Inspection of "Add Clear-Site-Data header" - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#5490)

by Lukas

created 2017-06-20 17:49 UTC

Status

Indentation +248 added lines, -248 removed lines patch added patch discarded remove patch

@@ -49,278 +49,278 @@
 block discarded – undo
 use OC\Hooks\PublicEmitter;
 
 class LoginController extends Controller {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IConfig */
-	private $config;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession|Session */
-	private $userSession;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var Manager */
-	private $twoFactorManager;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ISession */
+    private $session;
+    /** @var IUserSession|Session */
+    private $userSession;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var Manager */
+    private $twoFactorManager;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserManager $userManager
-	 * @param IConfig $config
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param Manager $twoFactorManager
-	 */
-	public function __construct($appName,
-						 IRequest $request,
-						 IUserManager $userManager,
-						 IConfig $config,
-						 ISession $session,
-						 IUserSession $userSession,
-						 IURLGenerator $urlGenerator,
-						 ILogger $logger,
-						 Manager $twoFactorManager) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->config = $config;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->twoFactorManager = $twoFactorManager;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserManager $userManager
+     * @param IConfig $config
+     * @param ISession $session
+     * @param IUserSession $userSession
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param Manager $twoFactorManager
+     */
+    public function __construct($appName,
+                            IRequest $request,
+                            IUserManager $userManager,
+                            IConfig $config,
+                            ISession $session,
+                            IUserSession $userSession,
+                            IURLGenerator $urlGenerator,
+                            ILogger $logger,
+                            Manager $twoFactorManager) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->config = $config;
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->twoFactorManager = $twoFactorManager;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @return RedirectResponse
-	 */
-	public function logout() {
-		$loginToken = $this->request->getCookie('nc_token');
-		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
-		}
-		$this->userSession->logout();
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @return RedirectResponse
+     */
+    public function logout() {
+        $loginToken = $this->request->getCookie('nc_token');
+        if (!is_null($loginToken)) {
+            $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+        }
+        $this->userSession->logout();
 
-		$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
-		$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
-		return $response;
-	}
+        $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
+        $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
+        return $response;
+    }
 
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $user
-	 * @param string $redirect_url
-	 * @param string $remember_login
-	 *
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showLoginForm($user, $redirect_url, $remember_login) {
-		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse(OC_Util::getDefaultPageUrl());
-		}
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $user
+     * @param string $redirect_url
+     * @param string $remember_login
+     *
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showLoginForm($user, $redirect_url, $remember_login) {
+        if ($this->userSession->isLoggedIn()) {
+            return new RedirectResponse(OC_Util::getDefaultPageUrl());
+        }
 
-		$parameters = array();
-		$loginMessages = $this->session->get('loginMessages');
-		$errors = [];
-		$messages = [];
-		if (is_array($loginMessages)) {
-			list($errors, $messages) = $loginMessages;
-		}
-		$this->session->remove('loginMessages');
-		foreach ($errors as $value) {
-			$parameters[$value] = true;
-		}
+        $parameters = array();
+        $loginMessages = $this->session->get('loginMessages');
+        $errors = [];
+        $messages = [];
+        if (is_array($loginMessages)) {
+            list($errors, $messages) = $loginMessages;
+        }
+        $this->session->remove('loginMessages');
+        foreach ($errors as $value) {
+            $parameters[$value] = true;
+        }
 
-		$parameters['messages'] = $messages;
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
-		if (!empty($redirect_url)) {
-			$parameters['redirect_url'] = $redirect_url;
-		}
+        $parameters['messages'] = $messages;
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
+        if (!empty($redirect_url)) {
+            $parameters['redirect_url'] = $redirect_url;
+        }
 
-		$parameters['canResetPassword'] = true;
-		$parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
-		if (!$parameters['resetPasswordLink']) {
-			if (!is_null($user) && $user !== '') {
-				$userObj = $this->userManager->get($user);
-				if ($userObj instanceof IUser) {
-					$parameters['canResetPassword'] = $userObj->canChangePassword();
-				}
-			}
-		} elseif ($parameters['resetPasswordLink'] === 'disabled') {
-			$parameters['canResetPassword'] = false;
-		}
+        $parameters['canResetPassword'] = true;
+        $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
+        if (!$parameters['resetPasswordLink']) {
+            if (!is_null($user) && $user !== '') {
+                $userObj = $this->userManager->get($user);
+                if ($userObj instanceof IUser) {
+                    $parameters['canResetPassword'] = $userObj->canChangePassword();
+                }
+            }
+        } elseif ($parameters['resetPasswordLink'] === 'disabled') {
+            $parameters['canResetPassword'] = false;
+        }
 
-		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
-		$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
+        $parameters['alt_login'] = OC_App::getAlternativeLogIns();
+        $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
 
-		if (!is_null($user) && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
+        if (!is_null($user) && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
 
-		return new TemplateResponse(
-			$this->appName, 'login', $parameters, 'guest'
-		);
-	}
+        return new TemplateResponse(
+            $this->appName, 'login', $parameters, 'guest'
+        );
+    }
 
-	/**
-	 * @param string $redirectUrl
-	 * @return RedirectResponse
-	 */
-	private function generateRedirect($redirectUrl) {
-		if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
-			$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
-			// Deny the redirect if the URL contains a @
-			// This prevents unvalidated redirects like ?redirect_url=:[email protected]
-			if (strpos($location, '@') === false) {
-				return new RedirectResponse($location);
-			}
-		}
-		return new RedirectResponse(OC_Util::getDefaultPageUrl());
-	}
+    /**
+     * @param string $redirectUrl
+     * @return RedirectResponse
+     */
+    private function generateRedirect($redirectUrl) {
+        if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
+            $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+            // Deny the redirect if the URL contains a @
+            // This prevents unvalidated redirects like ?redirect_url=:[email protected]
+            if (strpos($location, '@') === false) {
+                return new RedirectResponse($location);
+            }
+        }
+        return new RedirectResponse(OC_Util::getDefaultPageUrl());
+    }
 
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=login)
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @param string $redirect_url
-	 * @param boolean $remember_login
-	 * @param string $timezone
-	 * @param string $timezone_offset
-	 * @return RedirectResponse
-	 */
-	public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
-		if(!is_string($user)) {
-			throw new \InvalidArgumentException('Username must be string');
-		}
+    /**
+     * @PublicPage
+     * @UseSession
+     * @NoCSRFRequired
+     * @BruteForceProtection(action=login)
+     *
+     * @param string $user
+     * @param string $password
+     * @param string $redirect_url
+     * @param boolean $remember_login
+     * @param string $timezone
+     * @param string $timezone_offset
+     * @return RedirectResponse
+     */
+    public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
+        if(!is_string($user)) {
+            throw new \InvalidArgumentException('Username must be string');
+        }
 
-		// If the user is already logged in and the CSRF check does not pass then
-		// simply redirect the user to the correct page as required. This is the
-		// case when an user has already logged-in, in another tab.
-		if(!$this->request->passesCSRFCheck()) {
-			return $this->generateRedirect($redirect_url);
-		}
+        // If the user is already logged in and the CSRF check does not pass then
+        // simply redirect the user to the correct page as required. This is the
+        // case when an user has already logged-in, in another tab.
+        if(!$this->request->passesCSRFCheck()) {
+            return $this->generateRedirect($redirect_url);
+        }
 
-		if ($this->userManager instanceof PublicEmitter) {
-			$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
-		}
+        if ($this->userManager instanceof PublicEmitter) {
+            $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+        }
 
-		$originalUser = $user;
-		// TODO: Add all the insane error handling
-		/* @var $loginResult IUser */
-		$loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
-		if ($loginResult === false) {
-			$users = $this->userManager->getByEmail($user);
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				$user = $users[0]->getUID();
-				$loginResult = $this->userManager->checkPassword($user, $password);
-			} else {
-				$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
-			}
-		}
-		if ($loginResult === false) {
-			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
-			$args = !is_null($user) ? ['user' => $originalUser] : [];
-			if (!is_null($redirect_url)) {
-				$args['redirect_url'] = $redirect_url;
-			}
-			$response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
-			$response->throttle();
-			$this->session->set('loginMessages', [
-				['invalidpassword'], []
-			]);
-			return $response;
-		}
-		// TODO: remove password checks from above and let the user session handle failures
-		// requires https://github.com/owncloud/core/pull/24616
-		$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
+        $originalUser = $user;
+        // TODO: Add all the insane error handling
+        /* @var $loginResult IUser */
+        $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
+        if ($loginResult === false) {
+            $users = $this->userManager->getByEmail($user);
+            // we only allow login by email if unique
+            if (count($users) === 1) {
+                $user = $users[0]->getUID();
+                $loginResult = $this->userManager->checkPassword($user, $password);
+            } else {
+                $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
+            }
+        }
+        if ($loginResult === false) {
+            // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
+            $args = !is_null($user) ? ['user' => $originalUser] : [];
+            if (!is_null($redirect_url)) {
+                $args['redirect_url'] = $redirect_url;
+            }
+            $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
+            $response->throttle();
+            $this->session->set('loginMessages', [
+                ['invalidpassword'], []
+            ]);
+            return $response;
+        }
+        // TODO: remove password checks from above and let the user session handle failures
+        // requires https://github.com/owncloud/core/pull/24616
+        $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
+        $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
 
-		// User has successfully logged in, now remove the password reset link, when it is available
-		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
+        // User has successfully logged in, now remove the password reset link, when it is available
+        $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
 
-		$this->session->set('last-password-confirm', $loginResult->getLastLogin());
+        $this->session->set('last-password-confirm', $loginResult->getLastLogin());
 
-		if ($timezone_offset !== '') {
-			$this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
-			$this->session->set('timezone', $timezone_offset);
-		}
+        if ($timezone_offset !== '') {
+            $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
+            $this->session->set('timezone', $timezone_offset);
+        }
 
-		if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
-			$this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
+        if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
+            $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
 
-			$providers = $this->twoFactorManager->getProviders($loginResult);
-			if (count($providers) === 1) {
-				// Single provider, hence we can redirect to that provider's challenge page directly
-				/* @var $provider IProvider */
-				$provider = array_pop($providers);
-				$url = 'core.TwoFactorChallenge.showChallenge';
-				$urlParams = [
-					'challengeProviderId' => $provider->getId(),
-				];
-			} else {
-				$url = 'core.TwoFactorChallenge.selectChallenge';
-				$urlParams = [];
-			}
+            $providers = $this->twoFactorManager->getProviders($loginResult);
+            if (count($providers) === 1) {
+                // Single provider, hence we can redirect to that provider's challenge page directly
+                /* @var $provider IProvider */
+                $provider = array_pop($providers);
+                $url = 'core.TwoFactorChallenge.showChallenge';
+                $urlParams = [
+                    'challengeProviderId' => $provider->getId(),
+                ];
+            } else {
+                $url = 'core.TwoFactorChallenge.selectChallenge';
+                $urlParams = [];
+            }
 
-			if (!is_null($redirect_url)) {
-				$urlParams['redirect_url'] = $redirect_url;
-			}
+            if (!is_null($redirect_url)) {
+                $urlParams['redirect_url'] = $redirect_url;
+            }
 
-			return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
-		}
+            return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
+        }
 
-		if ($remember_login) {
-			$this->userSession->createRememberMeToken($loginResult);
-		}
+        if ($remember_login) {
+            $this->userSession->createRememberMeToken($loginResult);
+        }
 
-		return $this->generateRedirect($redirect_url);
-	}
+        return $this->generateRedirect($redirect_url);
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=sudo)
-	 *
-	 * @license GNU AGPL version 3 or any later version
-	 *
-	 * @param string $password
-	 * @return DataResponse
-	 */
-	public function confirmPassword($password) {
-		$loginName = $this->userSession->getLoginName();
-		$loginResult = $this->userManager->checkPassword($loginName, $password);
-		if ($loginResult === false) {
-			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
-			$response->throttle();
-			return $response;
-		}
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     * @BruteForceProtection(action=sudo)
+     *
+     * @license GNU AGPL version 3 or any later version
+     *
+     * @param string $password
+     * @return DataResponse
+     */
+    public function confirmPassword($password) {
+        $loginName = $this->userSession->getLoginName();
+        $loginResult = $this->userManager->checkPassword($loginName, $password);
+        if ($loginResult === false) {
+            $response = new DataResponse([], Http::STATUS_FORBIDDEN);
+            $response->throttle();
+            return $response;
+        }
 
-		$confirmTimestamp = time();
-		$this->session->set('last-password-confirm', $confirmTimestamp);
-		return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
-	}
+        $confirmTimestamp = time();
+        $this->session->set('last-password-confirm', $confirmTimestamp);
+        return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
+    }
 }

Please login to merge, or discard this patch.

		@@ -49,278 +49,278 @@
		block discarded – undo
49	49	use OC\Hooks\PublicEmitter;
50	50
51	51	class LoginController extends Controller {
52		- /** @var IUserManager */
53		- private $userManager;
54		- /** @var IConfig */
55		- private $config;
56		- /** @var ISession */
57		- private $session;
58		- /** @var IUserSession\|Session */
59		- private $userSession;
60		- /** @var IURLGenerator */
61		- private $urlGenerator;
62		- /** @var ILogger */
63		- private $logger;
64		- /** @var Manager */
65		- private $twoFactorManager;
	52	+ /** @var IUserManager */
	53	+ private $userManager;
	54	+ /** @var IConfig */
	55	+ private $config;
	56	+ /** @var ISession */
	57	+ private $session;
	58	+ /** @var IUserSession\|Session */
	59	+ private $userSession;
	60	+ /** @var IURLGenerator */
	61	+ private $urlGenerator;
	62	+ /** @var ILogger */
	63	+ private $logger;
	64	+ /** @var Manager */
	65	+ private $twoFactorManager;
66	66
67		- /**
68		- * @param string $appName
69		- * @param IRequest $request
70		- * @param IUserManager $userManager
71		- * @param IConfig $config
72		- * @param ISession $session
73		- * @param IUserSession $userSession
74		- * @param IURLGenerator $urlGenerator
75		- * @param ILogger $logger
76		- * @param Manager $twoFactorManager
77		- */
78		- public function __construct($appName,
79		- IRequest $request,
80		- IUserManager $userManager,
81		- IConfig $config,
82		- ISession $session,
83		- IUserSession $userSession,
84		- IURLGenerator $urlGenerator,
85		- ILogger $logger,
86		- Manager $twoFactorManager) {
87		- parent::__construct($appName, $request);
88		- $this->userManager = $userManager;
89		- $this->config = $config;
90		- $this->session = $session;
91		- $this->userSession = $userSession;
92		- $this->urlGenerator = $urlGenerator;
93		- $this->logger = $logger;
94		- $this->twoFactorManager = $twoFactorManager;
95		- }
	67	+ /**
	68	+ * @param string $appName
	69	+ * @param IRequest $request
	70	+ * @param IUserManager $userManager
	71	+ * @param IConfig $config
	72	+ * @param ISession $session
	73	+ * @param IUserSession $userSession
	74	+ * @param IURLGenerator $urlGenerator
	75	+ * @param ILogger $logger
	76	+ * @param Manager $twoFactorManager
	77	+ */
	78	+ public function __construct($appName,
	79	+ IRequest $request,
	80	+ IUserManager $userManager,
	81	+ IConfig $config,
	82	+ ISession $session,
	83	+ IUserSession $userSession,
	84	+ IURLGenerator $urlGenerator,
	85	+ ILogger $logger,
	86	+ Manager $twoFactorManager) {
	87	+ parent::__construct($appName, $request);
	88	+ $this->userManager = $userManager;
	89	+ $this->config = $config;
	90	+ $this->session = $session;
	91	+ $this->userSession = $userSession;
	92	+ $this->urlGenerator = $urlGenerator;
	93	+ $this->logger = $logger;
	94	+ $this->twoFactorManager = $twoFactorManager;
	95	+ }
96	96
97		- /**
98		- * @NoAdminRequired
99		- * @UseSession
100		- *
101		- * @return RedirectResponse
102		- */
103		- public function logout() {
104		- $loginToken = $this->request->getCookie('nc_token');
105		- if (!is_null($loginToken)) {
106		- $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
107		- }
108		- $this->userSession->logout();
	97	+ /**
	98	+ * @NoAdminRequired
	99	+ * @UseSession
	100	+ *
	101	+ * @return RedirectResponse
	102	+ */
	103	+ public function logout() {
	104	+ $loginToken = $this->request->getCookie('nc_token');
	105	+ if (!is_null($loginToken)) {
	106	+ $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
	107	+ }
	108	+ $this->userSession->logout();
109	109
110		- $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
111		- $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
112		- return $response;
113		- }
	110	+ $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
	111	+ $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
	112	+ return $response;
	113	+ }
114	114
115		- /**
116		- * @PublicPage
117		- * @NoCSRFRequired
118		- * @UseSession
119		- *
120		- * @param string $user
121		- * @param string $redirect_url
122		- * @param string $remember_login
123		- *
124		- * @return TemplateResponse\|RedirectResponse
125		- */
126		- public function showLoginForm($user, $redirect_url, $remember_login) {
127		- if ($this->userSession->isLoggedIn()) {
128		- return new RedirectResponse(OC_Util::getDefaultPageUrl());
129		- }
	115	+ /**
	116	+ * @PublicPage
	117	+ * @NoCSRFRequired
	118	+ * @UseSession
	119	+ *
	120	+ * @param string $user
	121	+ * @param string $redirect_url
	122	+ * @param string $remember_login
	123	+ *
	124	+ * @return TemplateResponse\|RedirectResponse
	125	+ */
	126	+ public function showLoginForm($user, $redirect_url, $remember_login) {
	127	+ if ($this->userSession->isLoggedIn()) {
	128	+ return new RedirectResponse(OC_Util::getDefaultPageUrl());
	129	+ }
130	130
131		- $parameters = array();
132		- $loginMessages = $this->session->get('loginMessages');
133		- $errors = [];
134		- $messages = [];
135		- if (is_array($loginMessages)) {
136		- list($errors, $messages) = $loginMessages;
137		- }
138		- $this->session->remove('loginMessages');
139		- foreach ($errors as $value) {
140		- $parameters[$value] = true;
141		- }
	131	+ $parameters = array();
	132	+ $loginMessages = $this->session->get('loginMessages');
	133	+ $errors = [];
	134	+ $messages = [];
	135	+ if (is_array($loginMessages)) {
	136	+ list($errors, $messages) = $loginMessages;
	137	+ }
	138	+ $this->session->remove('loginMessages');
	139	+ foreach ($errors as $value) {
	140	+ $parameters[$value] = true;
	141	+ }
142	142
143		- $parameters['messages'] = $messages;
144		- if (!is_null($user) && $user !== '') {
145		- $parameters['loginName'] = $user;
146		- $parameters['user_autofocus'] = false;
147		- } else {
148		- $parameters['loginName'] = '';
149		- $parameters['user_autofocus'] = true;
150		- }
151		- if (!empty($redirect_url)) {
152		- $parameters['redirect_url'] = $redirect_url;
153		- }
	143	+ $parameters['messages'] = $messages;
	144	+ if (!is_null($user) && $user !== '') {
	145	+ $parameters['loginName'] = $user;
	146	+ $parameters['user_autofocus'] = false;
	147	+ } else {
	148	+ $parameters['loginName'] = '';
	149	+ $parameters['user_autofocus'] = true;
	150	+ }
	151	+ if (!empty($redirect_url)) {
	152	+ $parameters['redirect_url'] = $redirect_url;
	153	+ }
154	154
155		- $parameters['canResetPassword'] = true;
156		- $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
157		- if (!$parameters['resetPasswordLink']) {
158		- if (!is_null($user) && $user !== '') {
159		- $userObj = $this->userManager->get($user);
160		- if ($userObj instanceof IUser) {
161		- $parameters['canResetPassword'] = $userObj->canChangePassword();
162		- }
163		- }
164		- } elseif ($parameters['resetPasswordLink'] === 'disabled') {
165		- $parameters['canResetPassword'] = false;
166		- }
	155	+ $parameters['canResetPassword'] = true;
	156	+ $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
	157	+ if (!$parameters['resetPasswordLink']) {
	158	+ if (!is_null($user) && $user !== '') {
	159	+ $userObj = $this->userManager->get($user);
	160	+ if ($userObj instanceof IUser) {
	161	+ $parameters['canResetPassword'] = $userObj->canChangePassword();
	162	+ }
	163	+ }
	164	+ } elseif ($parameters['resetPasswordLink'] === 'disabled') {
	165	+ $parameters['canResetPassword'] = false;
	166	+ }
167	167
168		- $parameters['alt_login'] = OC_App::getAlternativeLogIns();
169		- $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
	168	+ $parameters['alt_login'] = OC_App::getAlternativeLogIns();
	169	+ $parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
170	170
171		- if (!is_null($user) && $user !== '') {
172		- $parameters['loginName'] = $user;
173		- $parameters['user_autofocus'] = false;
174		- } else {
175		- $parameters['loginName'] = '';
176		- $parameters['user_autofocus'] = true;
177		- }
	171	+ if (!is_null($user) && $user !== '') {
	172	+ $parameters['loginName'] = $user;
	173	+ $parameters['user_autofocus'] = false;
	174	+ } else {
	175	+ $parameters['loginName'] = '';
	176	+ $parameters['user_autofocus'] = true;
	177	+ }
178	178
179		- return new TemplateResponse(
180		- $this->appName, 'login', $parameters, 'guest'
181		- );
182		- }
	179	+ return new TemplateResponse(
	180	+ $this->appName, 'login', $parameters, 'guest'
	181	+ );
	182	+ }
183	183
184		- /**
185		- * @param string $redirectUrl
186		- * @return RedirectResponse
187		- */
188		- private function generateRedirect($redirectUrl) {
189		- if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
190		- $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
191		- // Deny the redirect if the URL contains a @
192		- // This prevents unvalidated redirects like ?redirect_url=:[email protected]
193		- if (strpos($location, '@') === false) {
194		- return new RedirectResponse($location);
195		- }
196		- }
197		- return new RedirectResponse(OC_Util::getDefaultPageUrl());
198		- }
	184	+ /**
	185	+ * @param string $redirectUrl
	186	+ * @return RedirectResponse
	187	+ */
	188	+ private function generateRedirect($redirectUrl) {
	189	+ if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
	190	+ $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
	191	+ // Deny the redirect if the URL contains a @
	192	+ // This prevents unvalidated redirects like ?redirect_url=:[email protected]
	193	+ if (strpos($location, '@') === false) {
	194	+ return new RedirectResponse($location);
	195	+ }
	196	+ }
	197	+ return new RedirectResponse(OC_Util::getDefaultPageUrl());
	198	+ }
199	199
200		- /**
201		- * @PublicPage
202		- * @UseSession
203		- * @NoCSRFRequired
204		- * @BruteForceProtection(action=login)
205		- *
206		- * @param string $user
207		- * @param string $password
208		- * @param string $redirect_url
209		- * @param boolean $remember_login
210		- * @param string $timezone
211		- * @param string $timezone_offset
212		- * @return RedirectResponse
213		- */
214		- public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
215		- if(!is_string($user)) {
216		- throw new \InvalidArgumentException('Username must be string');
217		- }
	200	+ /**
	201	+ * @PublicPage
	202	+ * @UseSession
	203	+ * @NoCSRFRequired
	204	+ * @BruteForceProtection(action=login)
	205	+ *
	206	+ * @param string $user
	207	+ * @param string $password
	208	+ * @param string $redirect_url
	209	+ * @param boolean $remember_login
	210	+ * @param string $timezone
	211	+ * @param string $timezone_offset
	212	+ * @return RedirectResponse
	213	+ */
	214	+ public function tryLogin($user, $password, $redirect_url, $remember_login = false, $timezone = '', $timezone_offset = '') {
	215	+ if(!is_string($user)) {
	216	+ throw new \InvalidArgumentException('Username must be string');
	217	+ }
218	218
219		- // If the user is already logged in and the CSRF check does not pass then
220		- // simply redirect the user to the correct page as required. This is the
221		- // case when an user has already logged-in, in another tab.
222		- if(!$this->request->passesCSRFCheck()) {
223		- return $this->generateRedirect($redirect_url);
224		- }
	219	+ // If the user is already logged in and the CSRF check does not pass then
	220	+ // simply redirect the user to the correct page as required. This is the
	221	+ // case when an user has already logged-in, in another tab.
	222	+ if(!$this->request->passesCSRFCheck()) {
	223	+ return $this->generateRedirect($redirect_url);
	224	+ }
225	225
226		- if ($this->userManager instanceof PublicEmitter) {
227		- $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
228		- }
	226	+ if ($this->userManager instanceof PublicEmitter) {
	227	+ $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
	228	+ }
229	229
230		- $originalUser = $user;
231		- // TODO: Add all the insane error handling
232		- /* @var $loginResult IUser */
233		- $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
234		- if ($loginResult === false) {
235		- $users = $this->userManager->getByEmail($user);
236		- // we only allow login by email if unique
237		- if (count($users) === 1) {
238		- $user = $users[0]->getUID();
239		- $loginResult = $this->userManager->checkPassword($user, $password);
240		- } else {
241		- $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
242		- }
243		- }
244		- if ($loginResult === false) {
245		- // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
246		- $args = !is_null($user) ? ['user' => $originalUser] : [];
247		- if (!is_null($redirect_url)) {
248		- $args['redirect_url'] = $redirect_url;
249		- }
250		- $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
251		- $response->throttle();
252		- $this->session->set('loginMessages', [
253		- ['invalidpassword'], []
254		- ]);
255		- return $response;
256		- }
257		- // TODO: remove password checks from above and let the user session handle failures
258		- // requires https://github.com/owncloud/core/pull/24616
259		- $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
260		- $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
	230	+ $originalUser = $user;
	231	+ // TODO: Add all the insane error handling
	232	+ /* @var $loginResult IUser */
	233	+ $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
	234	+ if ($loginResult === false) {
	235	+ $users = $this->userManager->getByEmail($user);
	236	+ // we only allow login by email if unique
	237	+ if (count($users) === 1) {
	238	+ $user = $users[0]->getUID();
	239	+ $loginResult = $this->userManager->checkPassword($user, $password);
	240	+ } else {
	241	+ $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
	242	+ }
	243	+ }
	244	+ if ($loginResult === false) {
	245	+ // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
	246	+ $args = !is_null($user) ? ['user' => $originalUser] : [];
	247	+ if (!is_null($redirect_url)) {
	248	+ $args['redirect_url'] = $redirect_url;
	249	+ }
	250	+ $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
	251	+ $response->throttle();
	252	+ $this->session->set('loginMessages', [
	253	+ ['invalidpassword'], []
	254	+ ]);
	255	+ return $response;
	256	+ }
	257	+ // TODO: remove password checks from above and let the user session handle failures
	258	+ // requires https://github.com/owncloud/core/pull/24616
	259	+ $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
	260	+ $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, (int)$remember_login);
261	261
262		- // User has successfully logged in, now remove the password reset link, when it is available
263		- $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
	262	+ // User has successfully logged in, now remove the password reset link, when it is available
	263	+ $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
264	264
265		- $this->session->set('last-password-confirm', $loginResult->getLastLogin());
	265	+ $this->session->set('last-password-confirm', $loginResult->getLastLogin());
266	266
267		- if ($timezone_offset !== '') {
268		- $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
269		- $this->session->set('timezone', $timezone_offset);
270		- }
	267	+ if ($timezone_offset !== '') {
	268	+ $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
	269	+ $this->session->set('timezone', $timezone_offset);
	270	+ }
271	271
272		- if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
273		- $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
	272	+ if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
	273	+ $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
274	274
275		- $providers = $this->twoFactorManager->getProviders($loginResult);
276		- if (count($providers) === 1) {
277		- // Single provider, hence we can redirect to that provider's challenge page directly
278		- /* @var $provider IProvider */
279		- $provider = array_pop($providers);
280		- $url = 'core.TwoFactorChallenge.showChallenge';
281		- $urlParams = [
282		- 'challengeProviderId' => $provider->getId(),
283		- ];
284		- } else {
285		- $url = 'core.TwoFactorChallenge.selectChallenge';
286		- $urlParams = [];
287		- }
	275	+ $providers = $this->twoFactorManager->getProviders($loginResult);
	276	+ if (count($providers) === 1) {
	277	+ // Single provider, hence we can redirect to that provider's challenge page directly
	278	+ /* @var $provider IProvider */
	279	+ $provider = array_pop($providers);
	280	+ $url = 'core.TwoFactorChallenge.showChallenge';
	281	+ $urlParams = [
	282	+ 'challengeProviderId' => $provider->getId(),
	283	+ ];
	284	+ } else {
	285	+ $url = 'core.TwoFactorChallenge.selectChallenge';
	286	+ $urlParams = [];
	287	+ }
288	288
289		- if (!is_null($redirect_url)) {
290		- $urlParams['redirect_url'] = $redirect_url;
291		- }
	289	+ if (!is_null($redirect_url)) {
	290	+ $urlParams['redirect_url'] = $redirect_url;
	291	+ }
292	292
293		- return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
294		- }
	293	+ return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
	294	+ }
295	295
296		- if ($remember_login) {
297		- $this->userSession->createRememberMeToken($loginResult);
298		- }
	296	+ if ($remember_login) {
	297	+ $this->userSession->createRememberMeToken($loginResult);
	298	+ }
299	299
300		- return $this->generateRedirect($redirect_url);
301		- }
	300	+ return $this->generateRedirect($redirect_url);
	301	+ }
302	302
303		- /**
304		- * @NoAdminRequired
305		- * @UseSession
306		- * @BruteForceProtection(action=sudo)
307		- *
308		- * @license GNU AGPL version 3 or any later version
309		- *
310		- * @param string $password
311		- * @return DataResponse
312		- */
313		- public function confirmPassword($password) {
314		- $loginName = $this->userSession->getLoginName();
315		- $loginResult = $this->userManager->checkPassword($loginName, $password);
316		- if ($loginResult === false) {
317		- $response = new DataResponse([], Http::STATUS_FORBIDDEN);
318		- $response->throttle();
319		- return $response;
320		- }
	303	+ /**
	304	+ * @NoAdminRequired
	305	+ * @UseSession
	306	+ * @BruteForceProtection(action=sudo)
	307	+ *
	308	+ * @license GNU AGPL version 3 or any later version
	309	+ *
	310	+ * @param string $password
	311	+ * @return DataResponse
	312	+ */
	313	+ public function confirmPassword($password) {
	314	+ $loginName = $this->userSession->getLoginName();
	315	+ $loginResult = $this->userManager->checkPassword($loginName, $password);
	316	+ if ($loginResult === false) {
	317	+ $response = new DataResponse([], Http::STATUS_FORBIDDEN);
	318	+ $response->throttle();
	319	+ return $response;
	320	+ }
321	321
322		- $confirmTimestamp = time();
323		- $this->session->set('last-password-confirm', $confirmTimestamp);
324		- return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
325		- }
	322	+ $confirmTimestamp = time();
	323	+ $this->session->set('last-password-confirm', $confirmTimestamp);
	324	+ return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
	325	+ }
326	326	}

nextcloud / server

Pull Request — master (#5490)

Status

Category

Indentation +248 added lines, -248 removed lines patch added patch discarded remove patch