DigitaleAgentur___ALT
/
nc-vue-register
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update# remove resendEmail route, 

since it may be used to bypass domain check
This commit is contained in:
Pellaeon Lin 2015-08-30 01:03:23 +08:00
parent 7d6d6c068e
commit b64640083e
2 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
appinfo/routes.php
View File

@ -25,7 +25,6 @@ $application->registerRoutes($this, array('routes' => array(
array('name' => 'settings#admin', 'url' => '/settings', 'verb' => 'POST'), array('name' => 'settings#admin', 'url' => '/settings', 'verb' => 'POST'),
array('name' => 'register#askEmail', 'url' => '/', 'verb' => 'GET'), array('name' => 'register#askEmail', 'url' => '/', 'verb' => 'GET'),
array('name' => 'register#validateEmail', 'url' => '/', 'verb' => 'POST'), array('name' => 'register#validateEmail', 'url' => '/', 'verb' => 'POST'),
array('name' => 'register#resendEmail', 'url' => '/resend/{email}', 'verb' => 'GET'),
array('name' => 'register#verifyToken', 'url' => '/verify/{token}', 'verb' => 'GET'), array('name' => 'register#verifyToken', 'url' => '/verify/{token}', 'verb' => 'GET'),
array('name' => 'register#createAccount', 'url' => '/verify/{token}', 'verb' => 'POST') array('name' => 'register#createAccount', 'url' => '/verify/{token}', 'verb' => 'POST')
))); )));

46
controller/registercontroller.php
View File

@ -59,16 +59,6 @@ class RegisterController extends Controller {
return new TemplateResponse('registration', 'register', $params, 'guest'); return new TemplateResponse('registration', 'register', $params, 'guest');
} }
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
* @param string $email
*/
public function resendEmail($email) {
return $this->sendVerificationEmail($email);
}
/** /**
* @NoAdminRequired * @NoAdminRequired
* @NoCSRFRequired * @NoCSRFRequired
@ -86,12 +76,30 @@ class RegisterController extends Controller {
} }
if ( $this->pendingreg->find($email) ) { if ( $this->pendingreg->find($email) ) {
$this->pendingreg->delete($email);
$token = $this->pendingreg->save($email);
$link = $this->urlgenerator->linkToRoute('registration.register.verifyToken', array('token' => $token));
$link = $this->urlgenerator->getAbsoluteURL($link);
$from = Util::getDefaultEmailAddress('register');
$res = new TemplateResponse('registration', 'email', array('link' => $link), 'blank');
$msg = $res->render();
try {
$this->mail->sendMail($email, 'ownCloud User', $this->l10n->t('Verify your ownCloud registration request'), $msg, $from, 'ownCloud');
} catch (\Exception $e) {
return new TemplateResponse('', 'error', array( return new TemplateResponse('', 'error', array(
'errors' => array(array( 'errors' => array(array(
'error' => $this->l10n->t('There is already a pending registration with this email'), 'error' => $this->l10n->t('A problem occurred sending email, please contact your administrator.'),
'hint' => str_replace('{href}', 'hint' => ''
$this->urlgenerator->linkToRoute('registration.register.resendEmail', array('email' => $email)), ))
$this->l10n->t('<a href="{href}">Click here</a> to re-send the verification email')) ), 'error');
}
return new TemplateResponse('registration', 'message', array('msg' =>
$this->l10n->t('Verification email successfully sent.')
), 'guest');
return new TemplateResponse('', 'error', array(
'errors' => array(array(
'error' => $this->l10n->t('There is already a pending registration with this email, a new verification email has been sent to the address.'),
'hint' => ''
)) ))
), 'error'); ), 'error');
} }
@ -126,16 +134,6 @@ class RegisterController extends Controller {
} }
} }
return $this->sendVerificationEmail($email);
}
/**
* Delete existing pending registration request for the email and send a new one.
* @param string $email email address to send
* @return TemplateResponse
*/
private function sendVerificationEmail($email) {
$this->pendingreg->delete($email);
$token = $this->pendingreg->save($email); $token = $this->pendingreg->save($email);
//TODO: check for error //TODO: check for error
$link = $this->urlgenerator->linkToRoute('registration.register.verifyToken', array('token' => $token)); $link = $this->urlgenerator->linkToRoute('registration.register.verifyToken', array('token' => $token));