Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions

Password confirmation for some actions
author: Morris Jobke <hey@morrisjobke.de> 2016-11-18 15:42:30 +0100
committer: GitHub <noreply@github.com> 2016-11-18 15:42:30 +0100
commit: 332eaec4c01356d0b2119d4ec8fe07fa492d031b (patch)
tree: 3f89772129059801fd6768985aed9f7785a1791c /apps
parent: faee255ff47873ed2f8908c7d6b6e603ded11618 (diff)
parent: 3ffd9a755f60761d6a1f5fa3d02d07b4c2e68972 (diff)
download: nextcloud-server-332eaec4c01356d0b2119d4ec8fe07fa492d031b.tar.gz
nextcloud-server-332eaec4c01356d0b2119d4ec8fe07fa492d031b.zip
5 files changed, 31 insertions, 5 deletions
diff --git a/apps/twofactor_backupcodes/js/settingsview.js b/apps/twofactor_backupcodes/js/settingsview.js
index 224f5f4797f..76396023120 100644
--- a/apps/twofactor_backupcodes/js/settingsview.js
+++ b/apps/twofactor_backupcodes/js/settingsview.js
@@ -89,6 +89,11 @@
 			}.bind(this));
 		},
 		_onGenerateBackupCodes: function () {
+			if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+				OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this._onGenerateBackupCodes, this));
+				return;
+			}
+
 			// Hide old codes
 			this._enabled = false;
 			this.render();
diff --git a/apps/twofactor_backupcodes/lib/Controller/SettingsController.php b/apps/twofactor_backupcodes/lib/Controller/SettingsController.php
index fed7634643d..9b0b0fc57ba 100644
--- a/apps/twofactor_backupcodes/lib/Controller/SettingsController.php
+++ b/apps/twofactor_backupcodes/lib/Controller/SettingsController.php
@@ -59,15 +59,17 @@ class SettingsController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
+	 *
 	 * @return JSONResponse
 	 */
 	public function createCodes() {
 		$user = $this->userSession->getUser();
 		$codes = $this->storage->createCodes($user);
-		return [
-		    'codes' => $codes,
-		    'state' => $this->storage->getBackupCodesState($user),
-		];
+		return new JSONResponse([
+			'codes' => $codes,
+			'state' => $this->storage->getBackupCodesState($user),
+		]);
 	}
 
 }
diff --git a/apps/twofactor_backupcodes/tests/Unit/Controller/SettingsControllerTest.php b/apps/twofactor_backupcodes/tests/Unit/Controller/SettingsControllerTest.php
index c7ac33467b3..8427c10e839 100644
--- a/apps/twofactor_backupcodes/tests/Unit/Controller/SettingsControllerTest.php
+++ b/apps/twofactor_backupcodes/tests/Unit/Controller/SettingsControllerTest.php
@@ -24,6 +24,7 @@ namespace OCA\TwoFactorBackupCodes\Tests\Unit\Controller;
 
 use OCA\TwoFactorBackupCodes\Controller\SettingsController;
 use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
+use OCP\AppFramework\Http\JSONResponse;
 use OCP\IRequest;
 use OCP\IUser;
 use OCP\IUserSession;
@@ -89,7 +90,9 @@ class SettingsControllerTest extends TestCase {
 			'codes' => $codes,
 			'state' => 'state',
 		];
-		$this->assertEquals($expected, $this->controller->createCodes());
+		$response = $this->controller->createCodes();
+		$this->assertInstanceOf(JSONResponse::class, $response);
+		$this->assertEquals($expected, $response->getData());
 	}
 
 }
diff --git a/apps/workflowengine/js/admin.js b/apps/workflowengine/js/admin.js
index 0357d741ab1..7f9a709ec14 100644
--- a/apps/workflowengine/js/admin.js
+++ b/apps/workflowengine/js/admin.js
@@ -163,6 +163,11 @@
 				}
 			},
 			delete: function() {
+				if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+					OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.delete, this));
+					return;
+				}
+
 				this.model.destroy();
 				this.remove();
 			},
@@ -173,6 +178,11 @@
 				this.render();
 			},
 			save: function() {
+				if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+					OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.save, this));
+					return;
+				}
+
 				var success = function(model, response, options) {
 					this.saving = false;
 					this.originalModel = JSON.parse(JSON.stringify(this.model));
diff --git a/apps/workflowengine/lib/Controller/FlowOperations.php b/apps/workflowengine/lib/Controller/FlowOperations.php
index 94b8b9ddc79..753aa2c26a7 100644
--- a/apps/workflowengine/lib/Controller/FlowOperations.php
+++ b/apps/workflowengine/lib/Controller/FlowOperations.php
@@ -58,6 +58,8 @@ class FlowOperations extends Controller {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param string $class
 	 * @param string $name
 	 * @param array[] $checks
@@ -75,6 +77,8 @@ class FlowOperations extends Controller {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param int $id
 	 * @param string $name
 	 * @param array[] $checks
@@ -92,6 +96,8 @@ class FlowOperations extends Controller {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param int $id
 	 * @return JSONResponse
 	 */
author	Morris Jobke <hey@morrisjobke.de>	2016-11-18 15:42:30 +0100
committer	GitHub <noreply@github.com>	2016-11-18 15:42:30 +0100
commit	332eaec4c01356d0b2119d4ec8fe07fa492d031b (patch)
tree	3f89772129059801fd6768985aed9f7785a1791c /apps
parent	faee255ff47873ed2f8908c7d6b6e603ded11618 (diff)
parent	3ffd9a755f60761d6a1f5fa3d02d07b4c2e68972 (diff)
download	nextcloud-server-332eaec4c01356d0b2119d4ec8fe07fa492d031b.tar.gz nextcloud-server-332eaec4c01356d0b2119d4ec8fe07fa492d031b.zip