From 218d0add36f873e7cdfdd32608883ea431eb2af9 Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Wed, 28 May 2014 20:13:07 +0300
Subject: Changes according to review

---
 core/js/lostpassword.js                         |  21 +++--
 core/lostpassword/application.php               |  38 ++++++++
 core/lostpassword/controller/ajaxcontroller.php | 101 ---------------------
 core/lostpassword/controller/lostcontroller.php | 113 +++++++++++++++++++++---
 core/routes.php                                 |  37 +-------
 5 files changed, 154 insertions(+), 156 deletions(-)
 create mode 100644 core/lostpassword/application.php
 delete mode 100644 core/lostpassword/controller/ajaxcontroller.php

(limited to 'core')

diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 0c50f858ec5..cfce4564f83 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -30,24 +30,26 @@ OC.Lostpassword = {
 			$('#submit').trigger('click');
 		} else {
 			$.post(
-					OC.filePath('core', 'ajax', 'password/lost'), 
-					{ 
+					OC.filePath('core', 'ajax', 'password/lost'),
+					{
 						user : $('#user').val(),
 						proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
-					}, 
+					},
 					OC.Lostpassword.sendLinkDone
 			);
 		}
 	},
 			
 	sendLinkDone : function(result){
+		var sendErrorMsg;
+		
 		if (result && result.status === 'success'){
 			OC.Lostpassword.sendLinkSuccess();
 		} else {
 			if (result && result.msg){
-				var sendErrorMsg = result.msg;
+				sendErrorMsg = result.msg;
 			} else {
-				var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
+				sendErrorMsg = OC.Lostpassword.sendErrorMsg;
 			}
 			OC.Lostpassword.sendLinkError(sendErrorMsg);
 		}
@@ -80,7 +82,7 @@ OC.Lostpassword = {
 		if ($('#password').val()){
 			$.post(
 					$('#password').parents('form').attr('action'),
-					{ 
+					{
 						password : $('#password').val()
 					},
 					OC.Lostpassword.resetDone
@@ -89,6 +91,7 @@ OC.Lostpassword = {
 	},
 			
 	resetDone : function(result){
+		var resetErrorMsg;
 		if (result && result.status === 'success'){
 			$.post(
 					OC.webroot + '/',
@@ -100,11 +103,11 @@ OC.Lostpassword = {
 			);
 		} else {
 			if (result && result.msg){
-				var resetErrorMsg = result.msg;
+				resetErrorMsg = result.msg;
 			} else if (result && result.encryption) {
-				var sendErrorMsg = OC.Lostpassword.encryptedMsg;
+				resetErrorMsg = OC.Lostpassword.encryptedMsg;
 			} else {
-				var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
+				resetErrorMsg = OC.Lostpassword.resetErrorMsg;
 			}
 			OC.Lostpassword.resetError(resetErrorMsg);
 		}
diff --git a/core/lostpassword/application.php b/core/lostpassword/application.php
new file mode 100644
index 00000000000..1d22af5f610
--- /dev/null
+++ b/core/lostpassword/application.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * @author Victor Dubiniuk
+ * @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\LostPassword;
+
+use \OCP\AppFramework\App;
+use OC\Core\LostPassword\Controller\LostController;
+
+class Application extends App {
+	public function __construct(array $urlParams=array()){
+		parent::__construct('core', $urlParams);
+
+		$container = $this->getContainer();
+
+		/**
+		 * Controllers
+		 */
+		$container->registerService('LostController', function($c) {
+			return new LostController(
+				$c->query('AppName'),
+				$c->query('ServerContainer')->getRequest(),
+				$c->query('ServerContainer')->getURLGenerator(),
+				$c->query('ServerContainer')->getUserManager(),
+				new \OC_Defaults(),
+				$c->query('ServerContainer')->getL10N('core'),
+				\OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
+				\OC_App::isEnabled('files_encryption')
+			);
+		});
+	}
+}
diff --git a/core/lostpassword/controller/ajaxcontroller.php b/core/lostpassword/controller/ajaxcontroller.php
deleted file mode 100644
index 22fa0ce9126..00000000000
--- a/core/lostpassword/controller/ajaxcontroller.php
+++ /dev/null
@@ -1,101 +0,0 @@
-<?php
-/**
- * @author Victor Dubiniuk
- * @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
- *
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
- 
-namespace OC\Core\LostPassword\Controller;
-
-use \OCP\AppFramework\Controller;
-use \OCP\AppFramework\Http\JSONResponse;
-
-class AjaxController extends LostController {
-
-	/**
-	 * @PublicPage
-	 */
-	public function lost(){
-		$response = new JSONResponse(array('status'=>'success'));
-		try {
-			$this->sendEmail($this->params('user', ''), $this->params('proceed', ''));
-		} catch (EncryptedDataException $e){
-			$response->setData(array(
-				'status' => 'error',
-				'encryption' => '1'
-			));
-		} catch (\Exception $e){
-			$response->setData(array(
-				'status' => 'error',
-				'msg' => $e->getMessage()
-			));
-		}
-		
-		return $response;
-	}
-	
-	/**
-	 * @PublicPage
-	 */
-	public function resetPassword() {
-		$response = new JSONResponse(array('status'=>'success'));
-		try {
-			$user = $this->params('user');
-			$newPassword = $this->params('password');
-			if (!$this->checkToken()) {
-				throw new \RuntimeException('');
-			}
-			if (!\OC_User::setPassword($user, $newPassword)) {
-				throw new \RuntimeException('');
-			}
-			\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
-			\OC_User::unsetMagicInCookie();
-		} catch (Exception $e){
-			$response->setData(array(
-				'status' => 'error',
-				'msg' => $e->getMessage()
-			));
-		}
-		return $response;
-	}
-	
-	protected function sendEmail($user, $proceed) {
-		$l = \OC_L10N::get('core');
-		$isEncrypted = \OC_App::isEnabled('files_encryption');
-
-		if ($isEncrypted && $proceed !== 'Yes'){
-			throw new EncryptedDataException();
-		}
-
-		if (!\OC_User::userExists($user)) {
-			throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
-		}
-		$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
-		\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
-			hash('sha256', $token)); // Hash the token again to prevent timing attacks
-		$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
-		if (empty($email)) {
-			throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
-		}
-		
-		$parameters = array('token' => $token, 'user' => $user);
-		$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
-		$link = $this->urlGenerator->getAbsoluteUrl($link);
-		
-		$tmpl = new \OC_Template('core/lostpassword', 'email');
-		$tmpl->assign('link', $link, false);
-		$msg = $tmpl->fetchPage();
-		echo $link;
-		$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
-		try {
-			$defaults = new \OC_Defaults();
-			\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
-		} catch (\Exception $e) {
-			throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
-		}
-	}
-	
-}
diff --git a/core/lostpassword/controller/lostcontroller.php b/core/lostpassword/controller/lostcontroller.php
index 0a28779259f..0f188b8e85e 100644
--- a/core/lostpassword/controller/lostcontroller.php
+++ b/core/lostpassword/controller/lostcontroller.php
@@ -5,27 +5,43 @@
  * later.
  * See the COPYING-README file.
  */
+
 namespace OC\Core\LostPassword\Controller;
 
 use \OCP\AppFramework\Controller;
+use \OCP\AppFramework\Http\JSONResponse;
 use \OCP\AppFramework\Http\TemplateResponse;
 
 class LostController extends Controller {
 	
 	protected $urlGenerator;
+	protected $userManager;
+	protected $defaults;
+	protected $l10n;
+	protected $from;
+	protected $isDataEncrypted;
 	
-	public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator) {
+	public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator, $userManager,
+			$defaults, $l10n, $from, $isDataEncrypted) {
 		parent::__construct($appName, $request);
 		$this->urlGenerator = $urlGenerator;
+		$this->userManager = $userManager;
+		$this->defaults = $defaults;
+		$this->l10n = $l10n;
+		$this->from = $from;
+		$this->isDataEncrypted = $isDataEncrypted;
 	}
 
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
+	 * 
+	 * @param string $token
+	 * @param string $uid
 	 */
-	public function reset() {
+	public function reset($token, $uid) {
 		// Someone wants to reset their password:
-		if($this->checkToken()) {
+		if($this->checkToken($uid, $token)) {
 			return new TemplateResponse(
 				'core/lostpassword', 
 				'resetpassword', 
@@ -36,31 +52,102 @@ class LostController extends Controller {
 			);
 		} else {
 			// Someone lost their password
-			$isEncrypted = \OC_App::isEnabled('files_encryption');
 			return new TemplateResponse(
 				'core/lostpassword', 
 				'lostpassword', 
 				array(
-					'isEncrypted' => $isEncrypted, 
-					'link' => $this->getResetPasswordLink()
+					'isEncrypted' => $this->isDataEncrypted, 
+					'link' => $this->getResetPasswordLink($uid, $token)
 				),
 				'guest'
 			);
 		}
 	}
+	
+	/**
+	 * @PublicPage
+	 * 
+	 * @param bool $proceed
+	 */
+	public function lost($user, $proceed){
+		$response = new JSONResponse(array('status'=>'success'));
+		try {
+			$this->sendEmail($user, $proceed);
+		} catch (EncryptedDataException $e){
+			$response->setData(array(
+				'status' => 'error',
+				'encryption' => '1'
+			));
+		} catch (\Exception $e){
+			$response->setData(array(
+				'status' => 'error',
+				'msg' => $e->getMessage()
+			));
+		}
+		
+		return $response;
+	}
+	
+	/**
+	 * @PublicPage
+	 */
+	public function resetPassword($user, $password, $token) {
+		$response = new JSONResponse(array('status'=>'success'));
+		try {
+			if (!$this->checkToken($user, $token)) {
+				throw new \RuntimeException('');
+			}
+			if (!$this->userManager->setPassword($user, $newPassword)) {
+				throw new \RuntimeException('');
+			}
+			\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
+			$this->userManager->unsetMagicInCookie();
+		} catch (Exception $e){
+			$response->setData(array(
+				'status' => 'error',
+				'msg' => $e->getMessage()
+			));
+		}
+		return $response;
+	}
+	
+	protected function sendEmail($user, $proceed) {
+		if ($this->isDataEncrypted && $proceed !== 'Yes'){
+			throw new EncryptedDataException();
+		}
+
+		if (!$this->userManager->userExists($user)) {
+			throw new \Exception($this->l10n->t('Couldn’t send reset email. Please make sure your username is correct.'));
+		}
+		$token = hash('sha256', \OC_Util::generateRandomBytes(30));
+		\OC_Preferences::setValue($user, 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks
+		$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
+		if (empty($email)) {
+			throw new \Exception($this->l10n->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
+		}
+		
+		$link = $this->getResetPasswordLink($user, $token);
+		echo $link;
+		$tmpl = new \OC_Template('core/lostpassword', 'email');
+		$tmpl->assign('link', $link, false);
+		$msg = $tmpl->fetchPage();
+		try {
+			\OC_Mail::send($email, $user, $this->l10n->t('%s password reset', array($this->defaults->getName())), $msg, $this->from, $this->defaults->getName());
+		} catch (\Exception $e) {
+			throw new \Exception( $this->l10n->t('Couldn’t send reset email. Please contact your administrator.'));
+		}
+	}
 
-	protected function getResetPasswordLink(){
+	protected function getResetPasswordLink($user, $token){
 		$parameters = array(
-			'token' => $this->params('token'), 
-			'user' => $this->params('user')
+			'token' => $token, 
+			'uid' => $user
 		);
-		$link = $this->urlGenerator->linkToRoute('core.ajax.reset', $parameters);
+		$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
 		return $this->urlGenerator->getAbsoluteUrl($link);
 	}
 
-	protected function checkToken() {
-		$user = $this->params('user');
-		$token = $this->params('token');
+	protected function checkToken($user, $token) {
 		return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
 	}
 }
diff --git a/core/routes.php b/core/routes.php
index 3ee5fcaa622..0a67585e0b1 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -6,45 +6,16 @@
  * See the COPYING-README file.
  */
 
-use \OCP\AppFramework\App;
-use OC\Core\LostPassword\Controller\LostController;
-use OC\Core\LostPassword\Controller\AjaxController;
-
-class Application extends App {
-	public function __construct(array $urlParams=array()){
-		parent::__construct('core', $urlParams);
-
-		$container = $this->getContainer();
-
-		/**
-		 * Controllers
-		 */
-		$container->registerService('LostController', function($c) {
-			return new LostController(
-				$c->query('AppName'),
-				$c->query('ServerContainer')->getRequest(),
-				$c->query('ServerContainer')->getURLGenerator()
-			);
-		});
-		$container->registerService('AjaxController', function($c) {
-			return new AjaxController(
-				$c->query('AppName'),
-				$c->query('ServerContainer')->getRequest(),
-				$c->query('ServerContainer')->getURLGenerator()
-			);
-		});
-	}
-}
+use OC\Core\LostPassword\Application;
 
 $application = new Application();
 $application->registerRoutes($this, array('routes' => array(
-		array('name' => 'ajax#lost', 'url' => '/core/ajax/password/lost', 'verb' => 'POST'),
-		array('name' => 'ajax#reset', 'url' => '/core/ajax/password/reset/{token}/{user}', 'verb' => 'POST'),
-		array('name' => 'lost#reset', 'url' => '/lostpassword/reset/{token}/{user}', 'verb' => 'GET'),
+		array('name' => 'lost#lost', 'url' => '/core/ajax/password/lost', 'verb' => 'POST'),
+		array('name' => 'lost#reset', 'url' => '/lostpassword/reset/{token}/{uid}', 'verb' => 'GET'),
+		array('name' => 'lost#resetPassword', 'url' => '/core/ajax/password/reset/{token}/{user}', 'verb' => 'POST'),
 	)
 ));
 
-
 // Post installation check
 
 /** @var $this OCP\Route\IRouter */
-- 
cgit v1.2.3