diff options
Diffstat (limited to 'apps/settings/lib/Controller/ChangePasswordController.php')
| -rw-r--r-- | apps/settings/lib/Controller/ChangePasswordController.php | 93 |
1 files changed, 31 insertions, 62 deletions
diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index af4cf5969c9..a874a47c16a 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -1,33 +1,8 @@ <?php + /** - * @copyright Copyright (c) 2016 Roeland Jago Douma <roeland@famdouma.nl> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Calviño Sánchez <danxuliu@gmail.com> - * @author Daniel Kesselberg <mail@danielkesselberg.de> - * @author Joas Schilling <coding@schilljs.com> - * @author Julius Härtl <jus@bitgrid.net> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Matthew Setter <matthew@matthewsetter.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ // FIXME: disabled for now to be able to inject IGroupManager and also use // getSubAdmin() @@ -37,49 +12,45 @@ namespace OCA\Settings\Controller; use OC\Group\Manager as GroupManager; use OC\User\Session; +use OCA\Encryption\KeyManager; +use OCA\Encryption\Recovery; use OCP\App\IAppManager; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\BruteForceProtection; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\JSONResponse; use OCP\HintException; -use OCP\IGroupManager; use OCP\IL10N; use OCP\IRequest; use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; +use OCP\Server; class ChangePasswordController extends Controller { - private ?string $userId; - private IUserManager $userManager; - private IL10N $l; - private GroupManager $groupManager; private Session $userSession; - private IAppManager $appManager; - public function __construct(string $appName, + public function __construct( + string $appName, IRequest $request, - ?string $userId, - IUserManager $userManager, + private ?string $userId, + private IUserManager $userManager, IUserSession $userSession, - IGroupManager $groupManager, - IAppManager $appManager, - IL10N $l) { + private GroupManager $groupManager, + private IAppManager $appManager, + private IL10N $l, + ) { parent::__construct($appName, $request); - - $this->userId = $userId; - $this->userManager = $userManager; $this->userSession = $userSession; - $this->groupManager = $groupManager; - $this->appManager = $appManager; - $this->l = $l; } /** - * @NoAdminRequired * @NoSubAdminRequired - * @BruteForceProtection(action=changePersonalPassword) */ - public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse { + #[NoAdminRequired] + #[BruteForceProtection(action: 'changePersonalPassword')] + public function changePersonalPassword(string $oldpassword = '', ?string $newpassword = null): JSONResponse { $loginName = $this->userSession->getLoginName(); /** @var IUser $user */ $user = $this->userManager->checkPassword($loginName, $oldpassword); @@ -123,16 +94,14 @@ class ChangePasswordController extends Controller { ]); } - /** - * @NoAdminRequired - * @PasswordConfirmationRequired - */ - public function changeUserPassword(string $username = null, string $password = null, string $recoveryPassword = null): JSONResponse { + #[NoAdminRequired] + #[PasswordConfirmationRequired] + public function changeUserPassword(?string $username = null, ?string $password = null, ?string $recoveryPassword = null): JSONResponse { if ($username === null) { return new JSONResponse([ 'status' => 'error', 'data' => [ - 'message' => $this->l->t('No user supplied'), + 'message' => $this->l->t('No Login supplied'), ], ]); } @@ -157,9 +126,9 @@ class ChangePasswordController extends Controller { $currentUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($username); - if ($currentUser === null || $targetUser === null || - !($this->groupManager->isAdmin($this->userId) || - $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser)) + if ($currentUser === null || $targetUser === null + || !($this->groupManager->isAdmin($this->userId) + || $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser)) ) { return new JSONResponse([ 'status' => 'error', @@ -171,8 +140,8 @@ class ChangePasswordController extends Controller { if ($this->appManager->isEnabledForUser('encryption')) { //handle the recovery case - $keyManager = \OCP\Server::get(\OCA\Encryption\KeyManager::class); - $recovery = \OCP\Server::get(\OCA\Encryption\Recovery::class); + $keyManager = Server::get(KeyManager::class); + $recovery = Server::get(Recovery::class); $recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled(); $validRecoveryPassword = false; @@ -186,7 +155,7 @@ class ChangePasswordController extends Controller { return new JSONResponse([ 'status' => 'error', 'data' => [ - 'message' => $this->l->t('Please provide an admin recovery password; otherwise, all user data will be lost.'), + 'message' => $this->l->t('Please provide an admin recovery password; otherwise, all account data will be lost.'), ] ]); } elseif ($recoveryEnabledForUser && ! $validRecoveryPassword) { @@ -212,7 +181,7 @@ class ChangePasswordController extends Controller { return new JSONResponse([ 'status' => 'error', 'data' => [ - 'message' => $this->l->t('Backend does not support password change, but the user\'s encryption key was updated.'), + 'message' => $this->l->t('Backend does not support password change, but the encryption of the account key was updated.'), ] ]); } elseif (!$result && !$recoveryEnabledForUser) { |