/**
* Check if given timestamp in expiration range
* @param int $timestamp
* @param bool $quotaExceeded
* @return bool
*/
public function isExpired($timestamp, $quotaExceeded = false)
{
// No expiration if disabled
if (!$this->isEnabled()) {
return false;
}
// Purge to save space (if allowed)
if ($quotaExceeded && $this->canPurgeToSaveSpace) {
return true;
}
$time = $this->timeFactory->getTime();
// Never expire dates in future e.g. misconfiguration or negative time
// adjustment
if ($time < $timestamp) {
return false;
}
// Purge as too old
if ($this->maxAge !== self::NO_OBLIGATION) {
$maxTimestamp = $time - $this->maxAge * 86400;
$isOlderThanMax = $timestamp < $maxTimestamp;
} else {
$isOlderThanMax = false;
}
if ($this->minAge !== self::NO_OBLIGATION) {
// older than Min obligation and we are running out of quota?
$minTimestamp = $time - $this->minAge * 86400;
$isMinReached = $timestamp < $minTimestamp && $quotaExceeded;
} else {
$isMinReached = false;
}
return $isOlderThanMax || $isMinReached;
}
/**
* @param $argument
*/
protected function run($argument)
{
// Delete old tokens after 2 days
if ($this->timeFactory->getTime() - $this->config->getAppValue('core', 'updater.secret.created', $this->timeFactory->getTime()) >= 172800) {
$this->config->deleteSystemValue('updater.secret');
}
}
/**
* @return DataResponse
*/
public function createCredentials()
{
// Create a new job and store the creation date
$this->jobList->add('OCA\\UpdateNotification\\ResetTokenBackgroundJob');
$this->config->setAppValue('core', 'updater.secret.created', $this->timeFactory->getTime());
// Create a new token
$newToken = $this->secureRandom->generate(64);
$this->config->setSystemValue('updater.secret', password_hash($newToken, PASSWORD_DEFAULT));
return new DataResponse($newToken);
}
/**
* @param string $user
* @throws \Exception
*/
protected function sendEmail($user)
{
if (!$this->userManager->userExists($user)) {
throw new \Exception($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
}
$email = $this->config->getUserValue($user, 'settings', 'email');
if (empty($email)) {
throw new \Exception($this->l10n->t('Couldn\'t send reset email because there is no ' . 'email address for this username. Please ' . 'contact your administrator.'));
}
$token = $this->secureRandom->getMediumStrengthGenerator()->generate(21, ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER);
$this->config->setUserValue($user, 'owncloud', 'lostpassword', $this->timeFactory->getTime() . ':' . $token);
$link = $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', array('userId' => $user, 'token' => $token));
$tmpl = new \OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link);
$msg = $tmpl->fetchPage();
try {
$message = $this->mailer->createMessage();
$message->setTo([$email => $user]);
$message->setSubject($this->l10n->t('%s password reset', [$this->defaults->getName()]));
$message->setPlainBody($msg);
$message->setFrom([$this->from => $this->defaults->getName()]);
$this->mailer->send($message);
} catch (\Exception $e) {
throw new \Exception($this->l10n->t('Couldn\'t send reset email. Please contact your administrator.'));
}
}
/**
* @param IToken $dbToken
* @param string $token
* @return boolean
*/
private function checkTokenCredentials(IToken $dbToken, $token)
{
// Check whether login credentials are still valid and the user was not disabled
// This check is performed each 5 minutes
$lastCheck = $dbToken->getLastCheck() ?: 0;
$now = $this->timeFacory->getTime();
if ($lastCheck > $now - 60 * 5) {
// Checked performed recently, nothing to do now
return true;
}
try {
$pwd = $this->tokenProvider->getPassword($dbToken, $token);
} catch (InvalidTokenException $ex) {
// An invalid token password was used -> log user out
return false;
} catch (PasswordlessTokenException $ex) {
// Token has no password
if (!is_null($this->activeUser) && !$this->activeUser->isEnabled()) {
$this->tokenProvider->invalidateToken($token);
return false;
}
$dbToken->setLastCheck($now);
$this->tokenProvider->updateToken($dbToken);
return true;
}
if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false || !is_null($this->activeUser) && !$this->activeUser->isEnabled()) {
$this->tokenProvider->invalidateToken($token);
// Password has changed or user was disabled -> log user out
return false;
}
$dbToken->setLastCheck($now);
$this->tokenProvider->updateToken($dbToken);
return true;
}
/**
* @return bool|int
*/
public function getMaxAgeAsTimestamp()
{
$maxAge = false;
if ($this->isEnabled() && $this->maxAge !== self::NO_OBLIGATION) {
$time = $this->timeFactory->getTime();
$maxAge = $time - $this->maxAge * 86400;
}
return $maxAge;
}
/**
* @param IToken $token
*/
private function updateToken(IToken $token)
{
// To save unnecessary DB queries, this is only done once a minute
$lastTokenUpdate = $this->session->get('last_token_update') ?: 0;
$now = $this->timeFacory->getTime();
if ($lastTokenUpdate < $now - 60) {
$this->tokenProvider->updateToken($token);
$this->session->set('last_token_update', $now);
}
}
/**
* cleanup empty locks
*/
public function cleanExpiredLocks()
{
$expire = $this->timeFactory->getTime();
try {
$this->connection->executeUpdate('DELETE FROM `*PREFIX*file_locks` WHERE `ttl` < ?', [$expire]);
} catch (\Exception $e) {
// If the table is missing, the clean up was successful
if ($this->connection->tableExists('file_locks')) {
throw $e;
}
}
}
/**
* cleanup empty locks
*/
public function cleanEmptyLocks()
{
$expire = $this->timeFactory->getTime();
$this->connection->executeUpdate('DELETE FROM `*PREFIX*file_locks` WHERE `lock` = 0 AND `ttl` < ?', [$expire]);
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$this->config->setSystemValue('data-fingerprint', md5($this->timeFactory->getTime()));
}
/**
* Invalidate (delete) old session tokens
*/
public function invalidateOldTokens()
{
$olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24);
$this->logger->info('Invalidating tokens older than ' . date('c', $olderThan));
$this->mapper->invalidateOld($olderThan);
}