diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-05-12 12:39:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-12 12:39:07 +0200 |
| commit | 4f752ed1fcb338d1f56037426c8eb77c73599cb7 (patch) | |
| tree | 01f4b267cd5efc2d2615d013088bad726062158c | |
| parent | 48a9a4bd81ce80f2b42f56aa3f09a0b1e5e0f46a (diff) | |
| parent | 0828df5ed4d8488570821b07baaaa7449be3ba64 (diff) | |
| download | nextcloud-server-4f752ed1fcb338d1f56037426c8eb77c73599cb7.tar.gz nextcloud-server-4f752ed1fcb338d1f56037426c8eb77c73599cb7.zip | |
Merge pull request #4809 from nextcloud/downstream-27676
Disable reset password link
| -rw-r--r-- | config/config.sample.php | 1 | ||||
| -rw-r--r-- | core/Controller/LoginController.php | 2 | ||||
| -rw-r--r-- | core/Controller/LostController.php | 16 | ||||
| -rw-r--r-- | core/js/lostpassword.js | 4 | ||||
| -rw-r--r-- | tests/Core/Controller/LostControllerTest.php | 22 |
5 files changed, 29 insertions, 16 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 2bafbd411c9..b143693082a 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -253,6 +253,7 @@ $CONFIG = array( * read-only user backend like LDAP), you can specify a custom link, where the * user is redirected to, when clicking the "reset password" link after a failed * login-attempt. + * In case you do not want to provide any link, replace the url with 'disabled' */ 'lost_password_link' => 'https://example.org/link/to/password/reset', diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 691d74cdc60..93b695dd999 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -159,6 +159,8 @@ class LoginController extends Controller { $parameters['canResetPassword'] = $userObj->canChangePassword(); } } + } elseif ($parameters['resetPasswordLink'] === 'disabled') { + $parameters['canResetPassword'] = false; } $parameters['alt_login'] = OC_App::getAlternativeLogIns(); diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index 3f9ef172365..0d5988a2495 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -131,6 +131,14 @@ class LostController extends Controller { * @return TemplateResponse */ public function resetform($token, $userId) { + if ($this->config->getSystemValue('lost_password_link', '') !== '') { + return new TemplateResponse('core', 'error', [ + 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]] + ], + 'guest' + ); + } + try { $this->checkPasswordResetToken($token, $userId); } catch (\Exception $e) { @@ -211,6 +219,10 @@ class LostController extends Controller { * @return JSONResponse */ public function email($user){ + if ($this->config->getSystemValue('lost_password_link', '') !== '') { + return new JSONResponse($this->error($this->l10n->t('Password reset is disabled'))); + } + // FIXME: use HTTP error codes try { $this->sendEmail($user); @@ -234,6 +246,10 @@ class LostController extends Controller { * @return array */ public function setPassword($token, $userId, $password, $proceed) { + if ($this->config->getSystemValue('lost_password_link', '') !== '') { + return $this->error($this->l10n->t('Password reset is disabled')); + } + if ($this->encryptionManager->isEnabled() && !$proceed) { return $this->error('', array('encryption' => true)); } diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js index 2f96911f162..1923b73a179 100644 --- a/core/js/lostpassword.js +++ b/core/js/lostpassword.js @@ -22,7 +22,9 @@ OC.Lostpassword = { if (!$('#user').val().length){ $('#submit').trigger('click'); } else { - if (OC.config.lost_password_link) { + if (OC.config.lost_password_link === 'disabled') { + return; + } else if (OC.config.lost_password_link) { window.location = OC.config.lost_password_link; } else { $.post( diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php index d7d9094c485..d7098aafcc2 100644 --- a/tests/Core/Controller/LostControllerTest.php +++ b/tests/Core/Controller/LostControllerTest.php @@ -86,9 +86,13 @@ class LostControllerTest extends \Test\TestCase { ->willReturn('ExistingUser'); $this->config = $this->createMock(IConfig::class); - $this->config->method('getSystemValue') - ->with('secret', null) - ->willReturn('SECRET'); + $this->config->expects($this->any()) + ->method('getSystemValue') + ->willReturnMap([ + ['secret', null, 'SECRET'], + ['secret', '', 'SECRET'], + ['lost_password_link', '', ''], + ]); $this->l10n = $this->createMock(IL10N::class); $this->l10n ->expects($this->any()) @@ -347,10 +351,6 @@ class LostControllerTest extends \Test\TestCase { ->method('send') ->with($message); - $this->config->method('getSystemValue') - ->with('secret', '') - ->willReturn('SECRET'); - $this->crypto->method('encrypt') ->with( $this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'), @@ -434,10 +434,6 @@ class LostControllerTest extends \Test\TestCase { ->method('send') ->with($message); - $this->config->method('getSystemValue') - ->with('secret', '') - ->willReturn('SECRET'); - $this->crypto->method('encrypt') ->with( $this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'), @@ -516,10 +512,6 @@ class LostControllerTest extends \Test\TestCase { ->with($message) ->will($this->throwException(new \Exception())); - $this->config->method('getSystemValue') - ->with('secret', '') - ->willReturn('SECRET'); - $this->crypto->method('encrypt') ->with( $this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'), |