From 0828df5ed4d8488570821b07baaaa7449be3ba64 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Thu, 11 May 2017 16:46:43 +0200
Subject: [PATCH] Disable the API endpoints as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
---
core/Controller/LostController.php | 16 ++++++++++++++
core/js/lostpassword.js | 4 +++-
tests/Core/Controller/LostControllerTest.php | 22 +++++++-------------
3 files changed, 26 insertions(+), 16 deletions(-)
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 3f9ef172365..0d5988a2495 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -131,6 +131,14 @@ class LostController extends Controller {
* @return TemplateResponse
*/
public function resetform($token, $userId) {
+ if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+ return new TemplateResponse('core', 'error', [
+ 'errors' => [['error' => $this->l10n->t('Password reset is disabled')]]
+ ],
+ 'guest'
+ );
+ }
+
try {
$this->checkPasswordResetToken($token, $userId);
} catch (\Exception $e) {
@@ -211,6 +219,10 @@ class LostController extends Controller {
* @return JSONResponse
*/
public function email($user){
+ if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+ return new JSONResponse($this->error($this->l10n->t('Password reset is disabled')));
+ }
+
// FIXME: use HTTP error codes
try {
$this->sendEmail($user);
@@ -234,6 +246,10 @@ class LostController extends Controller {
* @return array
*/
public function setPassword($token, $userId, $password, $proceed) {
+ if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+ return $this->error($this->l10n->t('Password reset is disabled'));
+ }
+
if ($this->encryptionManager->isEnabled() && !$proceed) {
return $this->error('', array('encryption' => true));
}
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 2f96911f162..1923b73a179 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -22,7 +22,9 @@ OC.Lostpassword = {
if (!$('#user').val().length){
$('#submit').trigger('click');
} else {
- if (OC.config.lost_password_link) {
+ if (OC.config.lost_password_link === 'disabled') {
+ return;
+ } else if (OC.config.lost_password_link) {
window.location = OC.config.lost_password_link;
} else {
$.post(
diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php
index d7d9094c485..d7098aafcc2 100644
--- a/tests/Core/Controller/LostControllerTest.php
+++ b/tests/Core/Controller/LostControllerTest.php
@@ -86,9 +86,13 @@ class LostControllerTest extends \Test\TestCase {
->willReturn('ExistingUser');
$this->config = $this->createMock(IConfig::class);
- $this->config->method('getSystemValue')
- ->with('secret', null)
- ->willReturn('SECRET');
+ $this->config->expects($this->any())
+ ->method('getSystemValue')
+ ->willReturnMap([
+ ['secret', null, 'SECRET'],
+ ['secret', '', 'SECRET'],
+ ['lost_password_link', '', ''],
+ ]);
$this->l10n = $this->createMock(IL10N::class);
$this->l10n
->expects($this->any())
@@ -347,10 +351,6 @@ class LostControllerTest extends \Test\TestCase {
->method('send')
->with($message);
- $this->config->method('getSystemValue')
- ->with('secret', '')
- ->willReturn('SECRET');
-
$this->crypto->method('encrypt')
->with(
$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),
@@ -434,10 +434,6 @@ class LostControllerTest extends \Test\TestCase {
->method('send')
->with($message);
- $this->config->method('getSystemValue')
- ->with('secret', '')
- ->willReturn('SECRET');
-
$this->crypto->method('encrypt')
->with(
$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),
@@ -516,10 +512,6 @@ class LostControllerTest extends \Test\TestCase {
->with($message)
->will($this->throwException(new \Exception()));
- $this->config->method('getSystemValue')
- ->with('secret', '')
- ->willReturn('SECRET');
-
$this->crypto->method('encrypt')
->with(
$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),
--
GitLab