1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\Provisioning_API\Controller;
use InvalidArgumentException;
use OC\Security\Crypto;
use OCP\Accounts\IAccountManager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\BruteForceProtection;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IL10N;
use OCP\IRequest;
use OCP\IUserManager;
use OCP\IUserSession;
use OCP\Security\VerificationToken\InvalidTokenException;
use OCP\Security\VerificationToken\IVerificationToken;
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
class VerificationController extends Controller {
/** @var Crypto */
private $crypto;
public function __construct(
string $appName,
IRequest $request,
private IVerificationToken $verificationToken,
private IUserManager $userManager,
private IL10N $l10n,
private IUserSession $userSession,
private IAccountManager $accountManager,
Crypto $crypto,
) {
parent::__construct($appName, $request);
$this->crypto = $crypto;
}
/**
* @NoSubAdminRequired
*/
#[NoAdminRequired]
#[NoCSRFRequired]
public function showVerifyMail(string $token, string $userId, string $key): TemplateResponse {
if ($this->userSession->getUser()->getUID() !== $userId) {
// not a public page, hence getUser() must return an IUser
throw new InvalidArgumentException('Logged in account is not mail address owner');
}
$email = $this->crypto->decrypt($key);
return new TemplateResponse(
'core', 'confirmation', [
'title' => $this->l10n->t('Email confirmation'),
'message' => $this->l10n->t('To enable the email address %s please click the button below.', [$email]),
'action' => $this->l10n->t('Confirm'),
], TemplateResponse::RENDER_AS_GUEST);
}
/**
* @NoSubAdminRequired
*/
#[NoAdminRequired]
#[BruteForceProtection(action: 'emailVerification')]
public function verifyMail(string $token, string $userId, string $key): TemplateResponse {
$throttle = false;
try {
if ($this->userSession->getUser()->getUID() !== $userId) {
throw new InvalidArgumentException('Logged in account is not mail address owner');
}
$email = $this->crypto->decrypt($key);
$ref = \substr(hash('sha256', $email), 0, 8);
$user = $this->userManager->get($userId);
$this->verificationToken->check($token, $user, 'verifyMail' . $ref, $email);
$userAccount = $this->accountManager->getAccount($user);
$emailProperty = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL)
->getPropertyByValue($email);
if ($emailProperty === null) {
throw new InvalidArgumentException($this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'));
}
$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
$this->accountManager->updateAccount($userAccount);
$this->verificationToken->delete($token, $user, 'verifyMail' . $ref);
} catch (InvalidTokenException $e) {
if ($e->getCode() === InvalidTokenException::TOKEN_EXPIRED) {
$error = $this->l10n->t('Could not verify mail because the token is expired.');
} else {
$throttle = true;
$error = $this->l10n->t('Could not verify mail because the token is invalid.');
}
} catch (InvalidArgumentException $e) {
$error = $e->getMessage();
} catch (\Exception $e) {
$error = $this->l10n->t('An unexpected error occurred. Please contact your admin.');
}
if (isset($error)) {
$response = new TemplateResponse(
'core', 'error', [
'errors' => [['error' => $error]]
], TemplateResponse::RENDER_AS_GUEST);
if ($throttle) {
$response->throttle();
}
return $response;
}
return new TemplateResponse(
'core', 'success', [
'title' => $this->l10n->t('Email confirmation successful'),
'message' => $this->l10n->t('Email confirmation successful'),
], TemplateResponse::RENDER_AS_GUEST);
}
}
|
