From 9d1e60325c6f478484ff8f70ff3cd13d9d7d4913 Mon Sep 17 00:00:00 2001
From: Björn Schießle <schiessle@owncloud.com>
Date: Thu, 16 May 2013 14:53:04 +0200
Subject: allow admin to recover users files in case of password lost

---
 settings/ajax/changepassword.php | 5 +++--
 settings/css/settings.css        | 2 ++
 settings/js/users.js             | 4 +++-
 settings/templates/personal.php  | 2 +-
 settings/templates/users.php     | 5 +++++
 settings/users.php               | 3 +++
 6 files changed, 17 insertions(+), 4 deletions(-)

(limited to 'settings')

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 4f16bff63d5..fe63f27a6e2 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -8,8 +8,9 @@ OC_JSON::checkLoggedIn();
 OC_APP::loadApps();
 
 $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
-$password = isset($_POST["newpassword"]) ? $_POST["newpassword"] : null;
+$password = isset($_POST["password"]) ? $_POST["password"] : null;
 $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
+$recoveryPassword=isset($_POST["recoveryPassword"])?$_POST["recoveryPassword"]:null;
 
 $userstatus = null;
 if(OC_User::isAdminUser(OC_User::getUser())) {
@@ -28,7 +29,7 @@ if(is_null($userstatus)) {
 }
 
 // Return Success story
-if(!is_null($password) && OC_User::setPassword( $username, $password )) {
+if(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
 	OC_JSON::success(array("data" => array( "username" => $username )));
 }
 else{
diff --git a/settings/css/settings.css b/settings/css/settings.css
index 46a0bbe7c32..950e8929012 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -45,6 +45,8 @@ table:not(.nostyle) { width:100%; }
 #rightcontent { padding-left: 1em; }
 div.quota { float:right; display:block; position:absolute; right:25em; top:-1px; }
 div.quota-select-wrapper { position: relative; }
+div.recoveryPassword { left:50em; display:block; position:absolute; top:-1px; }
+input#recoveryPassword {width:15em;}
 select.quota { position:absolute; left:0; top:0; width:10em; }
 select.quota-user { position:relative; left:0; top:0; width:10em; }
 div.quota>span { position:absolute; right:0; white-space:nowrap; top:.7em; color:#888; text-shadow:0 1px 0 #fff; }
diff --git a/settings/js/users.js b/settings/js/users.js
index 690c9ad0464..9bd7f31f0b2 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -351,9 +351,11 @@ $(document).ready(function () {
 		input.keypress(function (event) {
 			if (event.keyCode == 13) {
 				if ($(this).val().length > 0) {
+		var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
+		console.log("RECOVERY PASSWD: " + recoveryPasswordVal);
 					$.post(
 						OC.filePath('settings', 'ajax', 'changepassword.php'),
-						{username: uid, password: $(this).val()},
+						{username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
 						function (result) {
 						}
 					);
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index cfb45e99c4d..da812e8ed9a 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -38,7 +38,7 @@ if($_['passwordChangeSupported']) {
 		<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
 		<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
 		<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
-		<input type="password" id="pass2" name="newpassword"
+		<input type="password" id="pass2" name="password"
 			placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" />
 		<input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label>
 		<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />
diff --git a/settings/templates/users.php b/settings/templates/users.php
index e86dd46efbe..a6df85983dd 100644
--- a/settings/templates/users.php
+++ b/settings/templates/users.php
@@ -29,6 +29,11 @@ $_['subadmingroups'] = array_flip($items);
 			<?php endforeach;?>
 		</select> <input type="submit" value="<?php p($l->t('Create'))?>" />
 	</form>
+	<?php if((bool)$_['recoveryAdminEnabled']): ?>
+	<div class="recoveryPassword">
+	<input id="recoveryPassword" type="password" placeholder="<?php p($l->t('Admin Recovery Password'))?>" />
+	</div>
+	<?php endif; ?>
 	<div class="quota">
 		<span><?php p($l->t('Default Storage'));?></span>
 			<?php if((bool) $_['isadmin']): ?>
diff --git a/settings/users.php b/settings/users.php
index 94e6d0a9a10..e5c8a7aaa8d 100644
--- a/settings/users.php
+++ b/settings/users.php
@@ -20,6 +20,8 @@ $users = array();
 $groups = array();
 
 $isadmin = OC_User::isAdminUser(OC_User::getUser());
+$recoveryAdminEnabled = OC_App::isEnabled('files_encryption') &&
+					    OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
 
 if($isadmin) {
 	$accessiblegroups = OC_Group::getGroups();
@@ -77,4 +79,5 @@ $tmpl->assign( 'numofgroups', count($accessiblegroups));
 $tmpl->assign( 'quota_preset', $quotaPreset);
 $tmpl->assign( 'default_quota', $defaultQuota);
 $tmpl->assign( 'defaultQuotaIsUserDefined', $defaultQuotaIsUserDefined);
+$tmpl->assign( 'recoveryAdminEnabled', $recoveryAdminEnabled);
 $tmpl->printPage();
-- 
cgit v1.2.3


From 8ae30891b3cd5781741ce797b0ff99d68eab7c8d Mon Sep 17 00:00:00 2001
From: Björn Schießle <schiessle@owncloud.com>
Date: Thu, 16 May 2013 15:19:53 +0200
Subject: some error handling in case the recovery password is wrong

---
 settings/ajax/changepassword.php | 7 +++++--
 settings/js/users.js             | 4 ++++
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'settings')

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index fe63f27a6e2..adb730e12c2 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -28,10 +28,13 @@ if(is_null($userstatus)) {
 	exit();
 }
 
-// Return Success story
-if(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
+$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
+if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
+	OC_JSON::error(array("data" => array( "message" => "Wrong recovery admin password. Please check the password and try again." )));
+}elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
 	OC_JSON::success(array("data" => array( "username" => $username )));
 }
 else{
 	OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
 }
+error_log("bliub");
diff --git a/settings/js/users.js b/settings/js/users.js
index 9bd7f31f0b2..423068e51f3 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -357,6 +357,10 @@ $(document).ready(function () {
 						OC.filePath('settings', 'ajax', 'changepassword.php'),
 						{username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
 						function (result) {
+							if (result.status != 'success') {
+								OC.dialogs.alert(result.data.message,
+									t('settings', 'Error changing password'));
+							}
 						}
 					);
 					input.blur();
-- 
cgit v1.2.3


From f1a5b8b524531567ba18c6e08a6f7110dcff18d7 Mon Sep 17 00:00:00 2001
From: Björn Schießle <schiessle@owncloud.com>
Date: Thu, 16 May 2013 16:01:40 +0200
Subject: show nicer warning if the admin recovery password was wrong

---
 settings/ajax/changepassword.php |  2 +-
 settings/js/users.js             | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

(limited to 'settings')

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index adb730e12c2..6b5bf9c66bd 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -30,7 +30,7 @@ if(is_null($userstatus)) {
 
 $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
 if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
-	OC_JSON::error(array("data" => array( "message" => "Wrong recovery admin password. Please check the password and try again." )));
+	OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." )));
 }elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
 	OC_JSON::success(array("data" => array( "username" => $username )));
 }
diff --git a/settings/js/users.js b/settings/js/users.js
index 423068e51f3..f3fab34b090 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -351,15 +351,13 @@ $(document).ready(function () {
 		input.keypress(function (event) {
 			if (event.keyCode == 13) {
 				if ($(this).val().length > 0) {
-		var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
-		console.log("RECOVERY PASSWD: " + recoveryPasswordVal);
+					var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
 					$.post(
 						OC.filePath('settings', 'ajax', 'changepassword.php'),
 						{username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
 						function (result) {
 							if (result.status != 'success') {
-								OC.dialogs.alert(result.data.message,
-									t('settings', 'Error changing password'));
+								OC.Notification.show(t('admin', result.data.message));
 							}
 						}
 					);
@@ -374,6 +372,10 @@ $(document).ready(function () {
 			img.css('display', '');
 		});
 	});
+	$('input:password[id="recoveryPassword"]').keyup(function(event) {
+		OC.Notification.hide();
+	});
+
 	$('table').on('click', 'td.password', function (event) {
 		$(this).children('img').click();
 	});
-- 
cgit v1.2.3


From f70240f4308d89183e00c9620b9703d30f905a99 Mon Sep 17 00:00:00 2001
From: Björn Schießle <schiessle@owncloud.com>
Date: Sat, 18 May 2013 10:33:33 +0200
Subject: display a warning if the user has enabled file recovery but the admin
 tries to change the users password without a recovery password

---
 settings/ajax/changepassword.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'settings')

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 6b5bf9c66bd..cb66c57c743 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -28,8 +28,13 @@ if(is_null($userstatus)) {
 	exit();
 }
 
-$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
-if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
+$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
+$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
+$recoveryEnabledForUser = $util->recoveryEnabledForUser();
+
+if ($recoveryAdminEnabled && $recoveryEnabledForUser && $recoveryPassword == '') {
+	OC_JSON::error(array("data" => array( "message" => "Please provide a admin recovery password, otherwise all user data will be lost" )));
+}elseif ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
 	OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." )));
 }elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
 	OC_JSON::success(array("data" => array( "username" => $username )));
@@ -37,4 +42,3 @@ if ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
 else{
 	OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
 }
-error_log("bliub");
-- 
cgit v1.2.3