nextcloud / server

apps/settings/lib/Middleware/SubadminMiddleware.php

Indentation +47 added lines, -47 removed lines

@@ -38,55 +38,55 @@
  * To bypass use the `@NoSubAdminRequired` annotation
  */
 class SubadminMiddleware extends Middleware {
-	/** @var bool */
-	protected $isSubAdmin;
-	/** @var ControllerMethodReflector */
-	protected $reflector;
-	/** @var IL10N */
-	private $l10n;
+    /** @var bool */
+    protected $isSubAdmin;
+    /** @var ControllerMethodReflector */
+    protected $reflector;
+    /** @var IL10N */
+    private $l10n;
 
-	/**
-	 * @param ControllerMethodReflector $reflector
-	 * @param bool $isSubAdmin
-	 * @param IL10N $l10n
-	 */
-	public function __construct(ControllerMethodReflector $reflector,
-								$isSubAdmin,
-								IL10N $l10n) {
-		$this->reflector = $reflector;
-		$this->isSubAdmin = $isSubAdmin;
-		$this->l10n = $l10n;
-	}
+    /**
+     * @param ControllerMethodReflector $reflector
+     * @param bool $isSubAdmin
+     * @param IL10N $l10n
+     */
+    public function __construct(ControllerMethodReflector $reflector,
+                                $isSubAdmin,
+                                IL10N $l10n) {
+        $this->reflector = $reflector;
+        $this->isSubAdmin = $isSubAdmin;
+        $this->l10n = $l10n;
+    }
 
-	/**
-	 * Check if sharing is enabled before the controllers is executed
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @throws \Exception
-	 */
-	public function beforeController($controller, $methodName) {
-		if (!$this->reflector->hasAnnotation('NoSubAdminRequired')) {
-			if (!$this->isSubAdmin) {
-				throw new NotAdminException($this->l10n->t('Logged in user must be a subadmin'));
-			}
-		}
-	}
+    /**
+     * Check if sharing is enabled before the controllers is executed
+     * @param Controller $controller
+     * @param string $methodName
+     * @throws \Exception
+     */
+    public function beforeController($controller, $methodName) {
+        if (!$this->reflector->hasAnnotation('NoSubAdminRequired')) {
+            if (!$this->isSubAdmin) {
+                throw new NotAdminException($this->l10n->t('Logged in user must be a subadmin'));
+            }
+        }
+    }
 
-	/**
-	 * Return 403 page in case of an exception
-	 * @param Controller $controller
-	 * @param string $methodName
-	 * @param \Exception $exception
-	 * @return TemplateResponse
-	 * @throws \Exception
-	 */
-	public function afterException($controller, $methodName, \Exception $exception) {
-		if ($exception instanceof NotAdminException) {
-			$response = new TemplateResponse('core', '403', [], 'guest');
-			$response->setStatus(Http::STATUS_FORBIDDEN);
-			return $response;
-		}
+    /**
+     * Return 403 page in case of an exception
+     * @param Controller $controller
+     * @param string $methodName
+     * @param \Exception $exception
+     * @return TemplateResponse
+     * @throws \Exception
+     */
+    public function afterException($controller, $methodName, \Exception $exception) {
+        if ($exception instanceof NotAdminException) {
+            $response = new TemplateResponse('core', '403', [], 'guest');
+            $response->setStatus(Http::STATUS_FORBIDDEN);
+            return $response;
+        }
 
-		throw $exception;
-	}
+        throw $exception;
+    }
 }

apps/settings/lib/Controller/ChangePasswordController.php

Indentation +210 added lines, -210 removed lines

@@ -47,232 +47,232 @@
 
 class ChangePasswordController extends Controller {
 
-	/** @var string */
-	private $userId;
+    /** @var string */
+    private $userId;
 
-	/** @var IUserManager */
-	private $userManager;
+    /** @var IUserManager */
+    private $userManager;
 
-	/** @var IL10N */
-	private $l;
+    /** @var IL10N */
+    private $l;
 
-	/** @var IGroupManager */
-	private $groupManager;
+    /** @var IGroupManager */
+    private $groupManager;
 
-	/** @var Session */
-	private $userSession;
+    /** @var Session */
+    private $userSession;
 
-	/** @var IAppManager */
-	private $appManager;
+    /** @var IAppManager */
+    private $appManager;
 
-	public function __construct(string $appName,
-								IRequest $request,
-								string $userId,
-								IUserManager $userManager,
-								IUserSession $userSession,
-								IGroupManager $groupManager,
-								IAppManager $appManager,
-								IL10N $l) {
-		parent::__construct($appName, $request);
+    public function __construct(string $appName,
+                                IRequest $request,
+                                string $userId,
+                                IUserManager $userManager,
+                                IUserSession $userSession,
+                                IGroupManager $groupManager,
+                                IAppManager $appManager,
+                                IL10N $l) {
+        parent::__construct($appName, $request);
 
-		$this->userId = $userId;
-		$this->userManager = $userManager;
-		$this->userSession = $userSession;
-		$this->groupManager = $groupManager;
-		$this->appManager = $appManager;
-		$this->l = $l;
-	}
+        $this->userId = $userId;
+        $this->userManager = $userManager;
+        $this->userSession = $userSession;
+        $this->groupManager = $groupManager;
+        $this->appManager = $appManager;
+        $this->l = $l;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @BruteForceProtection(action=changePersonalPassword)
-	 */
-	public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse {
-		$loginName = $this->userSession->getLoginName();
-		/** @var IUser $user */
-		$user = $this->userManager->checkPassword($loginName, $oldpassword);
-		if ($user === false) {
-			$response = new JSONResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $this->l->t('Wrong password'),
-				],
-			]);
-			$response->throttle();
-			return $response;
-		}
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @BruteForceProtection(action=changePersonalPassword)
+     */
+    public function changePersonalPassword(string $oldpassword = '', string $newpassword = null): JSONResponse {
+        $loginName = $this->userSession->getLoginName();
+        /** @var IUser $user */
+        $user = $this->userManager->checkPassword($loginName, $oldpassword);
+        if ($user === false) {
+            $response = new JSONResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $this->l->t('Wrong password'),
+                ],
+            ]);
+            $response->throttle();
+            return $response;
+        }
 
-		try {
-			if ($newpassword === null || $user->setPassword($newpassword) === false) {
-				return new JSONResponse([
-					'status' => 'error'
-				]);
-			}
-			// password policy app throws exception
-		} catch (HintException $e) {
-			return new JSONResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getHint(),
-				],
-			]);
-		}
+        try {
+            if ($newpassword === null || $user->setPassword($newpassword) === false) {
+                return new JSONResponse([
+                    'status' => 'error'
+                ]);
+            }
+            // password policy app throws exception
+        } catch (HintException $e) {
+            return new JSONResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getHint(),
+                ],
+            ]);
+        }
 
-		$this->userSession->updateSessionTokenPassword($newpassword);
+        $this->userSession->updateSessionTokenPassword($newpassword);
 
-		return new JSONResponse([
-			'status' => 'success',
-			'data' => [
-				'message' => $this->l->t('Saved'),
-			],
-		]);
-	}
+        return new JSONResponse([
+            'status' => 'success',
+            'data' => [
+                'message' => $this->l->t('Saved'),
+            ],
+        ]);
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @PasswordConfirmationRequired
-	 */
-	public function changeUserPassword(string $username = null, string $password = null, string $recoveryPassword = null): JSONResponse {
-		if ($username === null) {
-			return new JSONResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $this->l->t('No user supplied'),
-				],
-			]);
-		}
+    /**
+     * @NoAdminRequired
+     * @PasswordConfirmationRequired
+     */
+    public function changeUserPassword(string $username = null, string $password = null, string $recoveryPassword = null): JSONResponse {
+        if ($username === null) {
+            return new JSONResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $this->l->t('No user supplied'),
+                ],
+            ]);
+        }
 
-		if ($password === null) {
-			return new JSONResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $this->l->t('Unable to change password'),
-				],
-			]);
-		}
+        if ($password === null) {
+            return new JSONResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $this->l->t('Unable to change password'),
+                ],
+            ]);
+        }
 
-		$currentUser = $this->userSession->getUser();
-		$targetUser = $this->userManager->get($username);
-		if ($currentUser === null || $targetUser === null ||
-			!($this->groupManager->isAdmin($this->userId) ||
-			 $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser))
-		) {
-			return new JSONResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $this->l->t('Authentication error'),
-				],
-			]);
-		}
+        $currentUser = $this->userSession->getUser();
+        $targetUser = $this->userManager->get($username);
+        if ($currentUser === null || $targetUser === null ||
+            !($this->groupManager->isAdmin($this->userId) ||
+             $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser))
+        ) {
+            return new JSONResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $this->l->t('Authentication error'),
+                ],
+            ]);
+        }
 
-		if ($this->appManager->isEnabledForUser('encryption')) {
-			//handle the recovery case
-			$crypt = new \OCA\Encryption\Crypto\Crypt(
-				\OC::$server->getLogger(),
-				\OC::$server->getUserSession(),
-				\OC::$server->getConfig(),
-				\OC::$server->getL10N('encryption'));
-			$keyStorage = \OC::$server->getEncryptionKeyStorage();
-			$util = new \OCA\Encryption\Util(
-				new \OC\Files\View(),
-				$crypt,
-				\OC::$server->getLogger(),
-				\OC::$server->getUserSession(),
-				\OC::$server->getConfig(),
-				\OC::$server->getUserManager());
-			$keyManager = new \OCA\Encryption\KeyManager(
-				$keyStorage,
-				$crypt,
-				\OC::$server->getConfig(),
-				\OC::$server->getUserSession(),
-				new \OCA\Encryption\Session(\OC::$server->getSession()),
-				\OC::$server->getLogger(),
-				$util);
-			$recovery = new \OCA\Encryption\Recovery(
-				\OC::$server->getUserSession(),
-				$crypt,
-				$keyManager,
-				\OC::$server->getConfig(),
-				\OC::$server->getEncryptionFilesHelper(),
-				new \OC\Files\View());
-			$recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled();
+        if ($this->appManager->isEnabledForUser('encryption')) {
+            //handle the recovery case
+            $crypt = new \OCA\Encryption\Crypto\Crypt(
+                \OC::$server->getLogger(),
+                \OC::$server->getUserSession(),
+                \OC::$server->getConfig(),
+                \OC::$server->getL10N('encryption'));
+            $keyStorage = \OC::$server->getEncryptionKeyStorage();
+            $util = new \OCA\Encryption\Util(
+                new \OC\Files\View(),
+                $crypt,
+                \OC::$server->getLogger(),
+                \OC::$server->getUserSession(),
+                \OC::$server->getConfig(),
+                \OC::$server->getUserManager());
+            $keyManager = new \OCA\Encryption\KeyManager(
+                $keyStorage,
+                $crypt,
+                \OC::$server->getConfig(),
+                \OC::$server->getUserSession(),
+                new \OCA\Encryption\Session(\OC::$server->getSession()),
+                \OC::$server->getLogger(),
+                $util);
+            $recovery = new \OCA\Encryption\Recovery(
+                \OC::$server->getUserSession(),
+                $crypt,
+                $keyManager,
+                \OC::$server->getConfig(),
+                \OC::$server->getEncryptionFilesHelper(),
+                new \OC\Files\View());
+            $recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled();
 
-			$validRecoveryPassword = false;
-			$recoveryEnabledForUser = false;
-			if ($recoveryAdminEnabled) {
-				$validRecoveryPassword = $keyManager->checkRecoveryPassword($recoveryPassword);
-				$recoveryEnabledForUser = $recovery->isRecoveryEnabledForUser($username);
-			}
+            $validRecoveryPassword = false;
+            $recoveryEnabledForUser = false;
+            if ($recoveryAdminEnabled) {
+                $validRecoveryPassword = $keyManager->checkRecoveryPassword($recoveryPassword);
+                $recoveryEnabledForUser = $recovery->isRecoveryEnabledForUser($username);
+            }
 
-			if ($recoveryEnabledForUser && $recoveryPassword === '') {
-				return new JSONResponse([
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l->t('Please provide an admin recovery password; otherwise, all user data will be lost.'),
-					]
-				]);
-			} elseif ($recoveryEnabledForUser && ! $validRecoveryPassword) {
-				return new JSONResponse([
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l->t('Wrong admin recovery password. Please check the password and try again.'),
-					]
-				]);
-			} else { // now we know that everything is fine regarding the recovery password, let's try to change the password
-				try {
-					$result = $targetUser->setPassword($password, $recoveryPassword);
-					// password policy app throws exception
-				} catch (HintException $e) {
-					return new JSONResponse([
-						'status' => 'error',
-						'data' => [
-							'message' => $e->getHint(),
-						],
-					]);
-				}
-				if (!$result && $recoveryEnabledForUser) {
-					return new JSONResponse([
-						'status' => 'error',
-						'data' => [
-							'message' => $this->l->t('Backend doesn\'t support password change, but the user\'s encryption key was updated.'),
-						]
-					]);
-				} elseif (!$result && !$recoveryEnabledForUser) {
-					return new JSONResponse([
-						'status' => 'error',
-						'data' => [
-							'message' => $this->l->t('Unable to change password'),
-						]
-					]);
-				}
-			}
-		} else {
-			try {
-				if ($targetUser->setPassword($password) === false) {
-					return new JSONResponse([
-						'status' => 'error',
-						'data' => [
-							'message' => $this->l->t('Unable to change password'),
-						],
-					]);
-				}
-				// password policy app throws exception
-			} catch (HintException $e) {
-				return new JSONResponse([
-					'status' => 'error',
-					'data' => [
-						'message' => $e->getHint(),
-					],
-				]);
-			}
-		}
+            if ($recoveryEnabledForUser && $recoveryPassword === '') {
+                return new JSONResponse([
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l->t('Please provide an admin recovery password; otherwise, all user data will be lost.'),
+                    ]
+                ]);
+            } elseif ($recoveryEnabledForUser && ! $validRecoveryPassword) {
+                return new JSONResponse([
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l->t('Wrong admin recovery password. Please check the password and try again.'),
+                    ]
+                ]);
+            } else { // now we know that everything is fine regarding the recovery password, let's try to change the password
+                try {
+                    $result = $targetUser->setPassword($password, $recoveryPassword);
+                    // password policy app throws exception
+                } catch (HintException $e) {
+                    return new JSONResponse([
+                        'status' => 'error',
+                        'data' => [
+                            'message' => $e->getHint(),
+                        ],
+                    ]);
+                }
+                if (!$result && $recoveryEnabledForUser) {
+                    return new JSONResponse([
+                        'status' => 'error',
+                        'data' => [
+                            'message' => $this->l->t('Backend doesn\'t support password change, but the user\'s encryption key was updated.'),
+                        ]
+                    ]);
+                } elseif (!$result && !$recoveryEnabledForUser) {
+                    return new JSONResponse([
+                        'status' => 'error',
+                        'data' => [
+                            'message' => $this->l->t('Unable to change password'),
+                        ]
+                    ]);
+                }
+            }
+        } else {
+            try {
+                if ($targetUser->setPassword($password) === false) {
+                    return new JSONResponse([
+                        'status' => 'error',
+                        'data' => [
+                            'message' => $this->l->t('Unable to change password'),
+                        ],
+                    ]);
+                }
+                // password policy app throws exception
+            } catch (HintException $e) {
+                return new JSONResponse([
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $e->getHint(),
+                    ],
+                ]);
+            }
+        }
 
-		return new JSONResponse([
-			'status' => 'success',
-			'data' => [
-				'username' => $username,
-			],
-		]);
-	}
+        return new JSONResponse([
+            'status' => 'success',
+            'data' => [
+                'username' => $username,
+            ],
+        ]);
+    }
 }

apps/settings/lib/Controller/PersonalSettingsController.php

Indentation +65 added lines, -65 removed lines

@@ -36,77 +36,77 @@
 use OCP\Template;
 
 class PersonalSettingsController extends Controller {
-	use CommonSettingsTrait;
+    use CommonSettingsTrait;
 
-	public function __construct(
-		$appName,
-		IRequest $request,
-		INavigationManager $navigationManager,
-		ISettingsManager $settingsManager,
-		IUserSession $userSession,
-		IGroupManager $groupManager,
-		ISubAdmin $subAdmin
-	) {
-		parent::__construct($appName, $request);
-		$this->navigationManager = $navigationManager;
-		$this->settingsManager = $settingsManager;
-		$this->userSession = $userSession;
-		$this->subAdmin = $subAdmin;
-		$this->groupManager = $groupManager;
-	}
+    public function __construct(
+        $appName,
+        IRequest $request,
+        INavigationManager $navigationManager,
+        ISettingsManager $settingsManager,
+        IUserSession $userSession,
+        IGroupManager $groupManager,
+        ISubAdmin $subAdmin
+    ) {
+        parent::__construct($appName, $request);
+        $this->navigationManager = $navigationManager;
+        $this->settingsManager = $settingsManager;
+        $this->userSession = $userSession;
+        $this->subAdmin = $subAdmin;
+        $this->groupManager = $groupManager;
+    }
 
-	/**
-	 * @param string $section
-	 * @return TemplateResponse
-	 *
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 */
-	public function index($section) {
-		return $this->getIndexResponse('personal', $section);
-	}
+    /**
+     * @param string $section
+     * @return TemplateResponse
+     *
+     * @NoCSRFRequired
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     */
+    public function index($section) {
+        return $this->getIndexResponse('personal', $section);
+    }
 
-	/**
-	 * @param string $section
-	 * @return array
-	 */
-	protected function getSettings($section) {
-		$settings = $this->settingsManager->getPersonalSettings($section);
-		$formatted = $this->formatSettings($settings);
-		if ($section === 'additional') {
-			$formatted['content'] .= $this->getLegacyForms();
-		}
-		return $formatted;
-	}
+    /**
+     * @param string $section
+     * @return array
+     */
+    protected function getSettings($section) {
+        $settings = $this->settingsManager->getPersonalSettings($section);
+        $formatted = $this->formatSettings($settings);
+        if ($section === 'additional') {
+            $formatted['content'] .= $this->getLegacyForms();
+        }
+        return $formatted;
+    }
 
-	/**
-	 * @return bool|string
-	 */
-	private function getLegacyForms() {
-		$forms = \OC_App::getForms('personal');
+    /**
+     * @return bool|string
+     */
+    private function getLegacyForms() {
+        $forms = \OC_App::getForms('personal');
 
-		$forms = array_map(function ($form) {
-			if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) {
-				$sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]);
-				$sectionName = str_replace('</h2>', '', $sectionName);
-				$anchor = strtolower($sectionName);
-				$anchor = str_replace(' ', '-', $anchor);
+        $forms = array_map(function ($form) {
+            if (preg_match('%(<h2(?P<class>[^>]*)>.*?</h2>)%i', $form, $regs)) {
+                $sectionName = str_replace('<h2' . $regs['class'] . '>', '', $regs[0]);
+                $sectionName = str_replace('</h2>', '', $sectionName);
+                $anchor = strtolower($sectionName);
+                $anchor = str_replace(' ', '-', $anchor);
 
-				return [
-					'anchor' => $anchor,
-					'section-name' => $sectionName,
-					'form' => $form
-				];
-			}
-			return [
-				'form' => $form
-			];
-		}, $forms);
+                return [
+                    'anchor' => $anchor,
+                    'section-name' => $sectionName,
+                    'form' => $form
+                ];
+            }
+            return [
+                'form' => $form
+            ];
+        }, $forms);
 
-		$out = new Template('settings', 'settings/additional');
-		$out->assign('forms', $forms);
+        $out = new Template('settings', 'settings/additional');
+        $out->assign('forms', $forms);
 
-		return $out->fetchPage();
-	}
+        return $out->fetchPage();
+    }
 }

apps/settings/lib/Controller/UsersController.php

Indentation +465 added lines, -465 removed lines

@@ -57,469 +57,469 @@
 use function in_array;
 
 class UsersController extends Controller {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IGroupManager */
-	private $groupManager;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IConfig */
-	private $config;
-	/** @var bool */
-	private $isAdmin;
-	/** @var IL10N */
-	private $l10n;
-	/** @var IMailer */
-	private $mailer;
-	/** @var IFactory */
-	private $l10nFactory;
-	/** @var IAppManager */
-	private $appManager;
-	/** @var AccountManager */
-	private $accountManager;
-	/** @var Manager */
-	private $keyManager;
-	/** @var IJobList */
-	private $jobList;
-	/** @var IManager */
-	private $encryptionManager;
-
-
-	public function __construct(string $appName,
-								IRequest $request,
-								IUserManager $userManager,
-								IGroupManager $groupManager,
-								IUserSession $userSession,
-								IConfig $config,
-								bool $isAdmin,
-								IL10N $l10n,
-								IMailer $mailer,
-								IFactory $l10nFactory,
-								IAppManager $appManager,
-								AccountManager $accountManager,
-								Manager $keyManager,
-								IJobList $jobList,
-								IManager $encryptionManager) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->groupManager = $groupManager;
-		$this->userSession = $userSession;
-		$this->config = $config;
-		$this->isAdmin = $isAdmin;
-		$this->l10n = $l10n;
-		$this->mailer = $mailer;
-		$this->l10nFactory = $l10nFactory;
-		$this->appManager = $appManager;
-		$this->accountManager = $accountManager;
-		$this->keyManager = $keyManager;
-		$this->jobList = $jobList;
-		$this->encryptionManager = $encryptionManager;
-	}
-
-
-	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 *
-	 * Display users list template
-	 *
-	 * @return TemplateResponse
-	 */
-	public function usersListByGroup() {
-		return $this->usersList();
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 *
-	 * Display users list template
-	 *
-	 * @return TemplateResponse
-	 */
-	public function usersList() {
-		$user = $this->userSession->getUser();
-		$uid = $user->getUID();
-
-		\OC::$server->getNavigationManager()->setActiveEntry('core_users');
-
-		/* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
-		$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
-		$isLDAPUsed = false;
-		if ($this->config->getSystemValue('sort_groups_by_name', false)) {
-			$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
-		} else {
-			if ($this->appManager->isEnabledForUser('user_ldap')) {
-				$isLDAPUsed =
-					$this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
-				if ($isLDAPUsed) {
-					// LDAP user count can be slow, so we sort by group name here
-					$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
-				}
-			}
-		}
-
-		$canChangePassword = $this->canAdminChangeUserPasswords();
-
-		/* GROUPS */
-		$groupsInfo = new \OC\Group\MetaData(
-			$uid,
-			$this->isAdmin,
-			$this->groupManager,
-			$this->userSession
-		);
-
-		$groupsInfo->setSorting($sortGroupsBy);
-		list($adminGroup, $groups) = $groupsInfo->get();
-
-		if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
-			$isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
-				return $ldapFound || $backend instanceof User_Proxy;
-			});
-		}
-
-		$disabledUsers = -1;
-		$userCount = 0;
-
-		if (!$isLDAPUsed) {
-			if ($this->isAdmin) {
-				$disabledUsers = $this->userManager->countDisabledUsers();
-				$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
-					return $v + (int)$w;
-				}, 0);
-			} else {
-				// User is subadmin !
-				// Map group list to names to retrieve the countDisabledUsersOfGroups
-				$userGroups = $this->groupManager->getUserGroups($user);
-				$groupsNames = [];
-
-				foreach ($groups as $key => $group) {
-					// $userCount += (int)$group['usercount'];
-					array_push($groupsNames, $group['name']);
-					// we prevent subadmins from looking up themselves
-					// so we lower the count of the groups he belongs to
-					if (array_key_exists($group['id'], $userGroups)) {
-						$groups[$key]['usercount']--;
-						$userCount -= 1; // we also lower from one the total count
-					}
-				};
-				$userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());
-				$disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);
-			}
-
-			$userCount -= $disabledUsers;
-		}
-
-		$disabledUsersGroup = [
-			'id' => 'disabled',
-			'name' => 'Disabled users',
-			'usercount' => $disabledUsers
-		];
-
-		/* QUOTAS PRESETS */
-		$quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
-		$defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');
-
-		\OC::$server->getEventDispatcher()->dispatch('OC\Settings\Users::loadAdditionalScripts');
-
-		/* LANGUAGES */
-		$languages = $this->l10nFactory->getLanguages();
-
-		/* FINAL DATA */
-		$serverData = [];
-		// groups
-		$serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
-		// Various data
-		$serverData['isAdmin'] = $this->isAdmin;
-		$serverData['sortGroups'] = $sortGroupsBy;
-		$serverData['quotaPreset'] = $quotaPreset;
-		$serverData['userCount'] = $userCount;
-		$serverData['languages'] = $languages;
-		$serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
-		$serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
-		// Settings
-		$serverData['defaultQuota'] = $defaultQuota;
-		$serverData['canChangePassword'] = $canChangePassword;
-		$serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';
-		$serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';
-		$serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';
-
-		return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]);
-	}
-
-	/**
-	 * @param string $key
-	 * @param string $value
-	 *
-	 * @return JSONResponse
-	 */
-	public function setPreference(string $key, string $value): JSONResponse {
-		$allowed = ['newUser.sendEmail'];
-		if (!in_array($key, $allowed, true)) {
-			return new JSONResponse([], Http::STATUS_FORBIDDEN);
-		}
-
-		$this->config->setAppValue('core', $key, $value);
-
-		return new JSONResponse([]);
-	}
-
-	/**
-	 * Parse the app value for quota_present
-	 *
-	 * @param string $quotaPreset
-	 * @return array
-	 */
-	protected function parseQuotaPreset(string $quotaPreset): array {
-		// 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
-		$presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
-		// Drop default and none, Make array indexes numerically
-		return array_values(array_diff($presets, ['default', 'none']));
-	}
-
-	/**
-	 * check if the admin can change the users password
-	 *
-	 * The admin can change the passwords if:
-	 *
-	 *   - no encryption module is loaded and encryption is disabled
-	 *   - encryption module is loaded but it doesn't require per user keys
-	 *
-	 * The admin can not change the passwords if:
-	 *
-	 *   - an encryption module is loaded and it uses per-user keys
-	 *   - encryption is enabled but no encryption modules are loaded
-	 *
-	 * @return bool
-	 */
-	protected function canAdminChangeUserPasswords() {
-		$isEncryptionEnabled = $this->encryptionManager->isEnabled();
-		try {
-			$noUserSpecificEncryptionKeys =!$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
-			$isEncryptionModuleLoaded = true;
-		} catch (ModuleDoesNotExistsException $e) {
-			$noUserSpecificEncryptionKeys = true;
-			$isEncryptionModuleLoaded = false;
-		}
-
-		$canChangePassword = ($isEncryptionEnabled && $isEncryptionModuleLoaded  && $noUserSpecificEncryptionKeys)
-			|| (!$isEncryptionEnabled && !$isEncryptionModuleLoaded)
-			|| (!$isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys);
-
-		return $canChangePassword;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $avatarScope
-	 * @param string $displayname
-	 * @param string $displaynameScope
-	 * @param string $phone
-	 * @param string $phoneScope
-	 * @param string $email
-	 * @param string $emailScope
-	 * @param string $website
-	 * @param string $websiteScope
-	 * @param string $address
-	 * @param string $addressScope
-	 * @param string $twitter
-	 * @param string $twitterScope
-	 * @return DataResponse
-	 */
-	public function setUserSettings($avatarScope,
-									$displayname,
-									$displaynameScope,
-									$phone,
-									$phoneScope,
-									$email,
-									$emailScope,
-									$website,
-									$websiteScope,
-									$address,
-									$addressScope,
-									$twitter,
-									$twitterScope
-	) {
-		if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l10n->t('Invalid mail address')
-					]
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-		$user = $this->userSession->getUser();
-		$data = $this->accountManager->getUser($user);
-		$data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];
-		if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
-			$data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];
-			$data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];
-		}
-		if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
-			$federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
-			$shareProvider = $federatedFileSharing->getFederatedShareProvider();
-			if ($shareProvider->isLookupServerUploadEnabled()) {
-				$data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];
-				$data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];
-				$data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];
-				$data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];
-			}
-		}
-		try {
-			$this->saveUserSettings($user, $data);
-			return new DataResponse(
-				[
-					'status' => 'success',
-					'data' => [
-						'userId' => $user->getUID(),
-						'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],
-						'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],
-						'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],
-						'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],
-						'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],
-						'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],
-						'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
-						'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
-						'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
-						'message' => $this->l10n->t('Settings saved')
-					]
-				],
-				Http::STATUS_OK
-			);
-		} catch (ForbiddenException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage()
-				],
-			]);
-		}
-	}
-	/**
-	 * update account manager with new user data
-	 *
-	 * @param IUser $user
-	 * @param array $data
-	 * @throws ForbiddenException
-	 */
-	protected function saveUserSettings(IUser $user, array $data) {
-		// keep the user back-end up-to-date with the latest display name and email
-		// address
-		$oldDisplayName = $user->getDisplayName();
-		$oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;
-		if (isset($data[AccountManager::PROPERTY_DISPLAYNAME]['value'])
-			&& $oldDisplayName !== $data[AccountManager::PROPERTY_DISPLAYNAME]['value']
-		) {
-			$result = $user->setDisplayName($data[AccountManager::PROPERTY_DISPLAYNAME]['value']);
-			if ($result === false) {
-				throw new ForbiddenException($this->l10n->t('Unable to change full name'));
-			}
-		}
-		$oldEmailAddress = $user->getEMailAddress();
-		$oldEmailAddress = is_null($oldEmailAddress) ? '' : $oldEmailAddress;
-		if (isset($data[AccountManager::PROPERTY_EMAIL]['value'])
-			&& $oldEmailAddress !== $data[AccountManager::PROPERTY_EMAIL]['value']
-		) {
-			// this is the only permission a backend provides and is also used
-			// for the permission of setting a email address
-			if (!$user->canChangeDisplayName()) {
-				throw new ForbiddenException($this->l10n->t('Unable to change email address'));
-			}
-			$user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);
-		}
-		$this->accountManager->updateUser($user, $data);
-	}
-
-	/**
-	 * Set the mail address of a user
-	 *
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $account
-	 * @param bool $onlyVerificationCode only return verification code without updating the data
-	 * @return DataResponse
-	 */
-	public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
-		$user = $this->userSession->getUser();
-
-		if ($user === null) {
-			return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		$accountData = $this->accountManager->getUser($user);
-		$cloudId = $user->getCloudId();
-		$message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
-		$signature = $this->signMessage($user, $message);
-
-		$code = $message . ' ' . $signature;
-		$codeMd5 = $message . ' ' . md5($signature);
-
-		switch ($account) {
-			case 'verify-twitter':
-				$accountData[AccountManager::PROPERTY_TWITTER]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
-				$msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
-				$code = $codeMd5;
-				$type = AccountManager::PROPERTY_TWITTER;
-				$data = $accountData[AccountManager::PROPERTY_TWITTER]['value'];
-				$accountData[AccountManager::PROPERTY_TWITTER]['signature'] = $signature;
-				break;
-			case 'verify-website':
-				$accountData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
-				$msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
-				$type = AccountManager::PROPERTY_WEBSITE;
-				$data = $accountData[AccountManager::PROPERTY_WEBSITE]['value'];
-				$accountData[AccountManager::PROPERTY_WEBSITE]['signature'] = $signature;
-				break;
-			default:
-				return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($onlyVerificationCode === false) {
-			$this->accountManager->updateUser($user, $accountData);
-
-			$this->jobList->add(VerifyUserData::class,
-				[
-					'verificationCode' => $code,
-					'data' => $data,
-					'type' => $type,
-					'uid' => $user->getUID(),
-					'try' => 0,
-					'lastRun' => $this->getCurrentTime()
-				]
-			);
-		}
-
-		return new DataResponse(['msg' => $msg, 'code' => $code]);
-	}
-
-	/**
-	 * get current timestamp
-	 *
-	 * @return int
-	 */
-	protected function getCurrentTime(): int {
-		return time();
-	}
-
-	/**
-	 * sign message with users private key
-	 *
-	 * @param IUser $user
-	 * @param string $message
-	 *
-	 * @return string base64 encoded signature
-	 */
-	protected function signMessage(IUser $user, string $message): string {
-		$privateKey = $this->keyManager->getKey($user)->getPrivate();
-		openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
-		return base64_encode($signature);
-	}
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IGroupManager */
+    private $groupManager;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IConfig */
+    private $config;
+    /** @var bool */
+    private $isAdmin;
+    /** @var IL10N */
+    private $l10n;
+    /** @var IMailer */
+    private $mailer;
+    /** @var IFactory */
+    private $l10nFactory;
+    /** @var IAppManager */
+    private $appManager;
+    /** @var AccountManager */
+    private $accountManager;
+    /** @var Manager */
+    private $keyManager;
+    /** @var IJobList */
+    private $jobList;
+    /** @var IManager */
+    private $encryptionManager;
+
+
+    public function __construct(string $appName,
+                                IRequest $request,
+                                IUserManager $userManager,
+                                IGroupManager $groupManager,
+                                IUserSession $userSession,
+                                IConfig $config,
+                                bool $isAdmin,
+                                IL10N $l10n,
+                                IMailer $mailer,
+                                IFactory $l10nFactory,
+                                IAppManager $appManager,
+                                AccountManager $accountManager,
+                                Manager $keyManager,
+                                IJobList $jobList,
+                                IManager $encryptionManager) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->groupManager = $groupManager;
+        $this->userSession = $userSession;
+        $this->config = $config;
+        $this->isAdmin = $isAdmin;
+        $this->l10n = $l10n;
+        $this->mailer = $mailer;
+        $this->l10nFactory = $l10nFactory;
+        $this->appManager = $appManager;
+        $this->accountManager = $accountManager;
+        $this->keyManager = $keyManager;
+        $this->jobList = $jobList;
+        $this->encryptionManager = $encryptionManager;
+    }
+
+
+    /**
+     * @NoCSRFRequired
+     * @NoAdminRequired
+     *
+     * Display users list template
+     *
+     * @return TemplateResponse
+     */
+    public function usersListByGroup() {
+        return $this->usersList();
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @NoAdminRequired
+     *
+     * Display users list template
+     *
+     * @return TemplateResponse
+     */
+    public function usersList() {
+        $user = $this->userSession->getUser();
+        $uid = $user->getUID();
+
+        \OC::$server->getNavigationManager()->setActiveEntry('core_users');
+
+        /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
+        $sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
+        $isLDAPUsed = false;
+        if ($this->config->getSystemValue('sort_groups_by_name', false)) {
+            $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
+        } else {
+            if ($this->appManager->isEnabledForUser('user_ldap')) {
+                $isLDAPUsed =
+                    $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
+                if ($isLDAPUsed) {
+                    // LDAP user count can be slow, so we sort by group name here
+                    $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
+                }
+            }
+        }
+
+        $canChangePassword = $this->canAdminChangeUserPasswords();
+
+        /* GROUPS */
+        $groupsInfo = new \OC\Group\MetaData(
+            $uid,
+            $this->isAdmin,
+            $this->groupManager,
+            $this->userSession
+        );
+
+        $groupsInfo->setSorting($sortGroupsBy);
+        list($adminGroup, $groups) = $groupsInfo->get();
+
+        if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
+            $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
+                return $ldapFound || $backend instanceof User_Proxy;
+            });
+        }
+
+        $disabledUsers = -1;
+        $userCount = 0;
+
+        if (!$isLDAPUsed) {
+            if ($this->isAdmin) {
+                $disabledUsers = $this->userManager->countDisabledUsers();
+                $userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
+                    return $v + (int)$w;
+                }, 0);
+            } else {
+                // User is subadmin !
+                // Map group list to names to retrieve the countDisabledUsersOfGroups
+                $userGroups = $this->groupManager->getUserGroups($user);
+                $groupsNames = [];
+
+                foreach ($groups as $key => $group) {
+                    // $userCount += (int)$group['usercount'];
+                    array_push($groupsNames, $group['name']);
+                    // we prevent subadmins from looking up themselves
+                    // so we lower the count of the groups he belongs to
+                    if (array_key_exists($group['id'], $userGroups)) {
+                        $groups[$key]['usercount']--;
+                        $userCount -= 1; // we also lower from one the total count
+                    }
+                };
+                $userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());
+                $disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);
+            }
+
+            $userCount -= $disabledUsers;
+        }
+
+        $disabledUsersGroup = [
+            'id' => 'disabled',
+            'name' => 'Disabled users',
+            'usercount' => $disabledUsers
+        ];
+
+        /* QUOTAS PRESETS */
+        $quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
+        $defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');
+
+        \OC::$server->getEventDispatcher()->dispatch('OC\Settings\Users::loadAdditionalScripts');
+
+        /* LANGUAGES */
+        $languages = $this->l10nFactory->getLanguages();
+
+        /* FINAL DATA */
+        $serverData = [];
+        // groups
+        $serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
+        // Various data
+        $serverData['isAdmin'] = $this->isAdmin;
+        $serverData['sortGroups'] = $sortGroupsBy;
+        $serverData['quotaPreset'] = $quotaPreset;
+        $serverData['userCount'] = $userCount;
+        $serverData['languages'] = $languages;
+        $serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
+        $serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
+        // Settings
+        $serverData['defaultQuota'] = $defaultQuota;
+        $serverData['canChangePassword'] = $canChangePassword;
+        $serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';
+        $serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';
+        $serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';
+
+        return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]);
+    }
+
+    /**
+     * @param string $key
+     * @param string $value
+     *
+     * @return JSONResponse
+     */
+    public function setPreference(string $key, string $value): JSONResponse {
+        $allowed = ['newUser.sendEmail'];
+        if (!in_array($key, $allowed, true)) {
+            return new JSONResponse([], Http::STATUS_FORBIDDEN);
+        }
+
+        $this->config->setAppValue('core', $key, $value);
+
+        return new JSONResponse([]);
+    }
+
+    /**
+     * Parse the app value for quota_present
+     *
+     * @param string $quotaPreset
+     * @return array
+     */
+    protected function parseQuotaPreset(string $quotaPreset): array {
+        // 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
+        $presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
+        // Drop default and none, Make array indexes numerically
+        return array_values(array_diff($presets, ['default', 'none']));
+    }
+
+    /**
+     * check if the admin can change the users password
+     *
+     * The admin can change the passwords if:
+     *
+     *   - no encryption module is loaded and encryption is disabled
+     *   - encryption module is loaded but it doesn't require per user keys
+     *
+     * The admin can not change the passwords if:
+     *
+     *   - an encryption module is loaded and it uses per-user keys
+     *   - encryption is enabled but no encryption modules are loaded
+     *
+     * @return bool
+     */
+    protected function canAdminChangeUserPasswords() {
+        $isEncryptionEnabled = $this->encryptionManager->isEnabled();
+        try {
+            $noUserSpecificEncryptionKeys =!$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
+            $isEncryptionModuleLoaded = true;
+        } catch (ModuleDoesNotExistsException $e) {
+            $noUserSpecificEncryptionKeys = true;
+            $isEncryptionModuleLoaded = false;
+        }
+
+        $canChangePassword = ($isEncryptionEnabled && $isEncryptionModuleLoaded  && $noUserSpecificEncryptionKeys)
+            || (!$isEncryptionEnabled && !$isEncryptionModuleLoaded)
+            || (!$isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys);
+
+        return $canChangePassword;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $avatarScope
+     * @param string $displayname
+     * @param string $displaynameScope
+     * @param string $phone
+     * @param string $phoneScope
+     * @param string $email
+     * @param string $emailScope
+     * @param string $website
+     * @param string $websiteScope
+     * @param string $address
+     * @param string $addressScope
+     * @param string $twitter
+     * @param string $twitterScope
+     * @return DataResponse
+     */
+    public function setUserSettings($avatarScope,
+                                    $displayname,
+                                    $displaynameScope,
+                                    $phone,
+                                    $phoneScope,
+                                    $email,
+                                    $emailScope,
+                                    $website,
+                                    $websiteScope,
+                                    $address,
+                                    $addressScope,
+                                    $twitter,
+                                    $twitterScope
+    ) {
+        if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l10n->t('Invalid mail address')
+                    ]
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+        $user = $this->userSession->getUser();
+        $data = $this->accountManager->getUser($user);
+        $data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];
+        if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
+            $data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];
+            $data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];
+        }
+        if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
+            $federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
+            $shareProvider = $federatedFileSharing->getFederatedShareProvider();
+            if ($shareProvider->isLookupServerUploadEnabled()) {
+                $data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];
+                $data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];
+                $data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];
+                $data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];
+            }
+        }
+        try {
+            $this->saveUserSettings($user, $data);
+            return new DataResponse(
+                [
+                    'status' => 'success',
+                    'data' => [
+                        'userId' => $user->getUID(),
+                        'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],
+                        'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],
+                        'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],
+                        'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],
+                        'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],
+                        'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],
+                        'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
+                        'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
+                        'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
+                        'message' => $this->l10n->t('Settings saved')
+                    ]
+                ],
+                Http::STATUS_OK
+            );
+        } catch (ForbiddenException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage()
+                ],
+            ]);
+        }
+    }
+    /**
+     * update account manager with new user data
+     *
+     * @param IUser $user
+     * @param array $data
+     * @throws ForbiddenException
+     */
+    protected function saveUserSettings(IUser $user, array $data) {
+        // keep the user back-end up-to-date with the latest display name and email
+        // address
+        $oldDisplayName = $user->getDisplayName();
+        $oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;
+        if (isset($data[AccountManager::PROPERTY_DISPLAYNAME]['value'])
+            && $oldDisplayName !== $data[AccountManager::PROPERTY_DISPLAYNAME]['value']
+        ) {
+            $result = $user->setDisplayName($data[AccountManager::PROPERTY_DISPLAYNAME]['value']);
+            if ($result === false) {
+                throw new ForbiddenException($this->l10n->t('Unable to change full name'));
+            }
+        }
+        $oldEmailAddress = $user->getEMailAddress();
+        $oldEmailAddress = is_null($oldEmailAddress) ? '' : $oldEmailAddress;
+        if (isset($data[AccountManager::PROPERTY_EMAIL]['value'])
+            && $oldEmailAddress !== $data[AccountManager::PROPERTY_EMAIL]['value']
+        ) {
+            // this is the only permission a backend provides and is also used
+            // for the permission of setting a email address
+            if (!$user->canChangeDisplayName()) {
+                throw new ForbiddenException($this->l10n->t('Unable to change email address'));
+            }
+            $user->setEMailAddress($data[AccountManager::PROPERTY_EMAIL]['value']);
+        }
+        $this->accountManager->updateUser($user, $data);
+    }
+
+    /**
+     * Set the mail address of a user
+     *
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $account
+     * @param bool $onlyVerificationCode only return verification code without updating the data
+     * @return DataResponse
+     */
+    public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
+        $user = $this->userSession->getUser();
+
+        if ($user === null) {
+            return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        $accountData = $this->accountManager->getUser($user);
+        $cloudId = $user->getCloudId();
+        $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
+        $signature = $this->signMessage($user, $message);
+
+        $code = $message . ' ' . $signature;
+        $codeMd5 = $message . ' ' . md5($signature);
+
+        switch ($account) {
+            case 'verify-twitter':
+                $accountData[AccountManager::PROPERTY_TWITTER]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
+                $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
+                $code = $codeMd5;
+                $type = AccountManager::PROPERTY_TWITTER;
+                $data = $accountData[AccountManager::PROPERTY_TWITTER]['value'];
+                $accountData[AccountManager::PROPERTY_TWITTER]['signature'] = $signature;
+                break;
+            case 'verify-website':
+                $accountData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::VERIFICATION_IN_PROGRESS;
+                $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
+                $type = AccountManager::PROPERTY_WEBSITE;
+                $data = $accountData[AccountManager::PROPERTY_WEBSITE]['value'];
+                $accountData[AccountManager::PROPERTY_WEBSITE]['signature'] = $signature;
+                break;
+            default:
+                return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($onlyVerificationCode === false) {
+            $this->accountManager->updateUser($user, $accountData);
+
+            $this->jobList->add(VerifyUserData::class,
+                [
+                    'verificationCode' => $code,
+                    'data' => $data,
+                    'type' => $type,
+                    'uid' => $user->getUID(),
+                    'try' => 0,
+                    'lastRun' => $this->getCurrentTime()
+                ]
+            );
+        }
+
+        return new DataResponse(['msg' => $msg, 'code' => $code]);
+    }
+
+    /**
+     * get current timestamp
+     *
+     * @return int
+     */
+    protected function getCurrentTime(): int {
+        return time();
+    }
+
+    /**
+     * sign message with users private key
+     *
+     * @param IUser $user
+     * @param string $message
+     *
+     * @return string base64 encoded signature
+     */
+    protected function signMessage(IUser $user, string $message): string {
+        $privateKey = $this->keyManager->getKey($user)->getPrivate();
+        openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
+        return base64_encode($signature);
+    }
 }

apps/settings/lib/Controller/WebAuthnController.php

Indentation +77 added lines, -77 removed lines

@@ -38,81 +38,81 @@
 use Webauthn\PublicKeyCredentialCreationOptions;
 
 class WebAuthnController extends Controller {
-	private const WEBAUTHN_REGISTRATION = 'webauthn_registration';
-
-	/** @var Manager */
-	private $manager;
-
-	/** @var IUserSession */
-	private $userSession;
-	/**
-	 * @var ISession
-	 */
-	private $session;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-
-	public function __construct(IRequest $request, ILogger $logger, Manager $webAuthnManager, IUserSession $userSession, ISession $session) {
-		parent::__construct(Application::APP_ID, $request);
-
-		$this->manager = $webAuthnManager;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->logger = $logger;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 * @UseSession
-	 * @NoCSRFRequired
-	 */
-	public function startRegistration(): JSONResponse {
-		$this->logger->debug('Starting WebAuthn registration');
-
-		$credentialOptions = $this->manager->startRegistration($this->userSession->getUser(), $this->request->getServerHost());
-
-		// Set this in the session since we need it on finish
-		$this->session->set(self::WEBAUTHN_REGISTRATION, $credentialOptions);
-
-		return new JSONResponse($credentialOptions);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 * @UseSession
-	 */
-	public function finishRegistration(string $name, string $data): JSONResponse {
-		$this->logger->debug('Finishing WebAuthn registration');
-
-		if (!$this->session->exists(self::WEBAUTHN_REGISTRATION)) {
-			$this->logger->debug('Trying to finish WebAuthn registration without session data');
-			return new JSONResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		// Obtain the publicKeyCredentialOptions from when we started the registration
-		$publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromArray($this->session->get(self::WEBAUTHN_REGISTRATION));
-
-		$this->session->remove(self::WEBAUTHN_REGISTRATION);
-
-		return new JSONResponse($this->manager->finishRegister($publicKeyCredentialCreationOptions, $name, $data));
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 */
-	public function deleteRegistration(int $id): JSONResponse {
-		$this->logger->debug('Finishing WebAuthn registration');
-
-		$this->manager->deleteRegistration($this->userSession->getUser(), $id);
-
-		return new JSONResponse([]);
-	}
+    private const WEBAUTHN_REGISTRATION = 'webauthn_registration';
+
+    /** @var Manager */
+    private $manager;
+
+    /** @var IUserSession */
+    private $userSession;
+    /**
+     * @var ISession
+     */
+    private $session;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+
+    public function __construct(IRequest $request, ILogger $logger, Manager $webAuthnManager, IUserSession $userSession, ISession $session) {
+        parent::__construct(Application::APP_ID, $request);
+
+        $this->manager = $webAuthnManager;
+        $this->userSession = $userSession;
+        $this->session = $session;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     * @UseSession
+     * @NoCSRFRequired
+     */
+    public function startRegistration(): JSONResponse {
+        $this->logger->debug('Starting WebAuthn registration');
+
+        $credentialOptions = $this->manager->startRegistration($this->userSession->getUser(), $this->request->getServerHost());
+
+        // Set this in the session since we need it on finish
+        $this->session->set(self::WEBAUTHN_REGISTRATION, $credentialOptions);
+
+        return new JSONResponse($credentialOptions);
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     * @UseSession
+     */
+    public function finishRegistration(string $name, string $data): JSONResponse {
+        $this->logger->debug('Finishing WebAuthn registration');
+
+        if (!$this->session->exists(self::WEBAUTHN_REGISTRATION)) {
+            $this->logger->debug('Trying to finish WebAuthn registration without session data');
+            return new JSONResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        // Obtain the publicKeyCredentialOptions from when we started the registration
+        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromArray($this->session->get(self::WEBAUTHN_REGISTRATION));
+
+        $this->session->remove(self::WEBAUTHN_REGISTRATION);
+
+        return new JSONResponse($this->manager->finishRegister($publicKeyCredentialCreationOptions, $name, $data));
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     */
+    public function deleteRegistration(int $id): JSONResponse {
+        $this->logger->debug('Finishing WebAuthn registration');
+
+        $this->manager->deleteRegistration($this->userSession->getUser(), $id);
+
+        return new JSONResponse([]);
+    }
 }

apps/settings/lib/Controller/HelpController.php

Indentation +51 added lines, -51 removed lines

@@ -37,62 +37,62 @@
 
 class HelpController extends Controller {
 
-	/** @var INavigationManager */
-	private $navigationManager;
-	/** @var IUserSession */
-	private $urlGenerator;
-	/** @var IGroupManager */
-	private $groupManager;
+    /** @var INavigationManager */
+    private $navigationManager;
+    /** @var IUserSession */
+    private $urlGenerator;
+    /** @var IGroupManager */
+    private $groupManager;
 
-	/** @var string */
-	private $userId;
+    /** @var string */
+    private $userId;
 
-	public function __construct(
-		string $appName,
-		IRequest $request,
-		INavigationManager $navigationManager,
-		IURLGenerator $urlGenerator,
-		?string $userId,
-		IGroupManager $groupManager
-	) {
-		parent::__construct($appName, $request);
-		$this->navigationManager = $navigationManager;
-		$this->urlGenerator = $urlGenerator;
-		$this->userId = $userId;
-		$this->groupManager = $groupManager;
-	}
+    public function __construct(
+        string $appName,
+        IRequest $request,
+        INavigationManager $navigationManager,
+        IURLGenerator $urlGenerator,
+        ?string $userId,
+        IGroupManager $groupManager
+    ) {
+        parent::__construct($appName, $request);
+        $this->navigationManager = $navigationManager;
+        $this->urlGenerator = $urlGenerator;
+        $this->userId = $userId;
+        $this->groupManager = $groupManager;
+    }
 
-	/**
-	 * @return TemplateResponse
-	 *
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 */
-	public function help(string $mode = 'user'): TemplateResponse {
-		$this->navigationManager->setActiveEntry('help');
+    /**
+     * @return TemplateResponse
+     *
+     * @NoCSRFRequired
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     */
+    public function help(string $mode = 'user'): TemplateResponse {
+        $this->navigationManager->setActiveEntry('help');
 
-		if (!isset($mode) || $mode !== 'admin') {
-			$mode = 'user';
-		}
+        if (!isset($mode) || $mode !== 'admin') {
+            $mode = 'user';
+        }
 
-		$documentationUrl = $this->urlGenerator->getAbsoluteURL(
-			$this->urlGenerator->linkTo('core', 'doc/' . $mode . '/index.html')
-		);
+        $documentationUrl = $this->urlGenerator->getAbsoluteURL(
+            $this->urlGenerator->linkTo('core', 'doc/' . $mode . '/index.html')
+        );
 
-		$urlUserDocs = $this->urlGenerator->linkToRoute('settings.Help.help', ['mode' => 'user']);
-		$urlAdminDocs = $this->urlGenerator->linkToRoute('settings.Help.help', ['mode' => 'admin']);
+        $urlUserDocs = $this->urlGenerator->linkToRoute('settings.Help.help', ['mode' => 'user']);
+        $urlAdminDocs = $this->urlGenerator->linkToRoute('settings.Help.help', ['mode' => 'admin']);
 
-		$response = new TemplateResponse('settings', 'help', [
-			'admin' => $this->groupManager->isAdmin($this->userId),
-			'url' => $documentationUrl,
-			'urlUserDocs' => $urlUserDocs,
-			'urlAdminDocs' => $urlAdminDocs,
-			'mode' => $mode,
-		]);
-		$policy = new ContentSecurityPolicy();
-		$policy->addAllowedFrameDomain('\'self\'');
-		$response->setContentSecurityPolicy($policy);
-		return $response;
-	}
+        $response = new TemplateResponse('settings', 'help', [
+            'admin' => $this->groupManager->isAdmin($this->userId),
+            'url' => $documentationUrl,
+            'urlUserDocs' => $urlUserDocs,
+            'urlAdminDocs' => $urlAdminDocs,
+            'mode' => $mode,
+        ]);
+        $policy = new ContentSecurityPolicy();
+        $policy->addAllowedFrameDomain('\'self\'');
+        $response->setContentSecurityPolicy($policy);
+        return $response;
+    }
 }

apps/settings/lib/Controller/AuthSettingsController.php

Indentation +244 added lines, -244 removed lines

@@ -55,248 +55,248 @@
 
 class AuthSettingsController extends Controller {
 
-	/** @var IProvider */
-	private $tokenProvider;
-
-	/** @var ISession */
-	private $session;
-
-	/** IUserSession */
-	private $userSession;
-
-	/** @var string */
-	private $uid;
-
-	/** @var ISecureRandom */
-	private $random;
-
-	/** @var IManager */
-	private $activityManager;
-
-	/** @var RemoteWipe */
-	private $remoteWipe;
-
-	/** @var ILogger */
-	private $logger;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IProvider $tokenProvider
-	 * @param ISession $session
-	 * @param ISecureRandom $random
-	 * @param string|null $userId
-	 * @param IUserSession $userSession
-	 * @param IManager $activityManager
-	 * @param RemoteWipe $remoteWipe
-	 * @param ILogger $logger
-	 */
-	public function __construct(string $appName,
-								IRequest $request,
-								IProvider $tokenProvider,
-								ISession $session,
-								ISecureRandom $random,
-								?string $userId,
-								IUserSession $userSession,
-								IManager $activityManager,
-								RemoteWipe $remoteWipe,
-								ILogger $logger) {
-		parent::__construct($appName, $request);
-		$this->tokenProvider = $tokenProvider;
-		$this->uid = $userId;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->random = $random;
-		$this->activityManager = $activityManager;
-		$this->remoteWipe = $remoteWipe;
-		$this->logger = $logger;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $name
-	 * @return JSONResponse
-	 */
-	public function create($name) {
-		try {
-			$sessionId = $this->session->getId();
-		} catch (SessionNotAvailableException $ex) {
-			return $this->getServiceNotAvailableResponse();
-		}
-		if ($this->userSession->getImpersonatingUserID() !== null) {
-			return $this->getServiceNotAvailableResponse();
-		}
-
-		try {
-			$sessionToken = $this->tokenProvider->getToken($sessionId);
-			$loginName = $sessionToken->getLoginName();
-			try {
-				$password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
-			} catch (PasswordlessTokenException $ex) {
-				$password = null;
-			}
-		} catch (InvalidTokenException $ex) {
-			return $this->getServiceNotAvailableResponse();
-		}
-
-		$token = $this->generateRandomDeviceToken();
-		$deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
-		$tokenData = $deviceToken->jsonSerialize();
-		$tokenData['canDelete'] = true;
-		$tokenData['canRename'] = true;
-
-		$this->publishActivity(Provider::APP_TOKEN_CREATED, $deviceToken->getId(), ['name' => $deviceToken->getName()]);
-
-		return new JSONResponse([
-			'token' => $token,
-			'loginName' => $loginName,
-			'deviceToken' => $tokenData,
-		]);
-	}
-
-	/**
-	 * @return JSONResponse
-	 */
-	private function getServiceNotAvailableResponse() {
-		$resp = new JSONResponse();
-		$resp->setStatus(Http::STATUS_SERVICE_UNAVAILABLE);
-		return $resp;
-	}
-
-	/**
-	 * Return a 25 digit device password
-	 *
-	 * Example: AbCdE-fGhJk-MnPqR-sTwXy-23456
-	 *
-	 * @return string
-	 */
-	private function generateRandomDeviceToken() {
-		$groups = [];
-		for ($i = 0; $i < 5; $i++) {
-			$groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
-		}
-		return implode('-', $groups);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 *
-	 * @param int $id
-	 * @return array|JSONResponse
-	 */
-	public function destroy($id) {
-		try {
-			$token = $this->findTokenByIdAndUser($id);
-		} catch (WipeTokenException $e) {
-			//continue as we can destroy tokens in wipe
-			$token = $e->getToken();
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		}
-
-		$this->tokenProvider->invalidateTokenById($this->uid, $token->getId());
-		$this->publishActivity(Provider::APP_TOKEN_DELETED, $token->getId(), ['name' => $token->getName()]);
-		return [];
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 *
-	 * @param int $id
-	 * @param array $scope
-	 * @param string $name
-	 * @return array|JSONResponse
-	 */
-	public function update($id, array $scope, string $name) {
-		try {
-			$token = $this->findTokenByIdAndUser($id);
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		}
-
-		$currentName = $token->getName();
-
-		if ($scope !== $token->getScopeAsArray()) {
-			$token->setScope(['filesystem' => $scope['filesystem']]);
-			$this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
-		}
-
-		if ($token instanceof INamedToken && $name !== $currentName) {
-			$token->setName($name);
-			$this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]);
-		}
-
-		$this->tokenProvider->updateToken($token);
-		return [];
-	}
-
-	/**
-	 * @param string $subject
-	 * @param int $id
-	 * @param array $parameters
-	 */
-	private function publishActivity(string $subject, int $id, array $parameters = []): void {
-		$event = $this->activityManager->generateEvent();
-		$event->setApp('settings')
-			->setType('security')
-			->setAffectedUser($this->uid)
-			->setAuthor($this->uid)
-			->setSubject($subject, $parameters)
-			->setObject('app_token', $id, 'App Password');
-
-		try {
-			$this->activityManager->publish($event);
-		} catch (BadMethodCallException $e) {
-			$this->logger->warning('could not publish activity');
-			$this->logger->logException($e);
-		}
-	}
-
-	/**
-	 * Find a token by given id and check if uid for current session belongs to this token
-	 *
-	 * @param int $id
-	 * @return IToken
-	 * @throws InvalidTokenException
-	 */
-	private function findTokenByIdAndUser(int $id): IToken {
-		try {
-			$token = $this->tokenProvider->getTokenById($id);
-		} catch (ExpiredTokenException $e) {
-			$token = $e->getToken();
-		}
-		if ($token->getUID() !== $this->uid) {
-			throw new InvalidTokenException('This token does not belong to you!');
-		}
-		return $token;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param int $id
-	 * @return JSONResponse
-	 * @throws InvalidTokenException
-	 * @throws \OC\Authentication\Exceptions\ExpiredTokenException
-	 */
-	public function wipe(int $id): JSONResponse {
-		try {
-			$token = $this->findTokenByIdAndUser($id);
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		}
-
-		if (!$this->remoteWipe->markTokenForWipe($token)) {
-			return new JSONResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		return new JSONResponse([]);
-	}
+    /** @var IProvider */
+    private $tokenProvider;
+
+    /** @var ISession */
+    private $session;
+
+    /** IUserSession */
+    private $userSession;
+
+    /** @var string */
+    private $uid;
+
+    /** @var ISecureRandom */
+    private $random;
+
+    /** @var IManager */
+    private $activityManager;
+
+    /** @var RemoteWipe */
+    private $remoteWipe;
+
+    /** @var ILogger */
+    private $logger;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IProvider $tokenProvider
+     * @param ISession $session
+     * @param ISecureRandom $random
+     * @param string|null $userId
+     * @param IUserSession $userSession
+     * @param IManager $activityManager
+     * @param RemoteWipe $remoteWipe
+     * @param ILogger $logger
+     */
+    public function __construct(string $appName,
+                                IRequest $request,
+                                IProvider $tokenProvider,
+                                ISession $session,
+                                ISecureRandom $random,
+                                ?string $userId,
+                                IUserSession $userSession,
+                                IManager $activityManager,
+                                RemoteWipe $remoteWipe,
+                                ILogger $logger) {
+        parent::__construct($appName, $request);
+        $this->tokenProvider = $tokenProvider;
+        $this->uid = $userId;
+        $this->userSession = $userSession;
+        $this->session = $session;
+        $this->random = $random;
+        $this->activityManager = $activityManager;
+        $this->remoteWipe = $remoteWipe;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $name
+     * @return JSONResponse
+     */
+    public function create($name) {
+        try {
+            $sessionId = $this->session->getId();
+        } catch (SessionNotAvailableException $ex) {
+            return $this->getServiceNotAvailableResponse();
+        }
+        if ($this->userSession->getImpersonatingUserID() !== null) {
+            return $this->getServiceNotAvailableResponse();
+        }
+
+        try {
+            $sessionToken = $this->tokenProvider->getToken($sessionId);
+            $loginName = $sessionToken->getLoginName();
+            try {
+                $password = $this->tokenProvider->getPassword($sessionToken, $sessionId);
+            } catch (PasswordlessTokenException $ex) {
+                $password = null;
+            }
+        } catch (InvalidTokenException $ex) {
+            return $this->getServiceNotAvailableResponse();
+        }
+
+        $token = $this->generateRandomDeviceToken();
+        $deviceToken = $this->tokenProvider->generateToken($token, $this->uid, $loginName, $password, $name, IToken::PERMANENT_TOKEN);
+        $tokenData = $deviceToken->jsonSerialize();
+        $tokenData['canDelete'] = true;
+        $tokenData['canRename'] = true;
+
+        $this->publishActivity(Provider::APP_TOKEN_CREATED, $deviceToken->getId(), ['name' => $deviceToken->getName()]);
+
+        return new JSONResponse([
+            'token' => $token,
+            'loginName' => $loginName,
+            'deviceToken' => $tokenData,
+        ]);
+    }
+
+    /**
+     * @return JSONResponse
+     */
+    private function getServiceNotAvailableResponse() {
+        $resp = new JSONResponse();
+        $resp->setStatus(Http::STATUS_SERVICE_UNAVAILABLE);
+        return $resp;
+    }
+
+    /**
+     * Return a 25 digit device password
+     *
+     * Example: AbCdE-fGhJk-MnPqR-sTwXy-23456
+     *
+     * @return string
+     */
+    private function generateRandomDeviceToken() {
+        $groups = [];
+        for ($i = 0; $i < 5; $i++) {
+            $groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
+        }
+        return implode('-', $groups);
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     *
+     * @param int $id
+     * @return array|JSONResponse
+     */
+    public function destroy($id) {
+        try {
+            $token = $this->findTokenByIdAndUser($id);
+        } catch (WipeTokenException $e) {
+            //continue as we can destroy tokens in wipe
+            $token = $e->getToken();
+        } catch (InvalidTokenException $e) {
+            return new JSONResponse([], Http::STATUS_NOT_FOUND);
+        }
+
+        $this->tokenProvider->invalidateTokenById($this->uid, $token->getId());
+        $this->publishActivity(Provider::APP_TOKEN_DELETED, $token->getId(), ['name' => $token->getName()]);
+        return [];
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     *
+     * @param int $id
+     * @param array $scope
+     * @param string $name
+     * @return array|JSONResponse
+     */
+    public function update($id, array $scope, string $name) {
+        try {
+            $token = $this->findTokenByIdAndUser($id);
+        } catch (InvalidTokenException $e) {
+            return new JSONResponse([], Http::STATUS_NOT_FOUND);
+        }
+
+        $currentName = $token->getName();
+
+        if ($scope !== $token->getScopeAsArray()) {
+            $token->setScope(['filesystem' => $scope['filesystem']]);
+            $this->publishActivity($scope['filesystem'] ? Provider::APP_TOKEN_FILESYSTEM_GRANTED : Provider::APP_TOKEN_FILESYSTEM_REVOKED, $token->getId(), ['name' => $currentName]);
+        }
+
+        if ($token instanceof INamedToken && $name !== $currentName) {
+            $token->setName($name);
+            $this->publishActivity(Provider::APP_TOKEN_RENAMED, $token->getId(), ['name' => $currentName, 'newName' => $name]);
+        }
+
+        $this->tokenProvider->updateToken($token);
+        return [];
+    }
+
+    /**
+     * @param string $subject
+     * @param int $id
+     * @param array $parameters
+     */
+    private function publishActivity(string $subject, int $id, array $parameters = []): void {
+        $event = $this->activityManager->generateEvent();
+        $event->setApp('settings')
+            ->setType('security')
+            ->setAffectedUser($this->uid)
+            ->setAuthor($this->uid)
+            ->setSubject($subject, $parameters)
+            ->setObject('app_token', $id, 'App Password');
+
+        try {
+            $this->activityManager->publish($event);
+        } catch (BadMethodCallException $e) {
+            $this->logger->warning('could not publish activity');
+            $this->logger->logException($e);
+        }
+    }
+
+    /**
+     * Find a token by given id and check if uid for current session belongs to this token
+     *
+     * @param int $id
+     * @return IToken
+     * @throws InvalidTokenException
+     */
+    private function findTokenByIdAndUser(int $id): IToken {
+        try {
+            $token = $this->tokenProvider->getTokenById($id);
+        } catch (ExpiredTokenException $e) {
+            $token = $e->getToken();
+        }
+        if ($token->getUID() !== $this->uid) {
+            throw new InvalidTokenException('This token does not belong to you!');
+        }
+        return $token;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param int $id
+     * @return JSONResponse
+     * @throws InvalidTokenException
+     * @throws \OC\Authentication\Exceptions\ExpiredTokenException
+     */
+    public function wipe(int $id): JSONResponse {
+        try {
+            $token = $this->findTokenByIdAndUser($id);
+        } catch (InvalidTokenException $e) {
+            return new JSONResponse([], Http::STATUS_NOT_FOUND);
+        }
+
+        if (!$this->remoteWipe->markTokenForWipe($token)) {
+            return new JSONResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        return new JSONResponse([]);
+    }
 }

lib/private/AppFramework/Utility/ControllerMethodReflector.php

Indentation +99 added lines, -99 removed lines

@@ -39,103 +39,103 @@
  * Reads and parses annotations from doc comments
  */
 class ControllerMethodReflector implements IControllerMethodReflector {
-	public $annotations = [];
-	private $types = [];
-	private $parameters = [];
-
-	/**
-	 * @param object $object an object or classname
-	 * @param string $method the method which we want to inspect
-	 */
-	public function reflect($object, string $method) {
-		$reflection = new \ReflectionMethod($object, $method);
-		$docs = $reflection->getDocComment();
-
-		if ($docs !== false) {
-			// extract everything prefixed by @ and first letter uppercase
-			preg_match_all('/^\h+\*\h+@(?P<annotation>[A-Z]\w+)((?P<parameter>.*))?$/m', $docs, $matches);
-			foreach ($matches['annotation'] as $key => $annontation) {
-				$annontation = strtolower($annontation);
-				$annotationValue = $matches['parameter'][$key];
-				if (isset($annotationValue[0]) && $annotationValue[0] === '(' && $annotationValue[\strlen($annotationValue) - 1] === ')') {
-					$cutString = substr($annotationValue, 1, -1);
-					$cutString = str_replace(' ', '', $cutString);
-					$splittedArray = explode(',', $cutString);
-					foreach ($splittedArray as $annotationValues) {
-						list($key, $value) = explode('=', $annotationValues);
-						$this->annotations[$annontation][$key] = $value;
-					}
-					continue;
-				}
-
-				$this->annotations[$annontation] = [$annotationValue];
-			}
-
-			// extract type parameter information
-			preg_match_all('/@param\h+(?P<type>\w+)\h+\$(?P<var>\w+)/', $docs, $matches);
-			$this->types = array_combine($matches['var'], $matches['type']);
-		}
-
-		foreach ($reflection->getParameters() as $param) {
-			// extract type information from PHP 7 scalar types and prefer them over phpdoc annotations
-			$type = $param->getType();
-			if ($type instanceof \ReflectionNamedType) {
-				$this->types[$param->getName()] = $type->getName();
-			}
-
-			$default = null;
-			if ($param->isOptional()) {
-				$default = $param->getDefaultValue();
-			}
-			$this->parameters[$param->name] = $default;
-		}
-	}
-
-	/**
-	 * Inspects the PHPDoc parameters for types
-	 * @param string $parameter the parameter whose type comments should be
-	 * parsed
-	 * @return string|null type in the type parameters (@param int $something)
-	 * would return int or null if not existing
-	 */
-	public function getType(string $parameter) {
-		if (array_key_exists($parameter, $this->types)) {
-			return $this->types[$parameter];
-		}
-
-		return null;
-	}
-
-	/**
-	 * @return array the arguments of the method with key => default value
-	 */
-	public function getParameters(): array {
-		return $this->parameters;
-	}
-
-	/**
-	 * Check if a method contains an annotation
-	 * @param string $name the name of the annotation
-	 * @return bool true if the annotation is found
-	 */
-	public function hasAnnotation(string $name): bool {
-		$name = strtolower($name);
-		return array_key_exists($name, $this->annotations);
-	}
-
-	/**
-	 * Get optional annotation parameter by key
-	 *
-	 * @param string $name the name of the annotation
-	 * @param string $key the string of the annotation
-	 * @return string
-	 */
-	public function getAnnotationParameter(string $name, string $key): string {
-		$name = strtolower($name);
-		if (isset($this->annotations[$name][$key])) {
-			return $this->annotations[$name][$key];
-		}
-
-		return '';
-	}
+    public $annotations = [];
+    private $types = [];
+    private $parameters = [];
+
+    /**
+     * @param object $object an object or classname
+     * @param string $method the method which we want to inspect
+     */
+    public function reflect($object, string $method) {
+        $reflection = new \ReflectionMethod($object, $method);
+        $docs = $reflection->getDocComment();
+
+        if ($docs !== false) {
+            // extract everything prefixed by @ and first letter uppercase
+            preg_match_all('/^\h+\*\h+@(?P<annotation>[A-Z]\w+)((?P<parameter>.*))?$/m', $docs, $matches);
+            foreach ($matches['annotation'] as $key => $annontation) {
+                $annontation = strtolower($annontation);
+                $annotationValue = $matches['parameter'][$key];
+                if (isset($annotationValue[0]) && $annotationValue[0] === '(' && $annotationValue[\strlen($annotationValue) - 1] === ')') {
+                    $cutString = substr($annotationValue, 1, -1);
+                    $cutString = str_replace(' ', '', $cutString);
+                    $splittedArray = explode(',', $cutString);
+                    foreach ($splittedArray as $annotationValues) {
+                        list($key, $value) = explode('=', $annotationValues);
+                        $this->annotations[$annontation][$key] = $value;
+                    }
+                    continue;
+                }
+
+                $this->annotations[$annontation] = [$annotationValue];
+            }
+
+            // extract type parameter information
+            preg_match_all('/@param\h+(?P<type>\w+)\h+\$(?P<var>\w+)/', $docs, $matches);
+            $this->types = array_combine($matches['var'], $matches['type']);
+        }
+
+        foreach ($reflection->getParameters() as $param) {
+            // extract type information from PHP 7 scalar types and prefer them over phpdoc annotations
+            $type = $param->getType();
+            if ($type instanceof \ReflectionNamedType) {
+                $this->types[$param->getName()] = $type->getName();
+            }
+
+            $default = null;
+            if ($param->isOptional()) {
+                $default = $param->getDefaultValue();
+            }
+            $this->parameters[$param->name] = $default;
+        }
+    }
+
+    /**
+     * Inspects the PHPDoc parameters for types
+     * @param string $parameter the parameter whose type comments should be
+     * parsed
+     * @return string|null type in the type parameters (@param int $something)
+     * would return int or null if not existing
+     */
+    public function getType(string $parameter) {
+        if (array_key_exists($parameter, $this->types)) {
+            return $this->types[$parameter];
+        }
+
+        return null;
+    }
+
+    /**
+     * @return array the arguments of the method with key => default value
+     */
+    public function getParameters(): array {
+        return $this->parameters;
+    }
+
+    /**
+     * Check if a method contains an annotation
+     * @param string $name the name of the annotation
+     * @return bool true if the annotation is found
+     */
+    public function hasAnnotation(string $name): bool {
+        $name = strtolower($name);
+        return array_key_exists($name, $this->annotations);
+    }
+
+    /**
+     * Get optional annotation parameter by key
+     *
+     * @param string $name the name of the annotation
+     * @param string $key the string of the annotation
+     * @return string
+     */
+    public function getAnnotationParameter(string $name, string $key): string {
+        $name = strtolower($name);
+        if (isset($this->annotations[$name][$key])) {
+            return $this->annotations[$name][$key];
+        }
+
+        return '';
+    }
 }