diff options
author | Victor Dubiniuk <victor.dubiniuk@gmail.com> | 2014-03-25 01:38:11 +0300 |
---|---|---|
committer | Morris Jobke <hey@morrisjobke.de> | 2014-06-13 15:34:51 +0200 |
commit | 23ed038a27901b947b75413b966d4beab21cd2bc (patch) | |
tree | 03d7522cc0f943160a35f07dc860de741dcd5d0b /core | |
parent | c09f5680c98d66d6e5a0fe793561194ecafed3ea (diff) | |
download | nextcloud-server-23ed038a27901b947b75413b966d4beab21cd2bc.tar.gz nextcloud-server-23ed038a27901b947b75413b966d4beab21cd2bc.zip |
Basics
Diffstat (limited to 'core')
-rw-r--r-- | core/js/lostpassword.js | 134 | ||||
-rw-r--r-- | core/lostpassword/ajaxcontroller.php | 45 | ||||
-rw-r--r-- | core/lostpassword/controller.php | 62 | ||||
-rw-r--r-- | core/lostpassword/encrypteddataexception.php | 14 | ||||
-rw-r--r-- | core/lostpassword/templates/lostpassword.php | 2 | ||||
-rw-r--r-- | core/routes.php | 13 | ||||
-rw-r--r-- | core/templates/login.php | 6 |
7 files changed, 228 insertions, 48 deletions
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js new file mode 100644 index 00000000000..00dfe71be67 --- /dev/null +++ b/core/js/lostpassword.js @@ -0,0 +1,134 @@ + +OC.Lostpassword = { + sendErrorMsg : t('core', 'Couldn’t send reset email. Please contact your administrator.'), + + sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'), + + encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?") + + ('<br /><input type="checkbox" id="encrypted-continue" value="Yes" />') + + '<label for="encrypted-continue">' + + t('core', 'I know what I\'m doing') + + '</label><br />' + + '<a id="lost-password-encryption" href>' + + t('core', 'Reset password') + + '</a>', + + resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'), + + init : function() { + if ($('#lost-password-encryption').length){ + $('#lost-password-encryption').click(OC.Lostpassword.sendLink); + } else { + $('#lost-password').click(OC.Lostpassword.sendLink); + } + $('#reset-password #submit').click(OC.Lostpassword.resetPassword); + }, + + sendLink : function(event){ + event.preventDefault(); + if (!$('#user').val().length){ + $('#submit').trigger('click'); + } else { + $.post( + OC.filePath('core', 'ajax', 'password/lost'), + { + user : $('#user').val(), + proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No' + }, + OC.Lostpassword.sendLinkDone + ); + } + }, + + sendLinkDone : function(result){ + if (result && result.status === 'success'){ + OC.Lostpassword.sendLinkSuccess(); + } else { + if (result && result.msg){ + var sendErrorMsg = result.msg; + } else if (result && result.encryption) { + var sendErrorMsg = OC.Lostpassword.encryptedMsg; + } else { + var sendErrorMsg = OC.Lostpassword.sendErrorMsg; + } + OC.Lostpassword.sendLinkError(sendErrorMsg); + } + }, + + sendLinkSuccess : function(msg){ + var node = OC.Lostpassword.getSendStatusNode(); + node.addClass('success').css({width:'auto'}); + node.html(OC.Lostpassword.sendSuccessMsg); + }, + + sendLinkError : function(msg){ + var node = OC.Lostpassword.getSendStatusNode(); + node.addClass('warning'); + node.html(msg); + OC.Lostpassword.init(); + }, + + getSendStatusNode : function(){ + if (!$('#lost-password').length){ + $('<p id="lost-password"></p>').insertBefore($('#remember_login')); + } else { + $('#lost-password').replaceWith($('<p id="lost-password"></p>')); + } + return $('#lost-password'); + }, + + resetPassword : function(event){ + event.preventDefault(); + if ($('#password').val()){ + $.post( + $('#password').parents('form').attr('action'), + { + password : $('#password').val() + }, + OC.Lostpassword.resetDone + ); + } + }, + + resetDone : function(result){ + if (result && result.status === 'success'){ + $.post( + OC.webroot + '/', + { + user : window.location.href.split('/').pop(), + password : $('#password').val() + }, + OC.Lostpassword.redirect + ); + } else { + if (result && result.msg){ + var resetErrorMsg = result.msg; + } else { + var resetErrorMsg = OC.Lostpassword.resetErrorMsg; + } + OC.Lostpassword.resetError(resetErrorMsg); + } + }, + + redirect : function(msg){ + window.location = OC.webroot; + }, + + resetError : function(msg){ + var node = OC.Lostpassword.getResetStatusNode(); + node.addClass('warning'); + node.html(msg); + }, + + getResetStatusNode : function (){ + if (!$('#lost-password').length){ + $('<p id="lost-password"></p>').insertAfter($('#submit')); + } else { + $('#lost-password').replaceWith($('<p id="lost-password"></p>')); + } + return $('#lost-password'); + } + +}; + +$(document).ready(OC.Lostpassword.init); diff --git a/core/lostpassword/ajaxcontroller.php b/core/lostpassword/ajaxcontroller.php new file mode 100644 index 00000000000..3722681308b --- /dev/null +++ b/core/lostpassword/ajaxcontroller.php @@ -0,0 +1,45 @@ +<?php +/** + * @author Victor Dubiniuk + * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com + * + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Core\LostPassword; + +class AjaxController { + public static function lost() { + \OCP\JSON::callCheck(); + + try { + Controller::sendEmail(@$_POST['user'], @$_POST['proceed']); + \OCP\JSON::success(); + } catch (EncryptedDataException $e){ + \OCP\JSON::error( + array('encryption' => '1') + ); + } catch (\Exception $e){ + \OCP\JSON::error( + array('msg'=> $e->getMessage()) + ); + } + + exit(); + } + + public static function resetPassword($args) { + \OCP\JSON::callCheck(); + try { + Controller::resetPassword($args); + \OCP\JSON::success(); + } catch (Exception $e){ + \OCP\JSON::error( + array('msg'=> $e->getMessage()) + ); + } + exit(); + } +} diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php index c858696885b..0c6ada4edce 100644 --- a/core/lostpassword/controller.php +++ b/core/lostpassword/controller.php @@ -36,47 +36,37 @@ class Controller { return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token); } - public static function index($args) { - self::displayLostPasswordPage(false, false); - } - - public static function sendEmail($args) { - + public static function sendEmail($user, $proceed) { + $l = \OC_L10N::get('core'); $isEncrypted = \OC_App::isEnabled('files_encryption'); - if(!$isEncrypted || isset($_POST['continue'])) { - $continue = true; - } else { - $continue = false; + if ($isEncrypted && $proceed !== 'Yes'){ + throw new EncryptedDataException(); } - if (\OC_User::userExists($_POST['user']) && $continue) { - $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', '')); - \OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', - hash('sha256', $token)); // Hash the token again to prevent timing attacks - $email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); - if (!empty($email)) { - $link = \OC_Helper::linkToRoute('core_lostpassword_reset', - array('user' => $_POST['user'], 'token' => $token)); - $link = \OC_Helper::makeURLAbsolute($link); + if (!\OC_User::userExists($user)) { + throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.')); + } + $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', '')); + \OC_Preferences::setValue($user, 'owncloud', 'lostpassword', + hash('sha256', $token)); // Hash the token again to prevent timing attacks + $email = \OC_Preferences::getValue($user, 'settings', 'email', ''); + if (empty($email)) { + throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.')); + } + $link = \OC_Helper::linkToRoute('core_lostpassword_reset', + array('user' => $user, 'token' => $token)); + $link = \OC_Helper::makeURLAbsolute($link); - $tmpl = new \OC_Template('core/lostpassword', 'email'); - $tmpl->assign('link', $link, false); - $msg = $tmpl->fetchPage(); - $l = \OC_L10N::get('core'); - $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply'); - try { - $defaults = new \OC_Defaults(); - \OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName()); - } catch (Exception $e) { - \OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') ); - } - self::displayLostPasswordPage(false, true); - } else { - self::displayLostPasswordPage(true, false); - } - } else { - self::displayLostPasswordPage(true, false); + $tmpl = new \OC_Template('core/lostpassword', 'email'); + $tmpl->assign('link', $link, false); + $msg = $tmpl->fetchPage(); + $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply'); + try { + $defaults = new \OC_Defaults(); + \OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName()); + } catch (\Exception $e) { + throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.')); } } diff --git a/core/lostpassword/encrypteddataexception.php b/core/lostpassword/encrypteddataexception.php new file mode 100644 index 00000000000..99d19445b6c --- /dev/null +++ b/core/lostpassword/encrypteddataexception.php @@ -0,0 +1,14 @@ +<?php +/** + * @author Victor Dubiniuk + * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com + * + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Core\LostPassword; + +class EncryptedDataException extends \Exception{ +} diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php index fdfa32344ec..0c2c72b40ce 100644 --- a/core/lostpassword/templates/lostpassword.php +++ b/core/lostpassword/templates/lostpassword.php @@ -8,7 +8,7 @@ OCP\Util::addStyle('lostpassword', 'lostpassword'); ?> </p></div> <?php else: ?> - <form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post"> + <form action="<?php //print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post"> <fieldset> <?php if ($_['error']): ?> <div class="error"><p> diff --git a/core/routes.php b/core/routes.php index 5368fd45645..fbbbdee81f0 100644 --- a/core/routes.php +++ b/core/routes.php @@ -70,18 +70,15 @@ $this->create('core_ajax_preview', '/core/preview') ->actionInclude('core/ajax/preview.php'); $this->create('core_ajax_preview', '/core/preview.png') ->actionInclude('core/ajax/preview.php'); -$this->create('core_lostpassword_index', '/lostpassword/') - ->get() - ->action('OC\Core\LostPassword\Controller', 'index'); -$this->create('core_lostpassword_send_email', '/lostpassword/') +$this->create('core_ajax_password_lost', '/core/ajax/password/lost') + ->post() + ->action('OC\Core\Lostpassword\AjaxController', 'lost'); +$this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}') ->post() - ->action('OC\Core\LostPassword\Controller', 'sendEmail'); + ->action('OC\Core\LostPassword\AjaxController', 'resetPassword'); $this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}') ->get() ->action('OC\Core\LostPassword\Controller', 'reset'); -$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}') - ->post() - ->action('OC\Core\LostPassword\Controller', 'resetPassword'); // Avatar routes $this->create('core_avatar_get_tmp', '/avatar/tmp') diff --git a/core/templates/login.php b/core/templates/login.php index 6af3d769690..951ba3b4f6b 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -46,8 +46,8 @@ </p> <?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?> - <a class="warning" href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>"> - <?php p($l->t('Lost your password?')); ?> + <a id="lost-password" class="warning" href=""> + <?php p($l->t('Forgot your password? Reset it!')); ?> </a> <?php endif; ?> <?php if ($_['rememberLoginAllowed'] === true) : ?> @@ -74,4 +74,4 @@ <?php OCP\Util::addscript('core', 'visitortimezone'); - +OCP\Util::addScript('core', 'lostpassword'); |