/** * Set the mail address of a user * * @NoAdminRequired * @NoSubadminRequired * * @param string $id * @param string $mailAddress * @return DataResponse * * TODO: Tidy up and write unit tests - code is mainly static method calls */ public function setMailAddress($id, $mailAddress) { // FIXME: Remove this static function call at some point… if ($this->userSession->getUser()->getUID() !== $id && !$this->isAdmin && !\OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $id)) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Forbidden'))), Http::STATUS_FORBIDDEN); } if ($mailAddress !== '' && !$this->mail->validateAddress($mailAddress)) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Invalid mail address'))), Http::STATUS_UNPROCESSABLE_ENTITY); } $user = $this->userManager->get($id); if (!$user) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Invalid user'))), Http::STATUS_UNPROCESSABLE_ENTITY); } // this is the only permission a backend provides and is also used // for the permission of setting a email address if (!$user->canChangeDisplayName()) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Unable to change mail address'))), Http::STATUS_FORBIDDEN); } $this->config->setUserValue($id, 'settings', 'email', $mailAddress); return new DataResponse(array('status' => 'success', 'data' => array('username' => $id, 'mailAddress' => $mailAddress, 'message' => (string) $this->l10n->t('Email saved'))), Http::STATUS_OK); }
* it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $username = isset($_POST["username"]) ? (string) $_POST["username"] : ''; if ($username === '' && !OC_User::isAdminUser(OC_User::getUser()) || !OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $l = \OC::$server->getL10N('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } //make sure the quota is in the expected format $quota = (string) $_POST["quota"]; if ($quota !== 'none' and $quota !== 'default') { $quota = OC_Helper::computerFileSize($quota); $quota = OC_Helper::humanFileSize($quota); } // Return Success story if ($username) { \OC::$server->getConfig()->setUserValue($username, 'files', 'quota', $quota); } else { //set the default quota when no username is specified
/** * @param array $calendar * @param string $userId * @return boolean */ private static function isAllowedToDeleteCalendar($calendar) { $userId = OCP\User::getUser(); //in case it is called by command line or cron if ($userId == '') { return true; } if ($calendar['userid'] === $userId) { return true; } if (OC_User::isAdminUser($userId)) { return true; } if (OC_SubAdmin::isUserAccessible($userId, $calendar['userid'])) { return true; } return false; }
<?php OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $success = true; $username = $_POST["username"]; $group = $_POST["group"]; if ($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group')))); exit; } if (!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (!OC_Group::groupExists($group)) { OC_Group::createGroup($group); } $l = OC_L10N::get('settings'); $error = $l->t("Unable to add user to group %s", $group); $action = "add"; // Toggle group if (OC_Group::inGroup($username, $group)) { $action = "remove"; $error = $l->t("Unable to remove user from group %s", $group); $success = OC_Group::removeFromGroup($username, $group); $usersInGroup = OC_Group::usersInGroup($group); if (count($usersInGroup) == 0) { OC_Group::deleteGroup($group);
/** * @param array $calendar * @param string $userId * @return boolean */ private static function isAllowedToDeleteCalendar($calendar) { $userId = OCP\User::getUser(); if ($calendar['userid'] === $userId) { return true; } if (OC_User::isAdminUser($userId)) { return true; } if (OC_SubAdmin::isUserAccessible($userId, $calendar['userid'])) { return true; } return false; }
<?php // Check if we are a user OCP\JSON::callCheck(); OC_JSON::checkLoggedIn(); // Manually load apps to ensure hooks work correctly (workaround for issue 1503) OC_APP::loadApps(); $username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser(); $password = isset($_POST['password']) ? $_POST['password'] : null; $oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : ''; $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null; $userstatus = null; if (OC_User::isAdminUser(OC_User::getUser())) { $userstatus = 'admin'; } if (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $userstatus = 'subadmin'; } if (OC_User::getUser() === $username && OC_User::checkPassword($username, $oldPassword)) { $userstatus = 'user'; } if (is_null($userstatus)) { OC_JSON::error(array('data' => array('message' => 'Authentication error'))); exit; } if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') { //handle the recovery case $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); $validRecoveryPassword = false; $recoveryPasswordSupported = false;
<?php /** * Copyright (c) 2012, Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ // Init owncloud require_once '../../lib/base.php'; OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $username = isset($_POST["username"]) ? $_POST["username"] : ''; if ($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin') || !OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } //make sure the quota is in the expected format $quota = $_POST["quota"]; if ($quota != 'none' and $quota != 'default') { $quota = OC_Helper::computerFileSize($quota); if ($quota == 0) { $quota = 'default'; } else { $quota = OC_Helper::humanFileSize($quota); } } // Return Success story if ($username) { OC_Preferences::setValue($username, 'files', 'quota', $quota); } else {
public static function changeUserPassword($args) { // Check if we are an user \OC_JSON::callCheck(); \OC_JSON::checkLoggedIn(); // Manually load apps to ensure hooks work correctly (workaround for issue 1503) \OC_App::loadApps(); if (isset($_POST['username'])) { $username = $_POST['username']; } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('No user supplied')))); exit; } $password = isset($_POST['password']) ? $_POST['password'] : null; $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null; if (\OC_User::isAdminUser(\OC_User::getUser())) { $userstatus = 'admin'; } elseif (\OC_SubAdmin::isUserAccessible(\OC_User::getUser(), $username)) { $userstatus = 'subadmin'; } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (\OC_App::isEnabled('files_encryption')) { //handle the recovery case $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); $recoveryAdminEnabled = \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); $validRecoveryPassword = false; $recoveryPasswordSupported = false; if ($recoveryAdminEnabled) { $validRecoveryPassword = $util->checkRecoveryPassword($recoveryPassword); $recoveryEnabledForUser = $util->recoveryEnabledForUser(); } if ($recoveryEnabledForUser && $recoveryPassword === '') { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Please provide an admin recovery password, otherwise all user data will be lost')))); } elseif ($recoveryEnabledForUser && !$validRecoveryPassword) { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Wrong admin recovery password. Please check the password and try again.')))); } else { // now we know that everything is fine regarding the recovery password, let's try to change the password $result = \OC_User::setPassword($username, $password, $recoveryPassword); if (!$result && $recoveryPasswordSupported) { $l = new \OC_L10n('settings'); \OC_JSON::error(array("data" => array("message" => $l->t("Back-end doesn't support password change, but the users encryption key was successfully updated.")))); } elseif (!$result && !$recoveryPasswordSupported) { $l = new \OC_L10n('settings'); \OC_JSON::error(array("data" => array("message" => $l->t("Unable to change password")))); } else { \OC_JSON::success(array("data" => array("username" => $username))); } } } else { // if encryption is disabled, proceed if (!is_null($password) && \OC_User::setPassword($username, $password)) { \OC_JSON::success(array('data' => array('username' => $username))); } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Unable to change password')))); } } }
/** * Whether $uid is accessible to $subAdmin * @param string $subAdmin * @param string $uid * @return bool */ function isUserAccessible($subAdmin, $uid) { return \OC_SubAdmin::isUserAccessible($subAdmin, $uid); }
public static function changeUserPassword($args) { // Check if we are an user \OC_JSON::callCheck(); \OC_JSON::checkLoggedIn(); if (isset($_POST['username'])) { $username = $_POST['username']; } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('No user supplied')))); exit; } $password = isset($_POST['password']) ? $_POST['password'] : null; $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null; if (\OC_User::isAdminUser(\OC_User::getUser())) { $userstatus = 'admin'; } elseif (\OC_SubAdmin::isUserAccessible(\OC_User::getUser(), $username)) { $userstatus = 'subadmin'; } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (\OC_App::isEnabled('encryption')) { //handle the recovery case $crypt = new \OCA\Encryption\Crypto\Crypt(\OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig()); $keyStorage = \OC::$server->getEncryptionKeyStorage(); $util = new \OCA\Encryption\Util(new \OC\Files\View(), $crypt, \OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getUserManager()); $keyManager = new \OCA\Encryption\KeyManager($keyStorage, $crypt, \OC::$server->getConfig(), \OC::$server->getUserSession(), new \OCA\Encryption\Session(\OC::$server->getSession()), \OC::$server->getLogger(), $util); $recovery = new \OCA\Encryption\Recovery(\OC::$server->getUserSession(), $crypt, \OC::$server->getSecureRandom(), $keyManager, \OC::$server->getConfig(), $keyStorage, \OC::$server->getEncryptionFilesHelper(), new \OC\Files\View()); $recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled(); $validRecoveryPassword = false; $recoveryEnabledForUser = false; if ($recoveryAdminEnabled) { $validRecoveryPassword = $keyManager->checkRecoveryPassword($recoveryPassword); $recoveryEnabledForUser = $recovery->isRecoveryEnabledForUser($username); } $l = new \OC_L10n('settings'); if ($recoveryEnabledForUser && $recoveryPassword === '') { \OC_JSON::error(array('data' => array('message' => $l->t('Please provide an admin recovery password, otherwise all user data will be lost')))); } elseif ($recoveryEnabledForUser && !$validRecoveryPassword) { \OC_JSON::error(array('data' => array('message' => $l->t('Wrong admin recovery password. Please check the password and try again.')))); } else { // now we know that everything is fine regarding the recovery password, let's try to change the password $result = \OC_User::setPassword($username, $password, $recoveryPassword); if (!$result && $recoveryEnabledForUser) { \OC_JSON::error(array("data" => array("message" => $l->t("Backend doesn't support password change, but the user's encryption key was successfully updated.")))); } elseif (!$result && !$recoveryEnabledForUser) { \OC_JSON::error(array("data" => array("message" => $l->t("Unable to change password")))); } else { \OC_JSON::success(array("data" => array("username" => $username))); } } } else { // if encryption is disabled, proceed if (!is_null($password) && \OC_User::setPassword($username, $password)) { \OC_JSON::success(array('data' => array('username' => $username))); } else { \OC_JSON::error(array('data' => array('message' => $l->t('Unable to change password')))); } } }
<?php OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $success = true; $username = $_POST["username"]; $group = $_POST["group"]; if ($username == OC_User::getUser() && $group == "admin" && OC_Group::inGroup($username, 'admin')) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group')))); exit; } if (!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (!OC_Group::groupExists($group)) { OC_Group::createGroup($group); } $l = OC_L10N::get('settings'); $error = $l->t("Unable to add user to group %s", $group); $action = "add"; // Toggle group if (OC_Group::inGroup($username, $group)) { $action = "remove"; $error = $l->t("Unable to remove user from group %s", $group); $success = OC_Group::removeFromGroup($username, $group); $usersInGroup = OC_Group::usersInGroup($group); if (count($usersInGroup) == 0) { OC_Group::deleteGroup($group);