1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
<?php
/**
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword\Controller;
use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\JSONResponse;
use \OCP\AppFramework\Http\TemplateResponse;
class LostController extends Controller {
protected $urlGenerator;
protected $userClass;
protected $defaults;
protected $l10n;
protected $from;
protected $isDataEncrypted;
public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator, $userClass,
$defaults, $l10n, $from, $isDataEncrypted) {
parent::__construct($appName, $request);
$this->urlGenerator = $urlGenerator;
$this->userClass = $userClass;
$this->defaults = $defaults;
$this->l10n = $l10n;
$this->from = $from;
$this->isDataEncrypted = $isDataEncrypted;
}
/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @param string $uid
*/
public function resetform($token, $uid) {
// Someone wants to reset their password:
if($this->checkToken($uid, $token)) {
return new TemplateResponse(
'core/lostpassword',
'resetpassword',
array(
'link' => $this->getLink('core.lost.setPassword', $uid, $token),
'isEncrypted' => $this->isDataEncrypted,
),
'guest'
);
} else {
// Someone lost their password
return new TemplateResponse(
'core/lostpassword',
'lostpassword',
array(
'isEncrypted' => $this->isDataEncrypted,
'link' => $this->getLink('core.lost.setPassword', $uid, $token)
),
'guest'
);
}
}
/**
* @PublicPage
*
* @param bool $proceed
*/
public function email($user, $proceed){
$response = new JSONResponse(array('status'=>'success'));
try {
$this->sendEmail($user, $proceed);
} catch (EncryptedDataException $e){
$response->setData(array(
'status' => 'error',
'encryption' => '1'
));
} catch (\Exception $e){
$response->setData(array(
'status' => 'error',
'msg' => $e->getMessage()
));
}
return $response;
}
/**
* @PublicPage
*/
public function setPassword($token, $uid, $password) {
$response = new JSONResponse(array('status'=>'success'));
try {
if (!$this->checkToken($uid, $token)) {
throw new \RuntimeException('');
}
$userClass = $this->userClass;
if (!$userClass::setPassword($uid, $password)) {
throw new \RuntimeException('');
}
\OC_Preferences::deleteKey($uid, 'owncloud', 'lostpassword');
$userClass::unsetMagicInCookie();
} catch (Exception $e){
$response->setData(array(
'status' => 'error',
'msg' => $e->getMessage()
));
}
return $response;
}
protected function sendEmail($user, $proceed) {
if ($this->isDataEncrypted && $proceed !== 'Yes'){
throw new EncryptedDataException();
}
if (!$this->userClass->userExists($user)) {
throw new \Exception($this->l10n->t('Couldn’t send reset email. Please make sure your username is correct.'));
}
$token = hash('sha256', \OC_Util::generateRandomBytes(30));
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
if (empty($email)) {
throw new \Exception($this->l10n->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
}
$link = $this->getLink('core.lost.resetform', $user, $token);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
try {
\OC_Mail::send($email, $user, $this->l10n->t('%s password reset', array($this->defaults->getName())), $msg, $this->from, $this->defaults->getName());
} catch (\Exception $e) {
throw new \Exception( $this->l10n->t('Couldn’t send reset email. Please contact your administrator.'));
}
}
protected function getLink($route, $user, $token){
$parameters = array(
'token' => $token,
'uid' => $user
);
$link = $this->urlGenerator->linkToRoute($route, $parameters);
return $this->urlGenerator->getAbsoluteUrl($link);
}
protected function checkToken($user, $token) {
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
}
}
|
