summaryrefslogtreecommitdiffstats
path: root/core/Controller
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2021-09-10 22:40:10 +0200
committerArthur Schiwon <blizzz@arthur-schiwon.de>2021-09-10 22:48:16 +0200
commita843d3c5db44e1c5646980f7f7d6442f4c7dcce9 (patch)
tree0a0be2e1a929c4b5f8d5a3fc0ebac44fba11c877 /core/Controller
parent99a146803353ee93a6935606b411954b9ad845f5 (diff)
downloadnextcloud-server-a843d3c5db44e1c5646980f7f7d6442f4c7dcce9.tar.gz
nextcloud-server-a843d3c5db44e1c5646980f7f7d6442f4c7dcce9.zip
allow using of disabled password reset mechanism for special cases
- LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'core/Controller')
-rw-r--r--core/Controller/LostController.php32
1 files changed, 15 insertions, 17 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index cee3837ac5a..39b09c7fb63 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -134,22 +134,24 @@ class LostController extends Controller {
* @return TemplateResponse
*/
public function resetform($token, $userId) {
- if ($this->config->getSystemValue('lost_password_link', '') !== '') {
- return new TemplateResponse('core', 'error', [
- 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]]
- ],
- 'guest'
- );
- }
-
try {
$this->checkPasswordResetToken($token, $userId);
} catch (\Exception $e) {
- return new TemplateResponse(
- 'core', 'error', [
- "errors" => [["error" => $e->getMessage()]]
- ],
- 'guest'
+ if ($this->config->getSystemValue('lost_password_link', '') !== 'disabled'
+ || ($e instanceof InvalidTokenException
+ && !in_array($e->getCode(), [InvalidTokenException::TOKEN_NOT_FOUND, InvalidTokenException::USER_UNKNOWN]))
+ ) {
+ return new TemplateResponse(
+ 'core', 'error', [
+ "errors" => [["error" => $e->getMessage()]]
+ ],
+ TemplateResponse::RENDER_AS_GUEST
+ );
+ }
+ return new TemplateResponse('core', 'error', [
+ 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]]
+ ],
+ TemplateResponse::RENDER_AS_GUEST
);
}
$this->initialStateService->provideInitialState('core', 'resetPasswordUser', $userId);
@@ -241,10 +243,6 @@ class LostController extends Controller {
* @return array
*/
public function setPassword($token, $userId, $password, $proceed) {
- if ($this->config->getSystemValue('lost_password_link', '') !== '') {
- return $this->error($this->l10n->t('Password reset is disabled'));
- }
-
if ($this->encryptionManager->isEnabled() && !$proceed) {
$encryptionModules = $this->encryptionManager->getEncryptionModules();
foreach ($encryptionModules as $module) {