Inspection of "Disable reset password link" - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#4809)

by Joas

created 2017-05-11 08:29 UTC

Status

Indentation +246 added lines, -246 removed lines patch added patch discarded remove patch

@@ -49,276 +49,276 @@
 block discarded – undo
 use OC\Hooks\PublicEmitter;
 
 class LoginController extends Controller {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IConfig */
-	private $config;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession|Session */
-	private $userSession;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var Manager */
-	private $twoFactorManager;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ISession */
+    private $session;
+    /** @var IUserSession|Session */
+    private $userSession;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var Manager */
+    private $twoFactorManager;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserManager $userManager
-	 * @param IConfig $config
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param Manager $twoFactorManager
-	 */
-	public function __construct($appName,
-						 IRequest $request,
-						 IUserManager $userManager,
-						 IConfig $config,
-						 ISession $session,
-						 IUserSession $userSession,
-						 IURLGenerator $urlGenerator,
-						 ILogger $logger,
-						 Manager $twoFactorManager) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->config = $config;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->twoFactorManager = $twoFactorManager;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserManager $userManager
+     * @param IConfig $config
+     * @param ISession $session
+     * @param IUserSession $userSession
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param Manager $twoFactorManager
+     */
+    public function __construct($appName,
+                            IRequest $request,
+                            IUserManager $userManager,
+                            IConfig $config,
+                            ISession $session,
+                            IUserSession $userSession,
+                            IURLGenerator $urlGenerator,
+                            ILogger $logger,
+                            Manager $twoFactorManager) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->config = $config;
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->twoFactorManager = $twoFactorManager;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @return RedirectResponse
-	 */
-	public function logout() {
-		$loginToken = $this->request->getCookie('nc_token');
-		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
-		}
-		$this->userSession->logout();
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @return RedirectResponse
+     */
+    public function logout() {
+        $loginToken = $this->request->getCookie('nc_token');
+        if (!is_null($loginToken)) {
+            $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+        }
+        $this->userSession->logout();
 
-		return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
-	}
+        return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $user
-	 * @param string $redirect_url
-	 * @param string $remember_login
-	 *
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showLoginForm($user, $redirect_url, $remember_login) {
-		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse(OC_Util::getDefaultPageUrl());
-		}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $user
+     * @param string $redirect_url
+     * @param string $remember_login
+     *
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showLoginForm($user, $redirect_url, $remember_login) {
+        if ($this->userSession->isLoggedIn()) {
+            return new RedirectResponse(OC_Util::getDefaultPageUrl());
+        }
 
-		$parameters = array();
-		$loginMessages = $this->session->get('loginMessages');
-		$errors = [];
-		$messages = [];
-		if (is_array($loginMessages)) {
-			list($errors, $messages) = $loginMessages;
-		}
-		$this->session->remove('loginMessages');
-		foreach ($errors as $value) {
-			$parameters[$value] = true;
-		}
+        $parameters = array();
+        $loginMessages = $this->session->get('loginMessages');
+        $errors = [];
+        $messages = [];
+        if (is_array($loginMessages)) {
+            list($errors, $messages) = $loginMessages;
+        }
+        $this->session->remove('loginMessages');
+        foreach ($errors as $value) {
+            $parameters[$value] = true;
+        }
 
-		$parameters['messages'] = $messages;
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
-		if (!empty($redirect_url)) {
-			$parameters['redirect_url'] = $redirect_url;
-		}
+        $parameters['messages'] = $messages;
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
+        if (!empty($redirect_url)) {
+            $parameters['redirect_url'] = $redirect_url;
+        }
 
-		$parameters['canResetPassword'] = true;
-		$parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
-		if (!$parameters['resetPasswordLink']) {
-			if (!is_null($user) && $user !== '') {
-				$userObj = $this->userManager->get($user);
-				if ($userObj instanceof IUser) {
-					$parameters['canResetPassword'] = $userObj->canChangePassword();
-				}
-			}
-		} elseif ($parameters['resetPasswordLink'] === 'disabled') {
-			$parameters['canResetPassword'] = false;
-		}
+        $parameters['canResetPassword'] = true;
+        $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
+        if (!$parameters['resetPasswordLink']) {
+            if (!is_null($user) && $user !== '') {
+                $userObj = $this->userManager->get($user);
+                if ($userObj instanceof IUser) {
+                    $parameters['canResetPassword'] = $userObj->canChangePassword();
+                }
+            }
+        } elseif ($parameters['resetPasswordLink'] === 'disabled') {
+            $parameters['canResetPassword'] = false;
+        }
 
-		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
-		$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
+        $parameters['alt_login'] = OC_App::getAlternativeLogIns();
+        $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
 
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
 
-		return new TemplateResponse(
-			$this->appName, 'login', $parameters, 'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName, 'login', $parameters, 'guest'
+        );
+    }
 
-	/**
-	 * @param string $redirectUrl
-	 * @return RedirectResponse
-	 */
-	private function generateRedirect($redirectUrl) {
-		if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
-			$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
-			// Deny the redirect if the URL contains a @
-			// This prevents unvalidated redirects like ?redirect_url=:[email protected]
-			if (strpos($location, '@') === false) {
-				return new RedirectResponse($location);
-			}
-		}
-		return new RedirectResponse(OC_Util::getDefaultPageUrl());
-	}
+    /**
+     * @param string $redirectUrl
+     * @return RedirectResponse
+     */
+    private function generateRedirect($redirectUrl) {
+        if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
+            $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+            // Deny the redirect if the URL contains a @
+            // This prevents unvalidated redirects like ?redirect_url=:[email protected]
+            if (strpos($location, '@') === false) {
+                return new RedirectResponse($location);
+            }
+        }
+        return new RedirectResponse(OC_Util::getDefaultPageUrl());
+    }
 
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=login)
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @param string $redirect_url
-	 * @param boolean $remember_login
-	 * @param string $timezone
-	 * @param string $timezone_offset
-	 * @return RedirectResponse
-	 */
-	public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
-		if(!is_string($user)) {
-			throw new \InvalidArgumentException('Username must be string');
-		}
+    /**
+     * @PublicPage
+     * @UseSession
+     * @NoCSRFRequired
+     * @BruteForceProtection(action=login)
+     *
+     * @param string $user
+     * @param string $password
+     * @param string $redirect_url
+     * @param boolean $remember_login
+     * @param string $timezone
+     * @param string $timezone_offset
+     * @return RedirectResponse
+     */
+    public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
+        if(!is_string($user)) {
+            throw new \InvalidArgumentException('Username must be string');
+        }
 
-		// If the user is already logged in and the CSRF check does not pass then
-		// simply redirect the user to the correct page as required. This is the
-		// case when an user has already logged-in, in another tab.
-		if(!$this->request->passesCSRFCheck()) {
-			return $this->generateRedirect($redirect_url);
-		}
+        // If the user is already logged in and the CSRF check does not pass then
+        // simply redirect the user to the correct page as required. This is the
+        // case when an user has already logged-in, in another tab.
+        if(!$this->request->passesCSRFCheck()) {
+            return $this->generateRedirect($redirect_url);
+        }
 
-		if ($this->userManager instanceof PublicEmitter) {
-			$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
-		}
+        if ($this->userManager instanceof PublicEmitter) {
+            $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+        }
 
-		$originalUser = $user;
-		// TODO: Add all the insane error handling
-		/* @var $loginResult IUser */
-		$loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
-		if ($loginResult === false) {
-			$users = $this->userManager->getByEmail($user);
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				$user = $users[0]->getUID();
-				$loginResult = $this->userManager->checkPassword($user, $password);
-			} else {
-				$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
-			}
-		}
-		if ($loginResult === false) {
-			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
-			$args = !is_null($user) ? ['user' => $originalUser] : [];
-			if (!is_null($redirect_url)) {
-				$args['redirect_url'] = $redirect_url;
-			}
-			$response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
-			$response->throttle();
-			$this->session->set('loginMessages', [
-				['invalidpassword'], []
-			]);
-			return $response;
-		}
-		// TODO: remove password checks from above and let the user session handle failures
-		// requires https://github.com/owncloud/core/pull/24616
-		$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
+        $originalUser = $user;
+        // TODO: Add all the insane error handling
+        /* @var $loginResult IUser */
+        $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
+        if ($loginResult === false) {
+            $users = $this->userManager->getByEmail($user);
+            // we only allow login by email if unique
+            if (count($users) === 1) {
+                $user = $users[0]->getUID();
+                $loginResult = $this->userManager->checkPassword($user, $password);
+            } else {
+                $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
+            }
+        }
+        if ($loginResult === false) {
+            // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
+            $args = !is_null($user) ? ['user' => $originalUser] : [];
+            if (!is_null($redirect_url)) {
+                $args['redirect_url'] = $redirect_url;
+            }
+            $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
+            $response->throttle();
+            $this->session->set('loginMessages', [
+                ['invalidpassword'], []
+            ]);
+            return $response;
+        }
+        // TODO: remove password checks from above and let the user session handle failures
+        // requires https://github.com/owncloud/core/pull/24616
+        $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
+        $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
 
-		// User has successfully logged in, now remove the password reset link, when it is available
-		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
+        // User has successfully logged in, now remove the password reset link, when it is available
+        $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
 
-		$this->session->set('last-password-confirm', $loginResult->getLastLogin());
+        $this->session->set('last-password-confirm', $loginResult->getLastLogin());
 
-		if ($timezone_offset !== '') {
-			$this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
-			$this->session->set('timezone', $timezone_offset);
-		}
+        if ($timezone_offset !== '') {
+            $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
+            $this->session->set('timezone', $timezone_offset);
+        }
 
-		if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
-			$this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
+        if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
+            $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
 
-			$providers = $this->twoFactorManager->getProviders($loginResult);
-			if (count($providers) === 1) {
-				// Single provider, hence we can redirect to that provider's challenge page directly
-				/* @var $provider IProvider */
-				$provider = array_pop($providers);
-				$url = 'core.TwoFactorChallenge.showChallenge';
-				$urlParams = [
-					'challengeProviderId' => $provider->getId(),
-				];
-			} else {
-				$url = 'core.TwoFactorChallenge.selectChallenge';
-				$urlParams = [];
-			}
+            $providers = $this->twoFactorManager->getProviders($loginResult);
+            if (count($providers) === 1) {
+                // Single provider, hence we can redirect to that provider's challenge page directly
+                /* @var $provider IProvider */
+                $provider = array_pop($providers);
+                $url = 'core.TwoFactorChallenge.showChallenge';
+                $urlParams = [
+                    'challengeProviderId' => $provider->getId(),
+                ];
+            } else {
+                $url = 'core.TwoFactorChallenge.selectChallenge';
+                $urlParams = [];
+            }
 
-			if (!is_null($redirect_url)) {
-				$urlParams['redirect_url'] = $redirect_url;
-			}
+            if (!is_null($redirect_url)) {
+                $urlParams['redirect_url'] = $redirect_url;
+            }
 
-			return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
-		}
+            return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
+        }
 
-		if ($remember_login) {
-			$this->userSession->createRememberMeToken($loginResult);
-		}
+        if ($remember_login) {
+            $this->userSession->createRememberMeToken($loginResult);
+        }
 
-		return $this->generateRedirect($redirect_url);
-	}
+        return $this->generateRedirect($redirect_url);
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=sudo)
-	 *
-	 * @license GNU AGPL version 3 or any later version
-	 *
-	 * @param string $password
-	 * @return DataResponse
-	 */
-	public function confirmPassword($password) {
-		$loginName = $this->userSession->getLoginName();
-		$loginResult = $this->userManager->checkPassword($loginName, $password);
-		if ($loginResult === false) {
-			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
-			$response->throttle();
-			return $response;
-		}
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     * @BruteForceProtection(action=sudo)
+     *
+     * @license GNU AGPL version 3 or any later version
+     *
+     * @param string $password
+     * @return DataResponse
+     */
+    public function confirmPassword($password) {
+        $loginName = $this->userSession->getLoginName();
+        $loginResult = $this->userManager->checkPassword($loginName, $password);
+        if ($loginResult === false) {
+            $response = new DataResponse([], Http::STATUS_FORBIDDEN);
+            $response->throttle();
+            return $response;
+        }
 
-		$confirmTimestamp = time();
-		$this->session->set('last-password-confirm', $confirmTimestamp);
-		return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
-	}
+        $confirmTimestamp = time();
+        $this->session->set('last-password-confirm', $confirmTimestamp);
+        return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
+    }
 }

Please login to merge, or discard this patch.

		@@ -49,276 +49,276 @@
		block discarded – undo
49	49	use OC\Hooks\PublicEmitter;
50	50
51	51	class LoginController extends Controller {
52		- /** @var IUserManager */
53		- private $userManager;
54		- /** @var IConfig */
55		- private $config;
56		- /** @var ISession */
57		- private $session;
58		- /** @var IUserSession\|Session */
59		- private $userSession;
60		- /** @var IURLGenerator */
61		- private $urlGenerator;
62		- /** @var ILogger */
63		- private $logger;
64		- /** @var Manager */
65		- private $twoFactorManager;
	52	+ /** @var IUserManager */
	53	+ private $userManager;
	54	+ /** @var IConfig */
	55	+ private $config;
	56	+ /** @var ISession */
	57	+ private $session;
	58	+ /** @var IUserSession\|Session */
	59	+ private $userSession;
	60	+ /** @var IURLGenerator */
	61	+ private $urlGenerator;
	62	+ /** @var ILogger */
	63	+ private $logger;
	64	+ /** @var Manager */
	65	+ private $twoFactorManager;
66	66
67		- /**
68		- * @param string $appName
69		- * @param IRequest $request
70		- * @param IUserManager $userManager
71		- * @param IConfig $config
72		- * @param ISession $session
73		- * @param IUserSession $userSession
74		- * @param IURLGenerator $urlGenerator
75		- * @param ILogger $logger
76		- * @param Manager $twoFactorManager
77		- */
78		- public function __construct($appName,
79		- IRequest $request,
80		- IUserManager $userManager,
81		- IConfig $config,
82		- ISession $session,
83		- IUserSession $userSession,
84		- IURLGenerator $urlGenerator,
85		- ILogger $logger,
86		- Manager $twoFactorManager) {
87		- parent::__construct($appName, $request);
88		- $this->userManager = $userManager;
89		- $this->config = $config;
90		- $this->session = $session;
91		- $this->userSession = $userSession;
92		- $this->urlGenerator = $urlGenerator;
93		- $this->logger = $logger;
94		- $this->twoFactorManager = $twoFactorManager;
95		- }
	67	+ /**
	68	+ * @param string $appName
	69	+ * @param IRequest $request
	70	+ * @param IUserManager $userManager
	71	+ * @param IConfig $config
	72	+ * @param ISession $session
	73	+ * @param IUserSession $userSession
	74	+ * @param IURLGenerator $urlGenerator
	75	+ * @param ILogger $logger
	76	+ * @param Manager $twoFactorManager
	77	+ */
	78	+ public function __construct($appName,
	79	+ IRequest $request,
	80	+ IUserManager $userManager,
	81	+ IConfig $config,
	82	+ ISession $session,
	83	+ IUserSession $userSession,
	84	+ IURLGenerator $urlGenerator,
	85	+ ILogger $logger,
	86	+ Manager $twoFactorManager) {
	87	+ parent::__construct($appName, $request);
	88	+ $this->userManager = $userManager;
	89	+ $this->config = $config;
	90	+ $this->session = $session;
	91	+ $this->userSession = $userSession;
	92	+ $this->urlGenerator = $urlGenerator;
	93	+ $this->logger = $logger;
	94	+ $this->twoFactorManager = $twoFactorManager;
	95	+ }
96	96
97		- /**
98		- * @NoAdminRequired
99		- * @UseSession
100		- *
101		- * @return RedirectResponse
102		- */
103		- public function logout() {
104		- $loginToken = $this->request->getCookie('nc_token');
105		- if (!is_null($loginToken)) {
106		- $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
107		- }
108		- $this->userSession->logout();
	97	+ /**
	98	+ * @NoAdminRequired
	99	+ * @UseSession
	100	+ *
	101	+ * @return RedirectResponse
	102	+ */
	103	+ public function logout() {
	104	+ $loginToken = $this->request->getCookie('nc_token');
	105	+ if (!is_null($loginToken)) {
	106	+ $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
	107	+ }
	108	+ $this->userSession->logout();
109	109
110		- return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
111		- }
	110	+ return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
	111	+ }
112	112
113		- /**
114		- * @PublicPage
115		- * @NoCSRFRequired
116		- * @UseSession
117		- *
118		- * @param string $user
119		- * @param string $redirect_url
120		- * @param string $remember_login
121		- *
122		- * @return TemplateResponse\|RedirectResponse
123		- */
124		- public function showLoginForm($user, $redirect_url, $remember_login) {
125		- if ($this->userSession->isLoggedIn()) {
126		- return new RedirectResponse(OC_Util::getDefaultPageUrl());
127		- }
	113	+ /**
	114	+ * @PublicPage
	115	+ * @NoCSRFRequired
	116	+ * @UseSession
	117	+ *
	118	+ * @param string $user
	119	+ * @param string $redirect_url
	120	+ * @param string $remember_login
	121	+ *
	122	+ * @return TemplateResponse\|RedirectResponse
	123	+ */
	124	+ public function showLoginForm($user, $redirect_url, $remember_login) {
	125	+ if ($this->userSession->isLoggedIn()) {
	126	+ return new RedirectResponse(OC_Util::getDefaultPageUrl());
	127	+ }
128	128
129		- $parameters = array();
130		- $loginMessages = $this->session->get('loginMessages');
131		- $errors = [];
132		- $messages = [];
133		- if (is_array($loginMessages)) {
134		- list($errors, $messages) = $loginMessages;
135		- }
136		- $this->session->remove('loginMessages');
137		- foreach ($errors as $value) {
138		- $parameters[$value] = true;
139		- }
	129	+ $parameters = array();
	130	+ $loginMessages = $this->session->get('loginMessages');
	131	+ $errors = [];
	132	+ $messages = [];
	133	+ if (is_array($loginMessages)) {
	134	+ list($errors, $messages) = $loginMessages;
	135	+ }
	136	+ $this->session->remove('loginMessages');
	137	+ foreach ($errors as $value) {
	138	+ $parameters[$value] = true;
	139	+ }
140	140
141		- $parameters['messages'] = $messages;
142		- if (!is_null($user) && $user !== '') {
143		- $parameters['loginName'] = $user;
144		- $parameters['user_autofocus'] = false;
145		- } else {
146		- $parameters['loginName'] = '';
147		- $parameters['user_autofocus'] = true;
148		- }
149		- if (!empty($redirect_url)) {
150		- $parameters['redirect_url'] = $redirect_url;
151		- }
	141	+ $parameters['messages'] = $messages;
	142	+ if (!is_null($user) && $user !== '') {
	143	+ $parameters['loginName'] = $user;
	144	+ $parameters['user_autofocus'] = false;
	145	+ } else {
	146	+ $parameters['loginName'] = '';
	147	+ $parameters['user_autofocus'] = true;
	148	+ }
	149	+ if (!empty($redirect_url)) {
	150	+ $parameters['redirect_url'] = $redirect_url;
	151	+ }
152	152
153		- $parameters['canResetPassword'] = true;
154		- $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
155		- if (!$parameters['resetPasswordLink']) {
156		- if (!is_null($user) && $user !== '') {
157		- $userObj = $this->userManager->get($user);
158		- if ($userObj instanceof IUser) {
159		- $parameters['canResetPassword'] = $userObj->canChangePassword();
160		- }
161		- }
162		- } elseif ($parameters['resetPasswordLink'] === 'disabled') {
163		- $parameters['canResetPassword'] = false;
164		- }
	153	+ $parameters['canResetPassword'] = true;
	154	+ $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
	155	+ if (!$parameters['resetPasswordLink']) {
	156	+ if (!is_null($user) && $user !== '') {
	157	+ $userObj = $this->userManager->get($user);
	158	+ if ($userObj instanceof IUser) {
	159	+ $parameters['canResetPassword'] = $userObj->canChangePassword();
	160	+ }
	161	+ }
	162	+ } elseif ($parameters['resetPasswordLink'] === 'disabled') {
	163	+ $parameters['canResetPassword'] = false;
	164	+ }
165	165
166		- $parameters['alt_login'] = OC_App::getAlternativeLogIns();
167		- $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
	166	+ $parameters['alt_login'] = OC_App::getAlternativeLogIns();
	167	+ $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
168	168
169		- if (!is_null($user) && $user !== '') {
170		- $parameters['loginName'] = $user;
171		- $parameters['user_autofocus'] = false;
172		- } else {
173		- $parameters['loginName'] = '';
174		- $parameters['user_autofocus'] = true;
175		- }
	169	+ if (!is_null($user) && $user !== '') {
	170	+ $parameters['loginName'] = $user;
	171	+ $parameters['user_autofocus'] = false;
	172	+ } else {
	173	+ $parameters['loginName'] = '';
	174	+ $parameters['user_autofocus'] = true;
	175	+ }
176	176
177		- return new TemplateResponse(
178		- $this->appName, 'login', $parameters, 'guest'
179		- );
180		- }
	177	+ return new TemplateResponse(
	178	+ $this->appName, 'login', $parameters, 'guest'
	179	+ );
	180	+ }
181	181
182		- /**
183		- * @param string $redirectUrl
184		- * @return RedirectResponse
185		- */
186		- private function generateRedirect($redirectUrl) {
187		- if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
188		- $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
189		- // Deny the redirect if the URL contains a @
190		- // This prevents unvalidated redirects like ?redirect_url=:[email protected]
191		- if (strpos($location, '@') === false) {
192		- return new RedirectResponse($location);
193		- }
194		- }
195		- return new RedirectResponse(OC_Util::getDefaultPageUrl());
196		- }
	182	+ /**
	183	+ * @param string $redirectUrl
	184	+ * @return RedirectResponse
	185	+ */
	186	+ private function generateRedirect($redirectUrl) {
	187	+ if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
	188	+ $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
	189	+ // Deny the redirect if the URL contains a @
	190	+ // This prevents unvalidated redirects like ?redirect_url=:[email protected]
	191	+ if (strpos($location, '@') === false) {
	192	+ return new RedirectResponse($location);
	193	+ }
	194	+ }
	195	+ return new RedirectResponse(OC_Util::getDefaultPageUrl());
	196	+ }
197	197
198		- /**
199		- * @PublicPage
200		- * @UseSession
201		- * @NoCSRFRequired
202		- * @BruteForceProtection(action=login)
203		- *
204		- * @param string $user
205		- * @param string $password
206		- * @param string $redirect_url
207		- * @param boolean $remember_login
208		- * @param string $timezone
209		- * @param string $timezone_offset
210		- * @return RedirectResponse
211		- */
212		- public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
213		- if(!is_string($user)) {
214		- throw new \InvalidArgumentException('Username must be string');
215		- }
	198	+ /**
	199	+ * @PublicPage
	200	+ * @UseSession
	201	+ * @NoCSRFRequired
	202	+ * @BruteForceProtection(action=login)
	203	+ *
	204	+ * @param string $user
	205	+ * @param string $password
	206	+ * @param string $redirect_url
	207	+ * @param boolean $remember_login
	208	+ * @param string $timezone
	209	+ * @param string $timezone_offset
	210	+ * @return RedirectResponse
	211	+ */
	212	+ public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
	213	+ if(!is_string($user)) {
	214	+ throw new \InvalidArgumentException('Username must be string');
	215	+ }
216	216
217		- // If the user is already logged in and the CSRF check does not pass then
218		- // simply redirect the user to the correct page as required. This is the
219		- // case when an user has already logged-in, in another tab.
220		- if(!$this->request->passesCSRFCheck()) {
221		- return $this->generateRedirect($redirect_url);
222		- }
	217	+ // If the user is already logged in and the CSRF check does not pass then
	218	+ // simply redirect the user to the correct page as required. This is the
	219	+ // case when an user has already logged-in, in another tab.
	220	+ if(!$this->request->passesCSRFCheck()) {
	221	+ return $this->generateRedirect($redirect_url);
	222	+ }
223	223
224		- if ($this->userManager instanceof PublicEmitter) {
225		- $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
226		- }
	224	+ if ($this->userManager instanceof PublicEmitter) {
	225	+ $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
	226	+ }
227	227
228		- $originalUser = $user;
229		- // TODO: Add all the insane error handling
230		- /* @var $loginResult IUser */
231		- $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
232		- if ($loginResult === false) {
233		- $users = $this->userManager->getByEmail($user);
234		- // we only allow login by email if unique
235		- if (count($users) === 1) {
236		- $user = $users[0]->getUID();
237		- $loginResult = $this->userManager->checkPassword($user, $password);
238		- } else {
239		- $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
240		- }
241		- }
242		- if ($loginResult === false) {
243		- // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
244		- $args = !is_null($user) ? ['user' => $originalUser] : [];
245		- if (!is_null($redirect_url)) {
246		- $args['redirect_url'] = $redirect_url;
247		- }
248		- $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
249		- $response->throttle();
250		- $this->session->set('loginMessages', [
251		- ['invalidpassword'], []
252		- ]);
253		- return $response;
254		- }
255		- // TODO: remove password checks from above and let the user session handle failures
256		- // requires https://github.com/owncloud/core/pull/24616
257		- $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
258		- $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
	228	+ $originalUser = $user;
	229	+ // TODO: Add all the insane error handling
	230	+ /* @var $loginResult IUser */
	231	+ $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
	232	+ if ($loginResult === false) {
	233	+ $users = $this->userManager->getByEmail($user);
	234	+ // we only allow login by email if unique
	235	+ if (count($users) === 1) {
	236	+ $user = $users[0]->getUID();
	237	+ $loginResult = $this->userManager->checkPassword($user, $password);
	238	+ } else {
	239	+ $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
	240	+ }
	241	+ }
	242	+ if ($loginResult === false) {
	243	+ // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
	244	+ $args = !is_null($user) ? ['user' => $originalUser] : [];
	245	+ if (!is_null($redirect_url)) {
	246	+ $args['redirect_url'] = $redirect_url;
	247	+ }
	248	+ $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
	249	+ $response->throttle();
	250	+ $this->session->set('loginMessages', [
	251	+ ['invalidpassword'], []
	252	+ ]);
	253	+ return $response;
	254	+ }
	255	+ // TODO: remove password checks from above and let the user session handle failures
	256	+ // requires https://github.com/owncloud/core/pull/24616
	257	+ $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
	258	+ $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
259	259
260		- // User has successfully logged in, now remove the password reset link, when it is available
261		- $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
	260	+ // User has successfully logged in, now remove the password reset link, when it is available
	261	+ $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
262	262
263		- $this->session->set('last-password-confirm', $loginResult->getLastLogin());
	263	+ $this->session->set('last-password-confirm', $loginResult->getLastLogin());
264	264
265		- if ($timezone_offset !== '') {
266		- $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
267		- $this->session->set('timezone', $timezone_offset);
268		- }
	265	+ if ($timezone_offset !== '') {
	266	+ $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
	267	+ $this->session->set('timezone', $timezone_offset);
	268	+ }
269	269
270		- if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
271		- $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
	270	+ if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
	271	+ $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
272	272
273		- $providers = $this->twoFactorManager->getProviders($loginResult);
274		- if (count($providers) === 1) {
275		- // Single provider, hence we can redirect to that provider's challenge page directly
276		- /* @var $provider IProvider */
277		- $provider = array_pop($providers);
278		- $url = 'core.TwoFactorChallenge.showChallenge';
279		- $urlParams = [
280		- 'challengeProviderId' => $provider->getId(),
281		- ];
282		- } else {
283		- $url = 'core.TwoFactorChallenge.selectChallenge';
284		- $urlParams = [];
285		- }
	273	+ $providers = $this->twoFactorManager->getProviders($loginResult);
	274	+ if (count($providers) === 1) {
	275	+ // Single provider, hence we can redirect to that provider's challenge page directly
	276	+ /* @var $provider IProvider */
	277	+ $provider = array_pop($providers);
	278	+ $url = 'core.TwoFactorChallenge.showChallenge';
	279	+ $urlParams = [
	280	+ 'challengeProviderId' => $provider->getId(),
	281	+ ];
	282	+ } else {
	283	+ $url = 'core.TwoFactorChallenge.selectChallenge';
	284	+ $urlParams = [];
	285	+ }
286	286
287		- if (!is_null($redirect_url)) {
288		- $urlParams['redirect_url'] = $redirect_url;
289		- }
	287	+ if (!is_null($redirect_url)) {
	288	+ $urlParams['redirect_url'] = $redirect_url;
	289	+ }
290	290
291		- return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
292		- }
	291	+ return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
	292	+ }
293	293
294		- if ($remember_login) {
295		- $this->userSession->createRememberMeToken($loginResult);
296		- }
	294	+ if ($remember_login) {
	295	+ $this->userSession->createRememberMeToken($loginResult);
	296	+ }
297	297
298		- return $this->generateRedirect($redirect_url);
299		- }
	298	+ return $this->generateRedirect($redirect_url);
	299	+ }
300	300
301		- /**
302		- * @NoAdminRequired
303		- * @UseSession
304		- * @BruteForceProtection(action=sudo)
305		- *
306		- * @license GNU AGPL version 3 or any later version
307		- *
308		- * @param string $password
309		- * @return DataResponse
310		- */
311		- public function confirmPassword($password) {
312		- $loginName = $this->userSession->getLoginName();
313		- $loginResult = $this->userManager->checkPassword($loginName, $password);
314		- if ($loginResult === false) {
315		- $response = new DataResponse([], Http::STATUS_FORBIDDEN);
316		- $response->throttle();
317		- return $response;
318		- }
	301	+ /**
	302	+ * @NoAdminRequired
	303	+ * @UseSession
	304	+ * @BruteForceProtection(action=sudo)
	305	+ *
	306	+ * @license GNU AGPL version 3 or any later version
	307	+ *
	308	+ * @param string $password
	309	+ * @return DataResponse
	310	+ */
	311	+ public function confirmPassword($password) {
	312	+ $loginName = $this->userSession->getLoginName();
	313	+ $loginResult = $this->userManager->checkPassword($loginName, $password);
	314	+ if ($loginResult === false) {
	315	+ $response = new DataResponse([], Http::STATUS_FORBIDDEN);
	316	+ $response->throttle();
	317	+ return $response;
	318	+ }
319	319
320		- $confirmTimestamp = time();
321		- $this->session->set('last-password-confirm', $confirmTimestamp);
322		- return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
323		- }
	320	+ $confirmTimestamp = time();
	321	+ $this->session->set('last-password-confirm', $confirmTimestamp);
	322	+ return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
	323	+ }
324	324	}

nextcloud / server

Pull Request — master (#4809)

Status

Category

Indentation +246 added lines, -246 removed lines patch added patch discarded remove patch