diff options
author | Bjoern Schiessle <schiessle@owncloud.com> | 2013-12-05 18:51:30 +0100 |
---|---|---|
committer | Bjoern Schiessle <schiessle@owncloud.com> | 2013-12-06 12:20:31 +0100 |
commit | 58c0117c3d9c5091e7f540911fca07ba3b57bdc4 (patch) | |
tree | 2aa107f8cae64bea4ce9c151f19bd2531cba95d5 | |
parent | 8082ef2073ae2259480b73a056e982d71ebb4123 (diff) | |
download | nextcloud-server-58c0117c3d9c5091e7f540911fca07ba3b57bdc4.tar.gz nextcloud-server-58c0117c3d9c5091e7f540911fca07ba3b57bdc4.zip |
only create new key on password change if a recovery key exists or if the user don't have any private/public keys
-rw-r--r-- | apps/files_encryption/hooks/hooks.php | 51 |
1 files changed, 28 insertions, 23 deletions
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index f142f525cfa..7b13ae2a1d0 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -179,9 +179,9 @@ class Hooks { // the necessary keys)
if (Crypt::mode() === 'server') {
- if ($params['uid'] === \OCP\User::getUser()) {
+ $view = new \OC_FilesystemView('/');
- $view = new \OC_FilesystemView('/');
+ if ($params['uid'] === \OCP\User::getUser()) {
$session = new \OCA\Encryption\Session($view);
@@ -202,36 +202,41 @@ class Hooks { } else { // admin changed the password for a different user, create new keys and reencrypt file keys
$user = $params['uid'];
- $recoveryPassword = $params['recoveryPassword'];
- $newUserPassword = $params['password'];
+ $util = new Util($view, $user);
+ $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
- $view = new \OC_FilesystemView('/');
+ if (($util->recoveryEnabledForUser() && $recoveryPassword)
+ || !$util->userKeysExists()) {
- // make sure that the users home is mounted
- \OC\Files\Filesystem::initMountPoints($user);
+ $recoveryPassword = $params['recoveryPassword'];
+ $newUserPassword = $params['password'];
- $keypair = Crypt::createKeypair();
+ // make sure that the users home is mounted
+ \OC\Files\Filesystem::initMountPoints($user);
- // Disable encryption proxy to prevent recursive calls
- $proxyStatus = \OC_FileProxy::$enabled;
- \OC_FileProxy::$enabled = false;
+ $keypair = Crypt::createKeypair();
- // Save public key
- $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
+ // Disable encryption proxy to prevent recursive calls
+ $proxyStatus = \OC_FileProxy::$enabled;
+ \OC_FileProxy::$enabled = false;
- // Encrypt private key empty passphrase
- $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
+ // Save public key
+ $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
- // Save private key
- $view->file_put_contents(
- '/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
+ // Encrypt private key empty passphrase
+ $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
- if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
- $util = new Util($view, $user);
- $util->recoverUsersFiles($recoveryPassword);
- }
+ // Save private key
+ $view->file_put_contents(
+ '/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
+
+ if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
+ $util = new Util($view, $user);
+ $util->recoverUsersFiles($recoveryPassword);
+ }
- \OC_FileProxy::$enabled = $proxyStatus;
+ \OC_FileProxy::$enabled = $proxyStatus;
+ }
}
}
}
|