Change the lostpassword flow to a controller
This commit is contained in:
Bart Visscher
parent
6081bfa2bc
commit
0a614429af
6 changed files with 101 additions and 67 deletions
82
core/lostpassword/controller.php
Normal file
82
core/lostpassword/controller.php
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
class OC_Core_LostPassword_Controller {
|
||||
protected static function displayLostPasswordPage($error, $requested) {
|
||||
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => $error, 'requested' => $requested));
|
||||
}
|
||||
|
||||
protected static function displayResetPasswordPage($success, $args) {
|
||||
$route_args = array();
|
||||
$route_args['token'] = $args['token'];
|
||||
$route_args['user'] = $args['user'];
|
||||
OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => $success, 'args' => $route_args));
|
||||
}
|
||||
|
||||
protected static function checkToken($user, $token) {
|
||||
return OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
|
||||
}
|
||||
|
||||
public static function index($args) {
|
||||
self::displayLostPasswordPage(false, false);
|
||||
}
|
||||
|
||||
public static function sendEmail($args) {
|
||||
if (OC_User::userExists($_POST['user'])) {
|
||||
$token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
|
||||
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks
|
||||
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
||||
if (!empty($email)) {
|
||||
$link = OC_Helper::linkToRoute('core_lostpassword_reset', array('user' => $_POST['user'], 'token' => $token));
|
||||
$link = OC_Helper::makeURLAbsolute($link);
|
||||
|
||||
$tmpl = new OC_Template('core/lostpassword', 'email');
|
||||
$tmpl->assign('link', $link, false);
|
||||
$msg = $tmpl->fetchPage();
|
||||
$l = OC_L10N::get('core');
|
||||
$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
|
||||
OC_Mail::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
|
||||
echo('Mailsent');
|
||||
|
||||
self::displayLostPasswordPage(false, true);
|
||||
} else {
|
||||
self::displayLostPasswordPage(true, false);
|
||||
}
|
||||
} else {
|
||||
self::displayLostPasswordPage(true, false);
|
||||
}
|
||||
}
|
||||
|
||||
public static function reset($args) {
|
||||
// Someone wants to reset their password:
|
||||
if(self::checkToken($args['user'], $args['token'])) {
|
||||
self::displayResetPasswordPage(false, $args);
|
||||
} else {
|
||||
// Someone lost their password
|
||||
self::displayLostPasswordPage(false, false);
|
||||
}
|
||||
}
|
||||
|
||||
public static function resetPassword($args) {
|
||||
if (self::checkToken($args['user'], $args['token'])) {
|
||||
if (isset($_POST['password'])) {
|
||||
if (OC_User::setPassword($args['user'], $_POST['password'])) {
|
||||
OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
|
||||
self::displayResetPasswordPage(true, $args);
|
||||
} else {
|
||||
self::displayResetPasswordPage(false, $args);
|
||||
}
|
||||
} else {
|
||||
self::reset($args);
|
||||
}
|
||||
} else {
|
||||
// Someone lost their password
|
||||
self::displayLostPasswordPage(false, false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright (c) 2012 Frank Karlitschek frank@owncloud.org
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
$RUNTIME_NOAPPS = TRUE; //no apps
|
||||
require_once '../../lib/base.php';
|
||||
|
||||
|
||||
// Someone lost their password:
|
||||
if (isset($_POST['user'])) {
|
||||
if (OC_User::userExists($_POST['user'])) {
|
||||
$token = hash("sha256", OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
|
||||
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash("sha256", $token)); // Hash the token again to prevent timing attacks
|
||||
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
||||
if (!empty($email)) {
|
||||
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php', array('user' => $_POST['user'], 'token' => $token));
|
||||
$tmpl = new OC_Template('core/lostpassword', 'email');
|
||||
$tmpl->assign('link', $link, false);
|
||||
$msg = $tmpl->fetchPage();
|
||||
$l = OC_L10N::get('core');
|
||||
$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
|
||||
OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
|
||||
echo('sent');
|
||||
}
|
||||
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true));
|
||||
} else {
|
||||
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false));
|
||||
}
|
||||
} else {
|
||||
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false));
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
<?php
|
||||
/**
|
||||
* Copyright (c) 2012 Frank Karlitschek frank@owncloud.org
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
|
||||
$RUNTIME_NOAPPS = TRUE; //no apps
|
||||
require_once '../../lib/base.php';
|
||||
|
||||
// Someone wants to reset their password:
|
||||
if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === hash("sha256", $_GET['token'])) {
|
||||
if (isset($_POST['password'])) {
|
||||
if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
|
||||
OC_Preferences::deleteKey($_GET['user'], 'owncloud', 'lostpassword');
|
||||
OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => true));
|
||||
} else {
|
||||
OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false));
|
||||
}
|
||||
} else {
|
||||
OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false));
|
||||
}
|
||||
} else {
|
||||
// Someone lost their password
|
||||
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false));
|
||||
}
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
<form action="index.php" method="post">
|
||||
<form action="<?php echo OC_Helper::linkToRoute('core_lostpassword_send_email') ?>" method="post">
|
||||
<fieldset>
|
||||
<?php echo $l->t('You will receive a link to reset your password via Email.'); ?>
|
||||
<?php if ($_['requested']): ?>
|
||||
<?php echo $l->t('Requested'); ?>
|
||||
<?php echo $l->t('Reset email send.'); ?>
|
||||
<?php else: ?>
|
||||
<?php if ($_['error']): ?>
|
||||
<?php echo $l->t('Login failed!'); ?>
|
||||
<?php echo $l->t('Request failed!'); ?>
|
||||
<?php endif; ?>
|
||||
<p class="infield">
|
||||
<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
<form action="<?php echo 'resetpassword.php?'.$_SERVER['QUERY_STRING']; ?>" method="post">
|
||||
<form action="<?php echo OC_Helper::linkToRoute('core_lostpassword_reset', $_['args']) ?>" method="post">
|
||||
<fieldset>
|
||||
<?php if($_['success']): ?>
|
||||
<h1><?php echo $l->t('Your password was reset'); ?></h1>
|
||||
<p><a href="<?php echo OC::$WEBROOT ?>/"><?php echo $l->t('To login page'); ?></a></p>
|
||||
<p><a href="<?php echo OC_Helper::linkTo('', 'index.php') ?>/"><?php echo $l->t('To login page'); ?></a></p>
|
||||
<?php else: ?>
|
||||
<p class="infield">
|
||||
<label for="password" class="infield"><?php echo $l->t( 'New password' ); ?></label>
|
||||
|
|
|
|||
|
|
@ -32,6 +32,20 @@ $this->create('core_ajax_vcategories_edit', '/core/ajax/vcategories/edit.php')
|
|||
$this->create('core_ajax_routes', '/core/routes.json')
|
||||
->action('OC_Router', 'JSRoutes');
|
||||
|
||||
OC::$CLASSPATH['OC_Core_LostPassword_Controller'] = 'core/lostpassword/controller.php';
|
||||
$this->create('core_lostpassword_index', '/lostpassword/')
|
||||
->get()
|
||||
->action('OC_Core_LostPassword_Controller', 'index');
|
||||
$this->create('core_lostpassword_send_email', '/lostpassword/')
|
||||
->post()
|
||||
->action('OC_Core_LostPassword_Controller', 'sendEmail');
|
||||
$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
|
||||
->get()
|
||||
->action('OC_Core_LostPassword_Controller', 'reset');
|
||||
$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}')
|
||||
->post()
|
||||
->action('OC_Core_LostPassword_Controller', 'resetPassword');
|
||||
|
||||
// Not specifically routed
|
||||
$this->create('app_css', '/apps/{app}/{file}')
|
||||
->requirements(array('file' => '.*.css'))
|
||||
|
|
|
|||
Loading…
Reference in a new issue