summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorVictor Dubiniuk <victor.dubiniuk@gmail.com>2014-03-25 01:38:11 +0300
committerMorris Jobke <hey@morrisjobke.de>2014-06-13 15:34:51 +0200
commit23ed038a27901b947b75413b966d4beab21cd2bc (patch)
tree03d7522cc0f943160a35f07dc860de741dcd5d0b /core
parentc09f5680c98d66d6e5a0fe793561194ecafed3ea (diff)
downloadnextcloud-server-23ed038a27901b947b75413b966d4beab21cd2bc.tar.gz
nextcloud-server-23ed038a27901b947b75413b966d4beab21cd2bc.zip
Basics
Diffstat (limited to 'core')
-rw-r--r--core/js/lostpassword.js134
-rw-r--r--core/lostpassword/ajaxcontroller.php45
-rw-r--r--core/lostpassword/controller.php62
-rw-r--r--core/lostpassword/encrypteddataexception.php14
-rw-r--r--core/lostpassword/templates/lostpassword.php2
-rw-r--r--core/routes.php13
-rw-r--r--core/templates/login.php6
7 files changed, 228 insertions, 48 deletions
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
new file mode 100644
index 00000000000..00dfe71be67
--- /dev/null
+++ b/core/js/lostpassword.js
@@ -0,0 +1,134 @@
+
+OC.Lostpassword = {
+ sendErrorMsg : t('core', 'Couldn’t send reset email. Please contact your administrator.'),
+
+ sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'),
+
+ encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?")
+ + ('<br /><input type="checkbox" id="encrypted-continue" value="Yes" />')
+ + '<label for="encrypted-continue">'
+ + t('core', 'I know what I\'m doing')
+ + '</label><br />'
+ + '<a id="lost-password-encryption" href>'
+ + t('core', 'Reset password')
+ + '</a>',
+
+ resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
+
+ init : function() {
+ if ($('#lost-password-encryption').length){
+ $('#lost-password-encryption').click(OC.Lostpassword.sendLink);
+ } else {
+ $('#lost-password').click(OC.Lostpassword.sendLink);
+ }
+ $('#reset-password #submit').click(OC.Lostpassword.resetPassword);
+ },
+
+ sendLink : function(event){
+ event.preventDefault();
+ if (!$('#user').val().length){
+ $('#submit').trigger('click');
+ } else {
+ $.post(
+ OC.filePath('core', 'ajax', 'password/lost'),
+ {
+ user : $('#user').val(),
+ proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
+ },
+ OC.Lostpassword.sendLinkDone
+ );
+ }
+ },
+
+ sendLinkDone : function(result){
+ if (result && result.status === 'success'){
+ OC.Lostpassword.sendLinkSuccess();
+ } else {
+ if (result && result.msg){
+ var sendErrorMsg = result.msg;
+ } else if (result && result.encryption) {
+ var sendErrorMsg = OC.Lostpassword.encryptedMsg;
+ } else {
+ var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
+ }
+ OC.Lostpassword.sendLinkError(sendErrorMsg);
+ }
+ },
+
+ sendLinkSuccess : function(msg){
+ var node = OC.Lostpassword.getSendStatusNode();
+ node.addClass('success').css({width:'auto'});
+ node.html(OC.Lostpassword.sendSuccessMsg);
+ },
+
+ sendLinkError : function(msg){
+ var node = OC.Lostpassword.getSendStatusNode();
+ node.addClass('warning');
+ node.html(msg);
+ OC.Lostpassword.init();
+ },
+
+ getSendStatusNode : function(){
+ if (!$('#lost-password').length){
+ $('<p id="lost-password"></p>').insertBefore($('#remember_login'));
+ } else {
+ $('#lost-password').replaceWith($('<p id="lost-password"></p>'));
+ }
+ return $('#lost-password');
+ },
+
+ resetPassword : function(event){
+ event.preventDefault();
+ if ($('#password').val()){
+ $.post(
+ $('#password').parents('form').attr('action'),
+ {
+ password : $('#password').val()
+ },
+ OC.Lostpassword.resetDone
+ );
+ }
+ },
+
+ resetDone : function(result){
+ if (result && result.status === 'success'){
+ $.post(
+ OC.webroot + '/',
+ {
+ user : window.location.href.split('/').pop(),
+ password : $('#password').val()
+ },
+ OC.Lostpassword.redirect
+ );
+ } else {
+ if (result && result.msg){
+ var resetErrorMsg = result.msg;
+ } else {
+ var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
+ }
+ OC.Lostpassword.resetError(resetErrorMsg);
+ }
+ },
+
+ redirect : function(msg){
+ window.location = OC.webroot;
+ },
+
+ resetError : function(msg){
+ var node = OC.Lostpassword.getResetStatusNode();
+ node.addClass('warning');
+ node.html(msg);
+ },
+
+ getResetStatusNode : function (){
+ if (!$('#lost-password').length){
+ $('<p id="lost-password"></p>').insertAfter($('#submit'));
+ } else {
+ $('#lost-password').replaceWith($('<p id="lost-password"></p>'));
+ }
+ return $('#lost-password');
+ }
+
+};
+
+$(document).ready(OC.Lostpassword.init);
diff --git a/core/lostpassword/ajaxcontroller.php b/core/lostpassword/ajaxcontroller.php
new file mode 100644
index 00000000000..3722681308b
--- /dev/null
+++ b/core/lostpassword/ajaxcontroller.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * @author Victor Dubiniuk
+ * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\LostPassword;
+
+class AjaxController {
+ public static function lost() {
+ \OCP\JSON::callCheck();
+
+ try {
+ Controller::sendEmail(@$_POST['user'], @$_POST['proceed']);
+ \OCP\JSON::success();
+ } catch (EncryptedDataException $e){
+ \OCP\JSON::error(
+ array('encryption' => '1')
+ );
+ } catch (\Exception $e){
+ \OCP\JSON::error(
+ array('msg'=> $e->getMessage())
+ );
+ }
+
+ exit();
+ }
+
+ public static function resetPassword($args) {
+ \OCP\JSON::callCheck();
+ try {
+ Controller::resetPassword($args);
+ \OCP\JSON::success();
+ } catch (Exception $e){
+ \OCP\JSON::error(
+ array('msg'=> $e->getMessage())
+ );
+ }
+ exit();
+ }
+}
diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php
index c858696885b..0c6ada4edce 100644
--- a/core/lostpassword/controller.php
+++ b/core/lostpassword/controller.php
@@ -36,47 +36,37 @@ class Controller {
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
}
- public static function index($args) {
- self::displayLostPasswordPage(false, false);
- }
-
- public static function sendEmail($args) {
-
+ public static function sendEmail($user, $proceed) {
+ $l = \OC_L10N::get('core');
$isEncrypted = \OC_App::isEnabled('files_encryption');
- if(!$isEncrypted || isset($_POST['continue'])) {
- $continue = true;
- } else {
- $continue = false;
+ if ($isEncrypted && $proceed !== 'Yes'){
+ throw new EncryptedDataException();
}
- if (\OC_User::userExists($_POST['user']) && $continue) {
- $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
- \OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
- hash('sha256', $token)); // Hash the token again to prevent timing attacks
- $email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
- if (!empty($email)) {
- $link = \OC_Helper::linkToRoute('core_lostpassword_reset',
- array('user' => $_POST['user'], 'token' => $token));
- $link = \OC_Helper::makeURLAbsolute($link);
+ if (!\OC_User::userExists($user)) {
+ throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
+ }
+ $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
+ \OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
+ hash('sha256', $token)); // Hash the token again to prevent timing attacks
+ $email = \OC_Preferences::getValue($user, 'settings', 'email', '');
+ if (empty($email)) {
+ throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
+ }
+ $link = \OC_Helper::linkToRoute('core_lostpassword_reset',
+ array('user' => $user, 'token' => $token));
+ $link = \OC_Helper::makeURLAbsolute($link);
- $tmpl = new \OC_Template('core/lostpassword', 'email');
- $tmpl->assign('link', $link, false);
- $msg = $tmpl->fetchPage();
- $l = \OC_L10N::get('core');
- $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
- try {
- $defaults = new \OC_Defaults();
- \OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
- } catch (Exception $e) {
- \OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') );
- }
- self::displayLostPasswordPage(false, true);
- } else {
- self::displayLostPasswordPage(true, false);
- }
- } else {
- self::displayLostPasswordPage(true, false);
+ $tmpl = new \OC_Template('core/lostpassword', 'email');
+ $tmpl->assign('link', $link, false);
+ $msg = $tmpl->fetchPage();
+ $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
+ try {
+ $defaults = new \OC_Defaults();
+ \OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
+ } catch (\Exception $e) {
+ throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
}
}
diff --git a/core/lostpassword/encrypteddataexception.php b/core/lostpassword/encrypteddataexception.php
new file mode 100644
index 00000000000..99d19445b6c
--- /dev/null
+++ b/core/lostpassword/encrypteddataexception.php
@@ -0,0 +1,14 @@
+<?php
+/**
+ * @author Victor Dubiniuk
+ * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\LostPassword;
+
+class EncryptedDataException extends \Exception{
+}
diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php
index fdfa32344ec..0c2c72b40ce 100644
--- a/core/lostpassword/templates/lostpassword.php
+++ b/core/lostpassword/templates/lostpassword.php
@@ -8,7 +8,7 @@ OCP\Util::addStyle('lostpassword', 'lostpassword');
?>
</p></div>
<?php else: ?>
- <form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
+ <form action="<?php //print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
<fieldset>
<?php if ($_['error']): ?>
<div class="error"><p>
diff --git a/core/routes.php b/core/routes.php
index 5368fd45645..fbbbdee81f0 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -70,18 +70,15 @@ $this->create('core_ajax_preview', '/core/preview')
->actionInclude('core/ajax/preview.php');
$this->create('core_ajax_preview', '/core/preview.png')
->actionInclude('core/ajax/preview.php');
-$this->create('core_lostpassword_index', '/lostpassword/')
- ->get()
- ->action('OC\Core\LostPassword\Controller', 'index');
-$this->create('core_lostpassword_send_email', '/lostpassword/')
+$this->create('core_ajax_password_lost', '/core/ajax/password/lost')
+ ->post()
+ ->action('OC\Core\Lostpassword\AjaxController', 'lost');
+$this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}')
->post()
- ->action('OC\Core\LostPassword\Controller', 'sendEmail');
+ ->action('OC\Core\LostPassword\AjaxController', 'resetPassword');
$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
->get()
->action('OC\Core\LostPassword\Controller', 'reset');
-$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}')
- ->post()
- ->action('OC\Core\LostPassword\Controller', 'resetPassword');
// Avatar routes
$this->create('core_avatar_get_tmp', '/avatar/tmp')
diff --git a/core/templates/login.php b/core/templates/login.php
index 6af3d769690..951ba3b4f6b 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -46,8 +46,8 @@
</p>
<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
- <a class="warning" href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>">
- <?php p($l->t('Lost your password?')); ?>
+ <a id="lost-password" class="warning" href="">
+ <?php p($l->t('Forgot your password? Reset it!')); ?>
</a>
<?php endif; ?>
<?php if ($_['rememberLoginAllowed'] === true) : ?>
@@ -74,4 +74,4 @@
<?php
OCP\Util::addscript('core', 'visitortimezone');
-
+OCP\Util::addScript('core', 'lostpassword');