From 75430bff2f58d53ba5741296ff757212405c0964 Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 19 Mar 2021 16:19:02 +0530 Subject: [PATCH 1/7] Added patches for recovery email field --- Dockerfile | 2 ++ patches/007-recovery-email-field.patch | 21 +++++++++++++++++++++ patches/008-readonly-email-input.patch | 11 +++++++++++ 3 files changed, 34 insertions(+) create mode 100644 patches/007-recovery-email-field.patch create mode 100644 patches/008-readonly-email-input.patch diff --git a/Dockerfile b/Dockerfile index 2eda0054..8500e1ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,6 +54,8 @@ RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PAT RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch RUN patch -u ${BASE_DIR}/custom_apps/notes/lib/Service/NoteUtil.php -i ${TMP_PATCH_DIR}/006-notes-url-fix.patch +RUN patch -u ${BASE_DIR}/core/Controller/LostController.php -i ${TMP_PATCH_DIR}/007-recovery-email-field.patch +RUN patch -u ${BASE_DIR}/apps/settings/templates/settings/personal/personal.info.php -i {TMP_PATCH_DIR}/008-readonly-email-input.patch RUN rm -rf ${TMP_PATCH_DIR} # autocomplete leak tweak apps frontend with sed, disable group suggestion diff --git a/patches/007-recovery-email-field.patch b/patches/007-recovery-email-field.patch new file mode 100644 index 00000000..fbececc0 --- /dev/null +++ b/patches/007-recovery-email-field.patch @@ -0,0 +1,21 @@ +--- LostControllerOriginal.php 2021-03-19 13:10:46.342012019 +0530 ++++ LostController.php 2021-03-19 15:51:12.563247349 +0530 +@@ -205,7 +205,8 @@ + } + + try { +- $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; ++ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); ++ $mailAddress = !is_null($recoveryEmail) ? $recoveryEmail : ''; + $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); + } catch (\Exception $e) { + throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); +@@ -334,7 +335,7 @@ + */ + protected function sendEmail($input) { + $user = $this->findUserByIdOrMail($input); +- $email = $user->getEMailAddress(); ++ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); + + if (empty($email)) { + throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); diff --git a/patches/008-readonly-email-input.patch b/patches/008-readonly-email-input.patch new file mode 100644 index 00000000..6ffe91cc --- /dev/null +++ b/patches/008-readonly-email-input.patch @@ -0,0 +1,11 @@ +--- personal.info.original.php 2021-03-19 16:10:31.527079347 +0530 ++++ personal.info.php 2021-03-19 16:12:12.689345081 +0530 +@@ -150,7 +150,7 @@ + + placeholder="t('Your email address')); ?>" +- autocomplete="on" autocapitalize="none" autocorrect="off" /> ++ autocomplete="on" autocapitalize="none" autocorrect="off" readonly /> + + + -- GitLab From 31c6e707f1a1700736f1b18a76bb3c836e8dde83 Mon Sep 17 00:00:00 2001 From: akhil Date: Mon, 22 Mar 2021 12:30:40 +0530 Subject: [PATCH 2/7] Small conditional fix --- patches/007-recovery-email-field.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/007-recovery-email-field.patch b/patches/007-recovery-email-field.patch index fbececc0..d5fabbed 100644 --- a/patches/007-recovery-email-field.patch +++ b/patches/007-recovery-email-field.patch @@ -6,7 +6,7 @@ try { - $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; + $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); -+ $mailAddress = !is_null($recoveryEmail) ? $recoveryEmail : ''; ++ $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); } catch (\Exception $e) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); -- GitLab From 49977fec2b420522d9a334e396a48f343ce30bf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnau=20V=C3=A0zquez?= Date: Mon, 22 Mar 2021 08:17:06 +0000 Subject: [PATCH 3/7] Pin specific versions of docker --- .gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 81455d0b..bcea286b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,11 +4,12 @@ variables: DOCKER_DRIVER: overlay2 default: - image: docker:stable + image: docker:19.03.12 services: - - docker:dind + - docker:19.03.12-dind before_script: + - docker info - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY tags: - generic_privileged -- GitLab From f6d47725d0f2fae1ee488a7fc6a250c8eaf10178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arnau=20V=C3=A0zquez?= Date: Mon, 22 Mar 2021 08:26:11 +0000 Subject: [PATCH 4/7] Certs dir --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bcea286b..1e9fa46e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,7 +2,8 @@ # improved performance. variables: DOCKER_DRIVER: overlay2 - + DOCKER_TLS_CERTDIR: "/certs" + default: image: docker:19.03.12 -- GitLab From 7dfaf4c6dbd2312f9b11f4bf3ec5eddc8067b9a4 Mon Sep 17 00:00:00 2001 From: akhil Date: Mon, 22 Mar 2021 14:45:43 +0530 Subject: [PATCH 5/7] Fixed patch --- patches/007-recovery-email-field.patch | 36 +++++++++++++------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/patches/007-recovery-email-field.patch b/patches/007-recovery-email-field.patch index d5fabbed..8cec71b0 100644 --- a/patches/007-recovery-email-field.patch +++ b/patches/007-recovery-email-field.patch @@ -1,21 +1,21 @@ ---- LostControllerOriginal.php 2021-03-19 13:10:46.342012019 +0530 -+++ LostController.php 2021-03-19 15:51:12.563247349 +0530 +--- ../../LostControllerOriginal.php 2021-03-22 14:39:36.053745016 +0530 ++++ ../../LostController.php 2021-03-22 14:41:58.380676819 +0530 @@ -205,7 +205,8 @@ - } + } - try { -- $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; -+ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); -+ $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; - $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); - } catch (\Exception $e) { - throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); + try { +- $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; ++ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); ++ $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; + $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); + } catch (\Exception $e) { + throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); @@ -334,7 +335,7 @@ - */ - protected function sendEmail($input) { - $user = $this->findUserByIdOrMail($input); -- $email = $user->getEMailAddress(); -+ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); - - if (empty($email)) { - throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); + */ + protected function sendEmail($input) { + $user = $this->findUserByIdOrMail($input); +- $email = $user->getEMailAddress(); ++ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); + + if (empty($email)) { + throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); -- GitLab From 51db150955e5a504d1ead99429ecaf4ef07e20ee Mon Sep 17 00:00:00 2001 From: akhil Date: Mon, 22 Mar 2021 14:57:31 +0530 Subject: [PATCH 6/7] Used 19.0.9 controller --- patches/007-recovery-email-field.patch | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/patches/007-recovery-email-field.patch b/patches/007-recovery-email-field.patch index 8cec71b0..5f3a9180 100644 --- a/patches/007-recovery-email-field.patch +++ b/patches/007-recovery-email-field.patch @@ -1,21 +1,23 @@ ---- ../../LostControllerOriginal.php 2021-03-22 14:39:36.053745016 +0530 -+++ ../../LostController.php 2021-03-22 14:41:58.380676819 +0530 -@@ -205,7 +205,8 @@ +--- ../../LostControllerOriginal.php 2021-03-22 14:54:51.263702571 +0530 ++++ ../../LostController.php 2021-03-22 14:56:32.148293370 +0530 +@@ -205,8 +205,9 @@ } try { - $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; +- $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); + $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); + $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; - $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); ++ $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); } catch (\Exception $e) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); + } @@ -334,7 +335,7 @@ */ protected function sendEmail($input) { $user = $this->findUserByIdOrMail($input); - $email = $user->getEMailAddress(); + $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); - + if (empty($email)) { throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); -- GitLab From 3386d1a97755f1733a7744631e858f2450df9d0b Mon Sep 17 00:00:00 2001 From: akhil Date: Fri, 26 Mar 2021 11:47:59 +0530 Subject: [PATCH 7/7] Added both patches to one file --- Dockerfile | 3 +-- patches/007-recovery-email-changes.patch | 34 ++++++++++++++++++++++++ patches/007-recovery-email-field.patch | 23 ---------------- patches/008-readonly-email-input.patch | 11 -------- 4 files changed, 35 insertions(+), 36 deletions(-) create mode 100644 patches/007-recovery-email-changes.patch delete mode 100644 patches/007-recovery-email-field.patch delete mode 100644 patches/008-readonly-email-input.patch diff --git a/Dockerfile b/Dockerfile index 8500e1ab..5c320f7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,8 +54,7 @@ RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PAT RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch RUN patch -u ${BASE_DIR}/custom_apps/notes/lib/Service/NoteUtil.php -i ${TMP_PATCH_DIR}/006-notes-url-fix.patch -RUN patch -u ${BASE_DIR}/core/Controller/LostController.php -i ${TMP_PATCH_DIR}/007-recovery-email-field.patch -RUN patch -u ${BASE_DIR}/apps/settings/templates/settings/personal/personal.info.php -i {TMP_PATCH_DIR}/008-readonly-email-input.patch +RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/007-recovery-email-changes.patch RUN rm -rf ${TMP_PATCH_DIR} # autocomplete leak tweak apps frontend with sed, disable group suggestion diff --git a/patches/007-recovery-email-changes.patch b/patches/007-recovery-email-changes.patch new file mode 100644 index 00000000..c2896685 --- /dev/null +++ b/patches/007-recovery-email-changes.patch @@ -0,0 +1,34 @@ +--- ./core/Controller/LostController.php 2021-03-26 09:51:09.317785801 +0530 ++++ ./core/Controller/LostController.new.php 2021-03-26 09:51:35.490073707 +0530 +@@ -205,8 +205,9 @@ + } + + try { +- $mailAddress = !is_null($user->getEMailAddress()) ? $user->getEMailAddress() : ''; +- $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); ++ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); ++ $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; ++ $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); + } catch (\Exception $e) { + throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); + } +@@ -334,7 +335,7 @@ + */ + protected function sendEmail($input) { + $user = $this->findUserByIdOrMail($input); +- $email = $user->getEMailAddress(); ++ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); + + if (empty($email)) { + throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input);--- ./personal.info.original.php 2021-03-26 11:34:48.659322845 +0530--- ./personal.info.original.php 2021-03-26 11:34:48.659322845 +0530 +--- ./apps/settings/templates/settings/personal/personal.info.php 2021-03-26 11:34:48.659322845 +0530 ++++ ./apps/settings/templates/settings/personal/personal.info.new.php 2021-03-26 11:42:51.729044400 +0530 +@@ -113,7 +113,7 @@ + print_unescaped('class="hidden"'); + } ?> + value="" +- autocomplete="on" autocapitalize="none" autocorrect="off" /> ++ autocomplete="on" autocapitalize="none" autocorrect="off" readonly /> + + getEMailAddress()) ? $user->getEMailAddress() : ''; -- $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); -+ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); -+ $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; -+ $decryptedToken = $this->crypto->decrypt($encryptedToken, $mailAddress.$this->config->getSystemValue('secret')); - } catch (\Exception $e) { - throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); - } -@@ -334,7 +335,7 @@ - */ - protected function sendEmail($input) { - $user = $this->findUserByIdOrMail($input); -- $email = $user->getEMailAddress(); -+ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); - - if (empty($email)) { - throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); diff --git a/patches/008-readonly-email-input.patch b/patches/008-readonly-email-input.patch deleted file mode 100644 index 6ffe91cc..00000000 --- a/patches/008-readonly-email-input.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- personal.info.original.php 2021-03-19 16:10:31.527079347 +0530 -+++ personal.info.php 2021-03-19 16:12:12.689345081 +0530 -@@ -150,7 +150,7 @@ - - placeholder="t('Your email address')); ?>" -- autocomplete="on" autocapitalize="none" autocorrect="off" /> -+ autocomplete="on" autocapitalize="none" autocorrect="off" readonly /> - - - -- GitLab