1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
<?php
/**
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword;
class Controller {
/**
* @param boolean $error
* @param boolean $requested
*/
protected static function displayLostPasswordPage($error, $requested) {
$isEncrypted = \OC_App::isEnabled('files_encryption');
\OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
array('error' => $error,
'requested' => $requested,
'isEncrypted' => $isEncrypted));
}
/**
* @param boolean $success
*/
protected static function displayResetPasswordPage($success, $args) {
$route_args = array();
$route_args['token'] = $args['token'];
$route_args['user'] = $args['user'];
\OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
array('success' => $success, 'args' => $route_args));
}
protected static function checkToken($user, $token) {
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
}
public static function sendEmail($user, $proceed) {
$l = \OC_L10N::get('core');
$isEncrypted = \OC_App::isEnabled('files_encryption');
if ($isEncrypted && $proceed !== 'Yes'){
throw new EncryptedDataException();
}
if (!\OC_User::userExists($user)) {
throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
}
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
hash('sha256', $token)); // Hash the token again to prevent timing attacks
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
if (empty($email)) {
throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
}
$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
array('user' => $user, 'token' => $token));
$link = \OC_Helper::makeURLAbsolute($link);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
try {
$defaults = new \OC_Defaults();
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
} catch (\Exception $e) {
throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
}
}
public static function reset($args) {
// Someone wants to reset their password:
if(self::checkToken($args['user'], $args['token'])) {
self::displayResetPasswordPage(false, $args);
} else {
// Someone lost their password
self::displayLostPasswordPage(false, false);
}
}
public static function resetPassword($args) {
if (self::checkToken($args['user'], $args['token'])) {
if (isset($_POST['password'])) {
if (\OC_User::setPassword($args['user'], $_POST['password'])) {
\OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
\OC_User::unsetMagicInCookie();
self::displayResetPasswordPage(true, $args);
} else {
self::displayResetPasswordPage(false, $args);
}
} else {
self::reset($args);
}
} else {
// Someone lost their password
self::displayLostPasswordPage(false, false);
}
}
}
|
