check right location to verify web page and query lookup server for exact...

check right location to verify web page and query lookup server for exact cloud id to check if the email address was verified correctly

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

settings/BackgroundJobs/VerifyUserData.php

@@ -27,6 +27,7 @@ use OC\Accounts\AccountManager;
 use OC\BackgroundJob\Job;
 use OC\BackgroundJob\JobList;
 use OCP\AppFramework\Http;
+use OCP\BackgroundJob\IJobList;
 use OCP\Http\Client\IClientService;
 use OCP\IConfig;
 use OCP\ILogger;
@@ -135,7 +136,7 @@ class VerifyUserData extends Job {
 
 		$result = false;
 
-		$url = rtrim($argument['data'], '/') . '/' . 'CloudIdVerificationCode.txt';
+		$url = rtrim($argument['data'], '/') . '/well-known/' . 'CloudIdVerificationCode.txt';
 
 		$client = $this->httpClientService->newClient();
 		try {
@@ -147,6 +148,8 @@ class VerifyUserData extends Job {
 		if ($response->getStatusCode() === Http::STATUS_OK) {
 			$result = true;
 			$publishedCode = $response->getBody();
+			// remove new lines and spaces
+			$publishedCodeSanitized = $string = trim(preg_replace('/\s\s+/', ' ', $publishedCode));
 			$user = $this->userManager->get($argument['uid']);
 			// we don't check a valid user -> give up
 			if ($user === null) {
@@ -155,11 +158,10 @@ class VerifyUserData extends Job {
 			}
 			$userData = $this->accountManager->getUser($user);
 
-			if ($publishedCode === $argument['verificationCode']) {
-
-				$userData[AccountManager::PROPERTY_WEBSITE]['verified'] === AccountManager::VERIFIED;
+			if ($publishedCodeSanitized === $argument['verificationCode']) {
+				$userData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::VERIFIED;
 			} else {
-				$userData[AccountManager::PROPERTY_WEBSITE]['verified'] === AccountManager::NOT_VERIFIED;
+				$userData[AccountManager::PROPERTY_WEBSITE]['verified'] = AccountManager::NOT_VERIFIED;
 			}
 
 			$this->accountManager->updateUser($user, $userData);
@@ -202,11 +204,11 @@ class VerifyUserData extends Job {
 		}
 
 		// lookup server hasn't verified the email address so far, try again later
-		if ($lookupServerData[$dataType]['verified'] === AccountManager::VERIFICATION_IN_PROGRESS) {
+		if ($lookupServerData[$dataType]['verified'] === AccountManager::NOT_VERIFIED) {
 			return false;
 		}
 
-		$localUserData[$dataType]['verified'] === $lookupServerData[$dataType]['verified'];
+		$localUserData[$dataType]['verified'] = AccountManager::VERIFIED;
 		$this->accountManager->updateUser($user, $localUserData);
 
 		return true;
@@ -218,9 +220,9 @@ class VerifyUserData extends Job {
 	 */
 	protected function queryLookupServer($cloudId) {
 		try {
-			$client = $this->clientService->newClient();
+			$client = $this->httpClientService->newClient();
 			$response = $client->get(
-				$this->lookupServerUrl . '/users?search=' . urlencode($cloudId),
+				$this->lookupServerUrl . '/users?search=' . urlencode($cloudId) . '&exactCloudId=1',
 				[
 					'timeout' => 10,
 					'connect_timeout' => 3,
@@ -229,10 +231,8 @@ class VerifyUserData extends Job {
 
 			$body = json_decode($response->getBody(), true);
 
-			foreach ($body as $lookup) {
-				if ($lookup['federationId'] === $cloudId) {
-					return $lookup;
-				}
+			if ($body['federationId'] === $cloudId) {
+				return $body;
 			}
 
 		} catch (\Exception $e) {