Do not expose direct editing if no master key is available

author Julius Härtl <jus@bitgrid.net>

Tue, 25 Aug 2020 15:12:27 +0000 (17:12 +0200)

committer Julius Härtl <jus@bitgrid.net>

Tue, 1 Sep 2020 09:40:27 +0000 (11:40 +0200)
author Julius Härtl <jus@bitgrid.net>
Tue, 25 Aug 2020 15:12:27 +0000 (17:12 +0200)
committer Julius Härtl <jus@bitgrid.net>
Tue, 1 Sep 2020 09:40:27 +0000 (11:40 +0200)
diff --git a/apps/files/lib/Controller/DirectEditingController.php b/apps/files/lib/Controller/DirectEditingController.php

index b29316aff32e27e2134ebf02375ff96e41bb1179..a2e765072f2d4951756102a4e8241c13ab38daee 100644 (file)
--- a/apps/files/lib/Controller/DirectEditingController.php
+++ b/apps/files/lib/Controller/DirectEditingController.php
@@ -76,6 +76,9 @@ class DirectEditingController extends OCSController {
          * @NoAdminRequired
          */
         public function create(string $path, string $editorId, string $creatorId, string $templateId = null): DataResponse {
+               if (!$this->directEditingManager->isEnabled()) {
+                       return new DataResponse(['message' => 'Direct editing is not enabled'], Http::STATUS_INTERNAL_SERVER_ERROR);
+               }
                 $this->eventDispatcher->dispatchTyped(new RegisterDirectEditorEvent($this->directEditingManager));
  
                 try {
@@ -85,7 +88,7 @@ class DirectEditingController extends OCSController {
                         ]);
                 } catch (Exception $e) {
                         $this->logger->logException($e, ['message' => 'Exception when creating a new file through direct editing']);
-                       return new DataResponse('Failed to create file: ' . $e->getMessage(), Http::STATUS_FORBIDDEN);
+                       return new DataResponse(['message' => 'Failed to create file: ' . $e->getMessage()], Http::STATUS_FORBIDDEN);
                 }
         }
  
@@ -93,6 +96,9 @@ class DirectEditingController extends OCSController {
          * @NoAdminRequired
          */
         public function open(string $path, string $editorId = null): DataResponse {
+               if (!$this->directEditingManager->isEnabled()) {
+                       return new DataResponse(['message' => 'Direct editing is not enabled'], Http::STATUS_INTERNAL_SERVER_ERROR);
+               }
                 $this->eventDispatcher->dispatchTyped(new RegisterDirectEditorEvent($this->directEditingManager));
  
                 try {
@@ -102,7 +108,7 @@ class DirectEditingController extends OCSController {
                         ]);
                 } catch (Exception $e) {
                         $this->logger->logException($e, ['message' => 'Exception when opening a file through direct editing']);
-                       return new DataResponse('Failed to open file: ' . $e->getMessage(), Http::STATUS_FORBIDDEN);
+                       return new DataResponse(['message' => 'Failed to open file: ' . $e->getMessage()], Http::STATUS_FORBIDDEN);
                 }
         }
  
@@ -112,13 +118,16 @@ class DirectEditingController extends OCSController {
          * @NoAdminRequired
          */
         public function templates(string $editorId, string $creatorId): DataResponse {
+               if (!$this->directEditingManager->isEnabled()) {
+                       return new DataResponse(['message' => 'Direct editing is not enabled'], Http::STATUS_INTERNAL_SERVER_ERROR);
+               }
                 $this->eventDispatcher->dispatchTyped(new RegisterDirectEditorEvent($this->directEditingManager));
  
                 try {
                         return new DataResponse($this->directEditingManager->getTemplates($editorId, $creatorId));
                 } catch (Exception $e) {
                         $this->logger->logException($e);
-                       return new DataResponse('Failed to obtain template list: ' . $e->getMessage(), Http::STATUS_INTERNAL_SERVER_ERROR);
+                       return new DataResponse(['message' => 'Failed to obtain template list: ' . $e->getMessage()], Http::STATUS_INTERNAL_SERVER_ERROR);
                 }
         }
  }
diff --git a/apps/files/lib/Service/DirectEditingService.php b/apps/files/lib/Service/DirectEditingService.php

index 91e6a0acbb2cd7aae3b626dec5eb9977418f016b..cc9ee54d45e0761eaa07931646f08c1ece5af015 100644 (file)
--- a/apps/files/lib/Service/DirectEditingService.php
+++ b/apps/files/lib/Service/DirectEditingService.php
@@ -55,6 +55,10 @@ class DirectEditingService {
                         'creators' => []
                 ];
  
+               if (!$this->directEditingManager->isEnabled()) {
+                       return $capabilities;
+               }
+
                 /**
                  * @var string $id
                  * @var IEditor $editor
diff --git a/lib/private/DirectEditing/Manager.php b/lib/private/DirectEditing/Manager.php

index c3098fb1a979ba12016a431a24e9a025f613a038..3542aeed252105a608faa30765e107162bbbc0ac 100644 (file)
--- a/lib/private/DirectEditing/Manager.php
+++ b/lib/private/DirectEditing/Manager.php
@@ -35,6 +35,7 @@ use OCP\DirectEditing\ACreateFromTemplate;
  use OCP\DirectEditing\IEditor;
  use \OCP\DirectEditing\IManager;
  use OCP\DirectEditing\IToken;
+use OCP\Encryption\IManager as EncryptionManager;
  use OCP\Files\File;
  use OCP\Files\IRootFolder;
  use OCP\Files\Node;
@@ -45,6 +46,7 @@ use OCP\IUserSession;
  use OCP\L10N\IFactory;
  use OCP\Security\ISecureRandom;
  use OCP\Share\IShare;
+use Throwable;
  use function array_key_exists;
  use function in_array;
  
@@ -55,30 +57,33 @@ class Manager implements IManager {
  
         /** @var IEditor[] */
         private $editors = [];
-
         /** @var IDBConnection */
         private $connection;
-       /**
-        * @var ISecureRandom
-        */
+       /** @var ISecureRandom */
         private $random;
+       /** @var string|null */
         private $userId;
+       /** @var IRootFolder */
         private $rootFolder;
         /** @var IL10N */
         private $l10n;
+       /** @var EncryptionManager */
+       private $encryptionManager;
  
         public function __construct(
                 ISecureRandom $random,
                 IDBConnection $connection,
                 IUserSession $userSession,
                 IRootFolder $rootFolder,
-               IFactory $l10nFactory
+               IFactory $l10nFactory,
+               EncryptionManager $encryptionManager
         ) {
                 $this->random = $random;
                 $this->connection = $connection;
                 $this->userId = $userSession->getUser() ? $userSession->getUser()->getUID() : null;
                 $this->rootFolder = $rootFolder;
                 $this->l10n = $l10nFactory->get('core');
+               $this->encryptionManager = $encryptionManager;
         }
  
         public function registerDirectEditor(IEditor $directEditor): void {
@@ -171,7 +176,7 @@ class Manager implements IManager {
                         }
                         $editor = $this->getEditor($tokenObject->getEditor());
                         $this->accessToken($token);
-               } catch (\Throwable $throwable) {
+               } catch (Throwable $throwable) {
                         $this->invalidateToken($token);
                         return new NotFoundResponse();
                 }
@@ -275,4 +280,22 @@ class Manager implements IManager {
                 }
                 return $files[0];
         }
+
+       public function isEnabled(): bool {
+               if (!$this->encryptionManager->isEnabled()) {
+                       return true;
+               }
+
+               try {
+                       $moduleId = $this->encryptionManager->getDefaultEncryptionModuleId();
+                       $module = $this->encryptionManager->getEncryptionModule($moduleId);
+                       /** @var \OCA\Encryption\Util $util */
+                       $util = \OC::$server->get(\OCA\Encryption\Util::class);
+                       if ($module->isReadyForUser($this->userId) && $util->isMasterKeyEnabled()) {
+                               return true;
+                       }
+               } catch (Throwable $e) {
+               }
+               return false;
+       }
  }
diff --git a/lib/public/DirectEditing/IManager.php b/lib/public/DirectEditing/IManager.php

index bc45d0a45c67e44d3a67c26425adc531dc718866..ce39d014193b85b70404f13dbe2be76b1d194dab 100644 (file)
--- a/lib/public/DirectEditing/IManager.php
+++ b/lib/public/DirectEditing/IManager.php
@@ -84,4 +84,12 @@ interface IManager {
          * @return int number of deleted tokens
          */
         public function cleanup(): int;
+
+       /**
+        * Check if direct editing is enabled
+        *
+        * @since 20.0.0
+        * @return bool
+        */
+       public function isEnabled(): bool;
  }
diff --git a/tests/lib/DirectEditing/ManagerTest.php b/tests/lib/DirectEditing/ManagerTest.php

index 84685d3a16b09fa6ea0e7dc7a9bd36ceefcc77e4..73bb4a836d80e62475ecac040d2f802b2e4f31cf 100644 (file)
--- a/tests/lib/DirectEditing/ManagerTest.php
+++ b/tests/lib/DirectEditing/ManagerTest.php
@@ -10,6 +10,7 @@ use OCP\AppFramework\Http\Response;
  use OCP\DirectEditing\ACreateEmpty;
  use OCP\DirectEditing\IEditor;
  use OCP\DirectEditing\IToken;
+use OCP\Encryption\IManager;
  use OCP\Files\Folder;
  use OCP\Files\IRootFolder;
  use OCP\IDBConnection;
@@ -104,6 +105,10 @@ class ManagerTest extends TestCase {
          * @var MockObject|Folder
          */
         private $userFolder;
+       /**
+        * @var MockObject|IManager
+        */
+       private $encryptionManager;
  
         protected function setUp(): void {
                 parent::setUp();
@@ -116,6 +121,7 @@ class ManagerTest extends TestCase {
                 $this->rootFolder = $this->createMock(IRootFolder::class);
                 $this->userFolder = $this->createMock(Folder::class);
                 $this->l10n = $this->createMock(IL10N::class);
+               $this->encryptionManager = $this->createMock(IManager::class);
  
                 $l10nFactory = $this->createMock(IFactory::class);
                 $l10nFactory->expects($this->once())
@@ -128,7 +134,7 @@ class ManagerTest extends TestCase {
                         ->willReturn($this->userFolder);
  
                 $this->manager = new Manager(
-                       $this->random, $this->connection, $this->userSession, $this->rootFolder, $l10nFactory
+                       $this->random, $this->connection, $this->userSession, $this->rootFolder, $l10nFactory, $this->encryptionManager
                 );
  
                 $this->manager->registerDirectEditor($this->editor);
author	Julius Härtl <jus@bitgrid.net>
	Tue, 25 Aug 2020 15:12:27 +0000 (17:12 +0200)
committer	Julius Härtl <jus@bitgrid.net>
	Tue, 1 Sep 2020 09:40:27 +0000 (11:40 +0200)
apps/files/lib/Controller/DirectEditingController.php		patch \| blob \| history
apps/files/lib/Service/DirectEditingService.php		patch \| blob \| history
lib/private/DirectEditing/Manager.php		patch \| blob \| history
lib/public/DirectEditing/IManager.php		patch \| blob \| history
tests/lib/DirectEditing/ManagerTest.php		patch \| blob \| history