Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Password Reset + Bugfixes

Browse Source
This commit is contained in:
Roman Hergenreder
2020-07-02 00:47:45 +02:00
parent db63b55a70
commit 0deb6fff52
15 changed files with 309 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
core/Api/UserAPI.class.php
View File

@@ -84,7 +84,7 @@ namespace Api {
protected function getUser($id) {
$sql = $this->user->getSQL();
$res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at",
$res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at", "User.confirmed",
"Group.uid as groupId", "Group.name as groupName", "Group.color as groupColor")
->from("User")
->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
@@ -254,7 +254,7 @@ namespace Api\User {
}
$sql = $this->user->getSQL();
$res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at",
$res = $sql->select("User.uid as userId", "User.name", "User.email", "User.registered_at", "User.confirmed",
"Group.uid as groupId", "Group.name as groupName", "Group.color as groupColor")
->from("User")
->leftJoin("UserGroup", "User.uid", "UserGroup.user_id")
@@ -278,6 +278,7 @@ namespace Api\User {
"name" => $row["name"],
"email" => $row["email"],
"registered_at" => $row["registered_at"],
"confirmed" => $sql->parseBool($row["confirmed"]),
"groups" => array(),
);
}
@@ -310,6 +311,7 @@ namespace Api\User {
return false;
}
$sql = $this->user->getSQL();
$id = $this->getParam("id");
$user = $this->getUser($id);
@@ -322,6 +324,7 @@ namespace Api\User {
"name" => $user[0]["name"],
"email" => $user[0]["email"],
"registered_at" => $user[0]["registered_at"],
"confirmed" => $sql->parseBool($user["0"]["confirmed"]),
"groups" => array()
);
@@ -450,6 +453,7 @@ namespace Api\User {
'password' => new StringType('password'),
'confirmPassword' => new StringType('confirmPassword'),
));
$this->csrfTokenRequired = false;
}
private function updateUser($uid, $password) {
@@ -783,7 +787,7 @@ namespace Api\User {
private function checkToken($token) {
$sql = $this->user->getSQL();
$res = $sql->select("UserToken.token_type", "User.uid", "User.name", "User.email", "User.confirmed")
$res = $sql->select("UserToken.token_type", "User.uid", "User.name", "User.email")
->from("UserToken")
->innerJoin("User", "UserToken.user_id", "User.uid")
->where(new Compare("UserToken.token", $token))
@@ -817,7 +821,6 @@ namespace Api\User {
$this->result["user"] = array(
"name" => $tokenEntry["name"],
"email" => $tokenEntry["email"],
"confirmed" => $this->user->getSQL()->parseBool($tokenEntry["confirmed"]),
"uid" => $tokenEntry["uid"]
);
} else {
@@ -837,6 +840,7 @@ namespace Api\User {
'email' => new Parameter('email', Parameter::TYPE_EMAIL, true, NULL),
'password' => new StringType('password', -1, true, NULL),
'groups' => new Parameter('groups', Parameter::TYPE_ARRAY, true, NULL),
'confirmed' => new Parameter('confirmed', Parameter::TYPE_BOOLEAN, true, NULL)
));
$this->loginRequired = true;
@@ -859,6 +863,7 @@ namespace Api\User {
$email = $this->getParam("email");
$password = $this->getParam("password");
$groups = $this->getParam("groups");
$confirmed = $this->getParam("confirmed");
$email = (!is_null($email) && empty($email)) ? null : $email;
@@ -896,6 +901,14 @@ namespace Api\User {
if ($emailChanged) $query->set("email", $email);
if (!is_null($password)) $query->set("password", $this->hashPassword($password));
if (!is_null($confirmed)) {
if ($id === $this->user->getId() && $confirmed === false) {
return $this->createError("Cannot make own account unconfirmed.");
} else {
$query->set("confirmed", $confirmed);
}
}
if (!empty($query->getValues())) {
$query->where(new Compare("User.uid", $id));
$res = $query->execute();
@@ -957,7 +970,7 @@ namespace Api\User {
}
}
class RequestResetPassword extends UserAPI {
class RequestPasswordReset extends UserAPI {
public function __construct(User $user, $externalCall = false) {
$parameters = array(
'email' => new Parameter('email', Parameter::TYPE_EMAIL),
@@ -969,6 +982,7 @@ namespace Api\User {
}
parent::__construct($user, $externalCall, $parameters);
$this->csrfTokenRequired = false;
}
public function execute($values = array()) {
@@ -1010,7 +1024,7 @@ namespace Api\User {
$siteName = htmlspecialchars($settings->getSiteName());
$replacements = array(
"link" => "$baseUrl/confirmEmail?token=$token",
"link" => "$baseUrl/resetPassword?token=$token",
"site_name" => $siteName,
"base_url" => $baseUrl,
"username" => htmlspecialchars($user["name"])
@@ -1035,6 +1049,7 @@ namespace Api\User {
private function findUser($email) {
$sql = $this->user->getSQL();
$res = $sql->select("User.uid", "User.name")
->from("User")
->where(new Compare("User.email", $email))
->where(new CondBool("User.confirmed"))
->execute();
@@ -1073,6 +1088,8 @@ namespace Api\User {
'password' => new StringType('password'),
'confirmPassword' => new StringType('confirmPassword'),
));
$this->csrfTokenRequired = false;
}
private function updateUser($uid, $password) {
@@ -1108,7 +1125,7 @@ namespace Api\User {
}
$result = $req->getResult();
if (strcasecmp($result["token"]["type"], "reset_password") !== 0) {
if (strcasecmp($result["token"]["type"], "password_reset") !== 0) {
return $this->createError("Invalid token type");
} else if (!$this->checkPasswordRequirements($password, $confirmPassword)) {
return false;