Basics

core/js/lostpassword.js

+
+OC.Lostpassword = {
+	sendErrorMsg : t('core', 'Couldn’t send reset email. Please contact your administrator.'),
+			
+	sendSuccessMsg : t('core', 'The link to reset your password has been sent to your email. If you do not receive it within a reasonable amount of time, check your spam/junk folders.<br>If it is not there ask your local administrator.'),
+	
+	encryptedMsg : t('core', "Your files are encrypted. If you haven't enabled the recovery key, there will be no way to get your data back after your password is reset.<br />If you are not sure what to do, please contact your administrator before you continue. <br />Do you really want to continue?")
+			+ ('<br /><input type="checkbox" id="encrypted-continue" value="Yes" />')
+			+ '<label for="encrypted-continue">'
+			+ t('core', 'I know what I\'m doing')
+			+ '</label><br />'
+			+ '<a id="lost-password-encryption" href>'
+			+ t('core', 'Reset password')
+			+ '</a>',
+			
+	resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
+	
+	init : function() {
+		if ($('#lost-password-encryption').length){
+			$('#lost-password-encryption').click(OC.Lostpassword.sendLink);
+		} else {
+			$('#lost-password').click(OC.Lostpassword.sendLink);
+		}
+		$('#reset-password #submit').click(OC.Lostpassword.resetPassword);
+	},
+			
+	sendLink : function(event){
+		event.preventDefault();
+		if (!$('#user').val().length){
+			$('#submit').trigger('click');
+		} else {
+			$.post(
+					OC.filePath('core', 'ajax', 'password/lost'), 
+					{ 
+						user : $('#user').val(),
+						proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
+					}, 
+					OC.Lostpassword.sendLinkDone
+			);
+		}
+	},
+			
+	sendLinkDone : function(result){
+		if (result && result.status === 'success'){
+			OC.Lostpassword.sendLinkSuccess();
+		} else {
+			if (result && result.msg){
+				var sendErrorMsg = result.msg;
+			} else if (result && result.encryption) {
+				var sendErrorMsg = OC.Lostpassword.encryptedMsg;
+			} else {
+				var sendErrorMsg = OC.Lostpassword.sendErrorMsg;
+			}
+			OC.Lostpassword.sendLinkError(sendErrorMsg);
+		}
+	},
+			
+	sendLinkSuccess : function(msg){
+		var node = OC.Lostpassword.getSendStatusNode();
+		node.addClass('success').css({width:'auto'});
+		node.html(OC.Lostpassword.sendSuccessMsg);
+	},
+			
+	sendLinkError : function(msg){
+		var node = OC.Lostpassword.getSendStatusNode();
+		node.addClass('warning');
+		node.html(msg);
+		OC.Lostpassword.init();
+	},
+			
+	getSendStatusNode : function(){
+		if (!$('#lost-password').length){
+			$('<p id="lost-password"></p>').insertBefore($('#remember_login'));
+		} else {
+			$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
+		}
+		return $('#lost-password');
+	},
+	
+	resetPassword : function(event){
+		event.preventDefault();
+		if ($('#password').val()){
+			$.post(
+					$('#password').parents('form').attr('action'),
+					{ 
+						password : $('#password').val()
+					},
+					OC.Lostpassword.resetDone
+			);
+		}
+	},
+			
+	resetDone : function(result){
+		if (result && result.status === 'success'){
+			$.post(
+					OC.webroot + '/',
+					{
+						user : window.location.href.split('/').pop(),
+						password : $('#password').val()
+					},
+					OC.Lostpassword.redirect
+			);
+		} else {
+			if (result && result.msg){
+				var resetErrorMsg = result.msg;
+			} else {
+				var resetErrorMsg = OC.Lostpassword.resetErrorMsg;
+			}
+			OC.Lostpassword.resetError(resetErrorMsg);
+		}
+	},
+	
+	redirect : function(msg){
+		window.location = OC.webroot;
+	},
+			
+	resetError : function(msg){
+		var node = OC.Lostpassword.getResetStatusNode();
+		node.addClass('warning');
+		node.html(msg);
+	},
+	
+	getResetStatusNode : function (){
+		if (!$('#lost-password').length){
+			$('<p id="lost-password"></p>').insertAfter($('#submit'));
+		} else {
+			$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
+		}
+		return $('#lost-password');
+	}
+
+};
+
+$(document).ready(OC.Lostpassword.init);

core/lostpassword/ajaxcontroller.php

+<?php
+/**
+ * @author Victor Dubiniuk
+ * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+ 
+namespace OC\Core\LostPassword;
+
+class AjaxController {
+	public static function lost()	{
+		\OCP\JSON::callCheck();
+	
+		try {
+			Controller::sendEmail(@$_POST['user'], @$_POST['proceed']);
+			\OCP\JSON::success();
+		} catch (EncryptedDataException $e){
+			\OCP\JSON::error(
+				array('encryption' => '1')
+			);
+		} catch (\Exception $e){
+			\OCP\JSON::error(
+				array('msg'=> $e->getMessage())
+			);
+		}
+		
+		exit();
+	}
+	
+	public static function resetPassword($args) {
+		\OCP\JSON::callCheck();
+		try {
+			Controller::resetPassword($args);
+			\OCP\JSON::success();
+		} catch (Exception $e){
+			\OCP\JSON::error(
+				array('msg'=> $e->getMessage())
+			);
+		}
+		exit();
+	}
+}

core/lostpassword/controller.php

@@ -36,47 +36,37 @@ class Controller {
 		return \OC_Preferences::getValue($user, 'owncloud', 'lostpassword') === hash('sha256', $token);
 	}
 
-	public static function index($args) {
-		self::displayLostPasswordPage(false, false);
-	}
-
-	public static function sendEmail($args) {
-
+	public static function sendEmail($user, $proceed) {
+		$l = \OC_L10N::get('core');
 		$isEncrypted = \OC_App::isEnabled('files_encryption');
 
-		if(!$isEncrypted || isset($_POST['continue'])) {
-			$continue = true;
-		} else {
-			$continue = false;
+		if ($isEncrypted && $proceed !== 'Yes'){
+			throw new EncryptedDataException();
 		}
 
-		if (\OC_User::userExists($_POST['user']) && $continue) {
-			$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
-			\OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword',
-				hash('sha256', $token)); // Hash the token again to prevent timing attacks
-			$email = \OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
-			if (!empty($email)) {
-				$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
-					array('user' => $_POST['user'], 'token' => $token));
-				$link = \OC_Helper::makeURLAbsolute($link);
+		if (!\OC_User::userExists($user)) {
+			throw new \Exception($l->t('Couldn’t send reset email. Please make sure your username is correct.'));
+		}
+		$token = hash('sha256', \OC_Util::generateRandomBytes(30).\OC_Config::getValue('passwordsalt', ''));
+		\OC_Preferences::setValue($user, 'owncloud', 'lostpassword',
+			hash('sha256', $token)); // Hash the token again to prevent timing attacks
+		$email = \OC_Preferences::getValue($user, 'settings', 'email', '');
+		if (empty($email)) {
+			throw new \Exception($l->t('Couldn’t send reset email because there is no email address for this username. Please contact your administrator.'));
+		}
+		$link = \OC_Helper::linkToRoute('core_lostpassword_reset',
+			array('user' => $user, 'token' => $token));
+		$link = \OC_Helper::makeURLAbsolute($link);
 
-				$tmpl = new \OC_Template('core/lostpassword', 'email');
-				$tmpl->assign('link', $link, false);
-				$msg = $tmpl->fetchPage();
-				$l = \OC_L10N::get('core');
-				$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
-				try {
-					$defaults = new \OC_Defaults();
-					\OC_Mail::send($email, $_POST['user'], $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
-				} catch (Exception $e) {
-					\OC_Template::printErrorPage( $l->t('A problem has occurred whilst sending the email, please contact your administrator.') );
-				}
-				self::displayLostPasswordPage(false, true);
-			} else {
-				self::displayLostPasswordPage(true, false);
-			}
-		} else {
-			self::displayLostPasswordPage(true, false);
+		$tmpl = new \OC_Template('core/lostpassword', 'email');
+		$tmpl->assign('link', $link, false);
+		$msg = $tmpl->fetchPage();
+		$from = \OCP\Util::getDefaultEmailAddress('lostpassword-noreply');
+		try {
+			$defaults = new \OC_Defaults();
+			\OC_Mail::send($email, $user, $l->t('%s password reset', array($defaults->getName())), $msg, $from, $defaults->getName());
+		} catch (\Exception $e) {
+			throw new \Exception( $l->t('Couldn’t send reset email. Please contact your administrator.'));
 		}
 	}
 

core/lostpassword/encrypteddataexception.php

+<?php
+/**
+ * @author Victor Dubiniuk
+ * @copyright 2013 Victor Dubiniuk victor.dubiniuk@gmail.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Core\LostPassword;
+ 
+class EncryptedDataException extends \Exception{
+}

core/lostpassword/templates/lostpassword.php

@@ -8,7 +8,7 @@ OCP\Util::addStyle('lostpassword', 'lostpassword');
 	?>
 	</p></div>
 <?php else: ?>
-	<form action="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
+	<form action="<?php //print_unescaped(OC_Helper::linkToRoute('core_lostpassword_send_email')) ?>" method="post">
 		<fieldset>
 			<?php if ($_['error']): ?>
 				<div class="error"><p>

core/routes.php

@@ -70,18 +70,15 @@ $this->create('core_ajax_preview', '/core/preview')
 	->actionInclude('core/ajax/preview.php');
 $this->create('core_ajax_preview', '/core/preview.png')
 	->actionInclude('core/ajax/preview.php');
-$this->create('core_lostpassword_index', '/lostpassword/')
-	->get()
-	->action('OC\Core\LostPassword\Controller', 'index');
-$this->create('core_lostpassword_send_email', '/lostpassword/')
+$this->create('core_ajax_password_lost', '/core/ajax/password/lost')
+	->post()
+	->action('OC\Core\Lostpassword\AjaxController', 'lost');
+$this->create('core_ajax_password_reset', '/core/ajax/password/reset/{token}/{user}')
 	->post()
-	->action('OC\Core\LostPassword\Controller', 'sendEmail');
+	->action('OC\Core\LostPassword\AjaxController', 'resetPassword');
 $this->create('core_lostpassword_reset', '/lostpassword/reset/{token}/{user}')
 	->get()
 	->action('OC\Core\LostPassword\Controller', 'reset');
-$this->create('core_lostpassword_reset_password', '/lostpassword/reset/{token}/{user}')
-	->post()
-	->action('OC\Core\LostPassword\Controller', 'resetPassword');
 
 // Avatar routes
 $this->create('core_avatar_get_tmp', '/avatar/tmp')

core/templates/login.php

@@ -46,8 +46,8 @@
 		</p>
 
 		<?php if (isset($_['invalidpassword']) && ($_['invalidpassword'])): ?>
-		<a class="warning" href="<?php print_unescaped(OC_Helper::linkToRoute('core_lostpassword_index')) ?>">
-			<?php p($l->t('Lost your password?')); ?>
+		<a id="lost-password" class="warning" href="">
+			<?php p($l->t('Forgot your password? Reset it!')); ?>
 		</a>
 		<?php endif; ?>
 		<?php if ($_['rememberLoginAllowed'] === true) : ?>
@@ -74,4 +74,4 @@
 
 <?php
 OCP\Util::addscript('core', 'visitortimezone');
-
+OCP\Util::addScript('core', 'lostpassword');