UsersController.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author Bjoern Schiessle <bjoern@schiessle.org>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Daniel Calviño Sánchez <danxuliu@gmail.com>
  10. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  11. * @author GretaD <gretadoci@gmail.com>
  12. * @author Joas Schilling <coding@schilljs.com>
  13. * @author John Molakvoæ <skjnldsv@protonmail.com>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Roeland Jago Douma <roeland@famdouma.nl>
  16. * @author Vincent Petry <vincent@nextcloud.com>
  17. * @author Kate Döen <kate.doeen@nextcloud.com>
  18. *
  19. * @license AGPL-3.0
  20. *
  21. * This code is free software: you can redistribute it and/or modify
  22. * it under the terms of the GNU Affero General Public License, version 3,
  23. * as published by the Free Software Foundation.
  24. *
  25. * This program is distributed in the hope that it will be useful,
  26. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  27. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  28. * GNU Affero General Public License for more details.
  29. *
  30. * You should have received a copy of the GNU Affero General Public License, version 3,
  31. * along with this program. If not, see <http://www.gnu.org/licenses/>
  32. *
  33. */
  34. namespace OCA\Settings\Controller;
  35. use InvalidArgumentException;
  36. use OC\AppFramework\Http;
  37. use OC\Encryption\Exceptions\ModuleDoesNotExistsException;
  38. use OC\ForbiddenException;
  39. use OC\KnownUser\KnownUserService;
  40. use OC\Security\IdentityProof\Manager;
  41. use OC\User\Manager as UserManager;
  42. use OCA\Settings\BackgroundJobs\VerifyUserData;
  43. use OCA\Settings\Events\BeforeTemplateRenderedEvent;
  44. use OCA\User_LDAP\User_Proxy;
  45. use OCP\Accounts\IAccount;
  46. use OCP\Accounts\IAccountManager;
  47. use OCP\Accounts\PropertyDoesNotExistException;
  48. use OCP\App\IAppManager;
  49. use OCP\AppFramework\Controller;
  50. use OCP\AppFramework\Http\Attribute\OpenAPI;
  51. use OCP\AppFramework\Http\DataResponse;
  52. use OCP\AppFramework\Http\JSONResponse;
  53. use OCP\AppFramework\Http\TemplateResponse;
  54. use OCP\AppFramework\Services\IInitialState;
  55. use OCP\BackgroundJob\IJobList;
  56. use OCP\Encryption\IManager;
  57. use OCP\EventDispatcher\IEventDispatcher;
  58. use OCP\IConfig;
  59. use OCP\IGroupManager;
  60. use OCP\IL10N;
  61. use OCP\IRequest;
  62. use OCP\IUser;
  63. use OCP\IUserSession;
  64. use OCP\L10N\IFactory;
  65. use OCP\Mail\IMailer;
  66. use function in_array;
  67. #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
  68. class UsersController extends Controller {
  69. public function __construct(
  70. string $appName,
  71. IRequest $request,
  72. private UserManager $userManager,
  73. private IGroupManager $groupManager,
  74. private IUserSession $userSession,
  75. private IConfig $config,
  76. private IL10N $l10n,
  77. private IMailer $mailer,
  78. private IFactory $l10nFactory,
  79. private IAppManager $appManager,
  80. private IAccountManager $accountManager,
  81. private Manager $keyManager,
  82. private IJobList $jobList,
  83. private IManager $encryptionManager,
  84. private KnownUserService $knownUserService,
  85. private IEventDispatcher $dispatcher,
  86. private IInitialState $initialState,
  87. ) {
  88. parent::__construct($appName, $request);
  89. }
  90. /**
  91. * @NoCSRFRequired
  92. * @NoAdminRequired
  93. *
  94. * Display users list template
  95. *
  96. * @return TemplateResponse
  97. */
  98. public function usersListByGroup(): TemplateResponse {
  99. return $this->usersList();
  100. }
  101. /**
  102. * @NoCSRFRequired
  103. * @NoAdminRequired
  104. *
  105. * Display users list template
  106. *
  107. * @return TemplateResponse
  108. */
  109. public function usersList(): TemplateResponse {
  110. $user = $this->userSession->getUser();
  111. $uid = $user->getUID();
  112. $isAdmin = $this->groupManager->isAdmin($uid);
  113. \OC::$server->getNavigationManager()->setActiveEntry('core_users');
  114. /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
  115. $sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
  116. $isLDAPUsed = false;
  117. if ($this->config->getSystemValueBool('sort_groups_by_name', false)) {
  118. $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
  119. } else {
  120. if ($this->appManager->isEnabledForUser('user_ldap')) {
  121. $isLDAPUsed =
  122. $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
  123. if ($isLDAPUsed) {
  124. // LDAP user count can be slow, so we sort by group name here
  125. $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
  126. }
  127. }
  128. }
  129. $canChangePassword = $this->canAdminChangeUserPasswords();
  130. /* GROUPS */
  131. $groupsInfo = new \OC\Group\MetaData(
  132. $uid,
  133. $isAdmin,
  134. $this->groupManager,
  135. $this->userSession
  136. );
  137. $groupsInfo->setSorting($sortGroupsBy);
  138. [$adminGroup, $groups] = $groupsInfo->get();
  139. if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
  140. $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
  141. return $ldapFound || $backend instanceof User_Proxy;
  142. });
  143. }
  144. $disabledUsers = -1;
  145. $userCount = 0;
  146. if (!$isLDAPUsed) {
  147. if ($isAdmin) {
  148. $disabledUsers = $this->userManager->countDisabledUsers();
  149. $userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
  150. return $v + (int)$w;
  151. }, 0);
  152. } else {
  153. // User is subadmin !
  154. // Map group list to names to retrieve the countDisabledUsersOfGroups
  155. $userGroups = $this->groupManager->getUserGroups($user);
  156. $groupsNames = [];
  157. foreach ($groups as $key => $group) {
  158. // $userCount += (int)$group['usercount'];
  159. $groupsNames[] = $group['name'];
  160. // we prevent subadmins from looking up themselves
  161. // so we lower the count of the groups he belongs to
  162. if (array_key_exists($group['id'], $userGroups)) {
  163. $groups[$key]['usercount']--;
  164. $userCount -= 1; // we also lower from one the total count
  165. }
  166. }
  167. $userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());
  168. $disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);
  169. }
  170. $userCount -= $disabledUsers;
  171. }
  172. $disabledUsersGroup = [
  173. 'id' => 'disabled',
  174. 'name' => 'Disabled accounts',
  175. 'usercount' => $disabledUsers
  176. ];
  177. /* QUOTAS PRESETS */
  178. $quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
  179. $allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1';
  180. if (!$allowUnlimitedQuota && count($quotaPreset) > 0) {
  181. $defaultQuota = $this->config->getAppValue('files', 'default_quota', $quotaPreset[0]);
  182. } else {
  183. $defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');
  184. }
  185. $event = new BeforeTemplateRenderedEvent();
  186. $this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);
  187. $this->dispatcher->dispatchTyped($event);
  188. /* LANGUAGES */
  189. $languages = $this->l10nFactory->getLanguages();
  190. /** Using LDAP or admins (system config) can enfore sorting by group name, in this case the frontend setting is overwritten */
  191. $forceSortGroupByName = $sortGroupsBy === \OC\Group\MetaData::SORT_GROUPNAME;
  192. /* FINAL DATA */
  193. $serverData = [];
  194. // groups
  195. $serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
  196. // Various data
  197. $serverData['isAdmin'] = $isAdmin;
  198. $serverData['sortGroups'] = $forceSortGroupByName
  199. ? \OC\Group\MetaData::SORT_GROUPNAME
  200. : (int)$this->config->getAppValue('core', 'group.sortBy', (string)\OC\Group\MetaData::SORT_USERCOUNT);
  201. $serverData['forceSortGroupByName'] = $forceSortGroupByName;
  202. $serverData['quotaPreset'] = $quotaPreset;
  203. $serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;
  204. $serverData['userCount'] = $userCount;
  205. $serverData['languages'] = $languages;
  206. $serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
  207. $serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
  208. // Settings
  209. $serverData['defaultQuota'] = $defaultQuota;
  210. $serverData['canChangePassword'] = $canChangePassword;
  211. $serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';
  212. $serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';
  213. $serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';
  214. $this->initialState->provideInitialState('usersSettings', $serverData);
  215. \OCP\Util::addStyle('settings', 'settings');
  216. \OCP\Util::addScript('settings', 'vue-settings-apps-users-management');
  217. return new TemplateResponse('settings', 'settings/empty', ['pageTitle' => $this->l10n->t('Settings')]);
  218. }
  219. /**
  220. * @param string $key
  221. * @param string $value
  222. *
  223. * @return JSONResponse
  224. */
  225. public function setPreference(string $key, string $value): JSONResponse {
  226. $allowed = ['newUser.sendEmail', 'group.sortBy'];
  227. if (!in_array($key, $allowed, true)) {
  228. return new JSONResponse([], Http::STATUS_FORBIDDEN);
  229. }
  230. $this->config->setAppValue('core', $key, $value);
  231. return new JSONResponse([]);
  232. }
  233. /**
  234. * Parse the app value for quota_present
  235. *
  236. * @param string $quotaPreset
  237. * @return array
  238. */
  239. protected function parseQuotaPreset(string $quotaPreset): array {
  240. // 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
  241. $presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
  242. // Drop default and none, Make array indexes numerically
  243. return array_values(array_diff($presets, ['default', 'none']));
  244. }
  245. /**
  246. * check if the admin can change the users password
  247. *
  248. * The admin can change the passwords if:
  249. *
  250. * - no encryption module is loaded and encryption is disabled
  251. * - encryption module is loaded but it doesn't require per user keys
  252. *
  253. * The admin can not change the passwords if:
  254. *
  255. * - an encryption module is loaded and it uses per-user keys
  256. * - encryption is enabled but no encryption modules are loaded
  257. *
  258. * @return bool
  259. */
  260. protected function canAdminChangeUserPasswords(): bool {
  261. $isEncryptionEnabled = $this->encryptionManager->isEnabled();
  262. try {
  263. $noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
  264. $isEncryptionModuleLoaded = true;
  265. } catch (ModuleDoesNotExistsException $e) {
  266. $noUserSpecificEncryptionKeys = true;
  267. $isEncryptionModuleLoaded = false;
  268. }
  269. $canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
  270. || (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);
  271. return $canChangePassword;
  272. }
  273. /**
  274. * @NoAdminRequired
  275. * @NoSubAdminRequired
  276. * @PasswordConfirmationRequired
  277. *
  278. * @param string|null $avatarScope
  279. * @param string|null $displayname
  280. * @param string|null $displaynameScope
  281. * @param string|null $phone
  282. * @param string|null $phoneScope
  283. * @param string|null $email
  284. * @param string|null $emailScope
  285. * @param string|null $website
  286. * @param string|null $websiteScope
  287. * @param string|null $address
  288. * @param string|null $addressScope
  289. * @param string|null $twitter
  290. * @param string|null $twitterScope
  291. * @param string|null $fediverse
  292. * @param string|null $fediverseScope
  293. *
  294. * @return DataResponse
  295. */
  296. public function setUserSettings(?string $avatarScope = null,
  297. ?string $displayname = null,
  298. ?string $displaynameScope = null,
  299. ?string $phone = null,
  300. ?string $phoneScope = null,
  301. ?string $email = null,
  302. ?string $emailScope = null,
  303. ?string $website = null,
  304. ?string $websiteScope = null,
  305. ?string $address = null,
  306. ?string $addressScope = null,
  307. ?string $twitter = null,
  308. ?string $twitterScope = null,
  309. ?string $fediverse = null,
  310. ?string $fediverseScope = null
  311. ) {
  312. $user = $this->userSession->getUser();
  313. if (!$user instanceof IUser) {
  314. return new DataResponse(
  315. [
  316. 'status' => 'error',
  317. 'data' => [
  318. 'message' => $this->l10n->t('Invalid account')
  319. ]
  320. ],
  321. Http::STATUS_UNAUTHORIZED
  322. );
  323. }
  324. $email = !is_null($email) ? strtolower($email) : $email;
  325. if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
  326. return new DataResponse(
  327. [
  328. 'status' => 'error',
  329. 'data' => [
  330. 'message' => $this->l10n->t('Invalid mail address')
  331. ]
  332. ],
  333. Http::STATUS_UNPROCESSABLE_ENTITY
  334. );
  335. }
  336. $userAccount = $this->accountManager->getAccount($user);
  337. $oldPhoneValue = $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
  338. $updatable = [
  339. IAccountManager::PROPERTY_AVATAR => ['value' => null, 'scope' => $avatarScope],
  340. IAccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],
  341. IAccountManager::PROPERTY_EMAIL => ['value' => $email, 'scope' => $emailScope],
  342. IAccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],
  343. IAccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],
  344. IAccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],
  345. IAccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope],
  346. IAccountManager::PROPERTY_FEDIVERSE => ['value' => $fediverse, 'scope' => $fediverseScope],
  347. ];
  348. $allowUserToChangeDisplayName = $this->config->getSystemValueBool('allow_user_to_change_display_name', true);
  349. foreach ($updatable as $property => $data) {
  350. if ($allowUserToChangeDisplayName === false
  351. && in_array($property, [IAccountManager::PROPERTY_DISPLAYNAME, IAccountManager::PROPERTY_EMAIL], true)) {
  352. continue;
  353. }
  354. $property = $userAccount->getProperty($property);
  355. if (null !== $data['value']) {
  356. $property->setValue($data['value']);
  357. }
  358. if (null !== $data['scope']) {
  359. $property->setScope($data['scope']);
  360. }
  361. }
  362. try {
  363. $this->saveUserSettings($userAccount);
  364. if ($oldPhoneValue !== $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue()) {
  365. $this->knownUserService->deleteByContactUserId($user->getUID());
  366. }
  367. return new DataResponse(
  368. [
  369. 'status' => 'success',
  370. 'data' => [
  371. 'userId' => $user->getUID(),
  372. 'avatarScope' => $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR)->getScope(),
  373. 'displayname' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue(),
  374. 'displaynameScope' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getScope(),
  375. 'phone' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue(),
  376. 'phoneScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getScope(),
  377. 'email' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue(),
  378. 'emailScope' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getScope(),
  379. 'website' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getValue(),
  380. 'websiteScope' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getScope(),
  381. 'address' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(),
  382. 'addressScope' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getScope(),
  383. 'twitter' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getValue(),
  384. 'twitterScope' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getScope(),
  385. 'fediverse' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue(),
  386. 'fediverseScope' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getScope(),
  387. 'message' => $this->l10n->t('Settings saved'),
  388. ],
  389. ],
  390. Http::STATUS_OK
  391. );
  392. } catch (ForbiddenException | InvalidArgumentException | PropertyDoesNotExistException $e) {
  393. return new DataResponse([
  394. 'status' => 'error',
  395. 'data' => [
  396. 'message' => $e->getMessage()
  397. ],
  398. ]);
  399. }
  400. }
  401. /**
  402. * update account manager with new user data
  403. *
  404. * @throws ForbiddenException
  405. * @throws InvalidArgumentException
  406. */
  407. protected function saveUserSettings(IAccount $userAccount): void {
  408. // keep the user back-end up-to-date with the latest display name and email
  409. // address
  410. $oldDisplayName = $userAccount->getUser()->getDisplayName();
  411. if ($oldDisplayName !== $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue()) {
  412. $result = $userAccount->getUser()->setDisplayName($userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue());
  413. if ($result === false) {
  414. throw new ForbiddenException($this->l10n->t('Unable to change full name'));
  415. }
  416. }
  417. $oldEmailAddress = $userAccount->getUser()->getSystemEMailAddress();
  418. $oldEmailAddress = strtolower((string)$oldEmailAddress);
  419. if ($oldEmailAddress !== strtolower($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue())) {
  420. // this is the only permission a backend provides and is also used
  421. // for the permission of setting a email address
  422. if (!$userAccount->getUser()->canChangeDisplayName()) {
  423. throw new ForbiddenException($this->l10n->t('Unable to change email address'));
  424. }
  425. $userAccount->getUser()->setSystemEMailAddress($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue());
  426. }
  427. try {
  428. $this->accountManager->updateAccount($userAccount);
  429. } catch (InvalidArgumentException $e) {
  430. if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
  431. throw new InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
  432. }
  433. if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
  434. throw new InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
  435. }
  436. throw new InvalidArgumentException($this->l10n->t('Some account data was invalid'));
  437. }
  438. }
  439. /**
  440. * Set the mail address of a user
  441. *
  442. * @NoAdminRequired
  443. * @NoSubAdminRequired
  444. * @PasswordConfirmationRequired
  445. *
  446. * @param string $account
  447. * @param bool $onlyVerificationCode only return verification code without updating the data
  448. * @return DataResponse
  449. */
  450. public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
  451. $user = $this->userSession->getUser();
  452. if ($user === null) {
  453. return new DataResponse([], Http::STATUS_BAD_REQUEST);
  454. }
  455. $userAccount = $this->accountManager->getAccount($user);
  456. $cloudId = $user->getCloudId();
  457. $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
  458. $signature = $this->signMessage($user, $message);
  459. $code = $message . ' ' . $signature;
  460. $codeMd5 = $message . ' ' . md5($signature);
  461. switch ($account) {
  462. case 'verify-twitter':
  463. $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
  464. $code = $codeMd5;
  465. $type = IAccountManager::PROPERTY_TWITTER;
  466. break;
  467. case 'verify-website':
  468. $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
  469. $type = IAccountManager::PROPERTY_WEBSITE;
  470. break;
  471. default:
  472. return new DataResponse([], Http::STATUS_BAD_REQUEST);
  473. }
  474. $userProperty = $userAccount->getProperty($type);
  475. $userProperty
  476. ->setVerified(IAccountManager::VERIFICATION_IN_PROGRESS)
  477. ->setVerificationData($signature);
  478. if ($onlyVerificationCode === false) {
  479. $this->accountManager->updateAccount($userAccount);
  480. $this->jobList->add(VerifyUserData::class,
  481. [
  482. 'verificationCode' => $code,
  483. 'data' => $userProperty->getValue(),
  484. 'type' => $type,
  485. 'uid' => $user->getUID(),
  486. 'try' => 0,
  487. 'lastRun' => $this->getCurrentTime()
  488. ]
  489. );
  490. }
  491. return new DataResponse(['msg' => $msg, 'code' => $code]);
  492. }
  493. /**
  494. * get current timestamp
  495. *
  496. * @return int
  497. */
  498. protected function getCurrentTime(): int {
  499. return time();
  500. }
  501. /**
  502. * sign message with users private key
  503. *
  504. * @param IUser $user
  505. * @param string $message
  506. *
  507. * @return string base64 encoded signature
  508. */
  509. protected function signMessage(IUser $user, string $message): string {
  510. $privateKey = $this->keyManager->getKey($user)->getPrivate();
  511. openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
  512. return base64_encode($signature);
  513. }
  514. }