RenewPasswordController.php 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace OCA\User_LDAP\Controller;
  7. use OCP\AppFramework\Controller;
  8. use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
  9. use OCP\AppFramework\Http\Attribute\OpenAPI;
  10. use OCP\AppFramework\Http\Attribute\PublicPage;
  11. use OCP\AppFramework\Http\Attribute\UseSession;
  12. use OCP\AppFramework\Http\RedirectResponse;
  13. use OCP\AppFramework\Http\TemplateResponse;
  14. use OCP\HintException;
  15. use OCP\IConfig;
  16. use OCP\IL10N;
  17. use OCP\IRequest;
  18. use OCP\ISession;
  19. use OCP\IURLGenerator;
  20. use OCP\IUser;
  21. use OCP\IUserManager;
  22. #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
  23. class RenewPasswordController extends Controller {
  24. /** @var IUserManager */
  25. private $userManager;
  26. /** @var IConfig */
  27. private $config;
  28. /** @var IL10N */
  29. protected $l10n;
  30. /** @var ISession */
  31. private $session;
  32. /** @var IURLGenerator */
  33. private $urlGenerator;
  34. /**
  35. * @param string $appName
  36. * @param IRequest $request
  37. * @param IUserManager $userManager
  38. * @param IConfig $config
  39. * @param IURLGenerator $urlGenerator
  40. */
  41. public function __construct($appName, IRequest $request, IUserManager $userManager,
  42. IConfig $config, IL10N $l10n, ISession $session, IURLGenerator $urlGenerator) {
  43. parent::__construct($appName, $request);
  44. $this->userManager = $userManager;
  45. $this->config = $config;
  46. $this->l10n = $l10n;
  47. $this->session = $session;
  48. $this->urlGenerator = $urlGenerator;
  49. }
  50. /**
  51. * @return RedirectResponse
  52. */
  53. #[PublicPage]
  54. #[NoCSRFRequired]
  55. public function cancel() {
  56. return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
  57. }
  58. /**
  59. * @param string $user
  60. *
  61. * @return TemplateResponse|RedirectResponse
  62. */
  63. #[PublicPage]
  64. #[NoCSRFRequired]
  65. #[UseSession]
  66. public function showRenewPasswordForm($user) {
  67. if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
  68. return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
  69. }
  70. $parameters = [];
  71. $renewPasswordMessages = $this->session->get('renewPasswordMessages');
  72. $errors = [];
  73. $messages = [];
  74. if (is_array($renewPasswordMessages)) {
  75. [$errors, $messages] = $renewPasswordMessages;
  76. }
  77. $this->session->remove('renewPasswordMessages');
  78. foreach ($errors as $value) {
  79. $parameters[$value] = true;
  80. }
  81. $parameters['messages'] = $messages;
  82. $parameters['user'] = $user;
  83. $parameters['canResetPassword'] = true;
  84. $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
  85. if (!$parameters['resetPasswordLink']) {
  86. $userObj = $this->userManager->get($user);
  87. if ($userObj instanceof IUser) {
  88. $parameters['canResetPassword'] = $userObj->canChangePassword();
  89. }
  90. }
  91. $parameters['cancelLink'] = $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm');
  92. return new TemplateResponse(
  93. $this->appName, 'renewpassword', $parameters, 'guest'
  94. );
  95. }
  96. /**
  97. * @param string $user
  98. * @param string $oldPassword
  99. * @param string $newPassword
  100. *
  101. * @return RedirectResponse
  102. */
  103. #[PublicPage]
  104. #[UseSession]
  105. public function tryRenewPassword($user, $oldPassword, $newPassword) {
  106. if ($this->config->getUserValue($user, 'user_ldap', 'needsPasswordReset') !== 'true') {
  107. return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
  108. }
  109. $args = !is_null($user) ? ['user' => $user] : [];
  110. $loginResult = $this->userManager->checkPassword($user, $oldPassword);
  111. if ($loginResult === false) {
  112. $this->session->set('renewPasswordMessages', [
  113. ['invalidpassword'], []
  114. ]);
  115. return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args));
  116. }
  117. try {
  118. if (!is_null($newPassword) && \OC_User::setPassword($user, $newPassword)) {
  119. $this->session->set('loginMessages', [
  120. [], [$this->l10n->t("Please login with the new password")]
  121. ]);
  122. $this->config->setUserValue($user, 'user_ldap', 'needsPasswordReset', 'false');
  123. return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
  124. } else {
  125. $this->session->set('renewPasswordMessages', [
  126. ['internalexception'], []
  127. ]);
  128. }
  129. } catch (HintException $e) {
  130. $this->session->set('renewPasswordMessages', [
  131. [], [$e->getHint()]
  132. ]);
  133. }
  134. return new RedirectResponse($this->urlGenerator->linkToRoute('user_ldap.renewPassword.showRenewPasswordForm', $args));
  135. }
  136. /**
  137. * @return RedirectResponse
  138. */
  139. #[PublicPage]
  140. #[NoCSRFRequired]
  141. #[UseSession]
  142. public function showLoginFormInvalidPassword($user) {
  143. $args = !is_null($user) ? ['user' => $user] : [];
  144. $this->session->set('loginMessages', [
  145. ['invalidpassword'], []
  146. ]);
  147. return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
  148. }
  149. }