diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
new file mode 100644
index 00000000000..ad221cb30fc
--- /dev/null
+++ b/core/js/lostpassword.js
@@ -0,0 +1,138 @@
+
+OC.Lostpassword = {
+ sendErrorMsg : t('core', 'Couldn\'t send reset email. Please contact your administrator.'),
+
+ sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders. If it is not there ask your local administrator.'),
+
+ encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset. If you are not sure what to do, please contact your administrator before you continue. Do you really want to continue?")
+ + (' ')
+ + ' '
+ + ''
+ + t('core', 'Reset password')
+ + '',
+
+ resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
+
+ init : function() {
+ if ($('#lost-password-encryption').length){
+ $('#lost-password-encryption').click(OC.Lostpassword.sendLink);
+ } else {
+ $('#lost-password').click(OC.Lostpassword.sendLink);
+ }
+ $('#reset-password #submit').click(OC.Lostpassword.resetPassword);
+ },
+
+ sendLink : function(event){
+ event.preventDefault();
+ if (!$('#user').val().length){
+ $('#submit').trigger('click');
+ } else {
+ $.post(
+ OC.generateUrl('/lostpassword/email'),
+ {
+ user : $('#user').val(),
+ proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
+ },
+ OC.Lostpassword.sendLinkDone
+ );
+ }
+ },
+
+ sendLinkDone : function(result){
+ var sendErrorMsg;
+
+ if (result && result.status === 'success'){
+ OC.Lostpassword.sendLinkSuccess();
+ } else {
+ if (result && result.msg){
+ sendErrorMsg = result.msg;
+ } else {
+ sendErrorMsg = OC.Lostpassword.sendErrorMsg;
+ }
+ OC.Lostpassword.sendLinkError(sendErrorMsg);
+ }
+ },
+
+ sendLinkSuccess : function(msg){
+ var node = OC.Lostpassword.getSendStatusNode();
+ // update is the better success message styling
+ node.addClass('update').css({width:'auto'});
+ node.html(OC.Lostpassword.sendSuccessMsg);
+ },
+
+ sendLinkError : function(msg){
+ var node = OC.Lostpassword.getSendStatusNode();
+ node.addClass('warning');
+ node.html(msg);
+ OC.Lostpassword.init();
+ },
+
+ getSendStatusNode : function(){
+ if (!$('#lost-password').length){
+ $('').insertBefore($('#remember_login'));
+ } else {
+ $('#lost-password').replaceWith($(''));
+ }
+ return $('#lost-password');
+ },
+
+ resetPassword : function(event){
+ event.preventDefault();
+ if ($('#password').val()){
+ $.post(
+ $('#password').parents('form').attr('action'),
+ {
+ password : $('#password').val()
+ },
+ OC.Lostpassword.resetDone
+ );
+ }
+ },
+
+ resetDone : function(result){
+ var resetErrorMsg;
+ if (result && result.status === 'success'){
+ $.post(
+ OC.webroot + '/',
+ {
+ user : window.location.href.split('/').pop(),
+ password : $('#password').val()
+ },
+ OC.Lostpassword.redirect
+ );
+ } else {
+ if (result && result.msg){
+ resetErrorMsg = result.msg;
+ } else if (result && result.encryption) {
+ resetErrorMsg = OC.Lostpassword.encryptedMsg;
+ } else {
+ resetErrorMsg = OC.Lostpassword.resetErrorMsg;
+ }
+ OC.Lostpassword.resetError(resetErrorMsg);
+ }
+ },
+
+ redirect : function(msg){
+ window.location = OC.webroot;
+ },
+
+ resetError : function(msg){
+ var node = OC.Lostpassword.getResetStatusNode();
+ node.addClass('warning');
+ node.html(msg);
+ },
+
+ getResetStatusNode : function (){
+ if (!$('#lost-password').length){
+ $('').insertAfter($('#submit'));
+ } else {
+ $('#lost-password').replaceWith($(''));
+ }
+ return $('#lost-password');
+ }
+
+};
+
+$(document).ready(OC.Lostpassword.init);
diff --git a/core/lostpassword/application.php b/core/lostpassword/application.php
new file mode 100644
index 00000000000..ba2f3fc633b
--- /dev/null
+++ b/core/lostpassword/application.php
@@ -0,0 +1,44 @@
+getContainer();
+
+ /**
+ * Controllers
+ */
+ $container->registerService('LostController', function($c) {
+ return new LostController(
+ $c->query('AppName'),
+ $c->query('Request'),
+ $c->query('ServerContainer')->getURLGenerator(),
+ $c->query('ServerContainer')->getUserManager(),
+ new \OC_Defaults(),
+ $c->query('ServerContainer')->getL10N('core'),
+ $c->query('ServerContainer')->getConfig(),
+ $c->query('ServerContainer')->getUserSession(),
+ \OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
+ \OC_App::isEnabled('files_encryption')
+ );
+ });
+ }
+
+
+}
diff --git a/core/lostpassword/controller.php b/core/lostpassword/controller.php
deleted file mode 100644
index c858696885b..00000000000
--- a/core/lostpassword/controller.php
+++ /dev/null
@@ -1,111 +0,0 @@
-
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
-namespace OC\Core\LostPassword;
-
-class Controller {
-
- /**
- * @param boolean $error
- * @param boolean $requested
- */
- protected static function displayLostPasswordPage($error, $requested) {
- $isEncrypted = \OC_App::isEnabled('files_encryption');
- \OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
- array('error' => $error,
- 'requested' => $requested,
- 'isEncrypted' => $isEncrypted));
- }
-
- /**
- * @param boolean $success
- */
- protected static function displayResetPasswordPage($success, $args) {
- $route_args = array();
- $route_args['token'] = $args['token'];
- $route_args['user'] = $args['user'];
- \OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
- array('success' => $success, 'args' => $route_args));
- }
-
- protected static function checkToken($user, $token) {
- return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
- }
-
- public static function index($args) {
- self::displayLostPasswordPage(false, false);
- }
-
- public static function sendEmail($args) {
-
- $isEncrypted = \OC_App::isEnabled('files_encryption');
-
- if(!$isEncrypted || isset($_POST['continue'])) {
- $continue = true;
- } else {
- $continue = false;
- }
-
- if (\OC_User::userExists($_POST['user']) && $continue) {
- $token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
- \OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
- hash('sha256', $token)); // Hash the token again to prevent timing attacks
- $email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
- if (!empty($email)) {
- $link = \OC_Helper::linkToRoute('core_lostpassword_reset',
- array('user' => $_POST['user'], 'token' => $token));
- $link = \OC_Helper::makeURLAbsolute($link);
-
- $tmpl = new \OC_Template('core/lostpassword', 'email');
- $tmpl->assign('link', $link, false);
- $msg = $tmpl->fetchPage();
- $l = \OC_L10N::get('core');
- $from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
- try {
- $defaults = new \OC_Defaults();
- \OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
- } catch (Exception $e) {
- \OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') );
- }
- self::displayLostPasswordPage(false, true);
- } else {
- self::displayLostPasswordPage(true, false);
- }
- } else {
- self::displayLostPasswordPage(true, false);
- }
- }
-
- public static function reset($args) {
- // Someone wants to reset their password:
- if(self::checkToken($args['user'], $args['token'])) {
- self::displayResetPasswordPage(false, $args);
- } else {
- // Someone lost their password
- self::displayLostPasswordPage(false, false);
- }
- }
-
- public static function resetPassword($args) {
- if (self::checkToken($args['user'], $args['token'])) {
- if (isset($_POST['password'])) {
- if (\OC_User::setPassword($args['user'], $_POST['password'])) {
- \OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
- \OC_User::unsetMagicInCookie();
- self::displayResetPasswordPage(true, $args);
- } else {
- self::displayResetPasswordPage(false, $args);
- }
- } else {
- self::reset($args);
- }
- } else {
- // Someone lost their password
- self::displayLostPasswordPage(false, false);
- }
- }
-}
diff --git a/core/lostpassword/controller/lostcontroller.php b/core/lostpassword/controller/lostcontroller.php
new file mode 100644
index 00000000000..b1be65b4f01
--- /dev/null
+++ b/core/lostpassword/controller/lostcontroller.php
@@ -0,0 +1,199 @@
+
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\LostPassword\Controller;
+
+use \OCP\AppFramework\Controller;
+use \OCP\AppFramework\Http\JSONResponse;
+use \OCP\AppFramework\Http\TemplateResponse;
+use \OCP\IURLGenerator;
+use \OCP\IRequest;
+use \OCP\IL10N;
+use \OCP\IConfig;
+use \OCP\IUserSession;
+use \OC\Core\LostPassword\EncryptedDataException;
+
+class LostController extends Controller {
+
+ protected $urlGenerator;
+ protected $userManager;
+ protected $defaults;
+ protected $l10n;
+ protected $from;
+ protected $isDataEncrypted;
+ protected $config;
+ protected $userSession;
+
+ public function __construct($appName,
+ IRequest $request,
+ IURLGenerator $urlGenerator,
+ $userManager,
+ $defaults,
+ IL10N $l10n,
+ IConfig $config,
+ IUserSession $userSession,
+ $from,
+ $isDataEncrypted) {
+ parent::__construct($appName, $request);
+ $this->urlGenerator = $urlGenerator;
+ $this->userManager = $userManager;
+ $this->defaults = $defaults;
+ $this->l10n = $l10n;
+ $this->from = $from;
+ $this->isDataEncrypted = $isDataEncrypted;
+ $this->config = $config;
+ $this->userSession = $userSession;
+ }
+
+ /**
+ * Someone wants to reset their password:
+ *
+ * @PublicPage
+ * @NoCSRFRequired
+ *
+ * @param string $token
+ * @param string $userId
+ */
+ public function resetform($token, $userId) {
+ return new TemplateResponse(
+ 'core/lostpassword',
+ 'resetpassword',
+ array(
+ 'isEncrypted' => $this->isDataEncrypted,
+ 'link' => $this->getLink('core.lost.setPassword', $userId, $token),
+ ),
+ 'guest'
+ );
+ }
+
+ private function error($message, array $additional=array()) {
+ return array_merge(array('status' => 'error', 'msg' => $message), $additional);
+ }
+
+ private function success() {
+ return array('status'=>'success');
+ }
+
+ /**
+ * @PublicPage
+ *
+ * @param string $user
+ * @param bool $proceed
+ */
+ public function email($user, $proceed){
+ // FIXME: use HTTP error codes
+ try {
+ $this->sendEmail($user, $proceed);
+ } catch (EncryptedDataException $e){
+ return $this->error('', array('encryption' => '1'));
+ } catch (\Exception $e){
+ return $this->error($e->getMessage());
+ }
+
+ return $this->success();
+ }
+
+
+ /**
+ * @PublicPage
+ */
+ public function setPassword($token, $userId, $password) {
+ try {
+ $user = $this->userManager->get($userId);
+
+ if (!$this->checkToken($userId, $token)) {
+ throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
+ }
+
+ if (!$user->setPassword($userId, $password)) {
+ throw new \Exception();
+ }
+
+ // FIXME: should be added to the all config at some point
+ \OC_Preferences::deleteKey($userId, 'owncloud', 'lostpassword');
+ $this->userSession->unsetMagicInCookie();
+
+ } catch (\Exception $e){
+ return $this->error($e->getMessage());
+ }
+
+ return $this->success();
+ }
+
+
+ protected function sendEmail($user, $proceed) {
+ if ($this->isDataEncrypted && !$proceed){
+ throw new EncryptedDataException();
+ }
+
+ if (!$this->userManager->userExists($user)) {
+ throw new \Exception(
+ $this->l10n->t('Couldn\'t send reset email. Please make sure '.
+ 'your username is correct.'));
+ }
+
+ $token = hash('sha256', \OC_Util::generateRandomBytes(30));
+
+ // Hash the token again to prevent timing attacks
+ $this->config->setUserValue(
+ $user, 'owncloud', 'lostpassword', hash('sha256', $token)
+ );
+
+ $email = $this->config->getUserValue($user, 'settings', 'email');
+
+ if (empty($email)) {
+ throw new \Exception(
+ $this->l10n->t('Couldn\'t send reset email because there is no '.
+ 'email address for this username. Please ' .
+ 'contact your administrator.')
+ );
+ }
+
+ $link = $this->getLink('core.lost.resetform', $user, $token);
+
+ $tmpl = new \OC_Template('core/lostpassword', 'email');
+ $tmpl->assign('link', $link, false);
+ $msg = $tmpl->fetchPage();
+
+ try {
+ // FIXME: should be added to the container and injected in here
+ \OC_Mail::send(
+ $email,
+ $user,
+ $this->l10n->t('%s password reset', array($this->defaults->getName())),
+ $msg,
+ $this->from,
+ $this->defaults->getName()
+ );
+ } catch (\Exception $e) {
+ throw new \Exception($this->l10n->t(
+ 'Couldn\'t send reset email. Please contact your administrator.'
+ ));
+ }
+ }
+
+
+ protected function getLink($route, $user, $token){
+ $parameters = array(
+ 'token' => $token,
+ 'userId' => $user
+ );
+ $link = $this->urlGenerator->linkToRoute($route, $parameters);
+
+ return $this->urlGenerator->getAbsoluteUrl($link);
+ }
+
+
+ protected function checkToken($user, $token) {
+ return $this->config->getUserValue(
+ $user, 'owncloud', 'lostpassword'
+ ) === hash('sha256', $token);
+ }
+
+
+}
diff --git a/core/lostpassword/css/resetpassword.css b/core/lostpassword/css/resetpassword.css
new file mode 100644
index 00000000000..012af672d97
--- /dev/null
+++ b/core/lostpassword/css/resetpassword.css
@@ -0,0 +1,7 @@
+#reset-password p {
+ position: relative;
+}
+
+#password-icon {
+ top: 20px;
+}
diff --git a/core/lostpassword/encrypteddataexception.php b/core/lostpassword/encrypteddataexception.php
new file mode 100644
index 00000000000..99d19445b6c
--- /dev/null
+++ b/core/lostpassword/encrypteddataexception.php
@@ -0,0 +1,14 @@
+
-
- t('The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders. If it is not there ask your local administrator .'));
- ?>
-