예제 #1
0
 /**
  * @param string $uri
  * @param string $principalPrefix
  * @return string
  */
 function findByUri($uri, $principalPrefix)
 {
     if (substr($uri, 0, 7) === 'mailto:') {
         $email = substr($uri, 7);
         $users = $this->userManager->getByEmail($email);
         if (count($users) === 1) {
             return $this->principalPrefix . '/' . $users[0]->getUID();
         }
     }
     return '';
 }
예제 #2
0
 protected function isTwoFactorEnforced($username)
 {
     Util::emitHook('\\OCA\\Files_Sharing\\API\\Server2Server', 'preLoginNameUsedAsUserName', array('uid' => &$username));
     $user = $this->manager->get($username);
     if (is_null($user)) {
         $users = $this->manager->getByEmail($username);
         if (count($users) !== 1) {
             return true;
         }
         $user = $users[0];
     }
     // DI not possible due to cyclic dependencies :'-/
     return OC::$server->getTwoFactorAuthManager()->isTwoFactorAuthenticated($user);
 }
예제 #3
0
 /**
  * @PublicPage
  * @UseSession
  *
  * @param string $user
  * @param string $password
  * @param string $redirect_url
  * @return RedirectResponse
  */
 public function tryLogin($user, $password, $redirect_url)
 {
     $originalUser = $user;
     // TODO: Add all the insane error handling
     /* @var $loginResult IUser */
     $loginResult = $this->userManager->checkPassword($user, $password);
     if ($loginResult === false) {
         $users = $this->userManager->getByEmail($user);
         // we only allow login by email if unique
         if (count($users) === 1) {
             $user = $users[0]->getUID();
             $loginResult = $this->userManager->checkPassword($user, $password);
         }
     }
     if ($loginResult === false) {
         $this->session->set('loginMessages', [['invalidpassword']]);
         // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
         $args = !is_null($user) ? ['user' => $originalUser] : [];
         return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
     }
     // TODO: remove password checks from above and let the user session handle failures
     // requires https://github.com/owncloud/core/pull/24616
     $this->userSession->login($user, $password);
     $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password);
     if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
         $this->twoFactorManager->prepareTwoFactorLogin($loginResult);
         if (!is_null($redirect_url)) {
             return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', ['redirect_url' => $redirect_url]));
         }
         return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
     }
     if (!is_null($redirect_url) && $this->userSession->isLoggedIn()) {
         $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirect_url));
         // Deny the redirect if the URL contains a @
         // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
         if (strpos($location, '@') === false) {
             return new RedirectResponse($location);
         }
     }
     return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
 }