From f76b73417198f9e40da7b7766110a534f2057853 Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Fri, 9 Sep 2016 16:53:03 +0200
Subject: [PATCH] Simplify user reset password by using routes, remove unused
 XML contribs.

---
 core/src/core/src/pydio/Core/Http/Base.php    |  1 +
 core/src/plugins/core.ajaxplorer/routes.json  |  4 +-
 .../plugins/gui.user/UserGuiController.php    | 52 +++++--------------
 core/src/plugins/gui.user/i18n/cs.php         |  1 +
 core/src/plugins/gui.user/i18n/de.php         |  1 +
 core/src/plugins/gui.user/i18n/en.php         |  1 +
 core/src/plugins/gui.user/i18n/fr.php         |  1 +
 core/src/plugins/gui.user/i18n/it.php         |  1 +
 core/src/plugins/gui.user/i18n/ru.php         |  1 +
 core/src/plugins/gui.user/manifest.xml        | 33 ++----------
 10 files changed, 27 insertions(+), 69 deletions(-)

diff --git a/core/src/core/src/pydio/Core/Http/Base.php b/core/src/core/src/pydio/Core/Http/Base.php
index 0a7f66221e..6858c5dcf5 100644
--- a/core/src/core/src/pydio/Core/Http/Base.php
+++ b/core/src/core/src/pydio/Core/Http/Base.php
@@ -44,6 +44,7 @@ public static function handleRoute($base, $route, $additionalAttributes = []){
             $server = new Wopi\RestWopiServer($base.$route, $additionalAttributes);
         } else if ($route === "/user") {
             $_GET["get_action"] = "user_access_point";
+            $_GET["key"] = $additionalAttributes["key"];
             $server = new Server($base, $additionalAttributes);
         } else if ($route == "/favicon"){
             $_GET["get_action"] = "serve_favicon";
diff --git a/core/src/plugins/core.ajaxplorer/routes.json b/core/src/plugins/core.ajaxplorer/routes.json
index 69b8c0363a..2edc162539 100644
--- a/core/src/plugins/core.ajaxplorer/routes.json
+++ b/core/src/plugins/core.ajaxplorer/routes.json
@@ -16,9 +16,9 @@
     "method": "handleRoute"
   },
   "/user":{
-    "methods": "*",
+    "methods": "GET",
     "routes": [
-      "/user[{optional:.+}]"
+      "/user/reset-password/{key}"
     ],
     "class": "Pydio\\Core\\Http\\Base",
     "method": "handleRoute"
diff --git a/core/src/plugins/gui.user/UserGuiController.php b/core/src/plugins/gui.user/UserGuiController.php
index b189db294e..9a67a7759f 100644
--- a/core/src/plugins/gui.user/UserGuiController.php
+++ b/core/src/plugins/gui.user/UserGuiController.php
@@ -48,33 +48,6 @@
 class UserGuiController extends Plugin
 {
 
-    /**
-     * Parse
-     * @param DOMNode $contribNode
-     */
-    protected function parseSpecificContributions(ContextInterface $ctx, \DOMNode &$contribNode)
-    {
-        parent::parseSpecificContributions($ctx, $contribNode);
-        if (substr($_SERVER["REQUEST_URI"], 0, strlen('/user')) != '/user') {
-            if ($contribNode->nodeName == "client_configs") {
-                $children = $contribNode->childNodes;
-                foreach ($children as $child) {
-                    if ($child->nodeType == XML_ELEMENT_NODE) $contribNode->removeChild($child);
-                }
-            } else if ($contribNode->nodeName == "actions") {
-                $children = $contribNode->childNodes;
-                foreach ($children as $child) {
-                    if ($child->nodeType == XML_ELEMENT_NODE && $child->nodeName == "action" && $child->getAttribute("name") == "login") {
-                        $contribNode->removeChild($child);
-                    }
-                }
-
-            }
-        }
-
-    }
-
-
     /**
      * @param ServerRequestInterface $requestInterface
      * @param ResponseInterface $responseInterface
@@ -90,19 +63,18 @@ public function processUserAccessPoint(ServerRequestInterface &$requestInterface
         $context = $requestInterface->getAttribute("ctx");
 
         switch ($action) {
+            
             case "user_access_point":
-                $setUrl = ConfService::getGlobalConf("SERVER_URL");
-                $realUri = "/";
-                if (!empty($setUrl)) {
-                    $realUri = parse_url(ConfService::getGlobalConf("SERVER_URL"), PHP_URL_PATH);
-                }
-                $requestURI = str_replace("//", "/", $_SERVER["REQUEST_URI"]);
-                $uri = trim(str_replace(rtrim($realUri, "/") . "/user", "", $requestURI), "/");
-                $uriParts = explode("/", $uri);
-                $action = array_shift($uriParts);
-                $key = ($action == "reset-password" && count($uriParts)) ? array_shift($uriParts) : "";
+                
+                $action = "reset-password";
+                $key = InputFilter::sanitize($httpVars["key"], InputFilter::SANITIZE_ALPHANUM);
                 try {
-                    $this->processSubAction($action, $uriParts);
+
+                    $key = ConfService::getConfStorageImpl()->loadTemporaryKey("password-reset", $key);
+                    if ($key == null || $key["user_id"] === false) {
+                        throw new Exception("Invalid password reset key! Did you make sure to copy the correct link?");
+                    }
+
                     $_SESSION['OVERRIDE_GUI_START_PARAMETERS'] = array(
                         "REBASE" => "../../",
                         "USER_GUI_ACTION" => $action,
@@ -118,6 +90,7 @@ public function processUserAccessPoint(ServerRequestInterface &$requestInterface
                 unset($_SESSION['OVERRIDE_GUI_START_PARAMETERS']);
 
                 break;
+            
             case "reset-password-ask":
 
                 // This is a reset password request, generate a token and store it.
@@ -133,7 +106,7 @@ public function processUserAccessPoint(ServerRequestInterface &$requestInterface
                         $mailer = PluginsService::getInstance($context)->getUniqueActivePluginForType("mailer");
                         if ($mailer !== false) {
                             $mess = LocaleService::getMessages();
-                            $link = ApplicationState::detectServerURL() . "/user/reset-password/" . $uuid;
+                            $link = ApplicationState::detectServerURL(true) . "/user/reset-password/" . $uuid;
                             $mailer->sendMail($context, array($email), $mess["gui.user.1"], $mess["gui.user.7"] . "<a href=\"$link\">$link</a>");
                         } else {
                             echo 'ERROR: There is no mailer configured, please contact your administrator';
@@ -146,6 +119,7 @@ public function processUserAccessPoint(ServerRequestInterface &$requestInterface
                 echo "SUCCESS";
 
                 break;
+            
             case "reset-password":
 
                 ConfService::getConfStorageImpl()->pruneTemporaryKeys("password-reset", 20);
diff --git a/core/src/plugins/gui.user/i18n/cs.php b/core/src/plugins/gui.user/i18n/cs.php
index 76c01de2aa..076b119d98 100644
--- a/core/src/plugins/gui.user/i18n/cs.php
+++ b/core/src/plugins/gui.user/i18n/cs.php
@@ -26,4 +26,5 @@
     "5" => "Požadavek na změnu hesla byl zaslán na emailovou adresu registrovanou s vaším uživatelským účtem. Klikněte na odkaz v emailu pro provedení změny hesla.",
     "6" => "Děkujeme, nyní se můžete přihlásit!",
     "7" => "Byla vyžádána změna hesla pro účet vedený pod touto emailovou adresou. Pokud jste tento požadavek nevyžádali vy, můžete tento email ignorovat. Jinak klikněte na následující odkaz pro reset svého hesla:",
+    "8" => "Use the form below to reset your password. Please enter your login and the new password twice.",
 );
diff --git a/core/src/plugins/gui.user/i18n/de.php b/core/src/plugins/gui.user/i18n/de.php
index bc468283c4..5d0e1b7bae 100644
--- a/core/src/plugins/gui.user/i18n/de.php
+++ b/core/src/plugins/gui.user/i18n/de.php
@@ -31,4 +31,5 @@
     "5" => "E-Mail erfolgreich versendet. Klicken Sie auf den Link in der Nachricht, um ein neues Passwort zu vergeben.",
     "6" => "Vielen Dank. Sie k&ouml;nnen sich jetzt anmelden.",
     "7" => "Für das Konto mit dieser E-Mail-Adresse wurde eine Anfrage zum Zurücksetzen des Passwortes angefordert. Wenn Sie dieses Anfrage nicht gemacht haben, können Sie die E-Mail ignorieren. Ansonsten klicken Sie auf folgenden Link, um Ihr Passwort zurückzusetzen:", /* No HTML entities, might be the body of the mail */
+    "8" => "Use the form below to reset your password. Please enter your login and the new password twice.",
 );
diff --git a/core/src/plugins/gui.user/i18n/en.php b/core/src/plugins/gui.user/i18n/en.php
index f743f48413..af3c38349a 100644
--- a/core/src/plugins/gui.user/i18n/en.php
+++ b/core/src/plugins/gui.user/i18n/en.php
@@ -26,4 +26,5 @@
     "5" => "A reset password request has been sent to the email registered with your account. Click on the link in the email to recreate a password.",
     "6" => "Thank you, you can now log in!",
     "7" => "A password reset has been requested on the account associated to this email address. If you are not the author of this request, you can safely ignore this email. Otherwise click on the following link to reset your password:",
+    "8" => "Use the form below to reset your password. Please enter your login and the new password twice."
 );
diff --git a/core/src/plugins/gui.user/i18n/fr.php b/core/src/plugins/gui.user/i18n/fr.php
index 6f6c060da1..90b8177b10 100644
--- a/core/src/plugins/gui.user/i18n/fr.php
+++ b/core/src/plugins/gui.user/i18n/fr.php
@@ -26,4 +26,5 @@
     "5" => "Un courriel contenant une demande de réinitialisation du mot de passe a été envoyé à l'adresse courriel enregistrée dans votre compte. Cliquez sur le lien du courriel pour créer un nouveau mot de passe.",
     "6" => "Merci, vous pouvez à présent vous connecter avec ce nouveau mot de passe!",
     "7" => "Une demande de réinitialisation de mot de passe a été demandée pour le compte associé à ce courriel. Si vous n'en êtes pas l'auteur, vous pouvez ignorer ce courriel. Sinon cliquez sur le lien suivant :",
+    "8" => "Utilisez le formulaire pour remettre à zéro votre mot de passe. Entrez votre identifiant et votre nouveau mot de passe deux fois.",
 );
diff --git a/core/src/plugins/gui.user/i18n/it.php b/core/src/plugins/gui.user/i18n/it.php
index a93aa9cac2..001d5309c1 100644
--- a/core/src/plugins/gui.user/i18n/it.php
+++ b/core/src/plugins/gui.user/i18n/it.php
@@ -26,4 +26,5 @@
     "5" => "Una richiesta di reset password è stata inviata all'indirizzo mail associato al tuo account. Clicca sul link nella mail per creare una nuova password.",
     "6" => "Grazie. Ora puoi autenticarti!",
     "7" => "Il reset della password è stato richiesto dall'account associato a questo indirizzo mail. Se non sei l'autore di questa richiesta, puoi semplicemente ignorare questa mail. Altrimenti, clicca sul link seguente per reimpostare la tua password:",
+    "8" => "Use the form below to reset your password. Please enter your login and the new password twice.",
 );
diff --git a/core/src/plugins/gui.user/i18n/ru.php b/core/src/plugins/gui.user/i18n/ru.php
index ce3bfd3b8e..21caf8bbc7 100644
--- a/core/src/plugins/gui.user/i18n/ru.php
+++ b/core/src/plugins/gui.user/i18n/ru.php
@@ -26,4 +26,5 @@
     "5" => "Запрос на сброс пароля будет послан на email, который указан в вашей учётной записи. Нажмите на ссылку в письме, чтобы пересоздать пароль.",
     "6" => "Спасибо, теперь Вы можете зайти в систему!",
     "7" => "Запрошен сброс пароля для учётной записи ассоциированной с этим email адресом. Если Вы не автор запроса просто проигнорируйте это письмо. Если Вы хотите сбросить пароль, то нажмите на ссылку:",
+    "8" => "Use the form below to reset your password. Please enter your login and the new password twice.",
 );
diff --git a/core/src/plugins/gui.user/manifest.xml b/core/src/plugins/gui.user/manifest.xml
index 023337a096..55e65aa7ce 100644
--- a/core/src/plugins/gui.user/manifest.xml
+++ b/core/src/plugins/gui.user/manifest.xml
@@ -109,14 +109,15 @@
                     </clientCallback>
                     <clientForm id="reset-password"><![CDATA[
     				    <div id="reset-password" box_width="320" style="font-size: 15px;">
+    				        <div class="dialogLegend" ajxp_message_id="gui.user.8">AJXP_MESSAGE[gui.user.8]</div>
                             <div class="SF_element">
-                                <div class="SF_label" ajxp_message_id="gui.user.4">AJXP_MESSAGE[gui.user.4] : </div><input id="user_id" value="" type="text" class="SF_input"/>
+                                <div class="SF_label" ajxp_message_id="gui.user.4">AJXP_MESSAGE[gui.user.4] : </div><input style="width:90%;" id="user_id" value="" type="text" class="SF_input"/>
                             </div>
                             <div class="SF_element">
-                                <div class="SF_label" ajxp_message_id="198">AJXP_MESSAGE[198] : </div><input id="user_change_ownpass1" value="" type="password" class="SF_input"/>
+                                <div class="SF_label" ajxp_message_id="198">AJXP_MESSAGE[198] : </div><input style="width:90%;" id="user_change_ownpass1" value="" type="password" class="SF_input"/>
                             </div>
                             <div class="SF_element">
-                                <div class="SF_label" ajxp_message_id="199">AJXP_MESSAGE[199] : </div><input id="user_change_ownpass2" value="" type="password" class="SF_input"/>
+                                <div class="SF_label" ajxp_message_id="199">AJXP_MESSAGE[199] : </div><input style="width:90%;" id="user_change_ownpass2" value="" type="password" class="SF_input"/>
                             </div>
                             <div class="SF_element" id="pwd_strength_container"></div>
     				    </div>
@@ -124,35 +125,11 @@
                     <serverCallback methodName="processUserAccessPoint"/>
                 </processing>
             </action>
-            <action name="login">
-                <processing></processing>
-            </action>
         </actions>
-        <client_configs>
-            <template element="ajxp_desktop" name="main_vision" position="top"><![CDATA[
-				<div id="toolbars">
-					<div id="global_toolbar" ajxpClass="LogoWidget"></div>
-				</div>
-				<div id="user-gui-controller" ajxpClass="AjxpPane" ajxpOptions='{}' style="background:url('plugins/gui.ajax/res/themes/vision/images/grid_t.png')"></div>
-				<!--
-				<div id="notifications" ajxpClass="FetchedResultPane" ajxpOptions='{"fit":"height", "fitParent": "window", "fixedDisplayMode":"thumb", "displayMode":"thumb", "selectable":"false", "nodeProviderProperties":{"get_action":"get_my_feed", "format":"xml", "connexion_discrete":true}}'></div>
-				-->
-				<script type="text/javascript">
-                    document.observe('ajaxplorer:loaded', function(){
-                        if(!ajaxplorer.UIG) {
-                            ResourcesManager.prototype.loadJSResource('plugins/gui.user/class.UserGuiController.js', 'UserGuiController', function(){
-                                ajaxplorer.UIG = new UserGuiController($('user-gui-controller'));
-                            }, true);
-                        }
-                    });
-				    pydio.UI.disableAllKeyBindings();
-				</script>
-            ]]></template>
-        </client_configs>
     </registry_contributions>
 
     <dependencies>
-        <activePlugin pluginName="gui.ajax|gui.mobile|gui.ios"/>
+        <activePlugin pluginName="gui.ajax|gui.mobile|gui.ios|core.auth"/>
     </dependencies>
 
 </ajxp_plugin>