0ct0pu5/XBackBone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enabled recaptcha on password recovery

Browse source
This commit is contained in:
Sergio Brighenti 2020-04-08 13:19:57 +02:00
parent f88bcbc9e7
commit e37cbbb025
8 changed files with 38 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/Controllers/Auth/PasswordRecoveryController.php
View file

@ -10,7 +10,7 @@ use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Exception\HttpNotFoundException;
class PasswordRecoveryController extends Controller
class PasswordRecoveryController extends AuthController
{
/**
@ -23,7 +23,9 @@ class PasswordRecoveryController extends Controller
*/
public function recover(Request $request, Response $response): Response
{
return view()->render($response, 'auth/recover_mail.twig');
return view()->render($response, 'auth/recover_mail.twig', [
'recaptcha_site_key' => $this->getSetting('recaptcha_enabled') === 'on' ? $this->getSetting('recaptcha_site_key') : null,
]);
}
@ -39,6 +41,10 @@ class PasswordRecoveryController extends Controller
return redirect($response, route('home'));
}
if ($this->checkRecaptcha(make(ValidationHelper::class), $request)->fails()) {
return redirect($response, route('recover'));
}
$user = $this->database->query('SELECT `id`, `username` FROM `users` WHERE `email` = ? AND NOT `ldap` LIMIT 1', param($request, 'email'))->fetch();
if (!isset($user->id)) {
@ -60,6 +66,7 @@ class PasswordRecoveryController extends Controller
->message(lang('mail.recover_text', [
$user->username,
route('recover.password', ['resetToken' => $resetToken]),
route('recover.password', ['resetToken' => $resetToken]),
]))
->send();

14
app/Controllers/Auth/RegisterController.php
View file

@ -6,11 +6,12 @@ namespace App\Controllers\Auth;
use App\Controllers\Controller;
use App\Database\Queries\UserQuery;
use App\Web\Mail;
use App\Web\ValidationHelper;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Exception\HttpNotFoundException;
class RegisterController extends Controller
class RegisterController extends AuthController
{
/**
@ -54,13 +55,8 @@ class RegisterController extends Controller
throw new HttpNotFoundException($request);
}
if ($this->getSetting('recaptcha_enabled') === 'on') {
$recaptcha = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$this->getSetting('recaptcha_secret_key').'&response='.param($request, 'recaptcha_token')));
if ($recaptcha->success && $recaptcha->score < 0.5) {
$this->session->alert(lang('recaptcha_failed'), 'danger');
return redirect($response, route('register.show'));
}
if ($this->checkRecaptcha(make(ValidationHelper::class), $request)->fails()) {
return redirect($response, route('register.show'));
}
$validator = $this->getUserCreateValidator($request)->alertIf(empty(param($request, 'password')), 'password_required');
@ -89,6 +85,8 @@ class RegisterController extends Controller
param($request, 'username'),
$this->config['app_name'],
$this->config['base_url'],
$this->config['base_url'],
route('activate', ['activateToken' => $activateToken]),
route('activate', ['activateToken' => $activateToken]),
]))
->send();

4
app/Controllers/UserController.php
View file

@ -289,15 +289,19 @@ class UserController extends Controller
param($request, 'username'),
$this->config['app_name'],
$this->config['base_url'],
$this->config['base_url'],
param($request, 'username'),
param($request, 'password'),
route('login.show'),
route('login.show'),
]);
} else {
$message = lang('mail.new_account_text_with_reset', [
param($request, 'username'),
$this->config['app_name'],
$this->config['base_url'],
$this->config['base_url'],
route('recover.password', ['resetToken' => $resetToken]),
route('recover.password', ['resetToken' => $resetToken]),
]);
}

5
app/Web/Mail.php
View file

@ -117,10 +117,11 @@ class Mail
$this->addRequiredHeader('X-Mailer: PHP/'.phpversion());
$this->addRequiredHeader('MIME-Version: 1.0');
$this->addRequiredHeader('Content-Type: text/plain; charset=utf-8');
$this->addRequiredHeader('Content-Type: text/html; charset=utf-8');
$this->headers .= $this->additionalHeaders;
$message = html_entity_decode($this->message);
return (int) mail($this->to, $this->subject, utf8_encode($this->message), $this->headers);
return (int) mail($this->to, $this->subject, "<html><body>$message</body></html>", $this->headers);
}
}

10
app/helpers.php
View file

@ -115,10 +115,7 @@ if (!function_exists('removeDirectory')) {
*/
function removeDirectory($path)
{
$files = glob($path.'/*');
foreach ($files as $file) {
is_dir($file) ? removeDirectory($file) : unlink($file);
}
cleanDirectory($path, true);
rmdir($path);
}
}
@ -128,13 +125,14 @@ if (!function_exists('cleanDirectory')) {
* Removes all directory contents.
*
* @param $path
* @param bool $all
*/
function cleanDirectory($path)
function cleanDirectory($path, $all = false)
{
$directoryIterator = new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS);
$iteratorIterator = new RecursiveIteratorIterator($directoryIterator, RecursiveIteratorIterator::CHILD_FIRST);
foreach ($iteratorIterator as $file) {
if ($file->getFilename() !== '.gitkeep') {
if ($all || $file->getFilename() !== '.gitkeep') {
$file->isDir() ? rmdir($file) : unlink($file);
}
}

26
resources/lang/en.lang.php
View file

@ -122,17 +122,9 @@ return [
'default_user_quota' => 'Default User Quota',
'max_user_quota' => 'Max User Quota',
'invalid_quota' => 'Invalid values as default user quota.',
'mail.activate_text' => 'Hi %s!
thank you for creating your account on %s (%s), click on the following link to activate it:
%s',
'mail.activate_text' => 'Hi %s!<br>thank you for creating your account on %s (<a href="%s">%s</a>), click on the following link to activate it:<br><br><a href="%s">%s</a>',
'mail.activate_account' => '%s - Account Activation',
'mail.recover_text' => 'Hi %s,
a password reset has been requested for your account. To complete the procedure click on the following link:
%s
If it wasn\'t you who requested the password reset, simply ignore this email.',
'mail.recover_text' => 'Hi %s,<br>a password reset has been requested for your account. To complete the procedure click on the following link:<br><br><a href="%s">%s</a><br><br>If it wasn\'t you who requested the password reset, simply ignore this email.',
'mail.recover_password' => '%s - Password Recovery',
'recover_email_sent' => 'If present, a recovery email was sent to the specified account.',
'account_activated' => 'Account activated, now you can login!',
@ -156,18 +148,8 @@ If it wasn\'t you who requested the password reset, simply ignore this email.',
'recaptcha_secret_key' => 'reCAPTCHA Secret Key',
'send_notification' => 'Send Mail Notification',
'mail.new_account' => '%s - New Account Creation',
'mail.new_account_text_with_reset' => 'Hi %s!
a new account was created for you on %s (%s), click on the following link to set a password and activate it:
%s',
'mail.new_account_text_with_pw' => 'Hi %s!
a new account was created for you on %s (%s), with the following credentials:
Username: %s
Password: %s
Click on the following link to go to the login page:
%s',
'mail.new_account_text_with_reset' => 'Hi %s!<br>a new account was created for you on %s (<a href="%s">%s</a>), click on the following link to set a password and activate it:<br><br><a href="%s">%s</a>',
'mail.new_account_text_with_pw' => 'Hi %s!<br>a new account was created for you on %s (<a href="%s">%s</a>), with the following credentials:<br><br>Username: %s<br>Password: %s<br><br>Click on the following link to go to the login page:<br><a href="%s">%s</a>',
'user_create_password' => 'If leaved empty, you might want to send a notification to the user email.',
'ldap_cant_connect' => 'Can\'t connect to the LDAP auth server.',
'upload_max_file_size' => 'The max file size is currently %s.',

22
resources/lang/it.lang.php
View file

@ -122,18 +122,8 @@ return [
'register' => 'Registrati',
'default_user_quota' => 'Quota utente predefinita',
'invalid_quota' => 'Valore non valido per la quota utente predefinita.',
'mail.activate_text' => 'Ciao %s!
grazie per aver creato il tuo account su %s (%s), fai clic sul seguente link per attivarlo:
%s',
'register_success' => 'L\'account è stato creato, è stata inviata un\'e-mail di conferma.',
'mail.activate_account' => '%s - Attivazione account',
'mail.recover_text' => 'Ciao %s,
è stata richiesta una reimpostazione della password per il tuo account. Per completare la procedura clicca sul seguente link:
%s
Se non sei stato tu a richiedere la reimpostazione della password, ignora semplicemente questa e-mail.',
'mail.recover_password' => '%s - Recupero password',
'recover_email_sent' => 'Se presente, è stata inviata un\'e-mail di recupero all\'account specificato.',
'account_activated' => 'Account attivato, ora è possibile effettuare il login!',
@ -160,18 +150,6 @@ Se non sei stato tu a richiedere la reimpostazione della password, ignora sempli
'upload_max_file_size' => 'La dimensione massima di un file caricabile è %s.',
'ldap_cant_connect' => 'Impossibile connettersi al server di autenticazione LDAP.',
'user_create_password' => 'Se lasciato vuoto, si consiglia di inviare una notifica all\'utente via e-mail.',
'mail.new_account_text_with_pw' => 'Ciao %s!
un nuovo account è stato creato per te su %s (%s), con le seguenti credenziali:
Username: %s
Password: %s
Clicca su questo link per andare alla pagina di login:
%s',
'mail.new_account_text_with_reset' => 'Ciao %s!
un nuovo account è stato creato per te su %s (%s), clicca sul seguente link per impostare una password e attivarlo:
%s',
'mail.new_account' => '%s - Nuovo account creato',
'send_notification' => 'Invia notifica e-mail',
];

8
resources/templates/auth/recover_mail.twig
View file

@ -27,6 +27,9 @@
{% block content %}
<div class="container-fluid">
<form class="form-signin" method="post" action="{{ route('recover.mail') }}">
{% if recaptcha_site_key is not null %}
<input type="hidden" name="recaptcha_token" id="recaptcha_token">
{% endif %}
<div class="row text-center">
<div class="col-md-12">
<h1 class="h3 mb-3 font-weight-normal">{{ config.app_name }}</h1>
@ -49,4 +52,9 @@
</div>
</form>
</div>
{% endblock %}
{% block js %}
{% if recaptcha_site_key is not null %}
{% include 'comp/recaptcha.twig' %}
{% endif %}
{% endblock %}