/** * add server to the list of trusted ownCloud servers * * @param $url * @return int server id */ public function addServer($url) { $url = $this->updateProtocol($url); $result = $this->dbHandler->addServer($url); if ($result) { $token = $this->secureRandom->getMediumStrengthGenerator()->generate(16); $this->dbHandler->addToken($url, $token); $this->jobList->add('OCA\\Federation\\BackgroundJob\\RequestSharedSecret', ['url' => $url, 'token' => $token]); } return $result; }
/** * @param string $user * @throws \Exception */ protected function sendEmail($user) { if (!$this->userManager->userExists($user)) { throw new \Exception($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.')); } $email = $this->config->getUserValue($user, 'settings', 'email'); if (empty($email)) { throw new \Exception($this->l10n->t('Couldn\'t send reset email because there is no ' . 'email address for this username. Please ' . 'contact your administrator.')); } $token = $this->secureRandom->getMediumStrengthGenerator()->generate(21, ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER); $this->config->setUserValue($user, 'owncloud', 'lostpassword', $token); $link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user, 'token' => $token)); $tmpl = new \OC_Template('core/lostpassword', 'email'); $tmpl->assign('link', $link, false); $msg = $tmpl->fetchPage(); try { $message = $this->mailer->createMessage(); $message->setTo([$email => $user]); $message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()])); $message->setPlainBody($msg); $message->setFrom([$this->from => $this->defaults->getName()]); $this->mailer->send($message); } catch (\Exception $e) { throw new \Exception($this->l10n->t('Couldn\'t send reset email. Please contact your administrator.')); } }
/** * @param IConfig $config * @param ICrypto $crypto * @param ISecureRandom $random * @param IRequest $request */ public function __construct(IConfig $config, ICrypto $crypto, ISecureRandom $random, IRequest $request) { $this->crypto = $crypto; $this->config = $config; $this->random = $random; if (!is_null($request->getCookie(self::COOKIE_NAME))) { $this->passphrase = $request->getCookie(self::COOKIE_NAME); } else { $this->passphrase = $this->random->getMediumStrengthGenerator()->generate(128); $secureCookie = $request->getServerProtocol() === 'https'; // FIXME: Required for CI if (!defined('PHPUNIT_RUN')) { setcookie(self::COOKIE_NAME, $this->passphrase, 0, \OC::$WEBROOT, '', $secureCookie, true); } } }
/** * create shared secret and return it * * @return \OC_OCS_Result */ public function getSharedSecret() { $url = $this->request->getParam('url'); $token = $this->request->getParam('token'); if ($this->trustedServers->isTrustedServer($url) === false || $this->isValidToken($url, $token) === false) { return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } $sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32); $this->trustedServers->addSharedSecret($url, $sharedSecret); // reset token after the exchange of the shared secret was successful $this->dbHandler->addToken($url, ''); return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); }
/** * create shared secret and return it * * @return \OC_OCS_Result */ public function getSharedSecret() { $url = $this->request->getParam('url'); $token = $this->request->getParam('token'); if ($this->trustedServers->isTrustedServer($url) === false) { $this->logger->log(\OCP\Util::ERROR, 'remote server not trusted (' . $url . ') while getting shared secret'); return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } if ($this->isValidToken($url, $token) === false) { $this->logger->log(\OCP\Util::ERROR, 'remote server (' . $url . ') didn\'t send a valid token (got ' . $token . ') while getting shared secret'); return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } $sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32); $this->trustedServers->addSharedSecret($url, $sharedSecret); // reset token after the exchange of the shared secret was successful $this->dbHandler->addToken($url, ''); return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); }
/** * generate one time password for the user and store it in a array * * @param string $uid * @return string password */ protected function generateOneTimePassword($uid) { $password = $this->secureRandom->getMediumStrengthGenerator()->generate(8); $this->userPasswords[$uid] = $password; return $password; }
/** * @param $options * @return array */ public function install($options) { $l = $this->l10n; $error = array(); $dbType = $options['dbtype']; if (empty($options['adminlogin'])) { $error[] = $l->t('Set an admin username.'); } if (empty($options['adminpass'])) { $error[] = $l->t('Set an admin password.'); } if (empty($options['directory'])) { $options['directory'] = \OC::$SERVERROOT . "/data"; } if (!isset(self::$dbSetupClasses[$dbType])) { $dbType = 'sqlite'; } $username = htmlspecialchars_decode($options['adminlogin']); $password = htmlspecialchars_decode($options['adminpass']); $dataDir = htmlspecialchars_decode($options['directory']); $class = self::$dbSetupClasses[$dbType]; /** @var \OC\Setup\AbstractDatabase $dbSetup */ $dbSetup = new $class($l, 'db_structure.xml', $this->config, $this->logger, $this->random); $error = array_merge($error, $dbSetup->validate($options)); // validate the data directory if (!is_dir($dataDir) and !mkdir($dataDir) or !is_writable($dataDir)) { $error[] = $l->t("Can't create or write into the data directory %s", array($dataDir)); } if (count($error) != 0) { return $error; } $request = \OC::$server->getRequest(); //no errors, good if (isset($options['trusted_domains']) && is_array($options['trusted_domains'])) { $trustedDomains = $options['trusted_domains']; } else { $trustedDomains = [$request->getInsecureServerHost()]; } if (\OC_Util::runningOnWindows()) { $dataDir = rtrim(realpath($dataDir), '\\'); } //use sqlite3 when available, otherwise sqlite2 will be used. if ($dbType == 'sqlite' and class_exists('SQLite3')) { $dbType = 'sqlite3'; } //generate a random salt that is used to salt the local user passwords $salt = $this->random->getLowStrengthGenerator()->generate(30); // generate a secret $secret = $this->random->getMediumStrengthGenerator()->generate(48); //write the config file $this->config->setSystemValues(['passwordsalt' => $salt, 'secret' => $secret, 'trusted_domains' => $trustedDomains, 'datadirectory' => $dataDir, 'overwrite.cli.url' => $request->getServerProtocol() . '://' . $request->getInsecureServerHost() . \OC::$WEBROOT, 'dbtype' => $dbType, 'version' => implode('.', \OC_Util::getVersion())]); try { $dbSetup->initialize($options); $dbSetup->setupDatabase($username); } catch (\OC\DatabaseSetupException $e) { $error[] = array('error' => $e->getMessage(), 'hint' => $e->getHint()); return $error; } catch (Exception $e) { $error[] = array('error' => 'Error while trying to create admin user: '******'hint' => ''); return $error; } //create the user and group $user = null; try { $user = \OC::$server->getUserManager()->createUser($username, $password); if (!$user) { $error[] = "User <{$username}> could not be created."; } } catch (Exception $exception) { $error[] = $exception->getMessage(); } if (count($error) == 0) { $config = \OC::$server->getConfig(); $config->setAppValue('core', 'installedat', microtime(true)); $config->setAppValue('core', 'lastupdatedat', microtime(true)); $group = \OC::$server->getGroupManager()->createGroup('admin'); $group->addUser($user); \OC_User::login($username, $password); //guess what this does \OC_Installer::installShippedApps(); // create empty file in data dir, so we can later find // out that this is indeed an ownCloud data directory file_put_contents($config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') . '/.ocdata', ''); // Update .htaccess files Setup::updateHtaccess(); Setup::protectDataDirectory(); //try to write logtimezone if (date_default_timezone_get()) { $config->setSystemValue('logtimezone', date_default_timezone_get()); } //and we are done $config->setSystemValue('installed', true); } return $error; }