UsersController.php 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author Bjoern Schiessle <bjoern@schiessle.org>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Daniel Calviño Sánchez <danxuliu@gmail.com>
  10. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  11. * @author GretaD <gretadoci@gmail.com>
  12. * @author Joas Schilling <coding@schilljs.com>
  13. * @author John Molakvoæ <skjnldsv@protonmail.com>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Roeland Jago Douma <roeland@famdouma.nl>
  16. * @author Vincent Petry <vincent@nextcloud.com>
  17. *
  18. * @license AGPL-3.0
  19. *
  20. * This code is free software: you can redistribute it and/or modify
  21. * it under the terms of the GNU Affero General Public License, version 3,
  22. * as published by the Free Software Foundation.
  23. *
  24. * This program is distributed in the hope that it will be useful,
  25. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  26. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  27. * GNU Affero General Public License for more details.
  28. *
  29. * You should have received a copy of the GNU Affero General Public License, version 3,
  30. * along with this program. If not, see <http://www.gnu.org/licenses/>
  31. *
  32. */
  33. // FIXME: disabled for now to be able to inject IGroupManager and also use
  34. // getSubAdmin()
  35. namespace OCA\Settings\Controller;
  36. use InvalidArgumentException;
  37. use OC\AppFramework\Http;
  38. use OC\Encryption\Exceptions\ModuleDoesNotExistsException;
  39. use OC\ForbiddenException;
  40. use OC\Group\Manager as GroupManager;
  41. use OC\KnownUser\KnownUserService;
  42. use OC\L10N\Factory;
  43. use OC\Security\IdentityProof\Manager;
  44. use OC\User\Manager as UserManager;
  45. use OCA\Settings\BackgroundJobs\VerifyUserData;
  46. use OCA\Settings\Events\BeforeTemplateRenderedEvent;
  47. use OCA\User_LDAP\User_Proxy;
  48. use OCP\Accounts\IAccount;
  49. use OCP\Accounts\IAccountManager;
  50. use OCP\Accounts\PropertyDoesNotExistException;
  51. use OCP\App\IAppManager;
  52. use OCP\AppFramework\Controller;
  53. use OCP\AppFramework\Http\DataResponse;
  54. use OCP\AppFramework\Http\JSONResponse;
  55. use OCP\AppFramework\Http\TemplateResponse;
  56. use OCP\BackgroundJob\IJobList;
  57. use OCP\Encryption\IManager;
  58. use OCP\EventDispatcher\IEventDispatcher;
  59. use OCP\IConfig;
  60. use OCP\IGroupManager;
  61. use OCP\IL10N;
  62. use OCP\IRequest;
  63. use OCP\IUser;
  64. use OCP\IUserManager;
  65. use OCP\IUserSession;
  66. use OCP\L10N\IFactory;
  67. use OCP\Mail\IMailer;
  68. use function in_array;
  69. class UsersController extends Controller {
  70. /** @var UserManager */
  71. private $userManager;
  72. /** @var GroupManager */
  73. private $groupManager;
  74. /** @var IUserSession */
  75. private $userSession;
  76. /** @var IConfig */
  77. private $config;
  78. /** @var bool */
  79. private $isAdmin;
  80. /** @var IL10N */
  81. private $l10n;
  82. /** @var IMailer */
  83. private $mailer;
  84. /** @var Factory */
  85. private $l10nFactory;
  86. /** @var IAppManager */
  87. private $appManager;
  88. /** @var IAccountManager */
  89. private $accountManager;
  90. /** @var Manager */
  91. private $keyManager;
  92. /** @var IJobList */
  93. private $jobList;
  94. /** @var IManager */
  95. private $encryptionManager;
  96. /** @var KnownUserService */
  97. private $knownUserService;
  98. /** @var IEventDispatcher */
  99. private $dispatcher;
  100. public function __construct(
  101. string $appName,
  102. IRequest $request,
  103. IUserManager $userManager,
  104. IGroupManager $groupManager,
  105. IUserSession $userSession,
  106. IConfig $config,
  107. bool $isAdmin,
  108. IL10N $l10n,
  109. IMailer $mailer,
  110. IFactory $l10nFactory,
  111. IAppManager $appManager,
  112. IAccountManager $accountManager,
  113. Manager $keyManager,
  114. IJobList $jobList,
  115. IManager $encryptionManager,
  116. KnownUserService $knownUserService,
  117. IEventDispatcher $dispatcher
  118. ) {
  119. parent::__construct($appName, $request);
  120. $this->userManager = $userManager;
  121. $this->groupManager = $groupManager;
  122. $this->userSession = $userSession;
  123. $this->config = $config;
  124. $this->isAdmin = $isAdmin;
  125. $this->l10n = $l10n;
  126. $this->mailer = $mailer;
  127. $this->l10nFactory = $l10nFactory;
  128. $this->appManager = $appManager;
  129. $this->accountManager = $accountManager;
  130. $this->keyManager = $keyManager;
  131. $this->jobList = $jobList;
  132. $this->encryptionManager = $encryptionManager;
  133. $this->knownUserService = $knownUserService;
  134. $this->dispatcher = $dispatcher;
  135. }
  136. /**
  137. * @NoCSRFRequired
  138. * @NoAdminRequired
  139. *
  140. * Display users list template
  141. *
  142. * @return TemplateResponse
  143. */
  144. public function usersListByGroup(): TemplateResponse {
  145. return $this->usersList();
  146. }
  147. /**
  148. * @NoCSRFRequired
  149. * @NoAdminRequired
  150. *
  151. * Display users list template
  152. *
  153. * @return TemplateResponse
  154. */
  155. public function usersList(): TemplateResponse {
  156. $user = $this->userSession->getUser();
  157. $uid = $user->getUID();
  158. \OC::$server->getNavigationManager()->setActiveEntry('core_users');
  159. /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
  160. $sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
  161. $isLDAPUsed = false;
  162. if ($this->config->getSystemValue('sort_groups_by_name', false)) {
  163. $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
  164. } else {
  165. if ($this->appManager->isEnabledForUser('user_ldap')) {
  166. $isLDAPUsed =
  167. $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
  168. if ($isLDAPUsed) {
  169. // LDAP user count can be slow, so we sort by group name here
  170. $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
  171. }
  172. }
  173. }
  174. $canChangePassword = $this->canAdminChangeUserPasswords();
  175. /* GROUPS */
  176. $groupsInfo = new \OC\Group\MetaData(
  177. $uid,
  178. $this->isAdmin,
  179. $this->groupManager,
  180. $this->userSession
  181. );
  182. $groupsInfo->setSorting($sortGroupsBy);
  183. [$adminGroup, $groups] = $groupsInfo->get();
  184. if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
  185. $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
  186. return $ldapFound || $backend instanceof User_Proxy;
  187. });
  188. }
  189. $disabledUsers = -1;
  190. $userCount = 0;
  191. if (!$isLDAPUsed) {
  192. if ($this->isAdmin) {
  193. $disabledUsers = $this->userManager->countDisabledUsers();
  194. $userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
  195. return $v + (int)$w;
  196. }, 0);
  197. } else {
  198. // User is subadmin !
  199. // Map group list to names to retrieve the countDisabledUsersOfGroups
  200. $userGroups = $this->groupManager->getUserGroups($user);
  201. $groupsNames = [];
  202. foreach ($groups as $key => $group) {
  203. // $userCount += (int)$group['usercount'];
  204. array_push($groupsNames, $group['name']);
  205. // we prevent subadmins from looking up themselves
  206. // so we lower the count of the groups he belongs to
  207. if (array_key_exists($group['id'], $userGroups)) {
  208. $groups[$key]['usercount']--;
  209. $userCount -= 1; // we also lower from one the total count
  210. }
  211. }
  212. $userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());
  213. $disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);
  214. }
  215. $userCount -= $disabledUsers;
  216. }
  217. $disabledUsersGroup = [
  218. 'id' => 'disabled',
  219. 'name' => 'Disabled users',
  220. 'usercount' => $disabledUsers
  221. ];
  222. /* QUOTAS PRESETS */
  223. $quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
  224. $allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1';
  225. if (!$allowUnlimitedQuota && count($quotaPreset) > 0) {
  226. $defaultQuota = $this->config->getAppValue('files', 'default_quota', $quotaPreset[0]);
  227. } else {
  228. $defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');
  229. }
  230. $event = new BeforeTemplateRenderedEvent();
  231. $this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);
  232. $this->dispatcher->dispatchTyped($event);
  233. /* LANGUAGES */
  234. $languages = $this->l10nFactory->getLanguages();
  235. /* FINAL DATA */
  236. $serverData = [];
  237. // groups
  238. $serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
  239. // Various data
  240. $serverData['isAdmin'] = $this->isAdmin;
  241. $serverData['sortGroups'] = $sortGroupsBy;
  242. $serverData['quotaPreset'] = $quotaPreset;
  243. $serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;
  244. $serverData['userCount'] = $userCount;
  245. $serverData['languages'] = $languages;
  246. $serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
  247. $serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
  248. // Settings
  249. $serverData['defaultQuota'] = $defaultQuota;
  250. $serverData['canChangePassword'] = $canChangePassword;
  251. $serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';
  252. $serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';
  253. $serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';
  254. return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData, 'pageTitle' => $this->l10n->t('Users')]);
  255. }
  256. /**
  257. * @param string $key
  258. * @param string $value
  259. *
  260. * @return JSONResponse
  261. */
  262. public function setPreference(string $key, string $value): JSONResponse {
  263. $allowed = ['newUser.sendEmail'];
  264. if (!in_array($key, $allowed, true)) {
  265. return new JSONResponse([], Http::STATUS_FORBIDDEN);
  266. }
  267. $this->config->setAppValue('core', $key, $value);
  268. return new JSONResponse([]);
  269. }
  270. /**
  271. * Parse the app value for quota_present
  272. *
  273. * @param string $quotaPreset
  274. * @return array
  275. */
  276. protected function parseQuotaPreset(string $quotaPreset): array {
  277. // 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
  278. $presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
  279. // Drop default and none, Make array indexes numerically
  280. return array_values(array_diff($presets, ['default', 'none']));
  281. }
  282. /**
  283. * check if the admin can change the users password
  284. *
  285. * The admin can change the passwords if:
  286. *
  287. * - no encryption module is loaded and encryption is disabled
  288. * - encryption module is loaded but it doesn't require per user keys
  289. *
  290. * The admin can not change the passwords if:
  291. *
  292. * - an encryption module is loaded and it uses per-user keys
  293. * - encryption is enabled but no encryption modules are loaded
  294. *
  295. * @return bool
  296. */
  297. protected function canAdminChangeUserPasswords(): bool {
  298. $isEncryptionEnabled = $this->encryptionManager->isEnabled();
  299. try {
  300. $noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
  301. $isEncryptionModuleLoaded = true;
  302. } catch (ModuleDoesNotExistsException $e) {
  303. $noUserSpecificEncryptionKeys = true;
  304. $isEncryptionModuleLoaded = false;
  305. }
  306. $canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
  307. || (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);
  308. return $canChangePassword;
  309. }
  310. /**
  311. * @NoAdminRequired
  312. * @NoSubAdminRequired
  313. * @PasswordConfirmationRequired
  314. *
  315. * @param string|null $avatarScope
  316. * @param string|null $displayname
  317. * @param string|null $displaynameScope
  318. * @param string|null $phone
  319. * @param string|null $phoneScope
  320. * @param string|null $email
  321. * @param string|null $emailScope
  322. * @param string|null $website
  323. * @param string|null $websiteScope
  324. * @param string|null $address
  325. * @param string|null $addressScope
  326. * @param string|null $twitter
  327. * @param string|null $twitterScope
  328. * @param string|null $fediverse
  329. * @param string|null $fediverseScope
  330. *
  331. * @return DataResponse
  332. */
  333. public function setUserSettings(?string $avatarScope = null,
  334. ?string $displayname = null,
  335. ?string $displaynameScope = null,
  336. ?string $phone = null,
  337. ?string $phoneScope = null,
  338. ?string $email = null,
  339. ?string $emailScope = null,
  340. ?string $website = null,
  341. ?string $websiteScope = null,
  342. ?string $address = null,
  343. ?string $addressScope = null,
  344. ?string $twitter = null,
  345. ?string $twitterScope = null,
  346. ?string $fediverse = null,
  347. ?string $fediverseScope = null
  348. ) {
  349. $user = $this->userSession->getUser();
  350. if (!$user instanceof IUser) {
  351. return new DataResponse(
  352. [
  353. 'status' => 'error',
  354. 'data' => [
  355. 'message' => $this->l10n->t('Invalid user')
  356. ]
  357. ],
  358. Http::STATUS_UNAUTHORIZED
  359. );
  360. }
  361. $email = !is_null($email) ? strtolower($email) : $email;
  362. if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
  363. return new DataResponse(
  364. [
  365. 'status' => 'error',
  366. 'data' => [
  367. 'message' => $this->l10n->t('Invalid mail address')
  368. ]
  369. ],
  370. Http::STATUS_UNPROCESSABLE_ENTITY
  371. );
  372. }
  373. $userAccount = $this->accountManager->getAccount($user);
  374. $oldPhoneValue = $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
  375. $updatable = [
  376. IAccountManager::PROPERTY_AVATAR => ['value' => null, 'scope' => $avatarScope],
  377. IAccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],
  378. IAccountManager::PROPERTY_EMAIL => ['value' => $email, 'scope' => $emailScope],
  379. IAccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],
  380. IAccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],
  381. IAccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],
  382. IAccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope],
  383. IAccountManager::PROPERTY_FEDIVERSE => ['value' => $fediverse, 'scope' => $fediverseScope],
  384. ];
  385. $allowUserToChangeDisplayName = $this->config->getSystemValueBool('allow_user_to_change_display_name', true);
  386. foreach ($updatable as $property => $data) {
  387. if ($allowUserToChangeDisplayName === false
  388. && in_array($property, [IAccountManager::PROPERTY_DISPLAYNAME, IAccountManager::PROPERTY_EMAIL], true)) {
  389. continue;
  390. }
  391. $property = $userAccount->getProperty($property);
  392. if (null !== $data['value']) {
  393. $property->setValue($data['value']);
  394. }
  395. if (null !== $data['scope']) {
  396. $property->setScope($data['scope']);
  397. }
  398. }
  399. try {
  400. $this->saveUserSettings($userAccount);
  401. if ($oldPhoneValue !== $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue()) {
  402. $this->knownUserService->deleteByContactUserId($user->getUID());
  403. }
  404. return new DataResponse(
  405. [
  406. 'status' => 'success',
  407. 'data' => [
  408. 'userId' => $user->getUID(),
  409. 'avatarScope' => $userAccount->getProperty(IAccountManager::PROPERTY_AVATAR)->getScope(),
  410. 'displayname' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue(),
  411. 'displaynameScope' => $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getScope(),
  412. 'phone' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue(),
  413. 'phoneScope' => $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getScope(),
  414. 'email' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue(),
  415. 'emailScope' => $userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getScope(),
  416. 'website' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getValue(),
  417. 'websiteScope' => $userAccount->getProperty(IAccountManager::PROPERTY_WEBSITE)->getScope(),
  418. 'address' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(),
  419. 'addressScope' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getScope(),
  420. 'twitter' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getValue(),
  421. 'twitterScope' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getScope(),
  422. 'fediverse' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue(),
  423. 'fediverseScope' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getScope(),
  424. 'message' => $this->l10n->t('Settings saved'),
  425. ],
  426. ],
  427. Http::STATUS_OK
  428. );
  429. } catch (ForbiddenException | InvalidArgumentException | PropertyDoesNotExistException $e) {
  430. return new DataResponse([
  431. 'status' => 'error',
  432. 'data' => [
  433. 'message' => $e->getMessage()
  434. ],
  435. ]);
  436. }
  437. }
  438. /**
  439. * update account manager with new user data
  440. *
  441. * @throws ForbiddenException
  442. * @throws InvalidArgumentException
  443. */
  444. protected function saveUserSettings(IAccount $userAccount): void {
  445. // keep the user back-end up-to-date with the latest display name and email
  446. // address
  447. $oldDisplayName = $userAccount->getUser()->getDisplayName();
  448. if ($oldDisplayName !== $userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue()) {
  449. $result = $userAccount->getUser()->setDisplayName($userAccount->getProperty(IAccountManager::PROPERTY_DISPLAYNAME)->getValue());
  450. if ($result === false) {
  451. throw new ForbiddenException($this->l10n->t('Unable to change full name'));
  452. }
  453. }
  454. $oldEmailAddress = $userAccount->getUser()->getSystemEMailAddress();
  455. $oldEmailAddress = strtolower((string)$oldEmailAddress);
  456. if ($oldEmailAddress !== strtolower($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue())) {
  457. // this is the only permission a backend provides and is also used
  458. // for the permission of setting a email address
  459. if (!$userAccount->getUser()->canChangeDisplayName()) {
  460. throw new ForbiddenException($this->l10n->t('Unable to change email address'));
  461. }
  462. $userAccount->getUser()->setSystemEMailAddress($userAccount->getProperty(IAccountManager::PROPERTY_EMAIL)->getValue());
  463. }
  464. try {
  465. $this->accountManager->updateAccount($userAccount);
  466. } catch (InvalidArgumentException $e) {
  467. if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
  468. throw new InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
  469. }
  470. if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
  471. throw new InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
  472. }
  473. throw new InvalidArgumentException($this->l10n->t('Some account data was invalid'));
  474. }
  475. }
  476. /**
  477. * Set the mail address of a user
  478. *
  479. * @NoAdminRequired
  480. * @NoSubAdminRequired
  481. * @PasswordConfirmationRequired
  482. *
  483. * @param string $account
  484. * @param bool $onlyVerificationCode only return verification code without updating the data
  485. * @return DataResponse
  486. */
  487. public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
  488. $user = $this->userSession->getUser();
  489. if ($user === null) {
  490. return new DataResponse([], Http::STATUS_BAD_REQUEST);
  491. }
  492. $userAccount = $this->accountManager->getAccount($user);
  493. $cloudId = $user->getCloudId();
  494. $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
  495. $signature = $this->signMessage($user, $message);
  496. $code = $message . ' ' . $signature;
  497. $codeMd5 = $message . ' ' . md5($signature);
  498. switch ($account) {
  499. case 'verify-twitter':
  500. $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
  501. $code = $codeMd5;
  502. $type = IAccountManager::PROPERTY_TWITTER;
  503. break;
  504. case 'verify-website':
  505. $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
  506. $type = IAccountManager::PROPERTY_WEBSITE;
  507. break;
  508. default:
  509. return new DataResponse([], Http::STATUS_BAD_REQUEST);
  510. }
  511. $userProperty = $userAccount->getProperty($type);
  512. $userProperty
  513. ->setVerified(IAccountManager::VERIFICATION_IN_PROGRESS)
  514. ->setVerificationData($signature);
  515. if ($onlyVerificationCode === false) {
  516. $this->accountManager->updateAccount($userAccount);
  517. $this->jobList->add(VerifyUserData::class,
  518. [
  519. 'verificationCode' => $code,
  520. 'data' => $userProperty->getValue(),
  521. 'type' => $type,
  522. 'uid' => $user->getUID(),
  523. 'try' => 0,
  524. 'lastRun' => $this->getCurrentTime()
  525. ]
  526. );
  527. }
  528. return new DataResponse(['msg' => $msg, 'code' => $code]);
  529. }
  530. /**
  531. * get current timestamp
  532. *
  533. * @return int
  534. */
  535. protected function getCurrentTime(): int {
  536. return time();
  537. }
  538. /**
  539. * sign message with users private key
  540. *
  541. * @param IUser $user
  542. * @param string $message
  543. *
  544. * @return string base64 encoded signature
  545. */
  546. protected function signMessage(IUser $user, string $message): string {
  547. $privateKey = $this->keyManager->getKey($user)->getPrivate();
  548. openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
  549. return base64_encode($signature);
  550. }
  551. }