Allow users to choose a different email for notifications #28422
implement verification for additional mails
- mails added by (sub)admins are automatically verified - provisioning_api controller as verification endpoint - IAccountProperty gets a locallyVerified property - IPropertyCollection gets a method to fetch an IAccountProperty by value - an remove equivalent was already present - AccountManager always initiates mail verification on update if necessary - add core success template for arbitrary title and message Signed-off-by: Arthur Schiwon <[email protected]>
- Loading branch information
commit aacaad2a3f56893c6be463ec7a21c868322654ee
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| <?php | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| /** | ||
| * @copyright Copyright (c) 2021 Arthur Schiwon <[email protected]> | ||
| * | ||
| * @author Arthur Schiwon <[email protected]> | ||
| * | ||
| * @license GNU AGPL version 3 or any later version | ||
| * | ||
| * This program is free software: you can redistribute it and/or modify | ||
| * it under the terms of the GNU Affero General Public License as | ||
| * published by the Free Software Foundation, either version 3 of the | ||
| * License, or (at your option) any later version. | ||
| * | ||
| * This program is distributed in the hope that it will be useful, | ||
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| * GNU Affero General Public License for more details. | ||
| * | ||
| * You should have received a copy of the GNU Affero General Public License | ||
| * along with this program. If not, see <https://www.gnu.org/licenses/>. | ||
| * | ||
| */ | ||
|
|
||
| namespace OCA\Provisioning_API\Controller; | ||
|
|
||
| use InvalidArgumentException; | ||
| use OC\Security\Crypto; | ||
| use OCP\Accounts\IAccountManager; | ||
| use OCP\AppFramework\Controller; | ||
| use OCP\AppFramework\Http\TemplateResponse; | ||
| use OCP\IL10N; | ||
| use OCP\IRequest; | ||
| use OCP\IUserManager; | ||
| use OCP\IUserSession; | ||
| use OCP\Security\VerificationToken\InvalidTokenException; | ||
| use OCP\Security\VerificationToken\IVerificationToken; | ||
|
|
||
| class VerificationController extends Controller { | ||
|
|
||
| /** @var IVerificationToken */ | ||
| private $verificationToken; | ||
| /** @var IUserManager */ | ||
| private $userManager; | ||
| /** @var IL10N */ | ||
| private $l10n; | ||
| /** @var IUserSession */ | ||
| private $userSession; | ||
| /** @var IAccountManager */ | ||
| private $accountManager; | ||
| /** @var Crypto */ | ||
| private $crypto; | ||
|
|
||
| public function __construct( | ||
| string $appName, | ||
| IRequest $request, | ||
| IVerificationToken $verificationToken, | ||
| IUserManager $userManager, | ||
| IL10N $l10n, | ||
| IUserSession $userSession, | ||
| IAccountManager $accountManager, | ||
| Crypto $crypto | ||
| ) { | ||
| parent::__construct($appName, $request); | ||
| $this->verificationToken = $verificationToken; | ||
| $this->userManager = $userManager; | ||
| $this->l10n = $l10n; | ||
| $this->userSession = $userSession; | ||
| $this->accountManager = $accountManager; | ||
| $this->crypto = $crypto; | ||
| } | ||
|
|
||
| /** | ||
| * @NoCSRFRequired | ||
| */ | ||
| public function verifyMail(string $token, string $userId, string $key) { | ||
| try { | ||
| if ($this->userSession->getUser()->getUID() !== $userId) { | ||
skjnldsv marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| throw new InvalidArgumentException('Logged in user is not mail address owner'); | ||
| } | ||
| $email = $this->crypto->decrypt($key); | ||
| $ref = \substr(hash('sha256', $email), 0, 8); | ||
|
Member
There was a problem hiding this comment. Any specific reason we limit it to the first 8 chars here? :)
Member
Author
There was a problem hiding this comment. I consider it sufficient to avoid collisions – this is just part of the configkey stored in the db and used to avoid collisions only. If you manage to craft a collision – mind it applies per user – you manage to overwrite a previously stored token. It could have a security implication, if you manage to create a token for a different user that fits the collision, and yet the payload still needs to be valid and pass the checks. |
||
|
|
||
| $user = $this->userManager->get($userId); | ||
| $this->verificationToken->check($token, $user, 'verifyMail' . $ref, $email); | ||
|
|
||
| $userAccount = $this->accountManager->getAccount($user); | ||
| $emailProperty = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL) | ||
| ->getPropertyByValue($email); | ||
|
|
||
| if ($emailProperty === null) { | ||
| throw new InvalidArgumentException($this->l10n->t('Email was already removed from account and cannot be confirmed anymore.')); | ||
| } | ||
| $emailProperty->setLocallyVerified(IAccountManager::VERIFIED); | ||
| $this->accountManager->updateAccount($userAccount); | ||
| } catch (InvalidTokenException $e) { | ||
| $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED | ||
| ? $this->l10n->t('Could not verify mail because the token is expired.') | ||
| : $this->l10n->t('Could not verify mail because the token is invalid.'); | ||
| } catch (InvalidArgumentException $e) { | ||
| $error = $e->getMessage(); | ||
| } catch (\Exception $e) { | ||
| $error = $this->l10n->t('An unexpected error occurred. Please consult your sysadmin.'); | ||
| } | ||
|
|
||
| if (isset($error)) { | ||
| return new TemplateResponse( | ||
| 'core', 'error', [ | ||
| 'errors' => [['error' => $error]] | ||
| ], 'guest'); | ||
| } | ||
|
|
||
| return new TemplateResponse( | ||
| 'core', 'success', [ | ||
| 'title' => $this->l10n->t('Email confirmation successful'), | ||
| 'message' => $this->l10n->t('Email confirmation successful'), | ||
| ], 'guest'); | ||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| <?php | ||
| /** @var array $_ */ | ||
| /** @var \OCP\IL10N $l */ | ||
| /** @var \OCP\Defaults $theme */ | ||
| ?> | ||
|
|
||
| <div class="update"> | ||
| <h2><?php p($_['title']) ?></h2> | ||
| <p><?php p($_['message']) ?></p> | ||
| <p><a class="button primary" href="<?php p(\OC::$server->get(\OCP\IURLGenerator::class)->linkTo('', 'index.php')) ?>"> | ||
| <?php p($l->t('Go to %s', [$theme->getName()])); ?> | ||
| </a></p> | ||
| </div> |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.