/**
* @brief Checks the password of a user.
* @param string $userName ownCloud user name whose password will be checked.
* @param string $password ownCloud password.
* @return bool True if the password is correct, false otherwise.
*
*/
private static function checkPassword($userName, $password)
{
// Check password normally
if (\OCP\User::checkPassword($userName, $password) != false) {
return true;
}
return false;
}
<?php
/**
* Copyright (c) 2013, Bjoern Schiessle <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* check migration status
*/
use OCA\Encryption\Util;
\OCP\JSON::checkAppEnabled('files_encryption');
$loginname = isset($_POST['user']) ? $_POST['user'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$migrationStatus = Util::MIGRATION_COMPLETED;
if ($loginname !== '' && $password !== '') {
$username = \OCP\User::checkPassword($loginname, $password);
if ($username) {
$util = new Util(new \OC\Files\View('/'), $username);
$migrationStatus = $util->getMigrationStatus();
}
}
\OCP\JSON::success(array('data' => array('migrationStatus' => $migrationStatus)));
public function testCheckPasswordPublicAPIWrongUser()
{
$access = $this->getAccessMock();
$this->prepareAccessForCheckPassword($access);
$backend = new UserLDAP($access, $this->getMock('\\OCP\\IConfig'));
\OC_User::useBackend($backend);
$result = \OCP\User::checkPassword('mallory', 'evil');
$this->assertFalse($result);
}
public function testCheckPasswordPublicAPI()
{
$access = $this->getAccessMock();
$this->prepareAccessForCheckPassword($access);
$backend = new UserLDAP($access);
\OC_User::useBackend($backend);
$result = \OCP\User::checkPassword('roland', 'dt19');
$this->assertEquals('gunslinger', $result);
$result = \OCP\User::checkPassword('roland', 'wrong');
$this->assertFalse($result);
$result = \OCP\User::checkPassword('mallory', 'evil');
$this->assertFalse($result);
}
*
*/
\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('core');
$return = false;
$errorMessage = $l->t('Could not update the private key password.');
$oldPassword = (string) $_POST['oldPassword'];
$newPassword = (string) $_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Files_Encryption\Session($view);
$user = \OCP\User::getUser();
$loginName = \OC::$server->getUserSession()->getLoginName();
// check new password
$passwordCorrect = \OCP\User::checkPassword($loginName, $newPassword);
if ($passwordCorrect !== false) {
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, $user);
$decryptedKey = $encryptedKey ? \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword) : false;
if ($decryptedKey) {
$cipher = \OCA\Files_Encryption\Helper::getCipher();
$encryptedKey = \OCA\Files_Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword, $cipher);
if ($encryptedKey) {
\OCA\Files_Encryption\Keymanager::setPrivateKey($encryptedKey, $user);
$session->setPrivateKey($decryptedKey);
$return = true;
}
} else {
$result = false;
/**
* @brief Checks the password of a user. Additionally verifies whether user
* is member of group that is allowed to use Mozilla Sync.
*
* Checks the supplied password for the user. If the LDAP app is also
* active it tries to authenticate against it as well. For this to work the
* User Login Filter in the admin panel needs to be set to something
* like (|(uid=%uid)(mail=$uid)) .
*
* @param string $userName ownCloud user name whose password will be checked.
* @param string $password ownCloud password.
* @return bool True if the password is correct, false otherwise.
*
*/
private static function checkPassword($userName, $password)
{
// NOTE: Since ownCloud 7 authentication apps are loaded automatically
// Check if user is allowed to use Mozilla Sync
if (self::checkUserIsAllowed($userName) === false) {
return false;
}
// Check password normally
if (\OCP\User::checkPassword($userName, $password) != false) {
return true;
}
// Check if the LDAP app is enabled
if (\OCP\App::isEnabled('user_ldap')) {
// Convert user name to email address
$email = self::userNameToEmail($userName);
if ($email === false) {
return false;
}
// Check password with email instead of user name as internal
// ownCloud user name and LDAP user ID are likely not to match
$res = \OCP\User::checkPassword($email, $password) != false;
if ($res === false) {
Utils::writeLog("LDAP password did not match for user " . $userName . " with email address " . $email . ".");
}
return $res;
}
Utils::writeLog("Password did not match for user " . $userName . ".");
return false;
}
/**
* @brief Authenticate user by HTTP Basic Authorization user and password
*
* @param string $userHash User hash parameter specified by Url parameter
* @return boolean
*/
public static function authenticateUser($userHash)
{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
return false;
}
// user name parameter and authentication user name doen't match
if ($userHash != $_SERVER['PHP_AUTH_USER']) {
return false;
}
$userId = self::userHashToUserName($userHash);
if ($userId == false) {
return false;
}
return \OCP\User::checkPassword($userId, $_SERVER['PHP_AUTH_PW']);
}
