diff options
| author | Bart Visscher <bartv@thisnet.nl> | 2012-10-27 11:58:02 +0200 |
|---|---|---|
| committer | Bart Visscher <bartv@thisnet.nl> | 2012-10-27 11:58:02 +0200 |
| commit | 0120f3fd629e772d9a7493e5289c1d6708ba92d5 (patch) | |
| tree | dbee6eba6d11afe887a6235375119b7a6bd71b69 /core | |
| parent | 74665faec533430be37879bfc0ef24aa7f211f6e (diff) | |
| parent | beaaf5425dc2dfb7456efa934fa8eb91ac28c677 (diff) | |
| download | nextcloud-server-0120f3fd629e772d9a7493e5289c1d6708ba92d5.tar.gz nextcloud-server-0120f3fd629e772d9a7493e5289c1d6708ba92d5.zip | |
Merge branch 'routing'
Conflicts:
core/lostpassword/index.php
core/lostpassword/resetpassword.php
Diffstat (limited to 'core')
| -rw-r--r-- | core/ajax/appconfig.php | 1 | ||||
| -rw-r--r-- | core/ajax/requesttoken.php | 1 | ||||
| -rw-r--r-- | core/ajax/share.php | 1 | ||||
| -rw-r--r-- | core/ajax/translations.php | 3 | ||||
| -rw-r--r-- | core/ajax/vcategories/add.php | 1 | ||||
| -rw-r--r-- | core/ajax/vcategories/delete.php | 1 | ||||
| -rw-r--r-- | core/ajax/vcategories/edit.php | 1 | ||||
| -rw-r--r-- | core/js/js.js | 11 | ||||
| -rw-r--r-- | core/js/router.js | 73 | ||||
| -rw-r--r-- | core/lostpassword/controller.php | 83 | ||||
| -rw-r--r-- | core/lostpassword/index.php | 35 | ||||
| -rw-r--r-- | core/lostpassword/resetpassword.php | 27 | ||||
| -rw-r--r-- | core/lostpassword/templates/lostpassword.php | 6 | ||||
| -rw-r--r-- | core/lostpassword/templates/resetpassword.php | 4 | ||||
| -rw-r--r-- | core/routes.php | 60 |
15 files changed, 229 insertions, 79 deletions
diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php index 1b43afa74fb..4f26dedc797 100644 --- a/core/ajax/appconfig.php +++ b/core/ajax/appconfig.php @@ -5,7 +5,6 @@ * See the COPYING-README file. */ -require_once "../../lib/base.php"; OC_Util::checkAdminUser(); OCP\JSON::callCheck(); diff --git a/core/ajax/requesttoken.php b/core/ajax/requesttoken.php index 705330b2c3e..9d43a722852 100644 --- a/core/ajax/requesttoken.php +++ b/core/ajax/requesttoken.php @@ -26,7 +26,6 @@ * @return json: success/error state indicator including a fresh request token * @author Christian Reiner */ -require_once '../../lib/base.php'; // don't load apps or filesystem for this task $RUNTIME_NOAPPS = true; diff --git a/core/ajax/share.php b/core/ajax/share.php index 84e84be5acb..0fa162fb371 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -18,7 +18,6 @@ * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. */ -require_once '../../lib/base.php'; OC_JSON::checkLoggedIn(); OCP\JSON::callCheck(); diff --git a/core/ajax/translations.php b/core/ajax/translations.php index 75679da2c04..e22cbad4708 100644 --- a/core/ajax/translations.php +++ b/core/ajax/translations.php @@ -21,9 +21,6 @@ * */ -// Init owncloud -require_once '../../lib/base.php'; - $app = $_POST["app"]; $l = OC_L10N::get( $app ); diff --git a/core/ajax/vcategories/add.php b/core/ajax/vcategories/add.php index 81fa06dbf19..8d31275dbfb 100644 --- a/core/ajax/vcategories/add.php +++ b/core/ajax/vcategories/add.php @@ -14,7 +14,6 @@ function debug($msg) { OC_Log::write('core', 'ajax/vcategories/add.php: '.$msg, OC_Log::DEBUG); } -require_once '../../../lib/base.php'; OC_JSON::checkLoggedIn(); $category = isset($_GET['category'])?strip_tags($_GET['category']):null; $app = isset($_GET['app'])?$_GET['app']:null; diff --git a/core/ajax/vcategories/delete.php b/core/ajax/vcategories/delete.php index cd46a25b79d..74b0220870c 100644 --- a/core/ajax/vcategories/delete.php +++ b/core/ajax/vcategories/delete.php @@ -15,7 +15,6 @@ function debug($msg) { OC_Log::write('core', 'ajax/vcategories/delete.php: '.$msg, OC_Log::DEBUG); } -require_once '../../../lib/base.php'; OC_JSON::checkLoggedIn(); $app = isset($_POST['app'])?$_POST['app']:null; $categories = isset($_POST['categories'])?$_POST['categories']:null; diff --git a/core/ajax/vcategories/edit.php b/core/ajax/vcategories/edit.php index a0e67841c55..caeebcaa940 100644 --- a/core/ajax/vcategories/edit.php +++ b/core/ajax/vcategories/edit.php @@ -15,7 +15,6 @@ function debug($msg) { OC_Log::write('core', 'ajax/vcategories/edit.php: '.$msg, OC_Log::DEBUG); } -require_once '../../../lib/base.php'; OC_JSON::checkLoggedIn(); $app = isset($_GET['app'])?$_GET['app']:null; diff --git a/core/js/js.js b/core/js/js.js index c5e32f3c278..130d413296e 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -95,9 +95,9 @@ var OC={ var isCore=OC.coreApps.indexOf(app)!==-1, link=OC.webroot; if((file.substring(file.length-3) === 'php' || file.substring(file.length-3) === 'css') && !isCore){ - link+='/?app=' + app; + link+='/index.php/apps/' + app; if (file != 'index.php') { - link+='&getfile='; + link+='/'; if(type){ link+=encodeURI(type + '/'); } @@ -113,7 +113,12 @@ var OC={ } link+=file; }else{ - link+='/'; + if ((app == 'settings' || app == 'core') && type == 'ajax') { + link+='/index.php/'; + } + else { + link+='/'; + } if(!isCore){ link+='apps/'; } diff --git a/core/js/router.js b/core/js/router.js new file mode 100644 index 00000000000..8b66f5a05c5 --- /dev/null +++ b/core/js/router.js @@ -0,0 +1,73 @@ +OC.router_base_url = OC.webroot + '/index.php/', +OC.Router = { + routes_request: $.ajax(OC.router_base_url + 'core/routes.json', { + dataType: 'json', + success: function(jsondata) { + if (jsondata.status == 'success') { + OC.Router.routes = jsondata.data; + } + } + }), + generate:function(name, opt_params) { + if (!('routes' in this)) { + if(this.routes_request.state() != 'resolved') { + alert('wait');// wait + } + } + if (!(name in this.routes)) { + throw new Error('The route "' + name + '" does not exist.'); + } + var route = this.routes[name]; + var params = opt_params || {}; + var unusedParams = $.extend(true, {}, params); + var url = ''; + var optional = true; + $(route.tokens).each(function(i, token) { + if ('text' === token[0]) { + url = token[1] + url; + optional = false; + + return; + } + + if ('variable' === token[0]) { + if (false === optional || !(token[3] in route.defaults) + || ((token[3] in params) && params[token[3]] != route.defaults[token[3]])) { + var value; + if (token[3] in params) { + value = params[token[3]]; + delete unusedParams[token[3]]; + } else if (token[3] in route.defaults) { + value = route.defaults[token[3]]; + } else if (optional) { + return; + } else { + throw new Error('The route "' + name + '" requires the parameter "' + token[3] + '".'); + } + + var empty = true === value || false === value || '' === value; + + if (!empty || !optional) { + url = token[1] + encodeURIComponent(value).replace(/%2F/g, '/') + url; + } + + optional = false; + } + + return; + } + + throw new Error('The token type "' + token[0] + '" is not supported.'); + }); + if (url === '') { + url = '/'; + } + + unusedParams = $.param(unusedParams); + if (unusedParams.length > 0) { + url += '?'+unusedParams; + } + + return OC.router_base_url + url; + } +}; diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php new file mode 100644 index 00000000000..e616fe7dff8 --- /dev/null +++ b/core/lostpassword/controller.php @@ -0,0 +1,83 @@ +<?php +/** + * Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +class OC_Core_LostPassword_Controller { + protected static function displayLostPasswordPage($error, $requested) { + OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => $error, 'requested' => $requested)); + } + + protected static function displayResetPasswordPage($success, $args) { + $route_args = array(); + $route_args['token'] = $args['token']; + $route_args['user'] = $args['user']; + OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => $success, 'args' => $route_args)); + } + + protected static function checkToken($user, $token) { + return OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token); + } + + public static function index($args) { + self::displayLostPasswordPage(false, false); + } + + public static function sendEmail($args) { + if (OC_User::userExists($_POST['user'])) { + $token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', '')); + OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks + $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); + if (!empty($email)) { + $link = OC_Helper::linkToRoute('core_lostpassword_reset', array('user' => $_POST['user'], 'token' => $token)); + $link = OC_Helper::makeURLAbsolute($link); + + $tmpl = new OC_Template('core/lostpassword', 'email'); + $tmpl->assign('link', $link, false); + $msg = $tmpl->fetchPage(); + $l = OC_L10N::get('core'); + $from = 'lostpassword-noreply@' . OCP\Util::getServerHost(); + OC_Mail::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud'); + echo('Mailsent'); + + self::displayLostPasswordPage(false, true); + } else { + self::displayLostPasswordPage(true, false); + } + } else { + self::displayLostPasswordPage(true, false); + } + } + + public static function reset($args) { + // Someone wants to reset their password: + if(self::checkToken($args['user'], $args['token'])) { + self::displayResetPasswordPage(false, $args); + } else { + // Someone lost their password + self::displayLostPasswordPage(false, false); + } + } + + public static function resetPassword($args) { + if (self::checkToken($args['user'], $args['token'])) { + if (isset($_POST['password'])) { + if (OC_User::setPassword($args['user'], $_POST['password'])) { + OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword'); + OC_User::unsetMagicInCookie(); + self::displayResetPasswordPage(true, $args); + } else { + self::displayResetPasswordPage(false, $args); + } + } else { + self::reset($args); + } + } else { + // Someone lost their password + self::displayLostPasswordPage(false, false); + } + } +} diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php deleted file mode 100644 index 1da5bce8ea8..00000000000 --- a/core/lostpassword/index.php +++ /dev/null @@ -1,35 +0,0 @@ -<?php -/** - * Copyright (c) 2012 Frank Karlitschek frank@owncloud.org - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. -*/ - -$RUNTIME_NOAPPS = true; //no apps -require_once '../../lib/base.php'; - - -// Someone lost their password: -if (isset($_POST['user'])) { - if (OC_User::userExists($_POST['user'])) { - $token = hash("sha256", OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', '')); - OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash("sha256", $token)); // Hash the token again to prevent timing attacks - $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); - if (!empty($email)) { - $link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php', array('user' => $_POST['user'], 'token' => $token)); - $tmpl = new OC_Template('core/lostpassword', 'email'); - $tmpl->assign('link', $link, false); - $msg = $tmpl->fetchPage(); - $l = OC_L10N::get('core'); - $from = 'lostpassword-noreply@' . OCP\Util::getServerHost(); - OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud'); - echo('sent'); - } - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true)); - } else { - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false)); - } -} else { - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false)); -} diff --git a/core/lostpassword/resetpassword.php b/core/lostpassword/resetpassword.php deleted file mode 100644 index 7cd383921d7..00000000000 --- a/core/lostpassword/resetpassword.php +++ /dev/null @@ -1,27 +0,0 @@ -<?php -/** - * Copyright (c) 2012 Frank Karlitschek frank@owncloud.org - * This file is licensed under the Affero General Public License version 3 or - * later. - * See the COPYING-README file. -*/ - -$RUNTIME_NOAPPS = true; //no apps -require_once '../../lib/base.php'; - -// Someone wants to reset their password: -if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === hash("sha256", $_GET['token'])) { - if (isset($_POST['password'])) { - if (OC_User::setPassword($_GET['user'], $_POST['password'])) { - OC_Preferences::deleteKey($_GET['user'], 'owncloud', 'lostpassword'); - OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => true)); - } else { - OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false)); - } - } else { - OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false)); - } -} else { - // Someone lost their password - OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false)); -} diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php index 4b871963b80..55c070f3e0c 100644 --- a/core/lostpassword/templates/lostpassword.php +++ b/core/lostpassword/templates/lostpassword.php @@ -1,11 +1,11 @@ -<form action="index.php" method="post"> +<form action="<?php echo OC_Helper::linkToRoute('core_lostpassword_send_email') ?>" method="post"> <fieldset> <?php echo $l->t('You will receive a link to reset your password via Email.'); ?> <?php if ($_['requested']): ?> - <?php echo $l->t('Requested'); ?> + <?php echo $l->t('Reset email send.'); ?> <?php else: ?> <?php if ($_['error']): ?> - <?php echo $l->t('Login failed!'); ?> + <?php echo $l->t('Request failed!'); ?> <?php endif; ?> <p class="infield"> <label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label> diff --git a/core/lostpassword/templates/resetpassword.php b/core/lostpassword/templates/resetpassword.php index 56257de7f13..0ab32acca60 100644 --- a/core/lostpassword/templates/resetpassword.php +++ b/core/lostpassword/templates/resetpassword.php @@ -1,8 +1,8 @@ -<form action="<?php echo 'resetpassword.php?'.$_SERVER['QUERY_STRING']; ?>" method="post"> +<form action="<?php echo OC_Helper::linkToRoute('core_lostpassword_reset', $_['args']) ?>" method="post"> <fieldset> <?php if($_['success']): ?> <h1><?php echo $l->t('Your password was reset'); ?></h1> - <p><a href="<?php echo OC::$WEBROOT ?>/"><?php echo $l->t('To login page'); ?></a></p> + <p><a href="<?php echo OC_Helper::linkTo('', 'index.php') ?>/"><?php echo $l->t('To login page'); ?></a></p> <?php else: ?> <p class="infield"> <label for="password" class="infield"><?php echo $l->t( 'New password' ); ?></label> diff --git a/core/routes.php b/core/routes.php new file mode 100644 index 00000000000..7cf27498846 --- /dev/null +++ b/core/routes.php @@ -0,0 +1,60 @@ +<?php +/** + * Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +require_once('settings/routes.php'); + +// Core ajax actions +// AppConfig +$this->create('core_ajax_appconfig', '/core/ajax/appconfig.php') + ->actionInclude('core/ajax/appconfig.php'); +// RequestToken +$this->create('core_ajax_requesttoken', '/core/ajax/requesttoken.php') + ->actionInclude('core/ajax/requesttoken.php'); +// Share +$this->create('core_ajax_share', '/core/ajax/share.php') + ->actionInclude('core/ajax/share.php'); +// Translations +$this->create('core_ajax_translations', '/core/ajax/translations.php') + ->actionInclude('core/ajax/translations.php'); +// VCategories +$this->create('core_ajax_vcategories_add', '/core/ajax/vcategories/add.php') + ->actionInclude('core/ajax/vcategories/add.php'); +$this->create('core_ajax_vcategories_delete', '/core/ajax/vcategories/delete.php') + ->actionInclude('core/ajax/vcategories/delete.php'); +$this->create('core_ajax_vcategories_edit', '/core/ajax/vcategories/edit.php') + ->actionInclude('core/ajax/vcategories/edit.php'); +// Routing +$this->create('core_ajax_routes', '/core/routes.json') + ->action('OC_Router', 'JSRoutes'); + +OC::$CLASSPATH['OC_Core_LostPassword_Controller'] = 'core/lostpassword/controller.php'; +$this->create('core_lostpassword_index', '/lostpassword/') + ->get() + ->action('OC_Core_LostPassword_Controller', 'index'); +$this->create('core_lostpassword_send_email', '/lostpassword/') + ->post() + ->action('OC_Core_LostPassword_Controller', 'sendEmail'); +$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}') + ->get() + ->action('OC_Core_LostPassword_Controller', 'reset'); +$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}') + ->post() + ->action('OC_Core_LostPassword_Controller', 'resetPassword'); + +// Not specifically routed +$this->create('app_css', '/apps/{app}/{file}') + ->requirements(array('file' => '.*.css')) + ->action('OC', 'loadCSSFile'); +$this->create('app_index_script', '/apps/{app}/') + ->defaults(array('file' => 'index.php')) + //->requirements(array('file' => '.*.php')) + ->action('OC', 'loadAppScriptFile'); +$this->create('app_script', '/apps/{app}/{file}') + ->defaults(array('file' => 'index.php')) + ->requirements(array('file' => '.*.php')) + ->action('OC', 'loadAppScriptFile'); |