From 36cd7ad2901ea6de4b8d388121eed138db106fe3 Mon Sep 17 00:00:00 2001 From: Jonas Date: Wed, 15 Jan 2020 19:05:29 +0100 Subject: [PATCH 1/2] Force a password reset for admin set passwords Signed-off-by: Jonas --- apps/provisioning_api/lib/Controller/UsersController.php | 7 +++++++ core/Controller/LoginController.php | 7 +++++++ core/Controller/LostController.php | 9 +++++++++ 3 files changed, 23 insertions(+) diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index 7f239269262f2..3b187b7764790 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -349,6 +349,9 @@ public function addUser(string $userid, 'app' => 'ocs_api', ]); } + } else { + //Password was provided by the admin + $this->editUser($userid, 'initial', 'true'); } return new DataResponse(['id' => $userid]); @@ -520,6 +523,7 @@ public function editUser(string $userId, string $key, string $value): DataRespon $permittedFields[] = AccountManager::PROPERTY_WEBSITE; $permittedFields[] = AccountManager::PROPERTY_TWITTER; $permittedFields[] = 'quota'; + $permittedFields[] = 'initial'; } else { // No rights throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); @@ -594,6 +598,9 @@ public function editUser(string $userId, string $key, string $value): DataRespon $this->accountManager->updateUser($targetUser, $userAccount); } break; + case 'initial': + $this->config->setUserValue($targetUser->getUID(), 'core', 'initial', $value); + break; default: throw new OCSException('', 103); } diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 13aef8f67ab0d..30c658c28c376 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -306,6 +306,13 @@ public function tryLogin(string $user, $result->getErrorMessage() ); } + + if($this->config->getUserValue($user, 'core', 'initial') === 'true') { + $token = $this->config->getUserKeys($user, 'login_token')[0]; + $token = str_replace('/', 'A', $token); + return new RedirectResponse( + $this->urlGenerator->linkToRouteAbsolute('core.lost.resetform', ['userId' => $user, 'token' => $token])); + } if ($result->getRedirectUrl() !== null) { return new RedirectResponse($result->getRedirectUrl()); diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index e8d9b8675b657..f084ea5ca0a11 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -199,6 +199,15 @@ protected function checkPasswordResetToken($token, $userId) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); } + if($this->config->getUserValue($userId, 'core', 'initial') === 'true') + + $token = $this->config->getUserKeys($userId, 'login_token')[0]; + $token = str_replace('/', 'A', $token); + + if($token === $token) { + return true; + } + $encryptedToken = $this->config->getUserValue($userId, 'core', 'lostpassword', null); if ($encryptedToken === null) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); From 15366967d03cb2a66edd250f8a4741da6b2773e8 Mon Sep 17 00:00:00 2001 From: Jonas Date: Wed, 15 Jan 2020 19:27:58 +0100 Subject: [PATCH 2/2] Remove inital flag after user changed password Signed-off-by: Jonas --- core/Controller/LostController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php index f084ea5ca0a11..4a20f3e9c1e65 100644 --- a/core/Controller/LostController.php +++ b/core/Controller/LostController.php @@ -326,6 +326,7 @@ public function setPassword($token, $userId, $password, $proceed) { $this->twoFactorManager->clearTwoFactorPending($userId); $this->config->deleteUserValue($userId, 'core', 'lostpassword'); + $this->config->deleteUserValue($userId, 'core', 'initial'); @\OC::$server->getUserSession()->unsetMagicInCookie(); } catch (HintException $e){ return $this->error($e->getHint());