Restore sending to recovery address

From: ArnauVP <arnauvp@e.email>

Date: Thu, 23 Mar 2022 11:10:00 +0000

Date: Fri, 27 Mar 2022 00:00:00 +0000

Subject: [PATCH] Makes password reset links use recovery email set through "email-recovery" app, makes "email" uneditable by user

This patch adds the necessary changes to core NC controller and template for "email-recovery" app to work correctly. Instead of the user's email address, the user's recovery email address set through the "email-recovery" app is used for the password reset email.

diff --git ./core/Controller/LostController.php ./core/Controller/LostController.new.php

--- ./core/Controller/LostController.php	2022-05-25 15:07:44.582984541 +0530

+++ ./core/Controller/LostController.new.php	2022-05-25 15:18:09.806020940 +0530

@@ -174,6 +174,19 @@

--- files/LostController.php.orig	2022-03-23 12:00:12.000000000 +0100

+++ files/LostController.php	2022-05-27 01:43:22.000000000 +0200

@@ -173,9 +173,27 @@

 	 * @throws \Exception

 	 */

 	protected function checkPasswordResetToken(string $token, string $userId): void {

 		try {

+			$domain = $this->config->getSystemValue('mail_domain', '');

+			$domainSuffix = !empty($domain) ? '@' . $domain : '';

+			$altDomain = $this->config->getSystemValue('alt_mail_domain', '');

+			$altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : '';

+			if(stristr($userId, $domainSuffix) !== FALSE) {

+				$userId = str_replace($domainSuffix, '', $userId);

+			}

+			if(stristr($userId, $altDomainSuffix) !== FALSE) {

+				$userId = str_replace($altDomainSuffix, '', $userId);

+			}

+			if(!$this->userManager->userExists($userId)) {

+				$userId = $userId . $domainSuffix;

+			}

 			$user = $this->userManager->get($userId);

 			$this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true);

 		} catch (InvalidTokenException $e) {

@@ -287,6 +300,19 @@

 	 * @throws \OCP\PreConditionNotMetException

 	 */

 	protected function sendEmail($input) {

+		$domain = $this->config->getSystemValue('mail_domain', '');

+		$domainSuffix = !empty($domain) ? '@' . $domain : '';

+		$domain = $this->config->getSystemValue("mail_domain");

+		$domainSuffix = "@$domain";

+		$altDomain = $this->config->getSystemValue('alt_mail_domain', '');

+		$altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : '';

+		if (stristr($input, $domainSuffix) !== FALSE) {

+		if(!$this->userManager->userExists($input) ) {

+			$input = $input . $domainSuffix;

+		}

+

+		$user = $this->findUserByIdOrMail($input);

+		$recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email');

+		$mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail;

+

 		try {

 			$user = $this->userManager->get($userId);

-			$this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true);

+			$this->verificationToken->check($token, $user, 'lostpassword', $mailAddress, true);

 		} catch (InvalidTokenException $e) {

 			$error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED

 				? $this->l10n->t('Could not reset password because the token is expired')

@@ -214,6 +232,13 @@

 			return new JSONResponse($this->error($this->l10n->t('Password reset is disabled')));

 		}

+		$domain = $this->config->getSystemValue("mail_domain");

+        $domainSuffix = "@$domain";

+

+        if(stristr($input, $domainSuffix) === FALSE ) {

+            $input = $input . $domainSuffix;

+        }

+

 		\OCP\Util::emitHook(

 			'\OCA\Files_Sharing\API\Server2Server',

 			'preLoginNameUsedAsUserName',

@@ -288,7 +313,7 @@

 	 */

 	protected function sendEmail($input) {

 		$user = $this->findUserByIdOrMail($input);

 		$email = $user->getEMailAddress();

-		$email = $user->getEMailAddress();

+		$email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email');

 		if (empty($email)) {

 			throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input);