From 0dee717c94468afeb139d9e8d9322b5fd26974b6 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Sat, 28 Aug 2021 00:07:23 +0200
Subject: Confirm mails only per POST

- this is to avoid automatic confirmation by certain softwares that open
  links

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 apps/provisioning_api/appinfo/routes.php           |  3 ++-
 .../lib/Controller/VerificationController.php      | 26 ++++++++++++++++++++--
 core/templates/confirmation.php                    | 20 +++++++++++++++++
 .../VerificationToken/VerificationToken.php        |  4 ++++
 .../VerificationToken/IVerificationToken.php       |  7 ++++++
 5 files changed, 57 insertions(+), 3 deletions(-)
 create mode 100644 core/templates/confirmation.php

diff --git a/apps/provisioning_api/appinfo/routes.php b/apps/provisioning_api/appinfo/routes.php
index 81a5bb94e02..54d550260b8 100644
--- a/apps/provisioning_api/appinfo/routes.php
+++ b/apps/provisioning_api/appinfo/routes.php
@@ -76,6 +76,7 @@ return [
 	],
 	'routes' => [
 		// Verification
-		['name' => 'Verification#verifyMail', 'url' => '/mailVerification/{key}/{token}/{userId}', 'verb' => 'GET'],
+		['name' => 'Verification#showVerifyMail', 'url' => '/mailVerification/{key}/{token}/{userId}', 'verb' => 'GET'],
+		['name' => 'Verification#verifyMail', 'url' => '/mailVerification/{key}/{token}/{userId}', 'verb' => 'POST'],
 	]
 ];
diff --git a/apps/provisioning_api/lib/Controller/VerificationController.php b/apps/provisioning_api/lib/Controller/VerificationController.php
index b248d3e8285..c4ddd1e644d 100644
--- a/apps/provisioning_api/lib/Controller/VerificationController.php
+++ b/apps/provisioning_api/lib/Controller/VerificationController.php
@@ -74,6 +74,27 @@ class VerificationController extends Controller {
 
 	/**
 	 * @NoCSRFRequired
+	 * @NoAdminRequired
+	 * @NoSubAdminRequired
+	 */
+	public function showVerifyMail(string $token, string $userId, string $key) {
+		if ($this->userSession->getUser()->getUID() !== $userId) {
+			// not a public page, hence getUser() must return an IUser
+			throw new InvalidArgumentException('Logged in user is not mail address owner');
+		}
+		$email = $this->crypto->decrypt($key);
+
+		return new TemplateResponse(
+			'core', 'confirmation', [
+				'title' => $this->l10n->t('Email confirmation'),
+				'message' => $this->l10n->t('To enable the email address %s please click the button below.', [$email]),
+				'action' => $this->l10n->t('Confirm'),
+			], TemplateResponse::RENDER_AS_GUEST);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @NoSubAdminRequired
 	 */
 	public function verifyMail(string $token, string $userId, string $key) {
 		try {
@@ -95,6 +116,7 @@ class VerificationController extends Controller {
 			}
 			$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
 			$this->accountManager->updateAccount($userAccount);
+			$this->verificationToken->delete($token, $user, 'verifyMail' . $ref);
 		} catch (InvalidTokenException $e) {
 			$error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED
 				? $this->l10n->t('Could not verify mail because the token is expired.')
@@ -109,13 +131,13 @@ class VerificationController extends Controller {
 			return new TemplateResponse(
 				'core', 'error', [
 					'errors' => [['error' => $error]]
-				], 'guest');
+				], TemplateResponse::RENDER_AS_GUEST);
 		}
 
 		return new TemplateResponse(
 			'core', 'success', [
 				'title' => $this->l10n->t('Email confirmation successful'),
 				'message' => $this->l10n->t('Email confirmation successful'),
-			], 'guest');
+			], TemplateResponse::RENDER_AS_GUEST);
 	}
 }
diff --git a/core/templates/confirmation.php b/core/templates/confirmation.php
new file mode 100644
index 00000000000..26014cd1e79
--- /dev/null
+++ b/core/templates/confirmation.php
@@ -0,0 +1,20 @@
+<?php
+/** @var array $_ */
+/** @var \OCP\IL10N $l */
+/** @var \OCP\Defaults $theme */
+
+?>
+
+<div class="update">
+	<form method="POST" action="<?php print_unescaped($_['targetUrl']);?>">
+		<h2><?php p($_['title']) ?></h2>
+		<p><?php p($_['message']) ?></p>
+		<div class="buttons">
+			<input type="submit" class="primary" value="<?php p($_['action']); ?>">
+		</div>
+		<?php foreach ($_['parameters'] as $name => $value) {?>
+			<input type="hidden" name="<?php p($name); ?>" value="<?php p($value); ?>">
+		<?php } ?>
+		<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">
+	</form>
+</div>
diff --git a/lib/private/Security/VerificationToken/VerificationToken.php b/lib/private/Security/VerificationToken/VerificationToken.php
index ff3cb90727a..c85e0e7b5a1 100644
--- a/lib/private/Security/VerificationToken/VerificationToken.php
+++ b/lib/private/Security/VerificationToken/VerificationToken.php
@@ -122,4 +122,8 @@ class VerificationToken implements IVerificationToken {
 
 		return $token;
 	}
+
+	public function delete(string $token, IUser $user, string $subject): void {
+		$this->config->deleteUserValue($user->getUID(), 'core', $subject);
+	}
 }
diff --git a/lib/public/Security/VerificationToken/IVerificationToken.php b/lib/public/Security/VerificationToken/IVerificationToken.php
index c5f19e5de7f..e1d9203ec3b 100644
--- a/lib/public/Security/VerificationToken/IVerificationToken.php
+++ b/lib/public/Security/VerificationToken/IVerificationToken.php
@@ -52,4 +52,11 @@ interface IVerificationToken {
 	 * @since 23.0.0
 	 */
 	public function create(IUser $user, string $subject, string $passwordPrefix = ''): string;
+
+	/**
+	 * Deletes the token identified by the provided parameters
+	 *
+	 * @since 23.0.0
+	 */
+	public function delete(string $token, IUser $user, string $subject): void;
 }
-- 
cgit v1.2.3