<default>0</default>
<comments>Whether encryption migration has been performed</comments>
</field>
+ <field>
+ <name>initialized</name>
+ <type>integer</type>
+ <notnull>true</notnull>
+ <default>0</default>
+ <comments>Did the user initialized the encryption app at least once</comments>
+ </field>
</declaration>
</table>
</database>
\ No newline at end of file
$l = OC_L10N::get('files_encryption');
- $errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
+ $errorMsg = $l->t('Your private key is not valid! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app. If this doesn\'t help maybe your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
if(isset($_GET['p']) && $_GET['p'] === '1') {
header('HTTP/1.0 404 ' . $errorMsg);
// If migration not yet done\r
if ($ready) {\r
\r
+ $util->setInitialized(Util::ENCRYPTION_INITIALIZED);\r
+\r
$userView = new \OC_FilesystemView('/' . $params['uid']);\r
\r
- // Set legacy encryption key if it exists, to support \r
+ // Set legacy encryption key if it exists, to support\r
// depreciated encryption system\r
if (\r
$userView->file_exists('encryption.key')\r
* @brief If the password can't be changed within ownCloud, than update the key password in advance.\r
*/\r
public static function preSetPassphrase($params) {\r
+ return true;\r
if ( ! \OC_User::canUserChangePassword($params['uid']) ) {\r
self::setPassphrase($params);\r
}\r
* @param array $params keys: uid, password\r
*/\r
public static function setPassphrase($params) {\r
-\r
+ return true;\r
// Only attempt to change passphrase if server-side encryption\r
// is in use (client-side encryption does not have access to\r
// the necessary keys)\r
$params['run'] = false;\r
$params['error'] = $l->t('Following users are not set up for encryption:') . ' ' . join(', ' , $notConfigured);\r
}\r
- \r
+\r
}\r
\r
/**\r
// NOTE: $params has keys:\r
// [itemType] => file\r
// itemSource -> int, filecache file ID\r
- // [parent] => \r
+ // [parent] =>\r
// [itemTarget] => /13\r
// shareWith -> string, uid of user being shared to\r
// fileTarget -> path of file being shared\r
// NOTE: parent is folder but shared was a file!\r
// we try to rebuild the missing path\r
// some examples we face here\r
- // user1 share folder1 with user2 folder1 has \r
- // the following structure \r
+ // user1 share folder1 with user2 folder1 has\r
+ // the following structure\r
// /folder1/subfolder1/subsubfolder1/somefile.txt\r
// user2 re-share subfolder2 with user3\r
// user3 re-share somefile.txt user4\r
- // so our path should be \r
- // /Shared/subfolder1/subsubfolder1/somefile.txt \r
+ // so our path should be\r
+ // /Shared/subfolder1/subsubfolder1/somefile.txt\r
// while user3 is sharing\r
\r
if ($params['itemType'] === 'file') {\r
}\r
\r
/**\r
- * set migration status back to '0' so that all new files get encrypted\r
+ * set migration status and the init status back to '0' so that all new files get encrypted\r
* if the app gets enabled again\r
* @param array $params contains the app ID\r
*/\r
public static function preDisable($params) {\r
if ($params['app'] === 'files_encryption') {\r
- $query = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');\r
- $query->execute();\r
+\r
+ $setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');\r
+ $setMigrationStatus->execute();\r
+\r
+ $setInitStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `initialized`=0');\r
+ $setInitStatus->execute();\r
}\r
}\r
\r
public static function stripUserFilesPath($path) {
$trimmed = ltrim($path, '/');
$split = explode('/', $trimmed);
-
+
// it is not a file relative to data/user/files
if (count($split) < 3 || $split[1] !== 'files') {
return false;
}
-
+
$sliced = array_slice($split, 2);
$relPath = implode('/', $sliced);
public static function getPathToRealFile($path) {
$trimmed = ltrim($path, '/');
$split = explode('/', $trimmed);
-
+
if (count($split) < 3 || $split[1] !== "files_versions") {
return false;
}
-
+
$sliced = array_slice($split, 2);
$realPath = implode('/', $sliced);
//remove the last .v
$realPath = substr($realPath, 0, strrpos($realPath, '.v'));
return $realPath;
- }
-
+ }
+
/**
* @brief redirect to a error page
*/
- public static function redirectToErrorPage() {
- $location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php');
- $post = 0;
+ public static function redirectToErrorPage($util) {
+
+ $l = \OC_L10N::get('files_encryption');
+
+ if ($util->getInitialized() === false) {
+ $errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
+ } else {
+ $errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
+ }
+
if(count($_POST) > 0) {
- $post = 1;
+ header('HTTP/1.0 404 ' . $errorMsg);
+ }
+
+ // check if ajax request
+ if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+ \OCP\JSON::error(array('data' => array('message' => $errorMsg)));
+ } else {
+ header('HTTP/1.0 404 ' . $errorMsg);
+ $tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest');
+ $tmpl->printPage();
}
- header('Location: ' . $location . '?p=' . $post);
- exit();
+
+ exit;
}
/**
return (bool) $result;
}
-
+
/**
* check some common errors if the server isn't configured properly for encryption
* @return bool true if configuration seems to be OK
* @return bool
*/
public function stream_open($path, $mode, $options, &$opened_path) {
-
+
// assume that the file already exist before we decide it finally in getKey()
$this->newFile = false;
if ($this->relPath === false) {
$this->relPath = Helper::getPathToRealFile($this->rawPath);
}
-
+
if($this->relPath === false) {
\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to user/files or to user/files_versions', \OCP\Util::ERROR);
return false;
}
-
+
// Disable fileproxies so we can get the file size and open the source file without recursive encryption
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if($this->privateKey === false) {
// if private key is not valid redirect user to a error page
- \OCA\Encryption\Helper::redirectToErrorPage();
+ \OCA\Encryption\Helper::redirectToErrorPage($util);
}
$this->size = $this->rootView->filesize($this->rawPath, $mode);
} else {
$this->newFile = true;
-
+
return false;
}
return strlen($data);
}
- // Disable the file proxies so that encryption is not
- // automatically attempted when the file is written to disk -
- // we are handling that separately here and we don't want to
+ // Disable the file proxies so that encryption is not
+ // automatically attempted when the file is written to disk -
+ // we are handling that separately here and we don't want to
// get into an infinite loop
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$pointer = ftell($this->handle);
// Get / generate the keyfile for the file we're handling
- // If we're writing a new file (not overwriting an existing
+ // If we're writing a new file (not overwriting an existing
// one), save the newly generated keyfile
if (!$this->getKey()) {
}
- // If extra data is left over from the last round, make sure it
+ // If extra data is left over from the last round, make sure it
// is integrated into the next 6126 / 8192 block
if ($this->writeCache) {
if ($remainingLength < 6126) {
// Set writeCache to contents of $data
- // The writeCache will be carried over to the
- // next write round, and added to the start of
- // $data to ensure that written blocks are
- // always the correct length. If there is still
- // data in writeCache after the writing round
- // has finished, then the data will be written
+ // The writeCache will be carried over to the
+ // next write round, and added to the start of
+ // $data to ensure that written blocks are
+ // always the correct length. If there is still
+ // data in writeCache after the writing round
+ // has finished, then the data will be written
// to disk by $this->flush().
$this->writeCache = $data;
$encrypted = $this->preWriteEncrypt($chunk, $this->plainKey);
- // Write the data chunk to disk. This will be
+ // Write the data chunk to disk. This will be
// attended to the last data chunk if the file
// being handled totals more than 6126 bytes
fwrite($this->handle, $encrypted);
const MIGRATION_IN_PROGRESS = -1; // migration is running
const MIGRATION_OPEN = 0; // user still needs to be migrated
+ const ENCRYPTION_INITIALIZED = 1;
+ const ENCRYPTION_NOT_INITIALIZED = 0;
private $view; // OC_FilesystemView object for filesystem operations
private $userId; // ID of the currently logged-in user
return $return;
}
+ /**
+ * set remember if the encryption app was already initialized or not
+ * @param type $status
+ */
+ public function setInitialized($status) {
+ $sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
+ $args = array($status, $this->userId);
+ $query = \OCP\DB::prepare($sql);
+ $query->execute($args);
+ }
+
+ /**
+ * set remember if the encryption app was already initialized or not
+ */
+ public function getInitialized() {
+ $sql = 'SELECT `initialized` FROM `*PREFIX*encryption` WHERE `uid` = ?';
+ $args = array($this->userId);
+ $query = \OCP\DB::prepare($sql);
+
+ $result = $query->execute($args);
+ $initializedStatus = null;
+
+ if (\OCP\DB::isError($result)) {
+ \OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
+ } else {
+ if ($result->numRows() > 0) {
+ $row = $result->fetchRow();
+ if (isset($row['initialized'])) {
+ $initializedStatus = (int)$row['initialized'];
+ }
+ }
+ }
+
+ // If no record is found
+ if (empty($initializedStatus)) {
+ \OCP\Util::writeLog('Encryption library', "Could not get initialized status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
+ return false;
+ // If a record is found
+ } else {
+ return (bool)$initializedStatus;
+ }
+
+
+
+ $sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
+ $args = array($status, $this->userId);
+ $query = \OCP\DB::prepare($sql);
+ $query->execute($args);
+ }
+
/**
* @brief close migration mode after users data has been encrypted successfully
* @return boolean
projects / nextcloud-server.git / commitdiff