nextcloud /
server
@@ -28,114 +28,114 @@ |
||
| 28 | 28 | #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] |
| 29 | 29 | class VerificationController extends Controller { |
| 30 | 30 | |
| 31 | - /** @var Crypto */ |
|
| 32 | - private $crypto; |
|
| 31 | + /** @var Crypto */ |
|
| 32 | + private $crypto; |
|
| 33 | 33 | |
| 34 | - public function __construct( |
|
| 35 | - string $appName, |
|
| 36 | - IRequest $request, |
|
| 37 | - private IVerificationToken $verificationToken, |
|
| 38 | - private IUserManager $userManager, |
|
| 39 | - private IL10N $l10n, |
|
| 40 | - private IUserSession $userSession, |
|
| 41 | - private IAccountManager $accountManager, |
|
| 42 | - Crypto $crypto, |
|
| 43 | - ) { |
|
| 44 | - parent::__construct($appName, $request); |
|
| 45 | - $this->crypto = $crypto; |
|
| 46 | - } |
|
| 34 | + public function __construct( |
|
| 35 | + string $appName, |
|
| 36 | + IRequest $request, |
|
| 37 | + private IVerificationToken $verificationToken, |
|
| 38 | + private IUserManager $userManager, |
|
| 39 | + private IL10N $l10n, |
|
| 40 | + private IUserSession $userSession, |
|
| 41 | + private IAccountManager $accountManager, |
|
| 42 | + Crypto $crypto, |
|
| 43 | + ) { |
|
| 44 | + parent::__construct($appName, $request); |
|
| 45 | + $this->crypto = $crypto; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * @NoSubAdminRequired |
|
| 50 | - */ |
|
| 51 | - #[NoAdminRequired] |
|
| 52 | - #[NoCSRFRequired] |
|
| 53 | - public function showVerifyMail(string $token, string $userId, string $key): TemplateResponse { |
|
| 54 | - try { |
|
| 55 | - if ($this->userSession->getUser()?->getUID() !== $userId) { |
|
| 56 | - // not a public page, hence getUser() must return an IUser |
|
| 57 | - throw new HintException( |
|
| 58 | - 'Logged in account is not mail address owner', |
|
| 59 | - $this->l10n->t('Logged in account is not mail address owner'), |
|
| 60 | - ); |
|
| 61 | - } |
|
| 62 | - $email = $this->crypto->decrypt($key); |
|
| 63 | - } catch (HintException $e) { |
|
| 64 | - return new TemplateResponse( |
|
| 65 | - 'core', 'error', [ |
|
| 66 | - 'errors' => [['error' => $e->getHint()]] |
|
| 67 | - ], TemplateResponse::RENDER_AS_GUEST); |
|
| 68 | - } |
|
| 48 | + /** |
|
| 49 | + * @NoSubAdminRequired |
|
| 50 | + */ |
|
| 51 | + #[NoAdminRequired] |
|
| 52 | + #[NoCSRFRequired] |
|
| 53 | + public function showVerifyMail(string $token, string $userId, string $key): TemplateResponse { |
|
| 54 | + try { |
|
| 55 | + if ($this->userSession->getUser()?->getUID() !== $userId) { |
|
| 56 | + // not a public page, hence getUser() must return an IUser |
|
| 57 | + throw new HintException( |
|
| 58 | + 'Logged in account is not mail address owner', |
|
| 59 | + $this->l10n->t('Logged in account is not mail address owner'), |
|
| 60 | + ); |
|
| 61 | + } |
|
| 62 | + $email = $this->crypto->decrypt($key); |
|
| 63 | + } catch (HintException $e) { |
|
| 64 | + return new TemplateResponse( |
|
| 65 | + 'core', 'error', [ |
|
| 66 | + 'errors' => [['error' => $e->getHint()]] |
|
| 67 | + ], TemplateResponse::RENDER_AS_GUEST); |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - return new TemplateResponse( |
|
| 71 | - 'core', 'confirmation', [ |
|
| 72 | - 'title' => $this->l10n->t('Email confirmation'), |
|
| 73 | - 'message' => $this->l10n->t('To enable the email address %s please click the button below.', [$email]), |
|
| 74 | - 'action' => $this->l10n->t('Confirm'), |
|
| 75 | - ], TemplateResponse::RENDER_AS_GUEST); |
|
| 76 | - } |
|
| 70 | + return new TemplateResponse( |
|
| 71 | + 'core', 'confirmation', [ |
|
| 72 | + 'title' => $this->l10n->t('Email confirmation'), |
|
| 73 | + 'message' => $this->l10n->t('To enable the email address %s please click the button below.', [$email]), |
|
| 74 | + 'action' => $this->l10n->t('Confirm'), |
|
| 75 | + ], TemplateResponse::RENDER_AS_GUEST); |
|
| 76 | + } |
|
| 77 | 77 | |
| 78 | - /** |
|
| 79 | - * @NoSubAdminRequired |
|
| 80 | - */ |
|
| 81 | - #[NoAdminRequired] |
|
| 82 | - #[BruteForceProtection(action: 'emailVerification')] |
|
| 83 | - public function verifyMail(string $token, string $userId, string $key): TemplateResponse { |
|
| 84 | - $throttle = false; |
|
| 85 | - try { |
|
| 86 | - if ($this->userSession->getUser()?->getUID() !== $userId) { |
|
| 87 | - throw new HintException( |
|
| 88 | - 'Logged in account is not mail address owner', |
|
| 89 | - $this->l10n->t('Logged in account is not mail address owner'), |
|
| 90 | - ); |
|
| 91 | - } |
|
| 92 | - $email = $this->crypto->decrypt($key); |
|
| 93 | - $ref = \substr(hash('sha256', $email), 0, 8); |
|
| 78 | + /** |
|
| 79 | + * @NoSubAdminRequired |
|
| 80 | + */ |
|
| 81 | + #[NoAdminRequired] |
|
| 82 | + #[BruteForceProtection(action: 'emailVerification')] |
|
| 83 | + public function verifyMail(string $token, string $userId, string $key): TemplateResponse { |
|
| 84 | + $throttle = false; |
|
| 85 | + try { |
|
| 86 | + if ($this->userSession->getUser()?->getUID() !== $userId) { |
|
| 87 | + throw new HintException( |
|
| 88 | + 'Logged in account is not mail address owner', |
|
| 89 | + $this->l10n->t('Logged in account is not mail address owner'), |
|
| 90 | + ); |
|
| 91 | + } |
|
| 92 | + $email = $this->crypto->decrypt($key); |
|
| 93 | + $ref = \substr(hash('sha256', $email), 0, 8); |
|
| 94 | 94 | |
| 95 | - $user = $this->userManager->get($userId); |
|
| 96 | - $this->verificationToken->check($token, $user, 'verifyMail' . $ref, $email); |
|
| 95 | + $user = $this->userManager->get($userId); |
|
| 96 | + $this->verificationToken->check($token, $user, 'verifyMail' . $ref, $email); |
|
| 97 | 97 | |
| 98 | - $userAccount = $this->accountManager->getAccount($user); |
|
| 99 | - $emailProperty = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL) |
|
| 100 | - ->getPropertyByValue($email); |
|
| 98 | + $userAccount = $this->accountManager->getAccount($user); |
|
| 99 | + $emailProperty = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL) |
|
| 100 | + ->getPropertyByValue($email); |
|
| 101 | 101 | |
| 102 | - if ($emailProperty === null) { |
|
| 103 | - throw new HintException( |
|
| 104 | - 'Email was already removed from account and cannot be confirmed anymore.', |
|
| 105 | - $this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'), |
|
| 106 | - ); |
|
| 107 | - } |
|
| 108 | - $emailProperty->setLocallyVerified(IAccountManager::VERIFIED); |
|
| 109 | - $this->accountManager->updateAccount($userAccount); |
|
| 110 | - $this->verificationToken->delete($token, $user, 'verifyMail' . $ref); |
|
| 111 | - } catch (InvalidTokenException $e) { |
|
| 112 | - if ($e->getCode() === InvalidTokenException::TOKEN_EXPIRED) { |
|
| 113 | - $error = $this->l10n->t('Could not verify mail because the token is expired.'); |
|
| 114 | - } else { |
|
| 115 | - $throttle = true; |
|
| 116 | - $error = $this->l10n->t('Could not verify mail because the token is invalid.'); |
|
| 117 | - } |
|
| 118 | - } catch (HintException $e) { |
|
| 119 | - $error = $e->getHint(); |
|
| 120 | - } catch (\Exception $e) { |
|
| 121 | - $error = $this->l10n->t('An unexpected error occurred. Please contact your admin.'); |
|
| 122 | - } |
|
| 102 | + if ($emailProperty === null) { |
|
| 103 | + throw new HintException( |
|
| 104 | + 'Email was already removed from account and cannot be confirmed anymore.', |
|
| 105 | + $this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'), |
|
| 106 | + ); |
|
| 107 | + } |
|
| 108 | + $emailProperty->setLocallyVerified(IAccountManager::VERIFIED); |
|
| 109 | + $this->accountManager->updateAccount($userAccount); |
|
| 110 | + $this->verificationToken->delete($token, $user, 'verifyMail' . $ref); |
|
| 111 | + } catch (InvalidTokenException $e) { |
|
| 112 | + if ($e->getCode() === InvalidTokenException::TOKEN_EXPIRED) { |
|
| 113 | + $error = $this->l10n->t('Could not verify mail because the token is expired.'); |
|
| 114 | + } else { |
|
| 115 | + $throttle = true; |
|
| 116 | + $error = $this->l10n->t('Could not verify mail because the token is invalid.'); |
|
| 117 | + } |
|
| 118 | + } catch (HintException $e) { |
|
| 119 | + $error = $e->getHint(); |
|
| 120 | + } catch (\Exception $e) { |
|
| 121 | + $error = $this->l10n->t('An unexpected error occurred. Please contact your admin.'); |
|
| 122 | + } |
|
| 123 | 123 | |
| 124 | - if (isset($error)) { |
|
| 125 | - $response = new TemplateResponse( |
|
| 126 | - 'core', 'error', [ |
|
| 127 | - 'errors' => [['error' => $error]] |
|
| 128 | - ], TemplateResponse::RENDER_AS_GUEST); |
|
| 129 | - if ($throttle) { |
|
| 130 | - $response->throttle(); |
|
| 131 | - } |
|
| 132 | - return $response; |
|
| 133 | - } |
|
| 124 | + if (isset($error)) { |
|
| 125 | + $response = new TemplateResponse( |
|
| 126 | + 'core', 'error', [ |
|
| 127 | + 'errors' => [['error' => $error]] |
|
| 128 | + ], TemplateResponse::RENDER_AS_GUEST); |
|
| 129 | + if ($throttle) { |
|
| 130 | + $response->throttle(); |
|
| 131 | + } |
|
| 132 | + return $response; |
|
| 133 | + } |
|
| 134 | 134 | |
| 135 | - return new TemplateResponse( |
|
| 136 | - 'core', 'success', [ |
|
| 137 | - 'title' => $this->l10n->t('Email confirmation successful'), |
|
| 138 | - 'message' => $this->l10n->t('Email confirmation successful'), |
|
| 139 | - ], TemplateResponse::RENDER_AS_GUEST); |
|
| 140 | - } |
|
| 135 | + return new TemplateResponse( |
|
| 136 | + 'core', 'success', [ |
|
| 137 | + 'title' => $this->l10n->t('Email confirmation successful'), |
|
| 138 | + 'message' => $this->l10n->t('Email confirmation successful'), |
|
| 139 | + ], TemplateResponse::RENDER_AS_GUEST); |
|
| 140 | + } |
|
| 141 | 141 | } |
