Commit d42bbfaa authored by Vincent Petry's avatar Vincent Petry Committed by GitHub

Merge pull request #27509 from imujjwal96/issue_27506

Email confirmation link fix
parents 31d09676 50b5edcb
...@@ -241,7 +241,7 @@ class UsersController extends Controller { ...@@ -241,7 +241,7 @@ class UsersController extends Controller {
} }
$splittedToken = explode(':', $this->config->getUserValue($userId, 'owncloud', 'changeMail', null)); $splittedToken = explode(':', $this->config->getUserValue($userId, 'owncloud', 'changeMail', null));
if(count($splittedToken) !== 2) { if(count($splittedToken) !== 3) {
$this->config->deleteUserValue($userId, 'owncloud', 'changeMail'); $this->config->deleteUserValue($userId, 'owncloud', 'changeMail');
throw new \Exception($this->l10n->t('Couldn\'t change the email address because the token is invalid')); throw new \Exception($this->l10n->t('Couldn\'t change the email address because the token is invalid'));
} }
...@@ -740,7 +740,7 @@ class UsersController extends Controller { ...@@ -740,7 +740,7 @@ class UsersController extends Controller {
$token = $this->config->getUserValue($userId, 'owncloud', 'changeMail'); $token = $this->config->getUserValue($userId, 'owncloud', 'changeMail');
if ($token !== '') { if ($token !== '') {
$splittedToken = explode(':', $token); $splittedToken = explode(':', $token);
if ((count($splittedToken)) === 2 && $splittedToken[0] > ($this->timeFactory->getTime() - 60 * 5)) { if ((count($splittedToken)) === 3 && $splittedToken[0] > ($this->timeFactory->getTime() - 60 * 5)) {
$this->log->alert('The email is not sent because an email change confirmation mail was sent recently.'); $this->log->alert('The email is not sent because an email change confirmation mail was sent recently.');
return false; return false;
} }
...@@ -750,9 +750,9 @@ class UsersController extends Controller { ...@@ -750,9 +750,9 @@ class UsersController extends Controller {
ISecureRandom::CHAR_DIGITS . ISecureRandom::CHAR_DIGITS .
ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_LOWER .
ISecureRandom::CHAR_UPPER); ISecureRandom::CHAR_UPPER);
$this->config->setUserValue($userId, 'owncloud', 'changeMail', $this->timeFactory->getTime() . ':' . $token); $this->config->setUserValue($userId, 'owncloud', 'changeMail', $this->timeFactory->getTime() . ':' . $token . ':' . $mailAddress);
$link = $this->urlGenerator->linkToRouteAbsolute('settings.Users.changeMail', ['userId' => $userId, 'token' => $token, 'mailAddress' => $mailAddress]); $link = $this->urlGenerator->linkToRouteAbsolute('settings.Users.changeMail', ['userId' => $userId, 'token' => $token]);
$tmpl = new \OC_Template('settings', 'changemail/email'); $tmpl = new \OC_Template('settings', 'changemail/email');
$tmpl->assign('link', $link); $tmpl->assign('link', $link);
...@@ -793,11 +793,10 @@ class UsersController extends Controller { ...@@ -793,11 +793,10 @@ class UsersController extends Controller {
* *
* @param $token * @param $token
* @param $userId * @param $userId
* @param $mailAddress
* @return RedirectResponse * @return RedirectResponse
* @throws \Exception * @throws \Exception
*/ */
public function changeMail($token, $userId, $mailAddress) { public function changeMail($token, $userId) {
$user = $this->userManager->get($userId); $user = $this->userManager->get($userId);
$sessionUser = $this->userSession->getUser(); $sessionUser = $this->userSession->getUser();
...@@ -815,6 +814,9 @@ class UsersController extends Controller { ...@@ -815,6 +814,9 @@ class UsersController extends Controller {
$oldEmailAddress = $user->getEMailAddress(); $oldEmailAddress = $user->getEMailAddress();
$splittedToken = explode(':', $this->config->getUserValue($userId, 'owncloud', 'changeMail', null));
$mailAddress = $splittedToken[2];
$this->setEmailAddress($userId, $mailAddress); $this->setEmailAddress($userId, $mailAddress);
if ($oldEmailAddress !== null) { if ($oldEmailAddress !== null) {
......
...@@ -63,7 +63,7 @@ $application->registerRoutes($this, [ ...@@ -63,7 +63,7 @@ $application->registerRoutes($this, [
['name' => 'Certificate#removeSystemRootCertificate', 'url' => '/settings/admin/certificate/{certificateIdentifier}', 'verb' => 'DELETE'], ['name' => 'Certificate#removeSystemRootCertificate', 'url' => '/settings/admin/certificate/{certificateIdentifier}', 'verb' => 'DELETE'],
['name' => 'SettingsPage#getPersonal', 'url' => '/settings/personal', 'verb' => 'GET'], ['name' => 'SettingsPage#getPersonal', 'url' => '/settings/personal', 'verb' => 'GET'],
['name' => 'SettingsPage#getAdmin', 'url' => '/settings/admin', 'verb' => 'GET'], ['name' => 'SettingsPage#getAdmin', 'url' => '/settings/admin', 'verb' => 'GET'],
['name' => 'Users#changeMail', 'url' => '/settings/mailaddress/change/{token}/{userId}/{mailAddress}', 'verb' => 'GET'], ['name' => 'Users#changeMail', 'url' => '/settings/mailaddress/change/{token}/{userId}', 'verb' => 'GET'],
] ]
]); ]);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment