|
|
|
@ -31,7 +31,9 @@ namespace OC\Core\Controller;
|
|
|
|
|
use OC\Authentication\Events\AppPasswordCreatedEvent;
|
|
|
|
|
use OC\Authentication\Token\IProvider;
|
|
|
|
|
use OC\Authentication\Token\IToken;
|
|
|
|
|
use OC\User\Session;
|
|
|
|
|
use OCP\AppFramework\Http;
|
|
|
|
|
use OCP\AppFramework\Http\Attribute\UseSession;
|
|
|
|
|
use OCP\AppFramework\Http\DataResponse;
|
|
|
|
|
use OCP\AppFramework\OCS\OCSForbiddenException;
|
|
|
|
|
use OCP\Authentication\Exceptions\CredentialsUnavailableException;
|
|
|
|
@ -41,6 +43,8 @@ use OCP\Authentication\LoginCredentials\IStore;
|
|
|
|
|
use OCP\EventDispatcher\IEventDispatcher;
|
|
|
|
|
use OCP\IRequest;
|
|
|
|
|
use OCP\ISession;
|
|
|
|
|
use OCP\IUserManager;
|
|
|
|
|
use OCP\Security\Bruteforce\IThrottler;
|
|
|
|
|
use OCP\Security\ISecureRandom;
|
|
|
|
|
|
|
|
|
|
class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|
|
|
@ -52,6 +56,9 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|
|
|
|
private IProvider $tokenProvider,
|
|
|
|
|
private IStore $credentialStore,
|
|
|
|
|
private IEventDispatcher $eventDispatcher,
|
|
|
|
|
private Session $userSession,
|
|
|
|
|
private IUserManager $userManager,
|
|
|
|
|
private IThrottler $throttler,
|
|
|
|
|
) {
|
|
|
|
|
parent::__construct($appName, $request);
|
|
|
|
|
}
|
|
|
|
@ -165,4 +172,33 @@ class AppPasswordController extends \OCP\AppFramework\OCSController {
|
|
|
|
|
'apppassword' => $newToken,
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Confirm the user password
|
|
|
|
|
*
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
* @BruteForceProtection(action=sudo)
|
|
|
|
|
*
|
|
|
|
|
* @param string $password The password of the user
|
|
|
|
|
*
|
|
|
|
|
* @return DataResponse<Http::STATUS_OK, array{lastLogin: int}, array{}>|DataResponse<Http::STATUS_FORBIDDEN, array<empty>, array{}>
|
|
|
|
|
*
|
|
|
|
|
* 200: Password confirmation succeeded
|
|
|
|
|
* 403: Password confirmation failed
|
|
|
|
|
*/
|
|
|
|
|
#[UseSession]
|
|
|
|
|
public function confirmUserPassword(string $password): DataResponse {
|
|
|
|
|
$loginName = $this->userSession->getLoginName();
|
|
|
|
|
$loginResult = $this->userManager->checkPassword($loginName, $password);
|
|
|
|
|
if ($loginResult === false) {
|
|
|
|
|
$response = new DataResponse([], Http::STATUS_FORBIDDEN);
|
|
|
|
|
$response->throttle(['loginName' => $loginName]);
|
|
|
|
|
return $response;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$confirmTimestamp = time();
|
|
|
|
|
$this->session->set('last-password-confirm', $confirmTimestamp);
|
|
|
|
|
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'sudo', ['loginName' => $loginName]);
|
|
|
|
|
return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|