/** * @brief Checks the password of a user. * @param string $userName ownCloud user name whose password will be checked. * @param string $password ownCloud password. * @return bool True if the password is correct, false otherwise. * */ private static function checkPassword($userName, $password) { // Check password normally if (\OCP\User::checkPassword($userName, $password) != false) { return true; } return false; }
<?php /** * Copyright (c) 2013, Bjoern Schiessle <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. * * check migration status */ use OCA\Encryption\Util; \OCP\JSON::checkAppEnabled('files_encryption'); $loginname = isset($_POST['user']) ? $_POST['user'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; $migrationStatus = Util::MIGRATION_COMPLETED; if ($loginname !== '' && $password !== '') { $username = \OCP\User::checkPassword($loginname, $password); if ($username) { $util = new Util(new \OC\Files\View('/'), $username); $migrationStatus = $util->getMigrationStatus(); } } \OCP\JSON::success(array('data' => array('migrationStatus' => $migrationStatus)));
public function testCheckPasswordPublicAPIWrongUser() { $access = $this->getAccessMock(); $this->prepareAccessForCheckPassword($access); $backend = new UserLDAP($access, $this->getMock('\\OCP\\IConfig')); \OC_User::useBackend($backend); $result = \OCP\User::checkPassword('mallory', 'evil'); $this->assertFalse($result); }
public function testCheckPasswordPublicAPI() { $access = $this->getAccessMock(); $this->prepareAccessForCheckPassword($access); $backend = new UserLDAP($access); \OC_User::useBackend($backend); $result = \OCP\User::checkPassword('roland', 'dt19'); $this->assertEquals('gunslinger', $result); $result = \OCP\User::checkPassword('roland', 'wrong'); $this->assertFalse($result); $result = \OCP\User::checkPassword('mallory', 'evil'); $this->assertFalse($result); }
* */ \OCP\JSON::checkLoggedIn(); \OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); $l = \OC::$server->getL10N('core'); $return = false; $errorMessage = $l->t('Could not update the private key password.'); $oldPassword = (string) $_POST['oldPassword']; $newPassword = (string) $_POST['newPassword']; $view = new \OC\Files\View('/'); $session = new \OCA\Files_Encryption\Session($view); $user = \OCP\User::getUser(); $loginName = \OC::$server->getUserSession()->getLoginName(); // check new password $passwordCorrect = \OCP\User::checkPassword($loginName, $newPassword); if ($passwordCorrect !== false) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; $encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, $user); $decryptedKey = $encryptedKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false; if ($decryptedKey) { $cipher = \OCA\Files_Encryption\Helper::getCipher(); $encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher); if ($encryptedKey) { \OCA\Files_Encryption\Keymanager::setPrivateKey($encryptedKey, $user); $session->setPrivateKey($decryptedKey); $return = true; } } else { $result = false;
/** * @brief Checks the password of a user. Additionally verifies whether user * is member of group that is allowed to use Mozilla Sync. * * Checks the supplied password for the user. If the LDAP app is also * active it tries to authenticate against it as well. For this to work the * User Login Filter in the admin panel needs to be set to something * like (|(uid=%uid)(mail=$uid)) . * * @param string $userName ownCloud user name whose password will be checked. * @param string $password ownCloud password. * @return bool True if the password is correct, false otherwise. * */ private static function checkPassword($userName, $password) { // NOTE: Since ownCloud 7 authentication apps are loaded automatically // Check if user is allowed to use Mozilla Sync if (self::checkUserIsAllowed($userName) === false) { return false; } // Check password normally if (\OCP\User::checkPassword($userName, $password) != false) { return true; } // Check if the LDAP app is enabled if (\OCP\App::isEnabled('user_ldap')) { // Convert user name to email address $email = self::userNameToEmail($userName); if ($email === false) { return false; } // Check password with email instead of user name as internal // ownCloud user name and LDAP user ID are likely not to match $res = \OCP\User::checkPassword($email, $password) != false; if ($res === false) { Utils::writeLog("LDAP password did not match for user " . $userName . " with email address " . $email . "."); } return $res; } Utils::writeLog("Password did not match for user " . $userName . "."); return false; }
/** * @brief Authenticate user by HTTP Basic Authorization user and password * * @param string $userHash User hash parameter specified by Url parameter * @return boolean */ public static function authenticateUser($userHash) { if (!isset($_SERVER['PHP_AUTH_USER'])) { return false; } // user name parameter and authentication user name doen't match if ($userHash != $_SERVER['PHP_AUTH_USER']) { return false; } $userId = self::userHashToUserName($userHash); if ($userId == false) { return false; } return \OCP\User::checkPassword($userId, $_SERVER['PHP_AUTH_PW']); }