upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-20 00:12:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 38
nextcloud/core/lostpassword/controller/ajaxcontroller.php
Victor Dubiniuk a7fbd91e53 Use appframework
2014-06-13 15:34:52 +02:00

101 lines
3 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
* @author Victor Dubiniuk
* @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
*
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword\Controller;
use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\JSONResponse;
class AjaxController extends LostController {
/**
* @PublicPage
*/
public function lost(){
$response = new JSONResponse(array('status'=>'success'));
try {
$this->sendEmail($this->params('user', ''), $this->params('proceed', ''));
} catch (EncryptedDataException $e){
$response->setData(array(
'status' => 'error',
'encryption' => '1'
));
} catch (\Exception $e){
$response->setData(array(
'status' => 'error',
'msg' => $e->getMessage()
));
}
return $response;
}
/**
* @PublicPage
*/
public function resetPassword() {
$response = new JSONResponse(array('status'=>'success'));
try {
$user = $this->params('user');
$newPassword = $this->params('password');
if (!$this->checkToken()) {
throw new \RuntimeException('');
}
if (!\OC_User::setPassword($user, $newPassword)) {
throw new \RuntimeException('');
}
\OC_Preferences::deleteKey($user, 'owncloud', 'lostpassword');
\OC_User::unsetMagicInCookie();
} catch (Exception $e){
$response->setData(array(
'status' => 'error',
'msg' => $e->getMessage()
));
}
return $response;
}
protected function sendEmail($user, $proceed) {
$l = \OC_L10N::get('core');
$isEncrypted = \OC_App::isEnabled('files_encryption');
if ($isEncrypted && $proceed !== 'Yes'){
throw new EncryptedDataException();
}
if (!\OC_User::userExists($user)) {
throw new \Exception($l->t('Couldnt send reset email. Please make sure your username is correct.'));
}
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
hash('sha256', $token)); // Hash the token again to prevent timing attacks
$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
if (empty($email)) {
throw new \Exception($l->t('Couldnt send reset email because there is no email address for this username. Please contact your administrator.'));
}
$parameters = array('token' => $token, 'user' => $user);
$link = $this->urlGenerator->linkToRoute('core.lost.reset', $parameters);
$link = $this->urlGenerator->getAbsoluteUrl($link);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
echo $link;
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
try {
$defaults = new \OC_Defaults();
\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
} catch (\Exception $e) {
throw new \Exception( $l->t('Couldnt send reset email. Please contact your administrator.'));
}
}
}
Reference in a new issue View git blame Copy permalink