upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-13 18:50:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Merge pull request #54974 from nextcloud/backport/54653/stable30

Browse source 
[stable30] fix: Avoid internal error when logging in with the wrong account to verify email address
This commit is contained in:
Andy Scherzinger 2025-09-15 08:43:36 +02:00 committed by GitHub
commit 92b06919e2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 26 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
apps/provisioning_api/lib/Controller/VerificationController.php
View file

@ -9,7 +9,6 @@ declare(strict_types=1);
namespace OCA\Provisioning_API\Controller;
use InvalidArgumentException;
use OC\Security\Crypto;
use OCP\Accounts\IAccountManager;
use OCP\AppFramework\Controller;
@ -18,6 +17,7 @@ use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\HintException;
use OCP\IL10N;
use OCP\IRequest;
use OCP\IUserManager;
@ -66,11 +66,21 @@ class VerificationController extends Controller {
#[NoAdminRequired]
#[NoCSRFRequired]
public function showVerifyMail(string $token, string $userId, string $key): TemplateResponse {
if ($this->userSession->getUser()->getUID() !== $userId) {
// not a public page, hence getUser() must return an IUser
throw new InvalidArgumentException('Logged in account is not mail address owner');
try {
if ($this->userSession->getUser()?->getUID() !== $userId) {
// not a public page, hence getUser() must return an IUser
throw new HintException(
'Logged in account is not mail address owner',
$this->l10n->t('Logged in account is not mail address owner'),
);
}
$email = $this->crypto->decrypt($key);
} catch (HintException $e) {
return new TemplateResponse(
'core', 'error', [
'errors' => [['error' => $e->getHint()]]
], TemplateResponse::RENDER_AS_GUEST);
}
$email = $this->crypto->decrypt($key);
return new TemplateResponse(
'core', 'confirmation', [
@ -88,8 +98,11 @@ class VerificationController extends Controller {
public function verifyMail(string $token, string $userId, string $key): TemplateResponse {
$throttle = false;
try {
if ($this->userSession->getUser()->getUID() !== $userId) {
throw new InvalidArgumentException('Logged in account is not mail address owner');
if ($this->userSession->getUser()?->getUID() !== $userId) {
throw new HintException(
'Logged in account is not mail address owner',
$this->l10n->t('Logged in account is not mail address owner'),
);
}
$email = $this->crypto->decrypt($key);
$ref = \substr(hash('sha256', $email), 0, 8);
@ -102,7 +115,10 @@ class VerificationController extends Controller {
->getPropertyByValue($email);
if ($emailProperty === null) {
throw new InvalidArgumentException($this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'));
throw new HintException(
'Email was already removed from account and cannot be confirmed anymore.',
$this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'),
);
}
$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
$this->accountManager->updateAccount($userAccount);
@ -114,8 +130,8 @@ class VerificationController extends Controller {
$throttle = true;
$error = $this->l10n->t('Could not verify mail because the token is invalid.');
}
} catch (InvalidArgumentException $e) {
$error = $e->getMessage();
} catch (HintException $e) {
$error = $e->getHint();
} catch (\Exception $e) {
$error = $this->l10n->t('An unexpected error occurred. Please contact your admin.');
}