mirror of https://github.com/nextcloud/server.git
implement verification for additional mails
- mails added by (sub)admins are automatically verified - provisioning_api controller as verification endpoint - IAccountProperty gets a locallyVerified property - IPropertyCollection gets a method to fetch an IAccountProperty by value - an remove equivalent was already present - AccountManager always initiates mail verification on update if necessary - add core success template for arbitrary title and message Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>pull/28422/head
parent
19cc757531
commit
aacaad2a3f
@ -0,0 +1,121 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* @copyright Copyright (c) 2021 Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
*
|
||||
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Provisioning_API\Controller;
|
||||
|
||||
use InvalidArgumentException;
|
||||
use OC\Security\Crypto;
|
||||
use OCP\Accounts\IAccountManager;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\IL10N;
|
||||
use OCP\IRequest;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Security\VerificationToken\InvalidTokenException;
|
||||
use OCP\Security\VerificationToken\IVerificationToken;
|
||||
|
||||
class VerificationController extends Controller {
|
||||
|
||||
/** @var IVerificationToken */
|
||||
private $verificationToken;
|
||||
/** @var IUserManager */
|
||||
private $userManager;
|
||||
/** @var IL10N */
|
||||
private $l10n;
|
||||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
/** @var IAccountManager */
|
||||
private $accountManager;
|
||||
/** @var Crypto */
|
||||
private $crypto;
|
||||
|
||||
public function __construct(
|
||||
string $appName,
|
||||
IRequest $request,
|
||||
IVerificationToken $verificationToken,
|
||||
IUserManager $userManager,
|
||||
IL10N $l10n,
|
||||
IUserSession $userSession,
|
||||
IAccountManager $accountManager,
|
||||
Crypto $crypto
|
||||
) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->verificationToken = $verificationToken;
|
||||
$this->userManager = $userManager;
|
||||
$this->l10n = $l10n;
|
||||
$this->userSession = $userSession;
|
||||
$this->accountManager = $accountManager;
|
||||
$this->crypto = $crypto;
|
||||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function verifyMail(string $token, string $userId, string $key) {
|
||||
try {
|
||||
if ($this->userSession->getUser()->getUID() !== $userId) {
|
||||
throw new InvalidArgumentException('Logged in user is not mail address owner');
|
||||
}
|
||||
$email = $this->crypto->decrypt($key);
|
||||
$ref = \substr(hash('sha256', $email), 0, 8);
|
||||
|
||||
$user = $this->userManager->get($userId);
|
||||
$this->verificationToken->check($token, $user, 'verifyMail' . $ref, $email);
|
||||
|
||||
$userAccount = $this->accountManager->getAccount($user);
|
||||
$emailProperty = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL)
|
||||
->getPropertyByValue($email);
|
||||
|
||||
if ($emailProperty === null) {
|
||||
throw new InvalidArgumentException($this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'));
|
||||
}
|
||||
$emailProperty->setLocallyVerified(IAccountManager::VERIFIED);
|
||||
$this->accountManager->updateAccount($userAccount);
|
||||
} catch (InvalidTokenException $e) {
|
||||
$error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED
|
||||
? $this->l10n->t('Could not verify mail because the token is expired.')
|
||||
: $this->l10n->t('Could not verify mail because the token is invalid.');
|
||||
} catch (InvalidArgumentException $e) {
|
||||
$error = $e->getMessage();
|
||||
} catch (\Exception $e) {
|
||||
$error = $this->l10n->t('An unexpected error occurred. Please consult your sysadmin.');
|
||||
}
|
||||
|
||||
if (isset($error)) {
|
||||
return new TemplateResponse(
|
||||
'core', 'error', [
|
||||
'errors' => [['error' => $error]]
|
||||
], 'guest');
|
||||
}
|
||||
|
||||
return new TemplateResponse(
|
||||
'core', 'success', [
|
||||
'title' => $this->l10n->t('Email confirmation successful'),
|
||||
'message' => $this->l10n->t('Email confirmation successful'),
|
||||
], 'guest');
|
||||
}
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
<?php
|
||||
/** @var array $_ */
|
||||
/** @var \OCP\IL10N $l */
|
||||
/** @var \OCP\Defaults $theme */
|
||||
?>
|
||||
|
||||
<div class="update">
|
||||
<h2><?php p($_['title']) ?></h2>
|
||||
<p><?php p($_['message']) ?></p>
|
||||
<p><a class="button primary" href="<?php p(\OC::$server->get(\OCP\IURLGenerator::class)->linkTo('', 'index.php')) ?>">
|
||||
<?php p($l->t('Go to %s', [$theme->getName()])); ?>
|
||||
</a></p>
|
||||
</div>
|
Loading…
Reference in New Issue