diff --git a/apps/provisioning_api/lib/Controller/VerificationController.php b/apps/provisioning_api/lib/Controller/VerificationController.php index 18113484c8a4e..cae1ec3e08da5 100644 --- a/apps/provisioning_api/lib/Controller/VerificationController.php +++ b/apps/provisioning_api/lib/Controller/VerificationController.php @@ -9,7 +9,6 @@ namespace OCA\Provisioning_API\Controller; -use InvalidArgumentException; use OC\Security\Crypto; use OCP\Accounts\IAccountManager; use OCP\AppFramework\Controller; @@ -18,6 +17,7 @@ use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\TemplateResponse; +use OCP\HintException; use OCP\IL10N; use OCP\IRequest; use OCP\IUserManager; @@ -66,11 +66,21 @@ public function __construct( #[NoAdminRequired] #[NoCSRFRequired] public function showVerifyMail(string $token, string $userId, string $key): TemplateResponse { - if ($this->userSession->getUser()->getUID() !== $userId) { - // not a public page, hence getUser() must return an IUser - throw new InvalidArgumentException('Logged in account is not mail address owner'); + try { + if ($this->userSession->getUser()?->getUID() !== $userId) { + // not a public page, hence getUser() must return an IUser + throw new HintException( + 'Logged in account is not mail address owner', + $this->l10n->t('Logged in account is not mail address owner'), + ); + } + $email = $this->crypto->decrypt($key); + } catch (HintException $e) { + return new TemplateResponse( + 'core', 'error', [ + 'errors' => [['error' => $e->getHint()]] + ], TemplateResponse::RENDER_AS_GUEST); } - $email = $this->crypto->decrypt($key); return new TemplateResponse( 'core', 'confirmation', [ @@ -88,8 +98,11 @@ public function showVerifyMail(string $token, string $userId, string $key): Temp public function verifyMail(string $token, string $userId, string $key): TemplateResponse { $throttle = false; try { - if ($this->userSession->getUser()->getUID() !== $userId) { - throw new InvalidArgumentException('Logged in account is not mail address owner'); + if ($this->userSession->getUser()?->getUID() !== $userId) { + throw new HintException( + 'Logged in account is not mail address owner', + $this->l10n->t('Logged in account is not mail address owner'), + ); } $email = $this->crypto->decrypt($key); $ref = \substr(hash('sha256', $email), 0, 8); @@ -102,7 +115,10 @@ public function verifyMail(string $token, string $userId, string $key): Template ->getPropertyByValue($email); if ($emailProperty === null) { - throw new InvalidArgumentException($this->l10n->t('Email was already removed from account and cannot be confirmed anymore.')); + throw new HintException( + 'Email was already removed from account and cannot be confirmed anymore.', + $this->l10n->t('Email was already removed from account and cannot be confirmed anymore.'), + ); } $emailProperty->setLocallyVerified(IAccountManager::VERIFIED); $this->accountManager->updateAccount($userAccount); @@ -114,8 +130,8 @@ public function verifyMail(string $token, string $userId, string $key): Template $throttle = true; $error = $this->l10n->t('Could not verify mail because the token is invalid.'); } - } catch (InvalidArgumentException $e) { - $error = $e->getMessage(); + } catch (HintException $e) { + $error = $e->getHint(); } catch (\Exception $e) { $error = $this->l10n->t('An unexpected error occurred. Please contact your admin.'); }