Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions

Password confirmation for some actions

5 files changed, 18 insertions, 3 deletions

diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 2a4b30dbd76..57192e119a9 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -111,7 +111,9 @@ class AuthSettingsController extends Controller {
 	/**
 	 * @NoAdminRequired
 	 * @NoSubadminRequired
+	 * @PasswordConfirmationRequired
 	 *
+	 * @param string $name
 	 * @return JSONResponse
 	 */
 	public function create($name) {
@@ -138,11 +140,11 @@ class AuthSettingsController extends Controller {
 		$tokenData = $deviceToken->jsonSerialize();
 		$tokenData['canDelete'] = true;
 
-		return [
+		return new JSONResponse([
 			'token' => $token,
 			'loginName' => $loginName,
-			'deviceToken' => $tokenData
-		];
+			'deviceToken' => $tokenData,
+		]);
 	}
 
 	private function getServiceNotAvailableResponse() {
diff --git a/settings/Controller/ChangePasswordController.php b/settings/Controller/ChangePasswordController.php
index e43d0d8f343..832cdbefdbe 100644
--- a/settings/Controller/ChangePasswordController.php
+++ b/settings/Controller/ChangePasswordController.php
@@ -131,6 +131,7 @@ class ChangePasswordController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * @param string $username
 	 * @param string $password
diff --git a/settings/Controller/GroupsController.php b/settings/Controller/GroupsController.php
index feed45b118e..8985a76ec95 100644
--- a/settings/Controller/GroupsController.php
+++ b/settings/Controller/GroupsController.php
@@ -95,6 +95,7 @@ class GroupsController extends Controller {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @param string $id
 	 * @return DataResponse
 	 */
@@ -128,6 +129,7 @@ class GroupsController extends Controller {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @param string $id
 	 * @return DataResponse
 	 */
diff --git a/settings/Controller/MailSettingsController.php b/settings/Controller/MailSettingsController.php
index 84423aa8e29..108ac3f393a 100644
--- a/settings/Controller/MailSettingsController.php
+++ b/settings/Controller/MailSettingsController.php
@@ -73,6 +73,9 @@ class MailSettingsController extends Controller {
 
 	/**
 	 * Sets the email settings
+	 *
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param string $mail_domain
 	 * @param string $mail_from_address
 	 * @param string $mail_smtpmode
@@ -116,6 +119,9 @@ class MailSettingsController extends Controller {
 
 	/**
 	 * Store the credentials used for SMTP in the config
+	 *
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param string $mail_smtpname
 	 * @param string $mail_smtppassword
 	 * @return array
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php
index fde29de3598..89831a66aba 100644
--- a/settings/Controller/UsersController.php
+++ b/settings/Controller/UsersController.php
@@ -301,6 +301,7 @@ class UsersController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * @param string $username
 	 * @param string $password
@@ -433,6 +434,7 @@ class UsersController extends Controller {
 
 	/**
 	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * @param string $id
 	 * @return DataResponse
@@ -495,6 +497,7 @@ class UsersController extends Controller {
 	 *
 	 * @NoAdminRequired
 	 * @NoSubadminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * @param string $id
 	 * @param string $mailAddress
@@ -615,6 +618,7 @@ class UsersController extends Controller {
 	 *
 	 * @NoAdminRequired
 	 * @NoSubadminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * @param string $username
 	 * @param string $displayName