nextcloud / server

lib/private/Accounts/AccountManager.php

Indentation +510 added lines, -510 removed lines

@@ -58,514 +58,514 @@
  */
 class AccountManager implements IAccountManager {
 
-	/** @var  IDBConnection database connection */
-	private $connection;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var string table name */
-	private $table = 'accounts';
-
-	/** @var string table name */
-	private $dataTable = 'accounts_data';
-
-	/** @var EventDispatcherInterface */
-	private $eventDispatcher;
-
-	/** @var IJobList */
-	private $jobList;
-
-	/** @var LoggerInterface */
-	private $logger;
-
-	public function __construct(IDBConnection $connection,
-								IConfig $config,
-								EventDispatcherInterface $eventDispatcher,
-								IJobList $jobList,
-								LoggerInterface $logger) {
-		$this->connection = $connection;
-		$this->config = $config;
-		$this->eventDispatcher = $eventDispatcher;
-		$this->jobList = $jobList;
-		$this->logger = $logger;
-	}
-
-	/**
-	 * @param string $input
-	 * @return string Provided phone number in E.164 format when it was a valid number
-	 * @throws \InvalidArgumentException When the phone number was invalid or no default region is set and the number doesn't start with a country code
-	 */
-	protected function parsePhoneNumber(string $input): string {
-		$defaultRegion = $this->config->getSystemValueString('default_phone_region', '');
-
-		if ($defaultRegion === '') {
-			// When no default region is set, only +49… numbers are valid
-			if (strpos($input, '+') !== 0) {
-				throw new \InvalidArgumentException(self::PROPERTY_PHONE);
-			}
-
-			$defaultRegion = 'EN';
-		}
-
-		$phoneUtil = PhoneNumberUtil::getInstance();
-		try {
-			$phoneNumber = $phoneUtil->parse($input, $defaultRegion);
-			if ($phoneNumber instanceof PhoneNumber && $phoneUtil->isValidNumber($phoneNumber)) {
-				return $phoneUtil->format($phoneNumber, PhoneNumberFormat::E164);
-			}
-		} catch (NumberParseException $e) {
-		}
-
-		throw new \InvalidArgumentException(self::PROPERTY_PHONE);
-	}
-
-	/**
-	 *
-	 * @param string $input
-	 * @return string
-	 * @throws \InvalidArgumentException When the website did not have http(s) as protocol or the host name was empty
-	 */
-	protected function parseWebsite(string $input): string {
-		$parts = parse_url($input);
-		if (!isset($parts['scheme']) || ($parts['scheme'] !== 'https' && $parts['scheme'] !== 'http')) {
-			throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
-		}
-
-		if (!isset($parts['host']) || $parts['host'] === '') {
-			throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
-		}
-
-		return $input;
-	}
-
-	/**
-	 * update user record
-	 *
-	 * @param IUser $user
-	 * @param array $data
-	 * @param bool $throwOnData Set to true if you can inform the user about invalid data
-	 * @return array The potentially modified data (e.g. phone numbers are converted to E.164 format)
-	 * @throws \InvalidArgumentException Message is the property that was invalid
-	 */
-	public function updateUser(IUser $user, array $data, bool $throwOnData = false): array {
-		$userData = $this->getUser($user);
-		$updated = true;
-
-		if (isset($data[self::PROPERTY_PHONE]) && $data[self::PROPERTY_PHONE]['value'] !== '') {
-			// Sanitize null value.
-			$data[self::PROPERTY_PHONE]['value'] = $data[self::PROPERTY_PHONE]['value'] ?? '';
-
-			try {
-				$data[self::PROPERTY_PHONE]['value'] = $this->parsePhoneNumber($data[self::PROPERTY_PHONE]['value']);
-			} catch (\InvalidArgumentException $e) {
-				if ($throwOnData) {
-					throw $e;
-				}
-				$data[self::PROPERTY_PHONE]['value'] = '';
-			}
-		}
-
-		// set a max length
-		foreach ($data as $propertyName => $propertyData) {
-			if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
-				if ($throwOnData) {
-					throw new \InvalidArgumentException($propertyName);
-				} else {
-					$data[$propertyName]['value'] = '';
-				}
-			}
-		}
-
-		if (isset($data[self::PROPERTY_WEBSITE]) && $data[self::PROPERTY_WEBSITE]['value'] !== '') {
-			try {
-				$data[self::PROPERTY_WEBSITE]['value'] = $this->parseWebsite($data[self::PROPERTY_WEBSITE]['value']);
-			} catch (\InvalidArgumentException $e) {
-				if ($throwOnData) {
-					throw $e;
-				}
-				$data[self::PROPERTY_WEBSITE]['value'] = '';
-			}
-		}
-
-		$allowedScopes = [
-			self::SCOPE_PRIVATE,
-			self::SCOPE_LOCAL,
-			self::SCOPE_FEDERATED,
-			self::SCOPE_PUBLISHED,
-			self::VISIBILITY_PRIVATE,
-			self::VISIBILITY_CONTACTS_ONLY,
-			self::VISIBILITY_PUBLIC,
-		];
-
-		// validate and convert scope values
-		foreach ($data as $propertyName => $propertyData) {
-			if (isset($propertyData['scope'])) {
-				if ($throwOnData && !in_array($propertyData['scope'], $allowedScopes, true)) {
-					throw new \InvalidArgumentException('scope');
-				}
-
-				if (
-					$propertyData['scope'] === self::SCOPE_PRIVATE
-					&& ($propertyName === self::PROPERTY_DISPLAYNAME || $propertyName === self::PROPERTY_EMAIL)
-				) {
-					if ($throwOnData) {
-						// v2-private is not available for these fields
-						throw new \InvalidArgumentException('scope');
-					} else {
-						// default to local
-						$data[$propertyName]['scope'] = self::SCOPE_LOCAL;
-					}
-				} else {
-					// migrate scope values to the new format
-					// invalid scopes are mapped to a default value
-					$data[$propertyName]['scope'] = AccountProperty::mapScopeToV2($propertyData['scope']);
-				}
-			}
-		}
-
-		if (empty($userData)) {
-			$this->insertNewUser($user, $data);
-		} elseif ($userData !== $data) {
-			$data = $this->checkEmailVerification($userData, $data, $user);
-			$data = $this->updateVerifyStatus($userData, $data);
-			$this->updateExistingUser($user, $data);
-		} else {
-			// nothing needs to be done if new and old data set are the same
-			$updated = false;
-		}
-
-		if ($updated) {
-			$this->eventDispatcher->dispatch(
-				'OC\AccountManager::userUpdated',
-				new GenericEvent($user, $data)
-			);
-		}
-
-		return $data;
-	}
-
-	/**
-	 * delete user from accounts table
-	 *
-	 * @param IUser $user
-	 */
-	public function deleteUser(IUser $user) {
-		$uid = $user->getUID();
-		$query = $this->connection->getQueryBuilder();
-		$query->delete($this->table)
-			->where($query->expr()->eq('uid', $query->createNamedParameter($uid)))
-			->execute();
-
-		$this->deleteUserData($user);
-	}
-
-	/**
-	 * delete user from accounts table
-	 *
-	 * @param IUser $user
-	 */
-	public function deleteUserData(IUser $user): void {
-		$uid = $user->getUID();
-		$query = $this->connection->getQueryBuilder();
-		$query->delete($this->dataTable)
-			->where($query->expr()->eq('uid', $query->createNamedParameter($uid)))
-			->execute();
-	}
-
-	/**
-	 * get stored data from a given user
-	 *
-	 * @param IUser $user
-	 * @return array
-	 *
-	 * @deprecated use getAccount instead to make sure migrated properties work correctly
-	 */
-	public function getUser(IUser $user) {
-		$uid = $user->getUID();
-		$query = $this->connection->getQueryBuilder();
-		$query->select('data')
-			->from($this->table)
-			->where($query->expr()->eq('uid', $query->createParameter('uid')))
-			->setParameter('uid', $uid);
-		$result = $query->execute();
-		$accountData = $result->fetchAll();
-		$result->closeCursor();
-
-		if (empty($accountData)) {
-			$userData = $this->buildDefaultUserRecord($user);
-			$this->insertNewUser($user, $userData);
-			return $userData;
-		}
-
-		$userDataArray = json_decode($accountData[0]['data'], true);
-		$jsonError = json_last_error();
-		if ($userDataArray === null || $userDataArray === [] || $jsonError !== JSON_ERROR_NONE) {
-			$this->logger->critical("User data of $uid contained invalid JSON (error $jsonError), hence falling back to a default user record");
-			return $this->buildDefaultUserRecord($user);
-		}
-
-		$userDataArray = $this->addMissingDefaultValues($userDataArray);
-
-		return $userDataArray;
-	}
-
-	public function searchUsers(string $property, array $values): array {
-		$chunks = array_chunk($values, 500);
-		$query = $this->connection->getQueryBuilder();
-		$query->select('*')
-			->from($this->dataTable)
-			->where($query->expr()->eq('name', $query->createNamedParameter($property)))
-			->andWhere($query->expr()->in('value', $query->createParameter('values')));
-
-		$matches = [];
-		foreach ($chunks as $chunk) {
-			$query->setParameter('values', $chunk, IQueryBuilder::PARAM_STR_ARRAY);
-			$result = $query->execute();
-
-			while ($row = $result->fetch()) {
-				$matches[$row['value']] = $row['uid'];
-			}
-			$result->closeCursor();
-		}
-
-		return $matches;
-	}
-
-	/**
-	 * check if we need to ask the server for email verification, if yes we create a cronjob
-	 *
-	 * @param $oldData
-	 * @param $newData
-	 * @param IUser $user
-	 * @return array
-	 */
-	protected function checkEmailVerification($oldData, $newData, IUser $user) {
-		if ($oldData[self::PROPERTY_EMAIL]['value'] !== $newData[self::PROPERTY_EMAIL]['value']) {
-			$this->jobList->add(VerifyUserData::class,
-				[
-					'verificationCode' => '',
-					'data' => $newData[self::PROPERTY_EMAIL]['value'],
-					'type' => self::PROPERTY_EMAIL,
-					'uid' => $user->getUID(),
-					'try' => 0,
-					'lastRun' => time()
-				]
-			);
-			$newData[self::PROPERTY_EMAIL]['verified'] = self::VERIFICATION_IN_PROGRESS;
-		}
-
-		return $newData;
-	}
-
-	/**
-	 * make sure that all expected data are set
-	 *
-	 * @param array $userData
-	 * @return array
-	 */
-	protected function addMissingDefaultValues(array $userData) {
-		foreach ($userData as $key => $value) {
-			if (!isset($userData[$key]['verified'])) {
-				$userData[$key]['verified'] = self::NOT_VERIFIED;
-			}
-		}
-
-		return $userData;
-	}
-
-	/**
-	 * reset verification status if personal data changed
-	 *
-	 * @param array $oldData
-	 * @param array $newData
-	 * @return array
-	 */
-	protected function updateVerifyStatus($oldData, $newData) {
-
-		// which account was already verified successfully?
-		$twitterVerified = isset($oldData[self::PROPERTY_TWITTER]['verified']) && $oldData[self::PROPERTY_TWITTER]['verified'] === self::VERIFIED;
-		$websiteVerified = isset($oldData[self::PROPERTY_WEBSITE]['verified']) && $oldData[self::PROPERTY_WEBSITE]['verified'] === self::VERIFIED;
-		$emailVerified = isset($oldData[self::PROPERTY_EMAIL]['verified']) && $oldData[self::PROPERTY_EMAIL]['verified'] === self::VERIFIED;
-
-		// keep old verification status if we don't have a new one
-		if (!isset($newData[self::PROPERTY_TWITTER]['verified'])) {
-			// keep old verification status if value didn't changed and an old value exists
-			$keepOldStatus = $newData[self::PROPERTY_TWITTER]['value'] === $oldData[self::PROPERTY_TWITTER]['value'] && isset($oldData[self::PROPERTY_TWITTER]['verified']);
-			$newData[self::PROPERTY_TWITTER]['verified'] = $keepOldStatus ? $oldData[self::PROPERTY_TWITTER]['verified'] : self::NOT_VERIFIED;
-		}
-
-		if (!isset($newData[self::PROPERTY_WEBSITE]['verified'])) {
-			// keep old verification status if value didn't changed and an old value exists
-			$keepOldStatus = $newData[self::PROPERTY_WEBSITE]['value'] === $oldData[self::PROPERTY_WEBSITE]['value'] && isset($oldData[self::PROPERTY_WEBSITE]['verified']);
-			$newData[self::PROPERTY_WEBSITE]['verified'] = $keepOldStatus ? $oldData[self::PROPERTY_WEBSITE]['verified'] : self::NOT_VERIFIED;
-		}
-
-		if (!isset($newData[self::PROPERTY_EMAIL]['verified'])) {
-			// keep old verification status if value didn't changed and an old value exists
-			$keepOldStatus = $newData[self::PROPERTY_EMAIL]['value'] === $oldData[self::PROPERTY_EMAIL]['value'] && isset($oldData[self::PROPERTY_EMAIL]['verified']);
-			$newData[self::PROPERTY_EMAIL]['verified'] = $keepOldStatus ? $oldData[self::PROPERTY_EMAIL]['verified'] : self::VERIFICATION_IN_PROGRESS;
-		}
-
-		// reset verification status if a value from a previously verified data was changed
-		if ($twitterVerified &&
-			$oldData[self::PROPERTY_TWITTER]['value'] !== $newData[self::PROPERTY_TWITTER]['value']
-		) {
-			$newData[self::PROPERTY_TWITTER]['verified'] = self::NOT_VERIFIED;
-		}
-
-		if ($websiteVerified &&
-			$oldData[self::PROPERTY_WEBSITE]['value'] !== $newData[self::PROPERTY_WEBSITE]['value']
-		) {
-			$newData[self::PROPERTY_WEBSITE]['verified'] = self::NOT_VERIFIED;
-		}
-
-		if ($emailVerified &&
-			$oldData[self::PROPERTY_EMAIL]['value'] !== $newData[self::PROPERTY_EMAIL]['value']
-		) {
-			$newData[self::PROPERTY_EMAIL]['verified'] = self::NOT_VERIFIED;
-		}
-
-		return $newData;
-	}
-
-	/**
-	 * add new user to accounts table
-	 *
-	 * @param IUser $user
-	 * @param array $data
-	 */
-	protected function insertNewUser(IUser $user, array $data): void {
-		$uid = $user->getUID();
-		$jsonEncodedData = json_encode($data);
-		$query = $this->connection->getQueryBuilder();
-		$query->insert($this->table)
-			->values(
-				[
-					'uid' => $query->createNamedParameter($uid),
-					'data' => $query->createNamedParameter($jsonEncodedData),
-				]
-			)
-			->execute();
-
-		$this->deleteUserData($user);
-		$this->writeUserData($user, $data);
-	}
-
-	/**
-	 * update existing user in accounts table
-	 *
-	 * @param IUser $user
-	 * @param array $data
-	 */
-	protected function updateExistingUser(IUser $user, array $data): void {
-		$uid = $user->getUID();
-		$jsonEncodedData = json_encode($data);
-		$query = $this->connection->getQueryBuilder();
-		$query->update($this->table)
-			->set('data', $query->createNamedParameter($jsonEncodedData))
-			->where($query->expr()->eq('uid', $query->createNamedParameter($uid)))
-			->execute();
-
-		$this->deleteUserData($user);
-		$this->writeUserData($user, $data);
-	}
-
-	protected function writeUserData(IUser $user, array $data): void {
-		$query = $this->connection->getQueryBuilder();
-		$query->insert($this->dataTable)
-			->values(
-				[
-					'uid' => $query->createNamedParameter($user->getUID()),
-					'name' => $query->createParameter('name'),
-					'value' => $query->createParameter('value'),
-				]
-			);
-		foreach ($data as $propertyName => $property) {
-			if ($propertyName === self::PROPERTY_AVATAR) {
-				continue;
-			}
-
-			$query->setParameter('name', $propertyName)
-				->setParameter('value', $property['value'] ?? '');
-			$query->execute();
-		}
-	}
-
-	/**
-	 * build default user record in case not data set exists yet
-	 *
-	 * @param IUser $user
-	 * @return array
-	 */
-	protected function buildDefaultUserRecord(IUser $user) {
-		return [
-			self::PROPERTY_DISPLAYNAME =>
-				[
-					'value' => $user->getDisplayName(),
-					'scope' => self::SCOPE_FEDERATED,
-					'verified' => self::NOT_VERIFIED,
-				],
-			self::PROPERTY_ADDRESS =>
-				[
-					'value' => '',
-					'scope' => self::SCOPE_LOCAL,
-					'verified' => self::NOT_VERIFIED,
-				],
-			self::PROPERTY_WEBSITE =>
-				[
-					'value' => '',
-					'scope' => self::SCOPE_LOCAL,
-					'verified' => self::NOT_VERIFIED,
-				],
-			self::PROPERTY_EMAIL =>
-				[
-					'value' => $user->getEMailAddress(),
-					'scope' => self::SCOPE_FEDERATED,
-					'verified' => self::NOT_VERIFIED,
-				],
-			self::PROPERTY_AVATAR =>
-				[
-					'scope' => self::SCOPE_FEDERATED
-				],
-			self::PROPERTY_PHONE =>
-				[
-					'value' => '',
-					'scope' => self::SCOPE_LOCAL,
-					'verified' => self::NOT_VERIFIED,
-				],
-			self::PROPERTY_TWITTER =>
-				[
-					'value' => '',
-					'scope' => self::SCOPE_LOCAL,
-					'verified' => self::NOT_VERIFIED,
-				],
-		];
-	}
-
-	private function parseAccountData(IUser $user, $data): Account {
-		$account = new Account($user);
-		foreach ($data as $property => $accountData) {
-			$account->setProperty($property, $accountData['value'] ?? '', $accountData['scope'] ?? self::SCOPE_LOCAL, $accountData['verified'] ?? self::NOT_VERIFIED);
-		}
-		return $account;
-	}
-
-	public function getAccount(IUser $user): IAccount {
-		return $this->parseAccountData($user, $this->getUser($user));
-	}
-
-	public function updateAccount(IAccount $account): void {
-		$data = [];
-
-		foreach ($account->getProperties() as $property) {
-			$data[$property->getName()] = [
-				'value' => $property->getValue(),
-				'scope' => $property->getScope(),
-				'verified' => $property->getVerified(),
-			];
-		}
-
-		$this->updateUser($account->getUser(), $data, true);
-	}
+    /** @var  IDBConnection database connection */
+    private $connection;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var string table name */
+    private $table = 'accounts';
+
+    /** @var string table name */
+    private $dataTable = 'accounts_data';
+
+    /** @var EventDispatcherInterface */
+    private $eventDispatcher;
+
+    /** @var IJobList */
+    private $jobList;
+
+    /** @var LoggerInterface */
+    private $logger;
+
+    public function __construct(IDBConnection $connection,
+                                IConfig $config,
+                                EventDispatcherInterface $eventDispatcher,
+                                IJobList $jobList,
+                                LoggerInterface $logger) {
+        $this->connection = $connection;
+        $this->config = $config;
+        $this->eventDispatcher = $eventDispatcher;
+        $this->jobList = $jobList;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @param string $input
+     * @return string Provided phone number in E.164 format when it was a valid number
+     * @throws \InvalidArgumentException When the phone number was invalid or no default region is set and the number doesn't start with a country code
+     */
+    protected function parsePhoneNumber(string $input): string {
+        $defaultRegion = $this->config->getSystemValueString('default_phone_region', '');
+
+        if ($defaultRegion === '') {
+            // When no default region is set, only +49… numbers are valid
+            if (strpos($input, '+') !== 0) {
+                throw new \InvalidArgumentException(self::PROPERTY_PHONE);
+            }
+
+            $defaultRegion = 'EN';
+        }
+
+        $phoneUtil = PhoneNumberUtil::getInstance();
+        try {
+            $phoneNumber = $phoneUtil->parse($input, $defaultRegion);
+            if ($phoneNumber instanceof PhoneNumber && $phoneUtil->isValidNumber($phoneNumber)) {
+                return $phoneUtil->format($phoneNumber, PhoneNumberFormat::E164);
+            }
+        } catch (NumberParseException $e) {
+        }
+
+        throw new \InvalidArgumentException(self::PROPERTY_PHONE);
+    }
+
+    /**
+     *
+     * @param string $input
+     * @return string
+     * @throws \InvalidArgumentException When the website did not have http(s) as protocol or the host name was empty
+     */
+    protected function parseWebsite(string $input): string {
+        $parts = parse_url($input);
+        if (!isset($parts['scheme']) || ($parts['scheme'] !== 'https' && $parts['scheme'] !== 'http')) {
+            throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+        }
+
+        if (!isset($parts['host']) || $parts['host'] === '') {
+            throw new \InvalidArgumentException(self::PROPERTY_WEBSITE);
+        }
+
+        return $input;
+    }
+
+    /**
+     * update user record
+     *
+     * @param IUser $user
+     * @param array $data
+     * @param bool $throwOnData Set to true if you can inform the user about invalid data
+     * @return array The potentially modified data (e.g. phone numbers are converted to E.164 format)
+     * @throws \InvalidArgumentException Message is the property that was invalid
+     */
+    public function updateUser(IUser $user, array $data, bool $throwOnData = false): array {
+        $userData = $this->getUser($user);
+        $updated = true;
+
+        if (isset($data[self::PROPERTY_PHONE]) && $data[self::PROPERTY_PHONE]['value'] !== '') {
+            // Sanitize null value.
+            $data[self::PROPERTY_PHONE]['value'] = $data[self::PROPERTY_PHONE]['value'] ?? '';
+
+            try {
+                $data[self::PROPERTY_PHONE]['value'] = $this->parsePhoneNumber($data[self::PROPERTY_PHONE]['value']);
+            } catch (\InvalidArgumentException $e) {
+                if ($throwOnData) {
+                    throw $e;
+                }
+                $data[self::PROPERTY_PHONE]['value'] = '';
+            }
+        }
+
+        // set a max length
+        foreach ($data as $propertyName => $propertyData) {
+            if (isset($data[$propertyName]) && isset($data[$propertyName]['value']) && strlen($data[$propertyName]['value']) > 2048) {
+                if ($throwOnData) {
+                    throw new \InvalidArgumentException($propertyName);
+                } else {
+                    $data[$propertyName]['value'] = '';
+                }
+            }
+        }
+
+        if (isset($data[self::PROPERTY_WEBSITE]) && $data[self::PROPERTY_WEBSITE]['value'] !== '') {
+            try {
+                $data[self::PROPERTY_WEBSITE]['value'] = $this->parseWebsite($data[self::PROPERTY_WEBSITE]['value']);
+            } catch (\InvalidArgumentException $e) {
+                if ($throwOnData) {
+                    throw $e;
+                }
+                $data[self::PROPERTY_WEBSITE]['value'] = '';
+            }
+        }
+
+        $allowedScopes = [
+            self::SCOPE_PRIVATE,
+            self::SCOPE_LOCAL,
+            self::SCOPE_FEDERATED,
+            self::SCOPE_PUBLISHED,
+            self::VISIBILITY_PRIVATE,
+            self::VISIBILITY_CONTACTS_ONLY,
+            self::VISIBILITY_PUBLIC,
+        ];
+
+        // validate and convert scope values
+        foreach ($data as $propertyName => $propertyData) {
+            if (isset($propertyData['scope'])) {
+                if ($throwOnData && !in_array($propertyData['scope'], $allowedScopes, true)) {
+                    throw new \InvalidArgumentException('scope');
+                }
+
+                if (
+                    $propertyData['scope'] === self::SCOPE_PRIVATE
+                    && ($propertyName === self::PROPERTY_DISPLAYNAME || $propertyName === self::PROPERTY_EMAIL)
+                ) {
+                    if ($throwOnData) {
+                        // v2-private is not available for these fields
+                        throw new \InvalidArgumentException('scope');
+                    } else {
+                        // default to local
+                        $data[$propertyName]['scope'] = self::SCOPE_LOCAL;
+                    }
+                } else {
+                    // migrate scope values to the new format
+                    // invalid scopes are mapped to a default value
+                    $data[$propertyName]['scope'] = AccountProperty::mapScopeToV2($propertyData['scope']);
+                }
+            }
+        }
+
+        if (empty($userData)) {
+            $this->insertNewUser($user, $data);
+        } elseif ($userData !== $data) {
+            $data = $this->checkEmailVerification($userData, $data, $user);
+            $data = $this->updateVerifyStatus($userData, $data);
+            $this->updateExistingUser($user, $data);
+        } else {
+            // nothing needs to be done if new and old data set are the same
+            $updated = false;
+        }
+
+        if ($updated) {
+            $this->eventDispatcher->dispatch(
+                'OC\AccountManager::userUpdated',
+                new GenericEvent($user, $data)
+            );
+        }
+
+        return $data;
+    }
+
+    /**
+     * delete user from accounts table
+     *
+     * @param IUser $user
+     */
+    public function deleteUser(IUser $user) {
+        $uid = $user->getUID();
+        $query = $this->connection->getQueryBuilder();
+        $query->delete($this->table)
+            ->where($query->expr()->eq('uid', $query->createNamedParameter($uid)))
+            ->execute();
+
+        $this->deleteUserData($user);
+    }
+
+    /**
+     * delete user from accounts table
+     *
+     * @param IUser $user
+     */
+    public function deleteUserData(IUser $user): void {
+        $uid = $user->getUID();
+        $query = $this->connection->getQueryBuilder();
+        $query->delete($this->dataTable)
+            ->where($query->expr()->eq('uid', $query->createNamedParameter($uid)))
+            ->execute();
+    }
+
+    /**
+     * get stored data from a given user
+     *
+     * @param IUser $user
+     * @return array
+     *
+     * @deprecated use getAccount instead to make sure migrated properties work correctly
+     */
+    public function getUser(IUser $user) {
+        $uid = $user->getUID();
+        $query = $this->connection->getQueryBuilder();
+        $query->select('data')
+            ->from($this->table)
+            ->where($query->expr()->eq('uid', $query->createParameter('uid')))
+            ->setParameter('uid', $uid);
+        $result = $query->execute();
+        $accountData = $result->fetchAll();
+        $result->closeCursor();
+
+        if (empty($accountData)) {
+            $userData = $this->buildDefaultUserRecord($user);
+            $this->insertNewUser($user, $userData);
+            return $userData;
+        }
+
+        $userDataArray = json_decode($accountData[0]['data'], true);
+        $jsonError = json_last_error();
+        if ($userDataArray === null || $userDataArray === [] || $jsonError !== JSON_ERROR_NONE) {
+            $this->logger->critical("User data of $uid contained invalid JSON (error $jsonError), hence falling back to a default user record");
+            return $this->buildDefaultUserRecord($user);
+        }
+
+        $userDataArray = $this->addMissingDefaultValues($userDataArray);
+
+        return $userDataArray;
+    }
+
+    public function searchUsers(string $property, array $values): array {
+        $chunks = array_chunk($values, 500);
+        $query = $this->connection->getQueryBuilder();
+        $query->select('*')
+            ->from($this->dataTable)
+            ->where($query->expr()->eq('name', $query->createNamedParameter($property)))
+            ->andWhere($query->expr()->in('value', $query->createParameter('values')));
+
+        $matches = [];
+        foreach ($chunks as $chunk) {
+            $query->setParameter('values', $chunk, IQueryBuilder::PARAM_STR_ARRAY);
+            $result = $query->execute();
+
+            while ($row = $result->fetch()) {
+                $matches[$row['value']] = $row['uid'];
+            }
+            $result->closeCursor();
+        }
+
+        return $matches;
+    }
+
+    /**
+     * check if we need to ask the server for email verification, if yes we create a cronjob
+     *
+     * @param $oldData
+     * @param $newData
+     * @param IUser $user
+     * @return array
+     */
+    protected function checkEmailVerification($oldData, $newData, IUser $user) {
+        if ($oldData[self::PROPERTY_EMAIL]['value'] !== $newData[self::PROPERTY_EMAIL]['value']) {
+            $this->jobList->add(VerifyUserData::class,
+                [
+                    'verificationCode' => '',
+                    'data' => $newData[self::PROPERTY_EMAIL]['value'],
+                    'type' => self::PROPERTY_EMAIL,
+                    'uid' => $user->getUID(),
+                    'try' => 0,
+                    'lastRun' => time()
+                ]
+            );
+            $newData[self::PROPERTY_EMAIL]['verified'] = self::VERIFICATION_IN_PROGRESS;
+        }
+
+        return $newData;
+    }
+
+    /**
+     * make sure that all expected data are set
+     *
+     * @param array $userData
+     * @return array
+     */
+    protected function addMissingDefaultValues(array $userData) {
+        foreach ($userData as $key => $value) {
+            if (!isset($userData[$key]['verified'])) {
+                $userData[$key]['verified'] = self::NOT_VERIFIED;
+            }
+        }
+
+        return $userData;
+    }
+
+    /**
+     * reset verification status if personal data changed
+     *
+     * @param array $oldData
+     * @param array $newData
+     * @return array
+     */
+    protected function updateVerifyStatus($oldData, $newData) {
+
+        // which account was already verified successfully?
+        $twitterVerified = isset($oldData[self::PROPERTY_TWITTER]['verified']) && $oldData[self::PROPERTY_TWITTER]['verified'] === self::VERIFIED;
+        $websiteVerified = isset($oldData[self::PROPERTY_WEBSITE]['verified']) && $oldData[self::PROPERTY_WEBSITE]['verified'] === self::VERIFIED;
+        $emailVerified = isset($oldData[self::PROPERTY_EMAIL]['verified']) && $oldData[self::PROPERTY_EMAIL]['verified'] === self::VERIFIED;
+
+        // keep old verification status if we don't have a new one
+        if (!isset($newData[self::PROPERTY_TWITTER]['verified'])) {
+            // keep old verification status if value didn't changed and an old value exists
+            $keepOldStatus = $newData[self::PROPERTY_TWITTER]['value'] === $oldData[self::PROPERTY_TWITTER]['value'] && isset($oldData[self::PROPERTY_TWITTER]['verified']);
+            $newData[self::PROPERTY_TWITTER]['verified'] = $keepOldStatus ? $oldData[self::PROPERTY_TWITTER]['verified'] : self::NOT_VERIFIED;
+        }
+
+        if (!isset($newData[self::PROPERTY_WEBSITE]['verified'])) {
+            // keep old verification status if value didn't changed and an old value exists
+            $keepOldStatus = $newData[self::PROPERTY_WEBSITE]['value'] === $oldData[self::PROPERTY_WEBSITE]['value'] && isset($oldData[self::PROPERTY_WEBSITE]['verified']);
+            $newData[self::PROPERTY_WEBSITE]['verified'] = $keepOldStatus ? $oldData[self::PROPERTY_WEBSITE]['verified'] : self::NOT_VERIFIED;
+        }
+
+        if (!isset($newData[self::PROPERTY_EMAIL]['verified'])) {
+            // keep old verification status if value didn't changed and an old value exists
+            $keepOldStatus = $newData[self::PROPERTY_EMAIL]['value'] === $oldData[self::PROPERTY_EMAIL]['value'] && isset($oldData[self::PROPERTY_EMAIL]['verified']);
+            $newData[self::PROPERTY_EMAIL]['verified'] = $keepOldStatus ? $oldData[self::PROPERTY_EMAIL]['verified'] : self::VERIFICATION_IN_PROGRESS;
+        }
+
+        // reset verification status if a value from a previously verified data was changed
+        if ($twitterVerified &&
+            $oldData[self::PROPERTY_TWITTER]['value'] !== $newData[self::PROPERTY_TWITTER]['value']
+        ) {
+            $newData[self::PROPERTY_TWITTER]['verified'] = self::NOT_VERIFIED;
+        }
+
+        if ($websiteVerified &&
+            $oldData[self::PROPERTY_WEBSITE]['value'] !== $newData[self::PROPERTY_WEBSITE]['value']
+        ) {
+            $newData[self::PROPERTY_WEBSITE]['verified'] = self::NOT_VERIFIED;
+        }
+
+        if ($emailVerified &&
+            $oldData[self::PROPERTY_EMAIL]['value'] !== $newData[self::PROPERTY_EMAIL]['value']
+        ) {
+            $newData[self::PROPERTY_EMAIL]['verified'] = self::NOT_VERIFIED;
+        }
+
+        return $newData;
+    }
+
+    /**
+     * add new user to accounts table
+     *
+     * @param IUser $user
+     * @param array $data
+     */
+    protected function insertNewUser(IUser $user, array $data): void {
+        $uid = $user->getUID();
+        $jsonEncodedData = json_encode($data);
+        $query = $this->connection->getQueryBuilder();
+        $query->insert($this->table)
+            ->values(
+                [
+                    'uid' => $query->createNamedParameter($uid),
+                    'data' => $query->createNamedParameter($jsonEncodedData),
+                ]
+            )
+            ->execute();
+
+        $this->deleteUserData($user);
+        $this->writeUserData($user, $data);
+    }
+
+    /**
+     * update existing user in accounts table
+     *
+     * @param IUser $user
+     * @param array $data
+     */
+    protected function updateExistingUser(IUser $user, array $data): void {
+        $uid = $user->getUID();
+        $jsonEncodedData = json_encode($data);
+        $query = $this->connection->getQueryBuilder();
+        $query->update($this->table)
+            ->set('data', $query->createNamedParameter($jsonEncodedData))
+            ->where($query->expr()->eq('uid', $query->createNamedParameter($uid)))
+            ->execute();
+
+        $this->deleteUserData($user);
+        $this->writeUserData($user, $data);
+    }
+
+    protected function writeUserData(IUser $user, array $data): void {
+        $query = $this->connection->getQueryBuilder();
+        $query->insert($this->dataTable)
+            ->values(
+                [
+                    'uid' => $query->createNamedParameter($user->getUID()),
+                    'name' => $query->createParameter('name'),
+                    'value' => $query->createParameter('value'),
+                ]
+            );
+        foreach ($data as $propertyName => $property) {
+            if ($propertyName === self::PROPERTY_AVATAR) {
+                continue;
+            }
+
+            $query->setParameter('name', $propertyName)
+                ->setParameter('value', $property['value'] ?? '');
+            $query->execute();
+        }
+    }
+
+    /**
+     * build default user record in case not data set exists yet
+     *
+     * @param IUser $user
+     * @return array
+     */
+    protected function buildDefaultUserRecord(IUser $user) {
+        return [
+            self::PROPERTY_DISPLAYNAME =>
+                [
+                    'value' => $user->getDisplayName(),
+                    'scope' => self::SCOPE_FEDERATED,
+                    'verified' => self::NOT_VERIFIED,
+                ],
+            self::PROPERTY_ADDRESS =>
+                [
+                    'value' => '',
+                    'scope' => self::SCOPE_LOCAL,
+                    'verified' => self::NOT_VERIFIED,
+                ],
+            self::PROPERTY_WEBSITE =>
+                [
+                    'value' => '',
+                    'scope' => self::SCOPE_LOCAL,
+                    'verified' => self::NOT_VERIFIED,
+                ],
+            self::PROPERTY_EMAIL =>
+                [
+                    'value' => $user->getEMailAddress(),
+                    'scope' => self::SCOPE_FEDERATED,
+                    'verified' => self::NOT_VERIFIED,
+                ],
+            self::PROPERTY_AVATAR =>
+                [
+                    'scope' => self::SCOPE_FEDERATED
+                ],
+            self::PROPERTY_PHONE =>
+                [
+                    'value' => '',
+                    'scope' => self::SCOPE_LOCAL,
+                    'verified' => self::NOT_VERIFIED,
+                ],
+            self::PROPERTY_TWITTER =>
+                [
+                    'value' => '',
+                    'scope' => self::SCOPE_LOCAL,
+                    'verified' => self::NOT_VERIFIED,
+                ],
+        ];
+    }
+
+    private function parseAccountData(IUser $user, $data): Account {
+        $account = new Account($user);
+        foreach ($data as $property => $accountData) {
+            $account->setProperty($property, $accountData['value'] ?? '', $accountData['scope'] ?? self::SCOPE_LOCAL, $accountData['verified'] ?? self::NOT_VERIFIED);
+        }
+        return $account;
+    }
+
+    public function getAccount(IUser $user): IAccount {
+        return $this->parseAccountData($user, $this->getUser($user));
+    }
+
+    public function updateAccount(IAccount $account): void {
+        $data = [];
+
+        foreach ($account->getProperties() as $property) {
+            $data[$property->getName()] = [
+                'value' => $property->getValue(),
+                'scope' => $property->getScope(),
+                'verified' => $property->getVerified(),
+            ];
+        }
+
+        $this->updateUser($account->getUser(), $data, true);
+    }
 }

apps/settings/lib/Controller/UsersController.php

Indentation +545 added lines, -545 removed lines

@@ -70,549 +70,549 @@
 use function in_array;
 
 class UsersController extends Controller {
-	/** @var UserManager */
-	private $userManager;
-	/** @var GroupManager */
-	private $groupManager;
-	/** @var IUserSession */
-	private $userSession;
-	/** @var IConfig */
-	private $config;
-	/** @var bool */
-	private $isAdmin;
-	/** @var IL10N */
-	private $l10n;
-	/** @var IMailer */
-	private $mailer;
-	/** @var Factory */
-	private $l10nFactory;
-	/** @var IAppManager */
-	private $appManager;
-	/** @var AccountManager */
-	private $accountManager;
-	/** @var Manager */
-	private $keyManager;
-	/** @var IJobList */
-	private $jobList;
-	/** @var IManager */
-	private $encryptionManager;
-	/** @var KnownUserService */
-	private $knownUserService;
-	/** @var IEventDispatcher */
-	private $dispatcher;
-
-
-	public function __construct(
-		string $appName,
-		IRequest $request,
-		IUserManager $userManager,
-		IGroupManager $groupManager,
-		IUserSession $userSession,
-		IConfig $config,
-		bool $isAdmin,
-		IL10N $l10n,
-		IMailer $mailer,
-		IFactory $l10nFactory,
-		IAppManager $appManager,
-		AccountManager $accountManager,
-		Manager $keyManager,
-		IJobList $jobList,
-		IManager $encryptionManager,
-		KnownUserService $knownUserService,
-		IEventDispatcher $dispatcher
-	) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->groupManager = $groupManager;
-		$this->userSession = $userSession;
-		$this->config = $config;
-		$this->isAdmin = $isAdmin;
-		$this->l10n = $l10n;
-		$this->mailer = $mailer;
-		$this->l10nFactory = $l10nFactory;
-		$this->appManager = $appManager;
-		$this->accountManager = $accountManager;
-		$this->keyManager = $keyManager;
-		$this->jobList = $jobList;
-		$this->encryptionManager = $encryptionManager;
-		$this->knownUserService = $knownUserService;
-		$this->dispatcher = $dispatcher;
-	}
-
-
-	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 *
-	 * Display users list template
-	 *
-	 * @return TemplateResponse
-	 */
-	public function usersListByGroup(): TemplateResponse {
-		return $this->usersList();
-	}
-
-	/**
-	 * @NoCSRFRequired
-	 * @NoAdminRequired
-	 *
-	 * Display users list template
-	 *
-	 * @return TemplateResponse
-	 */
-	public function usersList(): TemplateResponse {
-		$user = $this->userSession->getUser();
-		$uid = $user->getUID();
-
-		\OC::$server->getNavigationManager()->setActiveEntry('core_users');
-
-		/* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
-		$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
-		$isLDAPUsed = false;
-		if ($this->config->getSystemValue('sort_groups_by_name', false)) {
-			$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
-		} else {
-			if ($this->appManager->isEnabledForUser('user_ldap')) {
-				$isLDAPUsed =
-					$this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
-				if ($isLDAPUsed) {
-					// LDAP user count can be slow, so we sort by group name here
-					$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
-				}
-			}
-		}
-
-		$canChangePassword = $this->canAdminChangeUserPasswords();
-
-		/* GROUPS */
-		$groupsInfo = new \OC\Group\MetaData(
-			$uid,
-			$this->isAdmin,
-			$this->groupManager,
-			$this->userSession
-		);
-
-		$groupsInfo->setSorting($sortGroupsBy);
-		[$adminGroup, $groups] = $groupsInfo->get();
-
-		if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
-			$isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
-				return $ldapFound || $backend instanceof User_Proxy;
-			});
-		}
-
-		$disabledUsers = -1;
-		$userCount = 0;
-
-		if (!$isLDAPUsed) {
-			if ($this->isAdmin) {
-				$disabledUsers = $this->userManager->countDisabledUsers();
-				$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
-					return $v + (int)$w;
-				}, 0);
-			} else {
-				// User is subadmin !
-				// Map group list to names to retrieve the countDisabledUsersOfGroups
-				$userGroups = $this->groupManager->getUserGroups($user);
-				$groupsNames = [];
-
-				foreach ($groups as $key => $group) {
-					// $userCount += (int)$group['usercount'];
-					array_push($groupsNames, $group['name']);
-					// we prevent subadmins from looking up themselves
-					// so we lower the count of the groups he belongs to
-					if (array_key_exists($group['id'], $userGroups)) {
-						$groups[$key]['usercount']--;
-						$userCount -= 1; // we also lower from one the total count
-					}
-				}
-				$userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());
-				$disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);
-			}
-
-			$userCount -= $disabledUsers;
-		}
-
-		$disabledUsersGroup = [
-			'id' => 'disabled',
-			'name' => 'Disabled users',
-			'usercount' => $disabledUsers
-		];
-
-		/* QUOTAS PRESETS */
-		$quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
-		$defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');
-
-		$event = new BeforeTemplateRenderedEvent();
-		$this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);
-		$this->dispatcher->dispatchTyped($event);
-
-		/* LANGUAGES */
-		$languages = $this->l10nFactory->getLanguages();
-
-		/* FINAL DATA */
-		$serverData = [];
-		// groups
-		$serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
-		// Various data
-		$serverData['isAdmin'] = $this->isAdmin;
-		$serverData['sortGroups'] = $sortGroupsBy;
-		$serverData['quotaPreset'] = $quotaPreset;
-		$serverData['userCount'] = $userCount;
-		$serverData['languages'] = $languages;
-		$serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
-		$serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
-		// Settings
-		$serverData['defaultQuota'] = $defaultQuota;
-		$serverData['canChangePassword'] = $canChangePassword;
-		$serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';
-		$serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';
-		$serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';
-
-		return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]);
-	}
-
-	/**
-	 * @param string $key
-	 * @param string $value
-	 *
-	 * @return JSONResponse
-	 */
-	public function setPreference(string $key, string $value): JSONResponse {
-		$allowed = ['newUser.sendEmail'];
-		if (!in_array($key, $allowed, true)) {
-			return new JSONResponse([], Http::STATUS_FORBIDDEN);
-		}
-
-		$this->config->setAppValue('core', $key, $value);
-
-		return new JSONResponse([]);
-	}
-
-	/**
-	 * Parse the app value for quota_present
-	 *
-	 * @param string $quotaPreset
-	 * @return array
-	 */
-	protected function parseQuotaPreset(string $quotaPreset): array {
-		// 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
-		$presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
-		// Drop default and none, Make array indexes numerically
-		return array_values(array_diff($presets, ['default', 'none']));
-	}
-
-	/**
-	 * check if the admin can change the users password
-	 *
-	 * The admin can change the passwords if:
-	 *
-	 *   - no encryption module is loaded and encryption is disabled
-	 *   - encryption module is loaded but it doesn't require per user keys
-	 *
-	 * The admin can not change the passwords if:
-	 *
-	 *   - an encryption module is loaded and it uses per-user keys
-	 *   - encryption is enabled but no encryption modules are loaded
-	 *
-	 * @return bool
-	 */
-	protected function canAdminChangeUserPasswords(): bool {
-		$isEncryptionEnabled = $this->encryptionManager->isEnabled();
-		try {
-			$noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
-			$isEncryptionModuleLoaded = true;
-		} catch (ModuleDoesNotExistsException $e) {
-			$noUserSpecificEncryptionKeys = true;
-			$isEncryptionModuleLoaded = false;
-		}
-		$canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
-			|| (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);
-
-		return $canChangePassword;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string|null $avatarScope
-	 * @param string|null $displayname
-	 * @param string|null $displaynameScope
-	 * @param string|null $phone
-	 * @param string|null $phoneScope
-	 * @param string|null $email
-	 * @param string|null $emailScope
-	 * @param string|null $website
-	 * @param string|null $websiteScope
-	 * @param string|null $address
-	 * @param string|null $addressScope
-	 * @param string|null $twitter
-	 * @param string|null $twitterScope
-	 *
-	 * @return DataResponse
-	 */
-	public function setUserSettings(?string $avatarScope = null,
-									?string $displayname = null,
-									?string $displaynameScope = null,
-									?string $phone = null,
-									?string $phoneScope = null,
-									?string $email = null,
-									?string $emailScope = null,
-									?string $website = null,
-									?string $websiteScope = null,
-									?string $address = null,
-									?string $addressScope = null,
-									?string $twitter = null,
-									?string $twitterScope = null
-	) {
-		$user = $this->userSession->getUser();
-		if (!$user instanceof IUser) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l10n->t('Invalid user')
-					]
-				],
-				Http::STATUS_UNAUTHORIZED
-			);
-		}
-
-		$email = !is_null($email) ? strtolower($email) : $email;
-		if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
-			return new DataResponse(
-				[
-					'status' => 'error',
-					'data' => [
-						'message' => $this->l10n->t('Invalid mail address')
-					]
-				],
-				Http::STATUS_UNPROCESSABLE_ENTITY
-			);
-		}
-
-		$data = $this->accountManager->getUser($user);
-		$beforeData = $data;
-		if (!is_null($avatarScope)) {
-			$data[IAccountManager::PROPERTY_AVATAR]['scope'] = $avatarScope;
-		}
-		if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
-			if (!is_null($displayname)) {
-				$data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] = $displayname;
-			}
-			if (!is_null($displaynameScope)) {
-				$data[IAccountManager::PROPERTY_DISPLAYNAME]['scope'] = $displaynameScope;
-			}
-			if (!is_null($email)) {
-				$data[IAccountManager::PROPERTY_EMAIL]['value'] = $email;
-			}
-			if (!is_null($emailScope)) {
-				$data[IAccountManager::PROPERTY_EMAIL]['scope'] = $emailScope;
-			}
-		}
-		if (!is_null($website)) {
-			$data[IAccountManager::PROPERTY_WEBSITE]['value'] = $website;
-		}
-		if (!is_null($websiteScope)) {
-			$data[IAccountManager::PROPERTY_WEBSITE]['scope'] = $websiteScope;
-		}
-		if (!is_null($address)) {
-			$data[IAccountManager::PROPERTY_ADDRESS]['value'] = $address;
-		}
-		if (!is_null($addressScope)) {
-			$data[IAccountManager::PROPERTY_ADDRESS]['scope'] = $addressScope;
-		}
-		if (!is_null($phone)) {
-			$data[IAccountManager::PROPERTY_PHONE]['value'] = $phone;
-		}
-		if (!is_null($phoneScope)) {
-			$data[IAccountManager::PROPERTY_PHONE]['scope'] = $phoneScope;
-		}
-		if (!is_null($twitter)) {
-			$data[IAccountManager::PROPERTY_TWITTER]['value'] = $twitter;
-		}
-		if (!is_null($twitterScope)) {
-			$data[IAccountManager::PROPERTY_TWITTER]['scope'] = $twitterScope;
-		}
-
-		try {
-			$data = $this->saveUserSettings($user, $data);
-			if ($beforeData[IAccountManager::PROPERTY_PHONE]['value'] !== $data[IAccountManager::PROPERTY_PHONE]['value']) {
-				$this->knownUserService->deleteByContactUserId($user->getUID());
-			}
-			return new DataResponse(
-				[
-					'status' => 'success',
-					'data' => [
-						'userId' => $user->getUID(),
-						'avatarScope' => $data[IAccountManager::PROPERTY_AVATAR]['scope'],
-						'displayname' => $data[IAccountManager::PROPERTY_DISPLAYNAME]['value'],
-						'displaynameScope' => $data[IAccountManager::PROPERTY_DISPLAYNAME]['scope'],
-						'phone' => $data[IAccountManager::PROPERTY_PHONE]['value'],
-						'phoneScope' => $data[IAccountManager::PROPERTY_PHONE]['scope'],
-						'email' => $data[IAccountManager::PROPERTY_EMAIL]['value'],
-						'emailScope' => $data[IAccountManager::PROPERTY_EMAIL]['scope'],
-						'website' => $data[IAccountManager::PROPERTY_WEBSITE]['value'],
-						'websiteScope' => $data[IAccountManager::PROPERTY_WEBSITE]['scope'],
-						'address' => $data[IAccountManager::PROPERTY_ADDRESS]['value'],
-						'addressScope' => $data[IAccountManager::PROPERTY_ADDRESS]['scope'],
-						'twitter' => $data[IAccountManager::PROPERTY_TWITTER]['value'],
-						'twitterScope' => $data[IAccountManager::PROPERTY_TWITTER]['scope'],
-						'message' => $this->l10n->t('Settings saved')
-					]
-				],
-				Http::STATUS_OK
-			);
-		} catch (ForbiddenException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage()
-				],
-			]);
-		} catch (\InvalidArgumentException $e) {
-			return new DataResponse([
-				'status' => 'error',
-				'data' => [
-					'message' => $e->getMessage()
-				],
-			]);
-		}
-	}
-	/**
-	 * update account manager with new user data
-	 *
-	 * @param IUser $user
-	 * @param array $data
-	 * @return array
-	 * @throws ForbiddenException
-	 * @throws \InvalidArgumentException
-	 */
-	protected function saveUserSettings(IUser $user, array $data): array {
-		// keep the user back-end up-to-date with the latest display name and email
-		// address
-		$oldDisplayName = $user->getDisplayName();
-		$oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;
-		if (isset($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'])
-			&& $oldDisplayName !== $data[IAccountManager::PROPERTY_DISPLAYNAME]['value']
-		) {
-			$result = $user->setDisplayName($data[IAccountManager::PROPERTY_DISPLAYNAME]['value']);
-			if ($result === false) {
-				throw new ForbiddenException($this->l10n->t('Unable to change full name'));
-			}
-		}
-
-		$oldEmailAddress = $user->getEMailAddress();
-		$oldEmailAddress = is_null($oldEmailAddress) ? '' : strtolower($oldEmailAddress);
-		if (isset($data[IAccountManager::PROPERTY_EMAIL]['value'])
-			&& $oldEmailAddress !== $data[IAccountManager::PROPERTY_EMAIL]['value']
-		) {
-			// this is the only permission a backend provides and is also used
-			// for the permission of setting a email address
-			if (!$user->canChangeDisplayName()) {
-				throw new ForbiddenException($this->l10n->t('Unable to change email address'));
-			}
-			$user->setEMailAddress($data[IAccountManager::PROPERTY_EMAIL]['value']);
-		}
-
-		try {
-			return $this->accountManager->updateUser($user, $data, true);
-		} catch (\InvalidArgumentException $e) {
-			if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
-				throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
-			}
-			if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
-				throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
-			}
-			throw new \InvalidArgumentException($this->l10n->t('Some account data was invalid'));
-		}
-	}
-
-	/**
-	 * Set the mail address of a user
-	 *
-	 * @NoAdminRequired
-	 * @NoSubAdminRequired
-	 * @PasswordConfirmationRequired
-	 *
-	 * @param string $account
-	 * @param bool $onlyVerificationCode only return verification code without updating the data
-	 * @return DataResponse
-	 */
-	public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
-		$user = $this->userSession->getUser();
-
-		if ($user === null) {
-			return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		$accountData = $this->accountManager->getUser($user);
-		$cloudId = $user->getCloudId();
-		$message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
-		$signature = $this->signMessage($user, $message);
-
-		$code = $message . ' ' . $signature;
-		$codeMd5 = $message . ' ' . md5($signature);
-
-		switch ($account) {
-			case 'verify-twitter':
-				$accountData[IAccountManager::PROPERTY_TWITTER]['verified'] = IAccountManager::VERIFICATION_IN_PROGRESS;
-				$msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
-				$code = $codeMd5;
-				$type = IAccountManager::PROPERTY_TWITTER;
-				$accountData[IAccountManager::PROPERTY_TWITTER]['signature'] = $signature;
-				break;
-			case 'verify-website':
-				$accountData[IAccountManager::PROPERTY_WEBSITE]['verified'] = IAccountManager::VERIFICATION_IN_PROGRESS;
-				$msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
-				$type = IAccountManager::PROPERTY_WEBSITE;
-				$accountData[IAccountManager::PROPERTY_WEBSITE]['signature'] = $signature;
-				break;
-			default:
-				return new DataResponse([], Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($onlyVerificationCode === false) {
-			$accountData = $this->accountManager->updateUser($user, $accountData);
-			$data = $accountData[$type]['value'];
-
-			$this->jobList->add(VerifyUserData::class,
-				[
-					'verificationCode' => $code,
-					'data' => $data,
-					'type' => $type,
-					'uid' => $user->getUID(),
-					'try' => 0,
-					'lastRun' => $this->getCurrentTime()
-				]
-			);
-		}
-
-		return new DataResponse(['msg' => $msg, 'code' => $code]);
-	}
-
-	/**
-	 * get current timestamp
-	 *
-	 * @return int
-	 */
-	protected function getCurrentTime(): int {
-		return time();
-	}
-
-	/**
-	 * sign message with users private key
-	 *
-	 * @param IUser $user
-	 * @param string $message
-	 *
-	 * @return string base64 encoded signature
-	 */
-	protected function signMessage(IUser $user, string $message): string {
-		$privateKey = $this->keyManager->getKey($user)->getPrivate();
-		openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
-		return base64_encode($signature);
-	}
+    /** @var UserManager */
+    private $userManager;
+    /** @var GroupManager */
+    private $groupManager;
+    /** @var IUserSession */
+    private $userSession;
+    /** @var IConfig */
+    private $config;
+    /** @var bool */
+    private $isAdmin;
+    /** @var IL10N */
+    private $l10n;
+    /** @var IMailer */
+    private $mailer;
+    /** @var Factory */
+    private $l10nFactory;
+    /** @var IAppManager */
+    private $appManager;
+    /** @var AccountManager */
+    private $accountManager;
+    /** @var Manager */
+    private $keyManager;
+    /** @var IJobList */
+    private $jobList;
+    /** @var IManager */
+    private $encryptionManager;
+    /** @var KnownUserService */
+    private $knownUserService;
+    /** @var IEventDispatcher */
+    private $dispatcher;
+
+
+    public function __construct(
+        string $appName,
+        IRequest $request,
+        IUserManager $userManager,
+        IGroupManager $groupManager,
+        IUserSession $userSession,
+        IConfig $config,
+        bool $isAdmin,
+        IL10N $l10n,
+        IMailer $mailer,
+        IFactory $l10nFactory,
+        IAppManager $appManager,
+        AccountManager $accountManager,
+        Manager $keyManager,
+        IJobList $jobList,
+        IManager $encryptionManager,
+        KnownUserService $knownUserService,
+        IEventDispatcher $dispatcher
+    ) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->groupManager = $groupManager;
+        $this->userSession = $userSession;
+        $this->config = $config;
+        $this->isAdmin = $isAdmin;
+        $this->l10n = $l10n;
+        $this->mailer = $mailer;
+        $this->l10nFactory = $l10nFactory;
+        $this->appManager = $appManager;
+        $this->accountManager = $accountManager;
+        $this->keyManager = $keyManager;
+        $this->jobList = $jobList;
+        $this->encryptionManager = $encryptionManager;
+        $this->knownUserService = $knownUserService;
+        $this->dispatcher = $dispatcher;
+    }
+
+
+    /**
+     * @NoCSRFRequired
+     * @NoAdminRequired
+     *
+     * Display users list template
+     *
+     * @return TemplateResponse
+     */
+    public function usersListByGroup(): TemplateResponse {
+        return $this->usersList();
+    }
+
+    /**
+     * @NoCSRFRequired
+     * @NoAdminRequired
+     *
+     * Display users list template
+     *
+     * @return TemplateResponse
+     */
+    public function usersList(): TemplateResponse {
+        $user = $this->userSession->getUser();
+        $uid = $user->getUID();
+
+        \OC::$server->getNavigationManager()->setActiveEntry('core_users');
+
+        /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */
+        $sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
+        $isLDAPUsed = false;
+        if ($this->config->getSystemValue('sort_groups_by_name', false)) {
+            $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
+        } else {
+            if ($this->appManager->isEnabledForUser('user_ldap')) {
+                $isLDAPUsed =
+                    $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy');
+                if ($isLDAPUsed) {
+                    // LDAP user count can be slow, so we sort by group name here
+                    $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
+                }
+            }
+        }
+
+        $canChangePassword = $this->canAdminChangeUserPasswords();
+
+        /* GROUPS */
+        $groupsInfo = new \OC\Group\MetaData(
+            $uid,
+            $this->isAdmin,
+            $this->groupManager,
+            $this->userSession
+        );
+
+        $groupsInfo->setSorting($sortGroupsBy);
+        [$adminGroup, $groups] = $groupsInfo->get();
+
+        if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) {
+            $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) {
+                return $ldapFound || $backend instanceof User_Proxy;
+            });
+        }
+
+        $disabledUsers = -1;
+        $userCount = 0;
+
+        if (!$isLDAPUsed) {
+            if ($this->isAdmin) {
+                $disabledUsers = $this->userManager->countDisabledUsers();
+                $userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
+                    return $v + (int)$w;
+                }, 0);
+            } else {
+                // User is subadmin !
+                // Map group list to names to retrieve the countDisabledUsersOfGroups
+                $userGroups = $this->groupManager->getUserGroups($user);
+                $groupsNames = [];
+
+                foreach ($groups as $key => $group) {
+                    // $userCount += (int)$group['usercount'];
+                    array_push($groupsNames, $group['name']);
+                    // we prevent subadmins from looking up themselves
+                    // so we lower the count of the groups he belongs to
+                    if (array_key_exists($group['id'], $userGroups)) {
+                        $groups[$key]['usercount']--;
+                        $userCount -= 1; // we also lower from one the total count
+                    }
+                }
+                $userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups());
+                $disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsNames);
+            }
+
+            $userCount -= $disabledUsers;
+        }
+
+        $disabledUsersGroup = [
+            'id' => 'disabled',
+            'name' => 'Disabled users',
+            'usercount' => $disabledUsers
+        ];
+
+        /* QUOTAS PRESETS */
+        $quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'));
+        $defaultQuota = $this->config->getAppValue('files', 'default_quota', 'none');
+
+        $event = new BeforeTemplateRenderedEvent();
+        $this->dispatcher->dispatch('OC\Settings\Users::loadAdditionalScripts', $event);
+        $this->dispatcher->dispatchTyped($event);
+
+        /* LANGUAGES */
+        $languages = $this->l10nFactory->getLanguages();
+
+        /* FINAL DATA */
+        $serverData = [];
+        // groups
+        $serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
+        // Various data
+        $serverData['isAdmin'] = $this->isAdmin;
+        $serverData['sortGroups'] = $sortGroupsBy;
+        $serverData['quotaPreset'] = $quotaPreset;
+        $serverData['userCount'] = $userCount;
+        $serverData['languages'] = $languages;
+        $serverData['defaultLanguage'] = $this->config->getSystemValue('default_language', 'en');
+        $serverData['forceLanguage'] = $this->config->getSystemValue('force_language', false);
+        // Settings
+        $serverData['defaultQuota'] = $defaultQuota;
+        $serverData['canChangePassword'] = $canChangePassword;
+        $serverData['newUserGenerateUserID'] = $this->config->getAppValue('core', 'newUser.generateUserID', 'no') === 'yes';
+        $serverData['newUserRequireEmail'] = $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes';
+        $serverData['newUserSendEmail'] = $this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes';
+
+        return new TemplateResponse('settings', 'settings-vue', ['serverData' => $serverData]);
+    }
+
+    /**
+     * @param string $key
+     * @param string $value
+     *
+     * @return JSONResponse
+     */
+    public function setPreference(string $key, string $value): JSONResponse {
+        $allowed = ['newUser.sendEmail'];
+        if (!in_array($key, $allowed, true)) {
+            return new JSONResponse([], Http::STATUS_FORBIDDEN);
+        }
+
+        $this->config->setAppValue('core', $key, $value);
+
+        return new JSONResponse([]);
+    }
+
+    /**
+     * Parse the app value for quota_present
+     *
+     * @param string $quotaPreset
+     * @return array
+     */
+    protected function parseQuotaPreset(string $quotaPreset): array {
+        // 1 GB, 5 GB, 10 GB => [1 GB, 5 GB, 10 GB]
+        $presets = array_filter(array_map('trim', explode(',', $quotaPreset)));
+        // Drop default and none, Make array indexes numerically
+        return array_values(array_diff($presets, ['default', 'none']));
+    }
+
+    /**
+     * check if the admin can change the users password
+     *
+     * The admin can change the passwords if:
+     *
+     *   - no encryption module is loaded and encryption is disabled
+     *   - encryption module is loaded but it doesn't require per user keys
+     *
+     * The admin can not change the passwords if:
+     *
+     *   - an encryption module is loaded and it uses per-user keys
+     *   - encryption is enabled but no encryption modules are loaded
+     *
+     * @return bool
+     */
+    protected function canAdminChangeUserPasswords(): bool {
+        $isEncryptionEnabled = $this->encryptionManager->isEnabled();
+        try {
+            $noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
+            $isEncryptionModuleLoaded = true;
+        } catch (ModuleDoesNotExistsException $e) {
+            $noUserSpecificEncryptionKeys = true;
+            $isEncryptionModuleLoaded = false;
+        }
+        $canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
+            || (!$isEncryptionModuleLoaded && !$isEncryptionEnabled);
+
+        return $canChangePassword;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string|null $avatarScope
+     * @param string|null $displayname
+     * @param string|null $displaynameScope
+     * @param string|null $phone
+     * @param string|null $phoneScope
+     * @param string|null $email
+     * @param string|null $emailScope
+     * @param string|null $website
+     * @param string|null $websiteScope
+     * @param string|null $address
+     * @param string|null $addressScope
+     * @param string|null $twitter
+     * @param string|null $twitterScope
+     *
+     * @return DataResponse
+     */
+    public function setUserSettings(?string $avatarScope = null,
+                                    ?string $displayname = null,
+                                    ?string $displaynameScope = null,
+                                    ?string $phone = null,
+                                    ?string $phoneScope = null,
+                                    ?string $email = null,
+                                    ?string $emailScope = null,
+                                    ?string $website = null,
+                                    ?string $websiteScope = null,
+                                    ?string $address = null,
+                                    ?string $addressScope = null,
+                                    ?string $twitter = null,
+                                    ?string $twitterScope = null
+    ) {
+        $user = $this->userSession->getUser();
+        if (!$user instanceof IUser) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l10n->t('Invalid user')
+                    ]
+                ],
+                Http::STATUS_UNAUTHORIZED
+            );
+        }
+
+        $email = !is_null($email) ? strtolower($email) : $email;
+        if (!empty($email) && !$this->mailer->validateMailAddress($email)) {
+            return new DataResponse(
+                [
+                    'status' => 'error',
+                    'data' => [
+                        'message' => $this->l10n->t('Invalid mail address')
+                    ]
+                ],
+                Http::STATUS_UNPROCESSABLE_ENTITY
+            );
+        }
+
+        $data = $this->accountManager->getUser($user);
+        $beforeData = $data;
+        if (!is_null($avatarScope)) {
+            $data[IAccountManager::PROPERTY_AVATAR]['scope'] = $avatarScope;
+        }
+        if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
+            if (!is_null($displayname)) {
+                $data[IAccountManager::PROPERTY_DISPLAYNAME]['value'] = $displayname;
+            }
+            if (!is_null($displaynameScope)) {
+                $data[IAccountManager::PROPERTY_DISPLAYNAME]['scope'] = $displaynameScope;
+            }
+            if (!is_null($email)) {
+                $data[IAccountManager::PROPERTY_EMAIL]['value'] = $email;
+            }
+            if (!is_null($emailScope)) {
+                $data[IAccountManager::PROPERTY_EMAIL]['scope'] = $emailScope;
+            }
+        }
+        if (!is_null($website)) {
+            $data[IAccountManager::PROPERTY_WEBSITE]['value'] = $website;
+        }
+        if (!is_null($websiteScope)) {
+            $data[IAccountManager::PROPERTY_WEBSITE]['scope'] = $websiteScope;
+        }
+        if (!is_null($address)) {
+            $data[IAccountManager::PROPERTY_ADDRESS]['value'] = $address;
+        }
+        if (!is_null($addressScope)) {
+            $data[IAccountManager::PROPERTY_ADDRESS]['scope'] = $addressScope;
+        }
+        if (!is_null($phone)) {
+            $data[IAccountManager::PROPERTY_PHONE]['value'] = $phone;
+        }
+        if (!is_null($phoneScope)) {
+            $data[IAccountManager::PROPERTY_PHONE]['scope'] = $phoneScope;
+        }
+        if (!is_null($twitter)) {
+            $data[IAccountManager::PROPERTY_TWITTER]['value'] = $twitter;
+        }
+        if (!is_null($twitterScope)) {
+            $data[IAccountManager::PROPERTY_TWITTER]['scope'] = $twitterScope;
+        }
+
+        try {
+            $data = $this->saveUserSettings($user, $data);
+            if ($beforeData[IAccountManager::PROPERTY_PHONE]['value'] !== $data[IAccountManager::PROPERTY_PHONE]['value']) {
+                $this->knownUserService->deleteByContactUserId($user->getUID());
+            }
+            return new DataResponse(
+                [
+                    'status' => 'success',
+                    'data' => [
+                        'userId' => $user->getUID(),
+                        'avatarScope' => $data[IAccountManager::PROPERTY_AVATAR]['scope'],
+                        'displayname' => $data[IAccountManager::PROPERTY_DISPLAYNAME]['value'],
+                        'displaynameScope' => $data[IAccountManager::PROPERTY_DISPLAYNAME]['scope'],
+                        'phone' => $data[IAccountManager::PROPERTY_PHONE]['value'],
+                        'phoneScope' => $data[IAccountManager::PROPERTY_PHONE]['scope'],
+                        'email' => $data[IAccountManager::PROPERTY_EMAIL]['value'],
+                        'emailScope' => $data[IAccountManager::PROPERTY_EMAIL]['scope'],
+                        'website' => $data[IAccountManager::PROPERTY_WEBSITE]['value'],
+                        'websiteScope' => $data[IAccountManager::PROPERTY_WEBSITE]['scope'],
+                        'address' => $data[IAccountManager::PROPERTY_ADDRESS]['value'],
+                        'addressScope' => $data[IAccountManager::PROPERTY_ADDRESS]['scope'],
+                        'twitter' => $data[IAccountManager::PROPERTY_TWITTER]['value'],
+                        'twitterScope' => $data[IAccountManager::PROPERTY_TWITTER]['scope'],
+                        'message' => $this->l10n->t('Settings saved')
+                    ]
+                ],
+                Http::STATUS_OK
+            );
+        } catch (ForbiddenException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage()
+                ],
+            ]);
+        } catch (\InvalidArgumentException $e) {
+            return new DataResponse([
+                'status' => 'error',
+                'data' => [
+                    'message' => $e->getMessage()
+                ],
+            ]);
+        }
+    }
+    /**
+     * update account manager with new user data
+     *
+     * @param IUser $user
+     * @param array $data
+     * @return array
+     * @throws ForbiddenException
+     * @throws \InvalidArgumentException
+     */
+    protected function saveUserSettings(IUser $user, array $data): array {
+        // keep the user back-end up-to-date with the latest display name and email
+        // address
+        $oldDisplayName = $user->getDisplayName();
+        $oldDisplayName = is_null($oldDisplayName) ? '' : $oldDisplayName;
+        if (isset($data[IAccountManager::PROPERTY_DISPLAYNAME]['value'])
+            && $oldDisplayName !== $data[IAccountManager::PROPERTY_DISPLAYNAME]['value']
+        ) {
+            $result = $user->setDisplayName($data[IAccountManager::PROPERTY_DISPLAYNAME]['value']);
+            if ($result === false) {
+                throw new ForbiddenException($this->l10n->t('Unable to change full name'));
+            }
+        }
+
+        $oldEmailAddress = $user->getEMailAddress();
+        $oldEmailAddress = is_null($oldEmailAddress) ? '' : strtolower($oldEmailAddress);
+        if (isset($data[IAccountManager::PROPERTY_EMAIL]['value'])
+            && $oldEmailAddress !== $data[IAccountManager::PROPERTY_EMAIL]['value']
+        ) {
+            // this is the only permission a backend provides and is also used
+            // for the permission of setting a email address
+            if (!$user->canChangeDisplayName()) {
+                throw new ForbiddenException($this->l10n->t('Unable to change email address'));
+            }
+            $user->setEMailAddress($data[IAccountManager::PROPERTY_EMAIL]['value']);
+        }
+
+        try {
+            return $this->accountManager->updateUser($user, $data, true);
+        } catch (\InvalidArgumentException $e) {
+            if ($e->getMessage() === IAccountManager::PROPERTY_PHONE) {
+                throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid phone number'));
+            }
+            if ($e->getMessage() === IAccountManager::PROPERTY_WEBSITE) {
+                throw new \InvalidArgumentException($this->l10n->t('Unable to set invalid website'));
+            }
+            throw new \InvalidArgumentException($this->l10n->t('Some account data was invalid'));
+        }
+    }
+
+    /**
+     * Set the mail address of a user
+     *
+     * @NoAdminRequired
+     * @NoSubAdminRequired
+     * @PasswordConfirmationRequired
+     *
+     * @param string $account
+     * @param bool $onlyVerificationCode only return verification code without updating the data
+     * @return DataResponse
+     */
+    public function getVerificationCode(string $account, bool $onlyVerificationCode): DataResponse {
+        $user = $this->userSession->getUser();
+
+        if ($user === null) {
+            return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        $accountData = $this->accountManager->getUser($user);
+        $cloudId = $user->getCloudId();
+        $message = 'Use my Federated Cloud ID to share with me: ' . $cloudId;
+        $signature = $this->signMessage($user, $message);
+
+        $code = $message . ' ' . $signature;
+        $codeMd5 = $message . ' ' . md5($signature);
+
+        switch ($account) {
+            case 'verify-twitter':
+                $accountData[IAccountManager::PROPERTY_TWITTER]['verified'] = IAccountManager::VERIFICATION_IN_PROGRESS;
+                $msg = $this->l10n->t('In order to verify your Twitter account, post the following tweet on Twitter (please make sure to post it without any line breaks):');
+                $code = $codeMd5;
+                $type = IAccountManager::PROPERTY_TWITTER;
+                $accountData[IAccountManager::PROPERTY_TWITTER]['signature'] = $signature;
+                break;
+            case 'verify-website':
+                $accountData[IAccountManager::PROPERTY_WEBSITE]['verified'] = IAccountManager::VERIFICATION_IN_PROGRESS;
+                $msg = $this->l10n->t('In order to verify your Website, store the following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):');
+                $type = IAccountManager::PROPERTY_WEBSITE;
+                $accountData[IAccountManager::PROPERTY_WEBSITE]['signature'] = $signature;
+                break;
+            default:
+                return new DataResponse([], Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($onlyVerificationCode === false) {
+            $accountData = $this->accountManager->updateUser($user, $accountData);
+            $data = $accountData[$type]['value'];
+
+            $this->jobList->add(VerifyUserData::class,
+                [
+                    'verificationCode' => $code,
+                    'data' => $data,
+                    'type' => $type,
+                    'uid' => $user->getUID(),
+                    'try' => 0,
+                    'lastRun' => $this->getCurrentTime()
+                ]
+            );
+        }
+
+        return new DataResponse(['msg' => $msg, 'code' => $code]);
+    }
+
+    /**
+     * get current timestamp
+     *
+     * @return int
+     */
+    protected function getCurrentTime(): int {
+        return time();
+    }
+
+    /**
+     * sign message with users private key
+     *
+     * @param IUser $user
+     * @param string $message
+     *
+     * @return string base64 encoded signature
+     */
+    protected function signMessage(IUser $user, string $message): string {
+        $privateKey = $this->keyManager->getKey($user)->getPrivate();
+        openssl_sign(json_encode($message), $signature, $privateKey, OPENSSL_ALGO_SHA512);
+        return base64_encode($signature);
+    }
 }