diff options
| author | Joas Schilling <coding@schilljs.com> | 2016-09-19 15:33:30 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-11-18 11:57:16 +0100 |
| commit | d75e35b75e9d70e511bee2c9fc830825363a4fd6 (patch) | |
| tree | 0bfd1570211d1a8561c916d202b5f976a9d86445 /core/Controller/LoginController.php | |
| parent | 54ca411ff097d64d33c2d1e90102ef1fb1927f40 (diff) | |
| download | nextcloud-server-d75e35b75e9d70e511bee2c9fc830825363a4fd6.tar.gz nextcloud-server-d75e35b75e9d70e511bee2c9fc830825363a4fd6.zip | |
Introduce the UI for password confirmation
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'core/Controller/LoginController.php')
| -rw-r--r-- | core/Controller/LoginController.php | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 71478470ffe..b1542de5d3c 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -1,5 +1,6 @@ <?php /** + * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com> * @copyright Copyright (c) 2016, ownCloud, Inc. * * @author Christoph Wurst <christoph@owncloud.com> @@ -31,6 +32,8 @@ use OC\User\Session; use OC_App; use OC_Util; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; use OCP\Authentication\TwoFactorAuth\IProvider; @@ -242,6 +245,8 @@ class LoginController extends Controller { // User has successfully logged in, now remove the password reset link, when it is available $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword'); + $this->session->set('last-password-confirm', $loginResult->getLastLogin()); + if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) { $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login); @@ -273,4 +278,36 @@ class LoginController extends Controller { return $this->generateRedirect($redirect_url); } + /** + * @NoAdminRequired + * @UseSession + * + * @license GNU AGPL version 3 or any later version + * + * @param string $password + * @return DataResponse + */ + public function confirmPassword($password) { + $currentDelay = $this->throttler->getDelay($this->request->getRemoteAddress()); + $this->throttler->sleepDelay($this->request->getRemoteAddress()); + + $user = $this->userSession->getUser(); + if (!$user instanceof IUser) { + return new DataResponse([], Http::STATUS_UNAUTHORIZED); + } + + $loginResult = $this->userManager->checkPassword($user->getUID(), $password); + if ($loginResult === false) { + $this->throttler->registerAttempt('sudo', $this->request->getRemoteAddress(), ['user' => $user->getUID()]); + if ($currentDelay === 0) { + $this->throttler->sleepDelay($this->request->getRemoteAddress()); + } + + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + + $confirmTimestamp = time(); + $this->session->set('last-password-confirm', $confirmTimestamp); + return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK); + } } |