2014-05-27 21:09:08 +00:00
< ? php
/**
* Copyright ( c ) 2012 Bart Visscher < bartv @ thisnet . nl >
* This file is licensed under the Affero General Public License version 3 or
* later .
* See the COPYING - README file .
*/
2014-05-28 17:13:07 +00:00
2014-05-27 21:09:08 +00:00
namespace OC\Core\LostPassword\Controller ;
use \OCP\AppFramework\Controller ;
2014-05-28 17:13:07 +00:00
use \OCP\AppFramework\Http\JSONResponse ;
2014-05-27 21:09:08 +00:00
use \OCP\AppFramework\Http\TemplateResponse ;
2014-06-05 14:48:14 +00:00
use \OC\Core\LostPassword\EncryptedDataException ;
2014-05-27 21:09:08 +00:00
class LostController extends Controller {
protected $urlGenerator ;
2014-06-02 22:24:27 +00:00
protected $userClass ;
2014-05-28 17:13:07 +00:00
protected $defaults ;
protected $l10n ;
protected $from ;
protected $isDataEncrypted ;
2014-05-27 21:09:08 +00:00
2014-06-02 22:24:27 +00:00
public function __construct ( $appName , IRequest $request , IURLGenerator $urlGenerator , $userClass ,
2014-05-28 17:13:07 +00:00
$defaults , $l10n , $from , $isDataEncrypted ) {
2014-05-27 21:09:08 +00:00
parent :: __construct ( $appName , $request );
$this -> urlGenerator = $urlGenerator ;
2014-06-02 22:24:27 +00:00
$this -> userClass = $userClass ;
2014-05-28 17:13:07 +00:00
$this -> defaults = $defaults ;
$this -> l10n = $l10n ;
$this -> from = $from ;
$this -> isDataEncrypted = $isDataEncrypted ;
2014-05-27 21:09:08 +00:00
}
/**
* @ PublicPage
* @ NoCSRFRequired
2014-05-28 17:13:07 +00:00
*
* @ param string $token
* @ param string $uid
2014-05-27 21:09:08 +00:00
*/
2014-06-02 22:24:27 +00:00
public function resetform ( $token , $uid ) {
2014-05-27 21:09:08 +00:00
// Someone wants to reset their password:
2014-05-28 17:13:07 +00:00
if ( $this -> checkToken ( $uid , $token )) {
2014-05-27 21:09:08 +00:00
return new TemplateResponse (
'core/lostpassword' ,
'resetpassword' ,
array (
2014-06-02 22:24:27 +00:00
'link' => $this -> getLink ( 'core.lost.setPassword' , $uid , $token ),
'isEncrypted' => $this -> isDataEncrypted ,
2014-05-27 21:09:08 +00:00
),
'guest'
);
} else {
// Someone lost their password
return new TemplateResponse (
'core/lostpassword' ,
'lostpassword' ,
array (
2014-06-02 22:24:27 +00:00
'isEncrypted' => $this -> isDataEncrypted ,
'link' => $this -> getLink ( 'core.lost.setPassword' , $uid , $token )
2014-05-27 21:09:08 +00:00
),
'guest'
);
}
}
2014-05-28 17:13:07 +00:00
/**
* @ PublicPage
*
* @ param bool $proceed
*/
2014-06-02 22:24:27 +00:00
public function email ( $user , $proceed ){
2014-05-28 17:13:07 +00:00
$response = new JSONResponse ( array ( 'status' => 'success' ));
try {
$this -> sendEmail ( $user , $proceed );
} catch ( EncryptedDataException $e ){
$response -> setData ( array (
'status' => 'error' ,
'encryption' => '1'
));
} catch ( \Exception $e ){
$response -> setData ( array (
'status' => 'error' ,
'msg' => $e -> getMessage ()
));
}
return $response ;
}
/**
* @ PublicPage
*/
2014-06-02 22:24:27 +00:00
public function setPassword ( $token , $uid , $password ) {
2014-05-28 17:13:07 +00:00
$response = new JSONResponse ( array ( 'status' => 'success' ));
try {
2014-06-02 22:24:27 +00:00
if ( ! $this -> checkToken ( $uid , $token )) {
2014-05-28 17:13:07 +00:00
throw new \RuntimeException ( '' );
}
2014-06-02 22:24:27 +00:00
$userClass = $this -> userClass ;
if ( ! $userClass :: setPassword ( $uid , $password )) {
2014-05-28 17:13:07 +00:00
throw new \RuntimeException ( '' );
}
2014-06-02 22:24:27 +00:00
\OC_Preferences :: deleteKey ( $uid , 'owncloud' , 'lostpassword' );
$userClass :: unsetMagicInCookie ();
2014-05-28 17:13:07 +00:00
} catch ( Exception $e ){
$response -> setData ( array (
'status' => 'error' ,
'msg' => $e -> getMessage ()
));
}
return $response ;
}
protected function sendEmail ( $user , $proceed ) {
if ( $this -> isDataEncrypted && $proceed !== 'Yes' ){
throw new EncryptedDataException ();
}
2014-06-03 20:32:19 +00:00
$userClass = $this -> userClass ;
if ( ! $userClass :: userExists ( $user )) {
2014-05-28 17:13:07 +00:00
throw new \Exception ( $this -> l10n -> t ( 'Couldn’ t send reset email. Please make sure your username is correct.' ));
}
$token = hash ( 'sha256' , \OC_Util :: generateRandomBytes ( 30 ));
\OC_Preferences :: setValue ( $user , 'owncloud' , 'lostpassword' , hash ( 'sha256' , $token )); // Hash the token again to prevent timing attacks
$email = \OC_Preferences :: getValue ( $user , 'settings' , 'email' , '' );
if ( empty ( $email )) {
throw new \Exception ( $this -> l10n -> t ( 'Couldn’ t send reset email because there is no email address for this username. Please contact your administrator.' ));
}
2014-06-02 22:24:27 +00:00
$link = $this -> getLink ( 'core.lost.resetform' , $user , $token );
2014-05-28 17:13:07 +00:00
$tmpl = new \OC_Template ( 'core/lostpassword' , 'email' );
$tmpl -> assign ( 'link' , $link , false );
$msg = $tmpl -> fetchPage ();
try {
\OC_Mail :: send ( $email , $user , $this -> l10n -> t ( '%s password reset' , array ( $this -> defaults -> getName ())), $msg , $this -> from , $this -> defaults -> getName ());
} catch ( \Exception $e ) {
throw new \Exception ( $this -> l10n -> t ( 'Couldn’ t send reset email. Please contact your administrator.' ));
}
}
2014-05-27 21:09:08 +00:00
2014-06-02 22:24:27 +00:00
protected function getLink ( $route , $user , $token ){
2014-05-27 21:09:08 +00:00
$parameters = array (
2014-05-28 17:13:07 +00:00
'token' => $token ,
'uid' => $user
2014-05-27 21:09:08 +00:00
);
2014-06-02 22:24:27 +00:00
$link = $this -> urlGenerator -> linkToRoute ( $route , $parameters );
2014-05-27 21:09:08 +00:00
return $this -> urlGenerator -> getAbsoluteUrl ( $link );
}
2014-05-28 17:13:07 +00:00
protected function checkToken ( $user , $token ) {
2014-05-27 21:09:08 +00:00
return \OC_Preferences :: getValue ( $user , 'owncloud' , 'lostpassword' ) === hash ( 'sha256' , $token );
}
}