From 23ed038a27901b947b75413b966d4beab21cd2bc Mon Sep 17 00:00:00 2001 From: Victor Dubiniuk Date: Tue, 25 Mar 2014 01:38:11 +0300 Subject: [PATCH] Basics --- core/js/lostpassword.js | 134 +++++++++++++++++++ core/lostpassword/ajaxcontroller.php | 45 +++++++ core/lostpassword/controller.php | 62 ++++----- core/lostpassword/encrypteddataexception.php | 14 ++ core/lostpassword/templates/lostpassword.php | 2 +- core/routes.php | 13 +- core/templates/login.php | 6 +- 7 files changed, 228 insertions(+), 48 deletions(-) create mode 100644 core/js/lostpassword.js create mode 100644 core/lostpassword/ajaxcontroller.php create mode 100644 core/lostpassword/encrypteddataexception.php diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js new file mode 100644 index 00000000000..00dfe71be67 --- /dev/null +++ b/core/js/lostpassword.js @@ -0,0 +1,134 @@ + +OC.Lostpassword = { + sendErrorMsg : t('core', 'Couldn’t send reset email. Please contact your administrator.'), + + sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.
If it is not there ask your local administrator.'), + + encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset.
If you are not sure what to do, please contact your administrator before you continue.
Do you really want to continue?") + + ('
') + + '
' + + '' + + t('core', 'Reset password') + + '', + + resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'), + + init : function() { + if ($('#lost-password-encryption').length){ + $('#lost-password-encryption').click(OC.Lostpassword.sendLink); + } else { + $('#lost-password').click(OC.Lostpassword.sendLink); + } + $('#reset-password #submit').click(OC.Lostpassword.resetPassword); + }, + + sendLink : function(event){ + event.preventDefault(); + if (!$('#user').val().length){ + $('#submit').trigger('click'); + } else { + $.post( + OC.filePath('core', 'ajax', 'password/lost'), + { + user : $('#user').val(), + proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No' + }, + OC.Lostpassword.sendLinkDone + ); + } + }, + + sendLinkDone : function(result){ + if (result && result.status === 'success'){ + OC.Lostpassword.sendLinkSuccess(); + } else { + if (result && result.msg){ + var sendErrorMsg = result.msg; + } else if (result && result.encryption) { + var sendErrorMsg = OC.Lostpassword.encryptedMsg; + } else { + var sendErrorMsg = OC.Lostpassword.sendErrorMsg; + } + OC.Lostpassword.sendLinkError(sendErrorMsg); + } + }, + + sendLinkSuccess : function(msg){ + var node = OC.Lostpassword.getSendStatusNode(); + node.addClass('success').css({width:'auto'}); + node.html(OC.Lostpassword.sendSuccessMsg); + }, + + sendLinkError : function(msg){ + var node = OC.Lostpassword.getSendStatusNode(); + node.addClass('warning'); + node.html(msg); + OC.Lostpassword.init(); + }, + + getSendStatusNode : function(){ + if (!$('#lost-password').length){ + $('

').insertBefore($('#remember_login')); + } else { + $('#lost-password').replaceWith($('

')); + } + return $('#lost-password'); + }, + + resetPassword : function(event){ + event.preventDefault(); + if ($('#password').val()){ + $.post( + $('#password').parents('form').attr('action'), + { + password : $('#password').val() + }, + OC.Lostpassword.resetDone + ); + } + }, + + resetDone : function(result){ + if (result && result.status === 'success'){ + $.post( + OC.webroot + '/', + { + user : window.location.href.split('/').pop(), + password : $('#password').val() + }, + OC.Lostpassword.redirect + ); + } else { + if (result && result.msg){ + var resetErrorMsg = result.msg; + } else { + var resetErrorMsg = OC.Lostpassword.resetErrorMsg; + } + OC.Lostpassword.resetError(resetErrorMsg); + } + }, + + redirect : function(msg){ + window.location = OC.webroot; + }, + + resetError : function(msg){ + var node = OC.Lostpassword.getResetStatusNode(); + node.addClass('warning'); + node.html(msg); + }, + + getResetStatusNode : function (){ + if (!$('#lost-password').length){ + $('

').insertAfter($('#submit')); + } else { + $('#lost-password').replaceWith($('

')); + } + return $('#lost-password'); + } + +}; + +$(document).ready(OC.Lostpassword.init); diff --git a/core/lostpassword/ajaxcontroller.php b/core/lostpassword/ajaxcontroller.php new file mode 100644 index 00000000000..3722681308b --- /dev/null +++ b/core/lostpassword/ajaxcontroller.php @@ -0,0 +1,45 @@ + '1') + ); + } catch (\Exception $e){ + \OCP\JSON::error( + array('msg'=> $e->getMessage()) + ); + } + + exit(); + } + + public static function resetPassword($args) { + \OCP\JSON::callCheck(); + try { + Controller::resetPassword($args); + \OCP\JSON::success(); + } catch (Exception $e){ + \OCP\JSON::error( + array('msg'=> $e->getMessage()) + ); + } + exit(); + } +} diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php index c858696885b..0c6ada4edce 100644 --- a/core/lostpassword/controller.php +++ b/core/lostpassword/controller.php @@ -36,47 +36,37 @@ class Controller { return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token); } - public static function index($args) { - self::displayLostPasswordPage(false, false); - } - - public static function sendEmail($args) { - + public static function sendEmail($user, $proceed) { + $l = \OC_L10N::get('core'); $isEncrypted = \OC_App::isEnabled('files_encryption'); - if(!$isEncrypted || isset($_POST['continue'])) { - $continue = true; - } else { - $continue = false; + if ($isEncrypted && $proceed !== 'Yes'){ + throw new EncryptedDataException(); } - if (\OC_User::userExists($_POST['user']) && $continue) { - $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', '')); - \OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', - hash('sha256', $token)); // Hash the token again to prevent timing attacks - $email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); - if (!empty($email)) { - $link = \OC_Helper::linkToRoute('core_lostpassword_reset', - array('user' => $_POST['user'], 'token' => $token)); - $link = \OC_Helper::makeURLAbsolute($link); + if (!\OC_User::userExists($user)) { + throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.')); + } + $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', '')); + \OC_Preferences::setValue($user, 'owncloud', 'lostpassword', + hash('sha256', $token)); // Hash the token again to prevent timing attacks + $email = \OC_Preferences::getValue($user, 'settings', 'email', ''); + if (empty($email)) { + throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.')); + } + $link = \OC_Helper::linkToRoute('core_lostpassword_reset', + array('user' => $user, 'token' => $token)); + $link = \OC_Helper::makeURLAbsolute($link); - $tmpl = new \OC_Template('core/lostpassword', 'email'); - $tmpl->assign('link', $link, false); - $msg = $tmpl->fetchPage(); - $l = \OC_L10N::get('core'); - $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply'); - try { - $defaults = new \OC_Defaults(); - \OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName()); - } catch (Exception $e) { - \OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') ); - } - self::displayLostPasswordPage(false, true); - } else { - self::displayLostPasswordPage(true, false); - } - } else { - self::displayLostPasswordPage(true, false); + $tmpl = new \OC_Template('core/lostpassword', 'email'); + $tmpl->assign('link', $link, false); + $msg = $tmpl->fetchPage(); + $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply'); + try { + $defaults = new \OC_Defaults(); + \OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName()); + } catch (\Exception $e) { + throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.')); } } diff --git a/core/lostpassword/encrypteddataexception.php b/core/lostpassword/encrypteddataexception.php new file mode 100644 index 00000000000..99d19445b6c --- /dev/null +++ b/core/lostpassword/encrypteddataexception.php @@ -0,0 +1,14 @@ +

-
+

diff --git a/core/routes.php b/core/routes.php index 5368fd45645..fbbbdee81f0 100644 --- a/core/routes.php +++ b/core/routes.php @@ -70,18 +70,15 @@ $this->create('core_ajax_preview', '/core/preview') ->actionInclude('core/ajax/preview.php'); $this->create('core_ajax_preview', '/core/preview.png') ->actionInclude('core/ajax/preview.php'); -$this->create('core_lostpassword_index', '/lostpassword/') - ->get() - ->action('OC\Core\LostPassword\Controller', 'index'); -$this->create('core_lostpassword_send_email', '/lostpassword/') +$this->create('core_ajax_password_lost', '/core/ajax/password/lost') ->post() - ->action('OC\Core\LostPassword\Controller', 'sendEmail'); + ->action('OC\Core\Lostpassword\AjaxController', 'lost'); +$this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}') + ->post() + ->action('OC\Core\LostPassword\AjaxController', 'resetPassword'); $this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}') ->get() ->action('OC\Core\LostPassword\Controller', 'reset'); -$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}') - ->post() - ->action('OC\Core\LostPassword\Controller', 'resetPassword'); // Avatar routes $this->create('core_avatar_get_tmp', '/avatar/tmp') diff --git a/core/templates/login.php b/core/templates/login.php index 6af3d769690..951ba3b4f6b 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -46,8 +46,8 @@

- - t('Lost your password?')); ?> + + t('Forgot your password? Reset it!')); ?> @@ -74,4 +74,4 @@