archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #8618 from owncloud/yet-another-ajax-lost-password

Browse Source 
Basic ajax lost password
remotes/origin/ldap_group_count
Frank Karlitschek 10 years ago
parent 4a26219ecf dda5e6c85b
commit db9ac13574
10 changed files with 440 additions and 170 deletions
Show Stats Download Patch File Download Diff File

138
core/js/lostpassword.js
Unescape Escape View File

@ -0,0 +1,138 @@
OC.Lostpassword = {
sendErrorMsg : t('core', 'Couldn\'t send reset email. Please contact your administrator.'),
sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'),
encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?")
+ ('<br /><input type="checkbox" id="encrypted-continue" value="Yes" />')
+ '<label for="encrypted-continue">'
+ t('core', 'I know what I\'m doing')
+ '</label><br />'
+ '<a id="lost-password-encryption" href>'
+ t('core', 'Reset password')
+ '</a>',
resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
init : function() {
if ($('#lost-password-encryption').length){
$('#lost-password-encryption').click(OC.Lostpassword.sendLink);
} else {
$('#lost-password').click(OC.Lostpassword.sendLink);
}
$('#reset-password #submit').click(OC.Lostpassword.resetPassword);
},
sendLink : function(event){
event.preventDefault();
if (!$('#user').val().length){
$('#submit').trigger('click');
} else {
$.post(
OC.generateUrl('/lostpassword/email'),
{
user : $('#user').val(),
proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
},
OC.Lostpassword.sendLinkDone
);
}
},
sendLinkDone : function(result){
var sendErrorMsg;
if (result && result.status === 'success'){
OC.Lostpassword.sendLinkSuccess();
} else {
if (result && result.msg){
sendErrorMsg = result.msg;
} else {
sendErrorMsg = OC.Lostpassword.sendErrorMsg;
}
OC.Lostpassword.sendLinkError(sendErrorMsg);
}
},
sendLinkSuccess : function(msg){
var node = OC.Lostpassword.getSendStatusNode();
// update is the better success message styling
node.addClass('update').css({width:'auto'});
node.html(OC.Lostpassword.sendSuccessMsg);
},
sendLinkError : function(msg){
var node = OC.Lostpassword.getSendStatusNode();
node.addClass('warning');
node.html(msg);
OC.Lostpassword.init();
},
getSendStatusNode : function(){
if (!$('#lost-password').length){
$('<p id="lost-password"></p>').insertBefore($('#remember_login'));
} else {
$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
}
return $('#lost-password');
},
resetPassword : function(event){
event.preventDefault();
if ($('#password').val()){
$.post(
$('#password').parents('form').attr('action'),
{
password : $('#password').val()
},
OC.Lostpassword.resetDone
);
}
},
resetDone : function(result){
var resetErrorMsg;
if (result && result.status === 'success'){
$.post(
OC.webroot + '/',
{
user : window.location.href.split('/').pop(),
password : $('#password').val()
},
OC.Lostpassword.redirect
);
} else {
if (result && result.msg){
resetErrorMsg = result.msg;
} else if (result && result.encryption) {
resetErrorMsg = OC.Lostpassword.encryptedMsg;
} else {
resetErrorMsg = OC.Lostpassword.resetErrorMsg;
}
OC.Lostpassword.resetError(resetErrorMsg);
}
},
redirect : function(msg){
window.location = OC.webroot;
},
resetError : function(msg){
var node = OC.Lostpassword.getResetStatusNode();
node.addClass('warning');
node.html(msg);
},
getResetStatusNode : function (){
if (!$('#lost-password').length){
$('<p id="lost-password"></p>').insertAfter($('#submit'));
} else {
$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
}
return $('#lost-password');
}
};
$(document).ready(OC.Lostpassword.init);

44
core/lostpassword/application.php
Unescape Escape View File

@ -0,0 +1,44 @@
<?php
/**
* @author Victor Dubiniuk
* @copyright 2014 Victor Dubiniuk victor.dubiniuk@gmail.com
*
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword;
use \OCP\AppFramework\App;
use OC\Core\LostPassword\Controller\LostController;
class Application extends App {
public function __construct(array $urlParams=array()){
parent::__construct('core', $urlParams);
$container = $this->getContainer();
/**
* Controllers
*/
$container->registerService('LostController', function($c) {
return new LostController(
$c->query('AppName'),
$c->query('Request'),
$c->query('ServerContainer')->getURLGenerator(),
$c->query('ServerContainer')->getUserManager(),
new \OC_Defaults(),
$c->query('ServerContainer')->getL10N('core'),
$c->query('ServerContainer')->getConfig(),
$c->query('ServerContainer')->getUserSession(),
\OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
\OC_App::isEnabled('files_encryption')
);
});
}
}

111
core/lostpassword/controller.php
Unescape Escape View File

@ -1,111 +0,0 @@
<?php
/**
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword;
class Controller {
/**
* @param boolean $error
* @param boolean $requested
*/
protected static function displayLostPasswordPage($error, $requested) {
$isEncrypted = \OC_App::isEnabled('files_encryption');
\OC_Template::printGuestPage('core/lostpassword', 'lostpassword',
array('error' => $error,
'requested' => $requested,
'isEncrypted' => $isEncrypted));
}
/**
* @param boolean $success
*/
protected static function displayResetPasswordPage($success, $args) {
$route_args = array();
$route_args['token'] = $args['token'];
$route_args['user'] = $args['user'];
\OC_Template::printGuestPage('core/lostpassword', 'resetpassword',
array('success' => $success, 'args' => $route_args));
}
protected static function checkToken($user, $token) {
return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
}
public static function index($args) {
self::displayLostPasswordPage(false, false);
}
public static function sendEmail($args) {
$isEncrypted = \OC_App::isEnabled('files_encryption');
if(!$isEncrypted || isset($_POST['continue'])) {
$continue = true;
} else {
$continue = false;
}
if (\OC_User::userExists($_POST['user']) && $continue) {
$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
\OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
hash('sha256', $token)); // Hash the token again to prevent timing attacks
$email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email)) {
$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
array('user' => $_POST['user'], 'token' => $token));
$link = \OC_Helper::makeURLAbsolute($link);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
$l = \OC_L10N::get('core');
$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
try {
$defaults = new \OC_Defaults();
\OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
} catch (Exception $e) {
\OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') );
}
self::displayLostPasswordPage(false, true);
} else {
self::displayLostPasswordPage(true, false);
}
} else {
self::displayLostPasswordPage(true, false);
}
}
public static function reset($args) {
// Someone wants to reset their password:
if(self::checkToken($args['user'], $args['token'])) {
self::displayResetPasswordPage(false, $args);
} else {
// Someone lost their password
self::displayLostPasswordPage(false, false);
}
}
public static function resetPassword($args) {
if (self::checkToken($args['user'], $args['token'])) {
if (isset($_POST['password'])) {
if (\OC_User::setPassword($args['user'], $_POST['password'])) {
\OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
\OC_User::unsetMagicInCookie();
self::displayResetPasswordPage(true, $args);
} else {
self::displayResetPasswordPage(false, $args);
}
} else {
self::reset($args);
}
} else {
// Someone lost their password
self::displayLostPasswordPage(false, false);
}
}
}

199
core/lostpassword/controller/lostcontroller.php
Unescape Escape View File

@ -0,0 +1,199 @@
<?php
/**
* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword\Controller;
use \OCP\AppFramework\Controller;
use \OCP\AppFramework\Http\JSONResponse;
use \OCP\AppFramework\Http\TemplateResponse;
use \OCP\IURLGenerator;
use \OCP\IRequest;
use \OCP\IL10N;
use \OCP\IConfig;
use \OCP\IUserSession;
use \OC\Core\LostPassword\EncryptedDataException;
class LostController extends Controller {
protected $urlGenerator;
protected $userManager;
protected $defaults;
protected $l10n;
protected $from;
protected $isDataEncrypted;
protected $config;
protected $userSession;
public function __construct($appName,
IRequest $request,
IURLGenerator $urlGenerator,
$userManager,
$defaults,
IL10N $l10n,
IConfig $config,
IUserSession $userSession,
$from,
$isDataEncrypted) {
parent::__construct($appName, $request);
$this->urlGenerator = $urlGenerator;
$this->userManager = $userManager;
$this->defaults = $defaults;
$this->l10n = $l10n;
$this->from = $from;
$this->isDataEncrypted = $isDataEncrypted;
$this->config = $config;
$this->userSession = $userSession;
}
/**
* Someone wants to reset their password:
*
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @param string $userId
*/
public function resetform($token, $userId) {
return new TemplateResponse(
'core/lostpassword',
'resetpassword',
array(
'isEncrypted' => $this->isDataEncrypted,
'link' => $this->getLink('core.lost.setPassword', $userId, $token),
),
'guest'
);
}
private function error($message, array $additional=array()) {
return array_merge(array('status' => 'error', 'msg' => $message), $additional);
}
private function success() {
return array('status'=>'success');
}
/**
* @PublicPage
*
* @param string $user
* @param bool $proceed
*/
public function email($user, $proceed){
// FIXME: use HTTP error codes
try {
$this->sendEmail($user, $proceed);
} catch (EncryptedDataException $e){
return $this->error('', array('encryption' => '1'));
} catch (\Exception $e){
return $this->error($e->getMessage());
}
return $this->success();
}
/**
* @PublicPage
*/
public function setPassword($token, $userId, $password) {
try {
$user = $this->userManager->get($userId);
if (!$this->checkToken($userId, $token)) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
if (!$user->setPassword($userId, $password)) {
throw new \Exception();
}
// FIXME: should be added to the all config at some point
\OC_Preferences::deleteKey($userId, 'owncloud', 'lostpassword');
$this->userSession->unsetMagicInCookie();
} catch (\Exception $e){
return $this->error($e->getMessage());
}
return $this->success();
}
protected function sendEmail($user, $proceed) {
if ($this->isDataEncrypted && !$proceed){
throw new EncryptedDataException();
}
if (!$this->userManager->userExists($user)) {
throw new \Exception(
$this->l10n->t('Couldn\'t send reset email. Please make sure '.
'your username is correct.'));
}
$token = hash('sha256', \OC_Util::generateRandomBytes(30));
// Hash the token again to prevent timing attacks
$this->config->setUserValue(
$user, 'owncloud', 'lostpassword', hash('sha256', $token)
);
$email = $this->config->getUserValue($user, 'settings', 'email');
if (empty($email)) {
throw new \Exception(
$this->l10n->t('Couldn\'t send reset email because there is no '.
'email address for this username. Please ' .
'contact your administrator.')
);
}
$link = $this->getLink('core.lost.resetform', $user, $token);
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link, false);
$msg = $tmpl->fetchPage();
try {
// FIXME: should be added to the container and injected in here
\OC_Mail::send(
$email,
$user,
$this->l10n->t('%s password reset', array($this->defaults->getName())),
$msg,
$this->from,
$this->defaults->getName()
);
} catch (\Exception $e) {
throw new \Exception($this->l10n->t(
'Couldn\'t send reset email. Please contact your administrator.'
));
}
}
protected function getLink($route, $user, $token){
$parameters = array(
'token' => $token,
'userId' => $user
);
$link = $this->urlGenerator->linkToRoute($route, $parameters);
return $this->urlGenerator->getAbsoluteUrl($link);
}
protected function checkToken($user, $token) {
return $this->config->getUserValue(
$user, 'owncloud', 'lostpassword'
) === hash('sha256', $token);
}
}

7
core/lostpassword/css/resetpassword.css
Unescape Escape View File

@ -0,0 +1,7 @@
#reset-password p {
position: relative;
}
#password-icon {
top: 20px;
}

14
core/lostpassword/encrypteddataexception.php
Unescape Escape View File

@ -0,0 +1,14 @@
<?php
/**
* @author Victor Dubiniuk
* @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
*
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
namespace OC\Core\LostPassword;
class EncryptedDataException extends \Exception{
}

47
core/lostpassword/templates/lostpassword.php
Unescape Escape View File

@ -1,35 +1,20 @@
<?php <?php
//load the file we need //load the file we need
OCP\Util::addStyle('lostpassword', 'lostpassword'); OCP\Util::addStyle('lostpassword', 'lostpassword'); ?>
if ($_['requested']): ?> <form action="<?php print_unescaped($_['link']) ?>" method="post">
<div class="update"><p> <fieldset>
<?php <div class="update"><?php p($l->t('You will receive a link to reset your password via Email.')); ?></div>
print_unescaped($l->t('The link to reset your password has been sent to your email.<br>If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator .')); <p>
?> <input type="text" name="user" id="user" placeholder="<?php p($l->t( 'Username' )); ?>" value="" autocomplete="off" required autofocus />
</p></div> <label for="user" class="infield"><?php p($l->t( 'Username' )); ?></label>
<?php else: ?> <img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
<form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post"> <?php if ($_['isEncrypted']): ?>
<fieldset>
<?php if ($_['error']): ?>
<div class="error"><p>
<?php print_unescaped($l->t('Request failed!<br>Did you make sure your email/username was right?')); ?>
</p></div>
<?php endif; ?>
<div class="update"><?php print_unescaped($l->t('You will receive a link to reset your password via Email.')); ?></div>
<p>
<input type="text" name="user" id="user"
placeholder="<?php print_unescaped($l->t( 'Username' )); ?>"
value="" autocomplete="off" required autofocus />
<label for="user" class="infield"><?php print_unescaped($l->t( 'Username' )); ?></label>
<img class="svg" src="<?php print_unescaped(image_path('', 'actions/user.svg')); ?>" alt=""/>
<?php if ($_['isEncrypted']): ?>
<br /> <br />
<p class="warning"><?php print_unescaped($l->t("Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset. If you are not sure what to do, please contact your administrator before you continue. Do you really want to continue?")); ?><br /> <p class="warning"><?php p($l->t("Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset. If you are not sure what to do, please contact your administrator before you continue. Do you really want to continue?")); ?><br />
<input type="checkbox" name="continue" value="Yes" /> <input type="checkbox" name="continue" value="Yes" />
<?php print_unescaped($l->t('Yes, I really want to reset my password now')); ?></p> <?php p($l->t('Yes, I really want to reset my password now')); ?></p>
<?php endif; ?> <?php endif; ?>
</p> </p>
<input type="submit" id="submit" value="<?php print_unescaped($l->t('Reset')); ?>" /> <input type="submit" id="submit" value="<?php p($l->t('Reset')); ?>" />
</fieldset> </fieldset>
</form> </form>
<?php endif; ?>

22
core/lostpassword/templates/resetpassword.php
Unescape Escape View File

@ -1,16 +1,12 @@
<form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_reset', $_['args'])) ?>" method="post"> <?php OCP\Util::addStyle('lostpassword', 'resetpassword'); ?>
<form action="<?php print_unescaped($_['link']) ?>" id="reset-password" method="post">
<fieldset> <fieldset>
<?php if($_['success']): ?> <p>
<h1><?php p($l->t('Your password was reset')); ?></h1> <label for="password" class="infield"><?php p($l->t('New password')); ?></label>
<p><a href="<?php print_unescaped(OC_Helper::linkTo('', 'index.php')) ?>/"><?php p($l->t('To login page')); ?></a></p> <input type="password" name="password" id="password" value="" placeholder="<?php p($l->t('New Password')); ?>" required />
<?php else: ?> <img class="svg" id="password-icon" src="<?php print_unescaped(image_path('', 'actions/password.svg')); ?>" alt=""/>
<p> </p>
<label for="password" class="infield"><?php p($l->t('New password')); ?></label> <input type="submit" id="submit" value="<?php p($l->t('Reset password')); ?>" />
<input type="password" name="password" id="password"
placeholder="<?php p($l->t('New password')); ?>"
value="" required />
</p>
<input type="submit" id="submit" value="<?php p($l->t('Reset password')); ?>" />
<?php endif; ?>
</fieldset> </fieldset>
</form> </form>
<?php OCP\Util::addScript('core', 'lostpassword'); ?>

22
core/routes.php
Unescape Escape View File

@ -6,6 +6,16 @@
* See the COPYING-README file. * See the COPYING-README file.
*/ */
use OC\Core\LostPassword\Application;
$application = new Application();
$application->registerRoutes($this, array('routes' => array(
array('name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'),
array('name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'),
array('name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'),
)
));
// Post installation check // Post installation check
/** @var $this OCP\Route\IRouter */ /** @var $this OCP\Route\IRouter */
@ -70,18 +80,6 @@ $this->create('core_ajax_preview', '/core/preview')
->actionInclude('core/ajax/preview.php'); ->actionInclude('core/ajax/preview.php');
$this->create('core_ajax_preview', '/core/preview.png') $this->create('core_ajax_preview', '/core/preview.png')
->actionInclude('core/ajax/preview.php'); ->actionInclude('core/ajax/preview.php');
$this->create('core_lostpassword_index', '/lostpassword/')
->get()
->action('OC\Core\LostPassword\Controller', 'index');
$this->create('core_lostpassword_send_email', '/lostpassword/')
->post()
->action('OC\Core\LostPassword\Controller', 'sendEmail');
$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
->get()
->action('OC\Core\LostPassword\Controller', 'reset');
$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}')
->post()
->action('OC\Core\LostPassword\Controller', 'resetPassword');
// Avatar routes // Avatar routes
$this->create('core_avatar_get_tmp', '/avatar/tmp') $this->create('core_avatar_get_tmp', '/avatar/tmp')

6
core/templates/login.php
Unescape Escape View File

@ -46,8 +46,8 @@
</p> </p>
<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?> <?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
<a class="warning" href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>"> <a id="lost-password" class="warning" href="">
<?php p($l->t('Lost your password?')); ?> <?php p($l->t('Forgot your password? Reset it!')); ?>
</a> </a>
<?php endif; ?> <?php endif; ?>
<?php if ($_['rememberLoginAllowed'] === true) : ?> <?php if ($_['rememberLoginAllowed'] === true) : ?>
@ -74,4 +74,4 @@
<?php <?php
OCP\Util::addscript('core', 'visitortimezone'); OCP\Util::addscript('core', 'visitortimezone');
OCP\Util::addScript('core', 'lostpassword');

Write Preview
Loading…
Cancel
Save