diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2021-09-10 22:40:10 +0200 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2021-09-10 22:48:16 +0200 |
commit | a843d3c5db44e1c5646980f7f7d6442f4c7dcce9 (patch) | |
tree | 0a0be2e1a929c4b5f8d5a3fc0ebac44fba11c877 /core/Controller | |
parent | 99a146803353ee93a6935606b411954b9ad845f5 (diff) | |
download | nextcloud-server-a843d3c5db44e1c5646980f7f7d6442f4c7dcce9.tar.gz nextcloud-server-a843d3c5db44e1c5646980f7f7d6442f4c7dcce9.zip |
allow using of disabled password reset mechanism for special cases
- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
requires a valid token
- this allows special cases like activating a freshly created guest account
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'core/Controller')
-rw-r--r-- | core/Controller/LostController.php | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index cee3837ac5a..39b09c7fb63 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -134,22 +134,24 @@ class LostController extends Controller { * @return TemplateResponse */ public function resetform($token, $userId) { - if ($this->config->getSystemValue('lost_password_link', '') !== '') { - return new TemplateResponse('core', 'error', [ - 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]] - ], - 'guest' - ); - } - try { $this->checkPasswordResetToken($token, $userId); } catch (\Exception $e) { - return new TemplateResponse( - 'core', 'error', [ - "errors" => [["error" => $e->getMessage()]] - ], - 'guest' + if ($this->config->getSystemValue('lost_password_link', '') !== 'disabled' + || ($e instanceof InvalidTokenException + && !in_array($e->getCode(), [InvalidTokenException::TOKEN_NOT_FOUND, InvalidTokenException::USER_UNKNOWN])) + ) { + return new TemplateResponse( + 'core', 'error', [ + "errors" => [["error" => $e->getMessage()]] + ], + TemplateResponse::RENDER_AS_GUEST + ); + } + return new TemplateResponse('core', 'error', [ + 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]] + ], + TemplateResponse::RENDER_AS_GUEST ); } $this->initialStateService->provideInitialState('core', 'resetPasswordUser', $userId); @@ -241,10 +243,6 @@ class LostController extends Controller { * @return array */ public function setPassword($token, $userId, $password, $proceed) { - if ($this->config->getSystemValue('lost_password_link', '') !== '') { - return $this->error($this->l10n->t('Password reset is disabled')); - } - if ($this->encryptionManager->isEnabled() && !$proceed) { $encryptionModules = $this->encryptionManager->getEncryptionModules(); foreach ($encryptionModules as $module) { |