Change the lostpassword flow to a controller

2012-10-17 17:24:49 +07:00 · 2012-10-17 17:24:49 +07:00 · 0a614429af
parent 6081bfa2bc
commit 0a614429af
6 changed files with 101 additions and 67 deletions
--- a/core/lostpassword/controller.php
+++ b/core/lostpassword/controller.php
@ -0,0 +1,82 @@
+<?php
+/**
+ * Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+class OC_Core_LostPassword_Controller {
+	protected static function displayLostPasswordPage($error, $requested) {
+		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => $error, 'requested' => $requested));
+	}
+	
+	protected static function displayResetPasswordPage($success, $args) {
+		$route_args = array();
+		$route_args['token'] = $args['token'];
+		$route_args['user'] = $args['user'];
+		OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => $success, 'args' => $route_args));
+	}
+
+	protected static function checkToken($user, $token) {
+		return OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
+	}
+
+	public static function index($args) {
+		self::displayLostPasswordPage(false, false);
+	}
+
+	public static function sendEmail($args) {
+		if (OC_User::userExists($_POST['user'])) {
+			$token = hash('sha256', OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
+			OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash('sha256', $token)); // Hash the token again to prevent timing attacks
+			$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
+			if (!empty($email)) {
+				$link = OC_Helper::linkToRoute('core_lostpassword_reset', array('user' => $_POST['user'], 'token' => $token));
+				$link = OC_Helper::makeURLAbsolute($link);
+
+				$tmpl = new OC_Template('core/lostpassword', 'email');
+				$tmpl->assign('link', $link, false);
+				$msg = $tmpl->fetchPage();
+				$l = OC_L10N::get('core');
+				$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
+				OC_Mail::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
+				echo('Mailsent');
+
+				self::displayLostPasswordPage(false, true);
+			} else {
+				self::displayLostPasswordPage(true, false);
+			}
+		} else {
+			self::displayLostPasswordPage(true, false);
+		}
+	}
+
+	public static function reset($args) {
+		// Someone wants to reset their password:
+		if(self::checkToken($args['user'], $args['token'])) {
+			self::displayResetPasswordPage(false, $args);
+		} else {
+			// Someone lost their password
+			self::displayLostPasswordPage(false, false);
+		}
+	}
+
+	public static function resetPassword($args) {
+		if (self::checkToken($args['user'], $args['token'])) {
+			if (isset($_POST['password'])) {
+				if (OC_User::setPassword($args['user'], $_POST['password'])) {
+					OC_Preferences::deleteKey($args['user'], 'owncloud', 'lostpassword');
+					self::displayResetPasswordPage(true, $args);
+				} else {
+					self::displayResetPasswordPage(false, $args);
+				}
+			} else {
+				self::reset($args);
+			}
+		} else {
+			// Someone lost their password
+			self::displayLostPasswordPage(false, false);
+		}
+	}
+}
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@ -1,35 +0,0 @@
-<?php
-/**
- * Copyright (c) 2012 Frank Karlitschek frank@owncloud.org
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
-*/
-
-$RUNTIME_NOAPPS = TRUE; //no apps
-require_once '../../lib/base.php';
-
-
-// Someone lost their password:
-if (isset($_POST['user'])) {
-	if (OC_User::userExists($_POST['user'])) {
-		$token = hash("sha256", OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
-		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', hash("sha256", $token)); // Hash the token again to prevent timing attacks
-		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
-		if (!empty($email)) {
-			$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php', array('user' => $_POST['user'], 'token' => $token));
-			$tmpl = new OC_Template('core/lostpassword', 'email');
-			$tmpl->assign('link', $link, false);
-			$msg = $tmpl->fetchPage();
-			$l = OC_L10N::get('core');
-			$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
-			OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
-			echo('sent');
-		}
-		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true));
-	} else {
-		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false));
-	}
-} else {
-	OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false));
-}
--- a/core/lostpassword/resetpassword.php
+++ b/core/lostpassword/resetpassword.php
@ -1,27 +0,0 @@
-<?php
-/**
- * Copyright (c) 2012 Frank Karlitschek frank@owncloud.org
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
-*/
-
-$RUNTIME_NOAPPS = TRUE; //no apps
-require_once '../../lib/base.php';
-
-// Someone wants to reset their password:
-if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === hash("sha256", $_GET['token'])) {
-	if (isset($_POST['password'])) {
-		if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
-			OC_Preferences::deleteKey($_GET['user'], 'owncloud', 'lostpassword');
-			OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => true));
-		} else {
-			OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false));
-		}
-	} else {
-		OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => false));
-	}
-} else {
-	// Someone lost their password
-	OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false));
-}
--- a/core/lostpassword/templates/lostpassword.php
+++ b/core/lostpassword/templates/lostpassword.php
@ -1,11 +1,11 @@
-<form action="index.php" method="post">
+<form action="<?php echo OC_Helper::linkToRoute('core_lostpassword_send_email') ?>" method="post">
 	<fieldset>
 		<?php echo $l->t('You will receive a link to reset your password via Email.'); ?>
 		<?php if ($_['requested']): ?>
-			<?php echo $l->t('Requested'); ?>
+			<?php echo $l->t('Reset email send.'); ?>
 		<?php else: ?>
 			<?php if ($_['error']): ?>
-				<?php echo $l->t('Login failed!'); ?>
+				<?php echo $l->t('Request failed!'); ?>
 			<?php endif; ?>
 			<p class="infield">
 				<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
--- a/core/lostpassword/templates/resetpassword.php
+++ b/core/lostpassword/templates/resetpassword.php
@ -1,8 +1,8 @@
-<form action="<?php echo 'resetpassword.php?'.$_SERVER['QUERY_STRING']; ?>" method="post">
+<form action="<?php echo OC_Helper::linkToRoute('core_lostpassword_reset', $_['args']) ?>" method="post">
 	<fieldset>
 		<?php if($_['success']): ?>
 			<h1><?php echo $l->t('Your password was reset'); ?></h1>
-			<p><a href="<?php echo OC::$WEBROOT ?>/"><?php echo $l->t('To login page'); ?></a></p>
+			<p><a href="<?php echo OC_Helper::linkTo('', 'index.php') ?>/"><?php echo $l->t('To login page'); ?></a></p>
 		<?php else: ?>
 			<p class="infield">
 				<label for="password" class="infield"><?php echo $l->t( 'New password' ); ?></label>
--- a/core/routes.php
+++ b/core/routes.php
@ -32,6 +32,20 @@ $this->create('core_ajax_vcategories_edit', '/core/ajax/vcategories/edit.php')
 $this->create('core_ajax_routes', '/core/routes.json')
 	->action('OC_Router', 'JSRoutes');

+OC::$CLASSPATH['OC_Core_LostPassword_Controller'] = 'core/lostpassword/controller.php';
+$this->create('core_lostpassword_index', '/lostpassword/')
+	->get()
+	->action('OC_Core_LostPassword_Controller', 'index');
+$this->create('core_lostpassword_send_email', '/lostpassword/')
+	->post()
+	->action('OC_Core_LostPassword_Controller', 'sendEmail');
+$this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
+	->get()
+	->action('OC_Core_LostPassword_Controller', 'reset');
+$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}')
+	->post()
+	->action('OC_Core_LostPassword_Controller', 'resetPassword');
+
 // Not specifically routed
 $this->create('app_css', '/apps/{app}/{file}')
 	->requirements(array('file' => '.*.css'))