Prevent running FixEncryptedVersion without master key

Return an error when running occ encryption:fix-encrypted-version
when master key encryption is not enabled.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>

diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php
index e2181f9a229179a5564c460c2dc83f916ab6be02..a85a96258fcf409fc0d50081653fac33f63eb380 100644 (file)
--- a/apps/encryption/lib/Command/FixEncryptedVersion.php
+++ b/apps/encryption/lib/Command/FixEncryptedVersion.php
@@ -24,6 +24,7 @@ namespace OCA\Encryption\Command;
 
 use OC\Files\View;
 use OC\HintException;
+use OCA\Encryption\Util;
 use OCP\Files\IRootFolder;
 use OCP\IConfig;
 use OCP\ILogger;
@@ -46,14 +47,25 @@ class FixEncryptedVersion extends Command {
        /** @var IUserManager  */
        private $userManager;
 
+       /** @var Util */
+       private $util;
+
        /** @var View  */
        private $view;
 
-       public function __construct(IConfig $config, ILogger $logger, IRootFolder $rootFolder, IUserManager $userManager, View $view) {
+       public function __construct(
+               IConfig $config,
+               ILogger $logger,
+               IRootFolder $rootFolder,
+               IUserManager $userManager,
+               Util $util,
+               View $view
+       ) {
                $this->config = $config;
                $this->logger = $logger;
                $this->rootFolder = $rootFolder;
                $this->userManager = $userManager;
+               $this->util = $util;
                $this->view = $view;
                parent::__construct();
        }
@@ -89,6 +101,11 @@ class FixEncryptedVersion extends Command {
                        return 1;
                }
 
+               if (!$this->util->isMasterKeyEnabled()) {
+                       $output->writeln("<error>Repairing only works with master key encryption.</error>\n");
+                       return 1;
+               }
+
                $user = (string)$input->getArgument('user');
                $pathToWalk = "/$user/files";
 

diff --git a/apps/encryption/tests/Command/FixEncryptedVersionTest.php b/apps/encryption/tests/Command/FixEncryptedVersionTest.php
index a530275784ae88a847c28321f98bd9460cf5855a..22ae239aec23d6e66ec47a6b5c7808884b33ddba 100644 (file)
--- a/apps/encryption/tests/Command/FixEncryptedVersionTest.php
+++ b/apps/encryption/tests/Command/FixEncryptedVersionTest.php
@@ -23,6 +23,7 @@ namespace OCA\Encryption\Tests\Command;
 
 use OC\Files\View;
 use OCA\Encryption\Command\FixEncryptedVersion;
+use OCA\Encryption\Util;
 use Symfony\Component\Console\Tester\CommandTester;
 use Test\TestCase;
 use Test\Traits\EncryptionTrait;
@@ -48,11 +49,17 @@ class FixEncryptedVersionTest extends TestCase {
        /** @var CommandTester */
        private $commandTester;
 
+       /** @var Util|\PHPUnit\Framework\MockObject\MockObject */
+       protected $util;
+
        public function setUp(): void {
                parent::setUp();
 
                \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '1');
 
+               $this->util = $this->getMockBuilder(Util::class)
+                       ->disableOriginalConstructor()->getMock();
+
                $this->userId = $this->getUniqueId('user_');
 
                $this->createUser($this->userId, 'foo12345678');
@@ -66,6 +73,7 @@ class FixEncryptedVersionTest extends TestCase {
                        \OC::$server->getLogger(),
                        \OC::$server->getRootFolder(),
                        \OC::$server->getUserManager(),
+                       $this->util,
                        new View('/')
                );
                $this->commandTester = new CommandTester($this->fixEncryptedVersion);
@@ -80,6 +88,9 @@ class FixEncryptedVersionTest extends TestCase {
         * but greater than zero
         */
        public function testEncryptedVersionLessThanOriginalValue() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $view = new View("/" . $this->userId . "/files");
 
                $view->touch('hello.txt');
@@ -145,6 +156,9 @@ Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output);
         * but greater than zero
         */
        public function testEncryptedVersionGreaterThanOriginalValue() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $view = new View("/" . $this->userId . "/files");
 
                $view->touch('hello.txt');
@@ -201,6 +215,9 @@ Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output);
        }
 
        public function testVersionIsRestoredToOriginalIfNoFixIsFound() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $view = new View("/" . $this->userId . "/files");
 
                $view->touch('bar.txt');
@@ -231,6 +248,9 @@ Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output);
         * Test commands with a file path
         */
        public function testExecuteWithFilePathOption() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $view = new View("/" . $this->userId . "/files");
 
                $view->touch('hello.txt');
@@ -252,6 +272,9 @@ The file \"/$this->userId/files/hello.txt\" is: OK", $output);
         * Test commands with a directory path
         */
        public function testExecuteWithDirectoryPathOption() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $view = new View("/" . $this->userId . "/files");
 
                $view->mkdir('sub');
@@ -274,6 +297,9 @@ The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output);
         * Test commands with a directory path
         */
        public function testExecuteWithNoUser() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $this->commandTester->execute([
                        'user' => null,
                        '--path' => "/"
@@ -288,6 +314,9 @@ The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output);
         * Test commands with a directory path
         */
        public function testExecuteWithNonExistentPath() {
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(true);
+
                $this->commandTester->execute([
                        'user' => $this->userId,
                        '--path' => '/non-exist'
@@ -297,4 +326,21 @@ The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output);
 
                $this->assertStringContainsString('Please provide a valid path.', $output);
        }
+
+       /**
+        * Test commands without master key
+        */
+       public function testExecuteWithNoMasterKey() {
+               \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '0');
+               $this->util->expects($this->once())->method('isMasterKeyEnabled')
+                       ->willReturn(false);
+
+               $this->commandTester->execute([
+                       'user' => $this->userId,
+               ]);
+
+               $output = $this->commandTester->getDisplay();
+
+               $this->assertStringContainsString('only works with master key', $output);
+       }
 }