// Check if first-run file migration has already been performed\r
$ready = false;\r
$migrationStatus = $util->getMigrationStatus();\r
- if ($migrationStatus === Util::MIGRATION_OPEN) {\r
+ if ($migrationStatus === Util::MIGRATION_OPEN && $session !== false) {\r
$ready = $util->beginMigration();\r
} elseif ($migrationStatus === Util::MIGRATION_IN_PROGRESS) {\r
// refuse login as long as the initial encryption is running\r
$util = new Util($view, $user);\r
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;\r
\r
+ // we generate new keys if...\r
+ // ...we have a recovery password and the user enabled the recovery key\r
+ // ...encryption was activated for the first time (no keys exists)\r
+ // ...the user doesn't have any files\r
if (($util->recoveryEnabledForUser() && $recoveryPassword)\r
- || !$util->userKeysExists()) {\r
+ || !$util->userKeysExists()\r
+ || !$view->file_exists($user . '/files')) {\r
\r
- $recoveryPassword = $params['recoveryPassword'];\r
$newUserPassword = $params['password'];\r
\r
// make sure that the users home is mounted\r
$this->rootView->unlink('/' . self::TEST_ENCRYPTION_HOOKS_USER1 . '/files/' . $this->folder);
}
+ /**
+ * @brief replacing encryption keys during password change should be allowed
+ * until the user logged in for the first time
+ */
+ public function testSetPassphrase() {
+
+ $view = new \OC\Files\View();
+
+ // set user password for the first time
+ \OCA\Encryption\Hooks::postCreateUser(array('uid' => 'newUser', 'password' => 'newUserPassword'));
+
+ $this->assertTrue($view->file_exists('public-keys/newUser.public.key'));
+ $this->assertTrue($view->file_exists('newUser/files_encryption/newUser.private.key'));
+
+ // check if we are able to decrypt the private key
+ $encryptedKey = \OCA\Encryption\Keymanager::getPrivateKey($view, 'newUser');
+ $privateKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, 'newUserPassword');
+ $this->assertTrue(is_string($privateKey));
+
+ // change the password before the user logged-in for the first time,
+ // we can replace the encryption keys
+ \OCA\Encryption\Hooks::setPassphrase(array('uid' => 'newUser', 'password' => 'passwordChanged'));
+
+ $encryptedKey = \OCA\Encryption\Keymanager::getPrivateKey($view, 'newUser');
+ $privateKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
+ $this->assertTrue(is_string($privateKey));
+
+ // now create a files folder to simulate a already used account
+ $view->mkdir('/newUser/files');
+
+ // change the password after the user logged in, now the password should not change
+ \OCA\Encryption\Hooks::setPassphrase(array('uid' => 'newUser', 'password' => 'passwordChanged2'));
+
+ $encryptedKey = \OCA\Encryption\Keymanager::getPrivateKey($view, 'newUser');
+ $privateKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged2');
+ $this->assertFalse($privateKey);
+
+ $privateKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
+ $this->assertTrue(is_string($privateKey));
+
+ }
+
}
projects / nextcloud-server.git / commitdiff