[Owncloud] SOLVED: one-time password support/account generation by script?

Stefan Vollmar vollmar at nf.mpg.de
Thu Aug 29 16:39:31 UTC 2013


Hello,

we have recently evaluated OwnCloud for use at our institute and I have mentioned before that we were impressed with many features of OwnCloud (positive feedback from our testers on several platforms, smooth installation, good architecture, nice interface). Our main concern so far has been the lack of a "one-time password support" (authentication by temporary token for first-time users who then have to choose a new password). Related to this is the need to create accounts in an automated fashion (for integration with other services, i.e. a ticketing system).

We now have a short PHP script that addresses these points using OwnCloud infrastructure, our solution requires the MySQL backend. Some details:

(1) the following commandline call creates a new user "Albert Einstein" with login "aeinstein", mail address "einstein at abc.de" and sends an E-mail to "einstein at abc.de" containing a link with an authentication token, enabling "aeinstein" to set his password (this is the only possible action with this link).

php mpinf_rpwd.php aeinstein "Albert Einstein" einstein at abc.de

(2) Our approach uses parts of OwnCloud's "lost password" feature, but our mail template is slightly different:

"[...] you have received this automatically generated
E-mail because you are either a new user at our
institute's OwnCloud-service or have requested to
reset your password. Please use the following link
to set a new (and strong) password:

https://owncloud.abc.de/index.php/lostpassword/reset/c06291c393cb4bbec191cd1d3eb8edcf2bcb727e9a0f045791b557446xsf6789/aeinstein

After setting the password, you can use the
service at
https://owncloud.abc.de
Username: aeinstein
[...]"

(3) Creating user entries in the MySQL database, including the E-mail settings:

$stmt = $db->query("SELECT * FROM oc_users WHERE uid="
                  .$db->quote($login));
$row =$stmt->fetch(); 
if ($row) {
   print "*** ERROR: login already exists with display name: \""
       .$row["displayname"]."\"\n";
   die ();
}

print "* login does not yet exist: OK.\n";
$stmt = $db->exec("INSERT INTO oc_users (uid, displayname, password)"
                 ." VALUES ("
                 .$db->quote($login).","
                 .$db->quote($display).","
                 .$db->quote($password)
                 .")");

$stmt = $db->exec("INSERT INTO oc_preferences"
                 ." VALUES ("
                 .$db->quote($login).","
                 .$db->quote("files").","
                 .$db->quote("cache_version").","
                 .$db->quote("5")
                 .")");

$stmt = $db->exec("INSERT INTO oc_preferences"
                 ." VALUES ("
                 .$db->quote($login).","
                 .$db->quote("settings").","
                 .$db->quote("email").","
                 .$db->quote($email)
                 .")");

(4) Using OwnCloud's "Lost-Password"-Infrastructure:

require_once 'lib/base.php';
...
$token = hash('sha256',
    OC_Util::generate_random_bytes(30).OC_Config::getValue('passwordsalt', ''));
OC_Preferences::setValue($login, 'owncloud', 'lostpassword', 
    hash('sha256', $token)); 
$email = OC_Preferences::getValue($login, 'settings', 'email', '');
$link = OC_Helper::linkToRoute('core_lostpassword_reset',
    array('user' => $login, 'token' => $token));
...
// insert $link into our own mail template, sent to $email

This approach seems to work well for us and we hope other users find it useful, too.
Best regards,
 Stefan
-- 
Dr. Stefan Vollmar, Dipl.-Phys.
Head of IT group
Max-Planck-Institut für neurologische Forschung
Gleueler Str. 50, 50931 Köln, Germany
Tel.: +49-221-4726-213  FAX +49-221-4726-298
Tel.: +49-221-478-5713  Mobile: 0160-93874279
E-Mail: vollmar at nf.mpg.de   http://www.nf.mpg.de








-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4490 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130829/44ae104e/attachment.bin>


More information about the Owncloud mailing list