From: Bjoern Schiessle Date: Tue, 31 Mar 2015 15:13:36 +0000 (+0200) Subject: let user enable recovery key X-Git-Tag: v8.1.0alpha1~78^2~63 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=1358d07d3516ffb6ecedc451bd1a0ad60d3cb673;p=nextcloud-server.git let user enable recovery key --- diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php index 372d49e5ef7..955146f7182 100644 --- a/apps/encryption/appinfo/application.php +++ b/apps/encryption/appinfo/application.php @@ -124,7 +124,8 @@ class Application extends \OCP\AppFramework\App { $server->getConfig(), $server->getUserSession(), new \OCA\Encryption\Session($server->getSession()), - $server->getLogger() + $server->getLogger(), + $c->query('Util') ); }); @@ -167,8 +168,12 @@ class Application extends \OCP\AppFramework\App { function (IAppContainer $c) { $server = $c->getServer(); - return new Util(new View(), $c->query('Crypt'), $c->query('KeyManager'), $server->getLogger(), $server->getUserSession(), $server->getConfig() - ); + return new Util( + new View(), + $c->query('Crypt'), + $server->getLogger(), + $server->getUserSession(), + $server->getConfig()); }); } diff --git a/apps/encryption/js/settings-personal.js b/apps/encryption/js/settings-personal.js index 7f0f4c6c26d..dcfbba4ecde 100644 --- a/apps/encryption/js/settings-personal.js +++ b/apps/encryption/js/settings-personal.js @@ -9,7 +9,7 @@ function updatePrivateKeyPasswd() { var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val(); OC.msg.startSaving('#encryption .msg'); $.post( - OC.filePath( 'files_encryption', 'ajax', 'updatePrivateKeyPassword.php' ) + OC.generateUrl('/apps/encryption/ajax/updatePrivateKeyPassword') , { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword } , function( data ) { if (data.status === "error") { diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php index 3c93f759407..aa620785824 100644 --- a/apps/encryption/lib/crypto/encryption.php +++ b/apps/encryption/lib/crypto/encryption.php @@ -131,6 +131,8 @@ class Encryption implements IEncryptionModule { $publicKeys[$uid] = $this->keymanager->getPublicKey($uid); } + $publicKeys = $this->keymanager->addSystemKeys($this->accessList, $publicKeys); + $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys); $this->keymanager->setAllFileKeys($path, $encryptedKeyfiles); } @@ -235,7 +237,7 @@ class Encryption implements IEncryptionModule { $publicKeys[$user] = $this->keymanager->getPublicKey($user); } - $publicKeys = $this->addSystemKeys($accessList, $publicKeys); + $publicKeys = $this->keymanager->addSystemKeys($accessList, $publicKeys); $encryptedFileKey = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 67a32d75908..9aae6fb2d9d 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -27,6 +27,7 @@ use OCA\Encryption\Exceptions\PrivateKeyMissingException; use OC\Encryption\Exceptions\PublicKeyMissingException; use OCA\Encryption\Crypto\Crypt; use OCP\Encryption\Keys\IStorage; +use OCA\Encryption\Util; use OCP\IConfig; use OCP\ILogger; use OCP\IUserSession; @@ -84,6 +85,10 @@ class KeyManager { * @var ILogger */ private $log; + /** + * @var Util + */ + private $util; /** * @param IStorage $keyStorage @@ -92,6 +97,7 @@ class KeyManager { * @param IUserSession $userSession * @param Session $session * @param ILogger $log + * @param Util $util */ public function __construct( IStorage $keyStorage, @@ -99,9 +105,11 @@ class KeyManager { IConfig $config, IUserSession $userSession, Session $session, - ILogger $log + ILogger $log, + Util $util ) { + $this->util = $util; $this->session = $session; $this->keyStorage = $keyStorage; $this->crypt = $crypt; @@ -153,7 +161,7 @@ class KeyManager { * @return bool */ public function recoveryKeyExists() { - return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId))); + return (!empty($this->keyStorage->getSystemUserKey($this->recoveryKeyId . '.publicKey'))); } /** @@ -471,4 +479,25 @@ class KeyManager { public function setSystemPrivateKey($keyId, $key) { return $this->keyStorage->setSystemUserKey($keyId . '.' . $this->privateKeyId, $key); } + + /** + * add system keys such as the public share key and the recovery key + * + * @param array $accessList + * @param array $publicKeys + * @return array + */ + public function addSystemKeys(array $accessList, array $publicKeys) { + if (!empty($accessList['public'])) { + $publicKeys[$this->getPublicShareKeyId()] = $this->getPublicShareKey(); + } + + if ($this->recoveryKeyExists() && + $this->util->isRecoveryEnabledForUser()) { + + $publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey(); + } + + return $publicKeys; + } } diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index 701c0934c95..b3da82a3cc5 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -90,7 +90,7 @@ class Recovery { IStorage $keyStorage, IFile $file, View $view) { - $this->user = $user && $user->isLoggedIn() ? $user->getUser() : false; + $this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false; $this->crypt = $crypt; $this->random = $random; $this->keyManager = $keyManager; @@ -180,7 +180,7 @@ class Recovery { $value); if ($value === '1') { - $this->addRecoveryKeys('/' . $this->user . '/files/'); + $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/'); } else { $this->removeRecoveryKeys(); } @@ -198,20 +198,22 @@ class Recovery { $dirContent = $this->view->getDirectoryContent($path); foreach ($dirContent as $item) { // get relative path from files_encryption/keyfiles/ - $filePath = $item['path']; + $filePath = $item->getPath(); if ($item['type'] === 'dir') { $this->addRecoveryKeys($filePath . '/'); } else { - $fileKey = $this->keyManager->getFileKey($filePath, $this->user); + $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID()); if (!empty($fileKey)) { - $accessList = $this->file->getAccessList($path); + $accessList = $this->file->getAccessList($filePath); $publicKeys = array(); foreach ($accessList['users'] as $uid) { - $publicKeys[$uid] = $this->keymanager->getPublicKey($uid); + $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); } + $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys); + $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); - $this->keymanager->setAllFileKeys($path, $encryptedKeyfiles); + $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles); } } } @@ -221,6 +223,7 @@ class Recovery { * remove recovery key to all encrypted files */ private function removeRecoveryKeys($path = '/') { + return true; $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); foreach ($dirContent as $item) { // get relative path from files_encryption/keyfiles diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php index 45891be5dad..6b6b8b6b38c 100644 --- a/apps/encryption/lib/util.php +++ b/apps/encryption/lib/util.php @@ -23,16 +23,13 @@ namespace OCA\Encryption; -use OC\Files\Filesystem; use OC\Files\View; use OCA\Encryption\Crypto\Crypt; -use OCP\App; use OCP\IConfig; use OCP\ILogger; use OCP\IUser; use OCP\IUserSession; use OCP\PreConditionNotMetException; -use OCP\Share; class Util { /** @@ -43,10 +40,6 @@ class Util { * @var Crypt */ private $crypt; - /** - * @var KeyManager - */ - private $keyManager; /** * @var ILogger */ @@ -65,21 +58,18 @@ class Util { * * @param View $files * @param Crypt $crypt - * @param KeyManager $keyManager * @param ILogger $logger * @param IUserSession $userSession * @param IConfig $config */ public function __construct(View $files, Crypt $crypt, - KeyManager $keyManager, ILogger $logger, IUserSession $userSession, IConfig $config ) { $this->files = $files; $this->crypt = $crypt; - $this->keyManager = $keyManager; $this->logger = $logger; $this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false; $this->config = $config; @@ -88,7 +78,7 @@ class Util { /** * @return bool */ - public function recoveryEnabledForUser() { + public function isRecoveryEnabledForUser() { $recoveryMode = $this->config->getUserValue($this->user->getUID(), 'encryption', 'recoveryEnabled', @@ -115,18 +105,6 @@ class Util { } } - /** - * @param $recoveryPassword - */ - public function recoverUsersFiles($recoveryPassword) { - $encryptedKey = $this->keyManager->getSystemPrivateKey(); - - $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, - $recoveryPassword); - - $this->recoverAllFiles('/', $privateKey); - } - /** * @param string $uid * @return bool diff --git a/apps/encryption/settings/settings-personal.php b/apps/encryption/settings/settings-personal.php index 8caacbd19ca..417bf1433bf 100644 --- a/apps/encryption/settings/settings-personal.php +++ b/apps/encryption/settings/settings-personal.php @@ -16,38 +16,38 @@ $crypt = new \OCA\Encryption\Crypto\Crypt( \OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig()); + +$util = new \OCA\Encryption\Util( + new \OC\Files\View(), + $crypt, + \OC::$server->getLogger(), + \OC::$server->getUserSession(), + \OC::$server->getConfig()); + $keymanager = new \OCA\Encryption\KeyManager( \OC::$server->getEncryptionKeyStorage(\OCA\Encryption\Crypto\Encryption::ID), $crypt, \OC::$server->getConfig(), \OC::$server->getUserSession(), $session, - \OC::$server->getLogger(), null); + \OC::$server->getLogger(), $util); $user = \OCP\User::getUser(); $view = new \OC\Files\View('/'); -$util = new \OCA\Encryption\Util( - new \OC\Files\View(), - $crypt, $keymanager, - \OC::$server->getLogger(), - \OC::$server->getUserSession(), - \OC::$server->getConfig()); + $privateKeySet = $session->isPrivateKeySet(); // did we tried to initialize the keys for this session? $initialized = $session->getStatus(); $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled'); -$recoveryEnabledForUser = $util->recoveryEnabledForUser(); +$recoveryEnabledForUser = $util->isRecoveryEnabledForUser(); $result = false; if ($recoveryAdminEnabled || !$privateKeySet) { - - \OCP\Util::addscript('encryption', 'settings-personal'); - $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser); $tmpl->assign('privateKeySet', $privateKeySet);