				$type = IAccountManager::PROPERTY_WEBSITE;

  551. 				break;

  552. 			default:

  553. 				return new DataResponse([], Http::STATUS_BAD_REQUEST);

  554. 		}

  555. 

  556. 		$userProperty = $userAccount->getProperty($type);

  557. 		$userProperty

  558. 			->setVerified(IAccountManager::VERIFICATION_IN_PROGRESS)

  559. 			->setVerificationData($signature);

  560. 

  561. 		if ($onlyVerificationCode === false) {

  562. 			$this->accountManager->updateAccount($userAccount);

  563. 

  564. 			$this->jobList->add(VerifyUserData::class,

  565. 				[

  566. 					'verificationCode' => $code,

  567. 					'data' => $userProperty->getValue(),

  568. 					'type' => $type,

  569. 					'uid' => $user->getUID(),

  570. 					'try' => 0,

  571. 					'lastRun' => $this->getCurrentTime()

  572. 				]

  573. 			);

  574. 		}

  575. 

  576. 		return new DataResponse(['msg' => $msg, 'code' => $code]);

  577. 	}

  578. 

  579. 	/**

  580. 	 * get current timestamp

  581. 	 *

  582. 	 * @return int

  583. 	 */

  584. 	protected function getCurrentTime(): int {

  585. 		return time();

  586. 	}

  587. 

  588. 	/**

  589. 	 * sign message with users private key

  590. 	 *

  591. 	 * @param IUser $user

  592. 	 * @param string $message

  593. 	 *

  594. 	 * @return string base64 encoded signature

  595. 	 */

  596. 	protected function signMessage(IUser $user, string $message): string {

  597. 		$privateKey = $this->keyManager->getKey($user)->getPrivate();

  598. 		openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);

  599. 		return base64_encode($signature);

  600. 	}

  601. }