diff options
| author | provokateurin <kate@provokateurin.de> | 2024-02-20 09:32:33 +0100 |
|---|---|---|
| committer | provokateurin <kate@provokateurin.de> | 2024-02-20 14:28:00 +0100 |
| commit | 6243a9471d6db3a5d8f13395a89575d4038e266e (patch) | |
| tree | 5fb04f81ac740911f4007afbaf4cd78545647f7b /core/Controller | |
| parent | d95e500e45a3c41af92482e04d16c54c2581e467 (diff) | |
| download | nextcloud-server-6243a9471d6db3a5d8f13395a89575d4038e266e.tar.gz nextcloud-server-6243a9471d6db3a5d8f13395a89575d4038e266e.zip | |
feat(core): Add OCS endpoint for confirming the user password
Signed-off-by: provokateurin <kate@provokateurin.de>
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/AppPasswordController.php | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/core/Controller/AppPasswordController.php b/core/Controller/AppPasswordController.php index a4b7791997a..2575729fe85 100644 --- a/core/Controller/AppPasswordController.php +++ b/core/Controller/AppPasswordController.php @@ -31,7 +31,9 @@ namespace OC\Core\Controller; use OC\Authentication\Events\AppPasswordCreatedEvent; use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; +use OC\User\Session; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\Authentication\Exceptions\CredentialsUnavailableException; @@ -41,6 +43,8 @@ use OCP\Authentication\LoginCredentials\IStore; use OCP\EventDispatcher\IEventDispatcher; use OCP\IRequest; use OCP\ISession; +use OCP\IUserManager; +use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ISecureRandom; class AppPasswordController extends \OCP\AppFramework\OCSController { @@ -52,6 +56,9 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { private IProvider $tokenProvider, private IStore $credentialStore, private IEventDispatcher $eventDispatcher, + private Session $userSession, + private IUserManager $userManager, + private IThrottler $throttler, ) { parent::__construct($appName, $request); } @@ -165,4 +172,33 @@ class AppPasswordController extends \OCP\AppFramework\OCSController { 'apppassword' => $newToken, ]); } + + /** + * Confirm the user password + * + * @NoAdminRequired + * @BruteForceProtection(action=sudo) + * + * @param string $password The password of the user + * + * @return DataResponse<Http::STATUS_OK, array{lastLogin: int}, array{}>|DataResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}> + * + * 200: Password confirmation succeeded + * 403: Password confirmation failed + */ + #[UseSession] + public function confirmUserPassword(string $password): DataResponse { + $loginName = $this->userSession->getLoginName(); + $loginResult = $this->userManager->checkPassword($loginName, $password); + if ($loginResult === false) { + $response = new DataResponse([], Http::STATUS_FORBIDDEN); + $response->throttle(['loginName' => $loginName]); + return $response; + } + + $confirmTimestamp = time(); + $this->session->set('last-password-confirm', $confirmTimestamp); + $this->throttler->resetDelay($this->request->getRemoteAddress(), 'sudo', ['loginName' => $loginName]); + return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK); + } } |