Merge pull request #53514 from nextcloud/fix/do-not-update-userkey-when-masterkey-is-used

fix(encryption): Do not register user key related event listeners

2 files changed, 23 insertions, 8 deletions

diff --git a/apps/encryption/lib/AppInfo/Application.php b/apps/encryption/lib/AppInfo/Application.php
index a4e9426c3e5..b1bf93b9dea 100644
--- a/apps/encryption/lib/AppInfo/Application.php
+++ b/apps/encryption/lib/AppInfo/Application.php
@@ -72,7 +72,12 @@ class Application extends App implements IBootstrap {
 		}
 	}
 
-	public function registerEventListeners(IConfig $config, IEventDispatcher $eventDispatcher, IManager $encryptionManager): void {
+	public function registerEventListeners(
+		IConfig $config,
+		IEventDispatcher $eventDispatcher,
+		IManager $encryptionManager,
+		Util $util,
+	): void {
 		if (!$encryptionManager->isEnabled()) {
 			return;
 		}
@@ -84,18 +89,23 @@ class Application extends App implements IBootstrap {
 		}
 
 		// No maintenance so register all events
-		$eventDispatcher->addServiceListener(UserCreatedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(BeforePasswordUpdatedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(BeforePasswordResetEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(PasswordResetEvent::class, UserEventsListener::class);
 		$eventDispatcher->addServiceListener(UserLoggedInEvent::class, UserEventsListener::class);
 		$eventDispatcher->addServiceListener(UserLoggedInWithCookieEvent::class, UserEventsListener::class);
 		$eventDispatcher->addServiceListener(UserLoggedOutEvent::class, UserEventsListener::class);
+		if (!$util->isMasterKeyEnabled()) {
+			// Only make sense if no master key is used
+			$eventDispatcher->addServiceListener(UserCreatedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(BeforePasswordUpdatedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(BeforePasswordResetEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(PasswordResetEvent::class, UserEventsListener::class);
+		}
 	}
 
-	public function registerEncryptionModule(IManager $encryptionManager) {
+	public function registerEncryptionModule(
+		IManager $encryptionManager,
+	) {
 		$container = $this->getContainer();
 
 		$encryptionManager->registerEncryptionModule(
diff --git a/apps/encryption/lib/Services/PassphraseService.php b/apps/encryption/lib/Services/PassphraseService.php
index 0786cd3399a..bdcc3f1108a 100644
--- a/apps/encryption/lib/Services/PassphraseService.php
+++ b/apps/encryption/lib/Services/PassphraseService.php
@@ -55,6 +55,11 @@ class PassphraseService {
 			return true;
 		}
 
+		if ($this->util->isMasterKeyEnabled()) {
+			$this->logger->error('setPassphraseForUser should never be called when master key is enabled');
+			return true;
+		}
+
 		// Check user exists on backend
 		$user = $this->userManager->get($userId);
 		if ($user === null) {