Only prevent disabling encrytion via the API

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/apps/provisioning_api/lib/Controller/AppConfigController.php b/apps/provisioning_api/lib/Controller/AppConfigController.php
index 6e61e10a2f23b1d9d8bc06430184292309e9482c..eda46ee8e2c0147fc69e699feba5a9d7690bf187 100644 (file)
--- a/apps/provisioning_api/lib/Controller/AppConfigController.php
+++ b/apps/provisioning_api/lib/Controller/AppConfigController.php
@@ -106,7 +106,7 @@ class AppConfigController extends OCSController {
        public function setValue(string $app, string $key, string $value): DataResponse {
                try {
                        $this->verifyAppId($app);
-                       $this->verifyConfigKey($app, $key);
+                       $this->verifyConfigKey($app, $key, $value);
                } catch (\InvalidArgumentException $e) {
                        return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN);
                }
@@ -124,7 +124,7 @@ class AppConfigController extends OCSController {
        public function deleteKey(string $app, string $key): DataResponse {
                try {
                        $this->verifyAppId($app);
-                       $this->verifyConfigKey($app, $key);
+                       $this->verifyConfigKey($app, $key, '');
                } catch (\InvalidArgumentException $e) {
                        return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN);
                }
@@ -146,14 +146,19 @@ class AppConfigController extends OCSController {
        /**
         * @param string $app
         * @param string $key
+        * @param string $value
         * @throws \InvalidArgumentException
         */
-       protected function verifyConfigKey(string $app, string $key) {
+       protected function verifyConfigKey(string $app, string $key, string $value) {
                if (in_array($key, ['installed_version', 'enabled', 'types'])) {
                        throw new \InvalidArgumentException('The given key can not be set');
                }
 
-               if ($app === 'core' && ($key === 'encryption_enabled' || strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) {
+               if ($app === 'core' && $key === 'encryption_enabled' && $value !== 'yes') {
+                       throw new \InvalidArgumentException('The given key can not be set');
+               }
+
+               if ($app === 'core' && (strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) {
                        throw new \InvalidArgumentException('The given key can not be set');
                }
        }

diff --git a/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php b/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php
index 2f299b58586a552ef2059af9260cefcba294a4f4..c9b762d1fb471114b7580a8617c8f3d8abca7cc7 100644 (file)
--- a/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php
+++ b/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php
@@ -342,9 +342,10 @@ class AppConfigControllerTest extends TestCase {
 
        public function dataVerifyConfigKey() {
                return [
-                       ['activity', 'abc'],
-                       ['dav', 'public_route'],
-                       ['files', 'remote_route'],
+                       ['activity', 'abc', ''],
+                       ['dav', 'public_route', ''],
+                       ['files', 'remote_route', ''],
+                       ['core', 'encryption_enabled', 'yes'],
                ];
        }
 
@@ -352,22 +353,25 @@ class AppConfigControllerTest extends TestCase {
         * @dataProvider dataVerifyConfigKey
         * @param string $app
         * @param string $key
+        * @param string $value
         */
-       public function testVerifyConfigKey($app, $key) {
+       public function testVerifyConfigKey($app, $key, $value) {
                $api = $this->getInstance();
-               $this->invokePrivate($api, 'verifyConfigKey', [$app, $key]);
+               $this->invokePrivate($api, 'verifyConfigKey', [$app, $key, $value]);
                $this->addToAssertionCount(1);
        }
 
        public function dataVerifyConfigKeyThrows() {
                return [
-                       ['activity', 'installed_version'],
-                       ['calendar', 'enabled'],
-                       ['contacts', 'types'],
-                       ['core', 'public_files'],
-                       ['core', 'public_dav'],
-                       ['core', 'remote_files'],
-                       ['core', 'remote_dav'],
+                       ['activity', 'installed_version', ''],
+                       ['calendar', 'enabled', ''],
+                       ['contacts', 'types', ''],
+                       ['core', 'encryption_enabled', 'no'],
+                       ['core', 'encryption_enabled', ''],
+                       ['core', 'public_files', ''],
+                       ['core', 'public_dav', ''],
+                       ['core', 'remote_files', ''],
+                       ['core', 'remote_dav', ''],
                ];
        }
 
@@ -376,9 +380,10 @@ class AppConfigControllerTest extends TestCase {
         * @expectedException \InvalidArgumentException
         * @param string $app
         * @param string $key
+        * @param string $value
         */
-       public function testVerifyConfigKeyThrows($app, $key) {
+       public function testVerifyConfigKeyThrows($app, $key, $value) {
                $api = $this->getInstance();
-               $this->invokePrivate($api, 'verifyConfigKey', [$app, $key]);
+               $this->invokePrivate($api, 'verifyConfigKey', [$app, $key, $value]);
        }
 }