diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-03-27 14:58:33 +0100 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-03-27 14:58:33 +0100 |
commit | 98bc1ad70a26a02f2c4ea87809613f9fb1dc31fd (patch) | |
tree | 42a6b8acd7a94433a37ba85054d40d9b1a25c542 | |
parent | e918bcf2127a727f401f116625b2ea81978d6fdd (diff) | |
parent | b5fad75e579b9aeada87e63b4e7866956e1e20ff (diff) | |
download | nextcloud-server-98bc1ad70a26a02f2c4ea87809613f9fb1dc31fd.tar.gz nextcloud-server-98bc1ad70a26a02f2c4ea87809613f9fb1dc31fd.zip |
Merge pull request #15265 from owncloud/enc2_fixes
core improvements for Encryption 2.0
-rw-r--r-- | lib/private/encryption/update.php | 2 | ||||
-rw-r--r-- | lib/private/encryption/util.php | 19 | ||||
-rw-r--r-- | lib/private/files/storage/wrapper/encryption.php | 2 | ||||
-rw-r--r-- | lib/public/encryption/iencryptionmodule.php | 3 | ||||
-rw-r--r-- | lib/public/encryption/keys/istorage.php | 8 | ||||
-rw-r--r-- | tests/lib/encryption/utiltest.php | 35 |
6 files changed, 63 insertions, 6 deletions
diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php index 649cf0285a6..06dc330151e 100644 --- a/lib/private/encryption/update.php +++ b/lib/private/encryption/update.php @@ -104,7 +104,7 @@ class Update { foreach ($allFiles as $path) { $usersSharing = $this->util->getSharingUsersArray($path); - $encryptionModule->update($absPath, $usersSharing); + $encryptionModule->update($absPath, $this->uid, $usersSharing); } } diff --git a/lib/private/encryption/util.php b/lib/private/encryption/util.php index 2c6ff266841..85e852ec2c9 100644 --- a/lib/private/encryption/util.php +++ b/lib/private/encryption/util.php @@ -389,9 +389,22 @@ class Util { * @return boolean */ public function isExcluded($path) { - $root = explode('/', $path, 2); - if (isset($root[0])) { - if (in_array($root[0], $this->excludedPaths)) { + $normalizedPath = \OC\Files\Filesystem::normalizePath($path); + $root = explode('/', $normalizedPath, 4); + if (count($root) > 2) { + + //detect system wide folders + if (in_array($root[1], $this->excludedPaths)) { + return true; + } + + $v1 = $this->userManager->userExists($root[1]); + $v2 = in_array($root[2], $this->excludedPaths); + + // detect user specific folders + if ($this->userManager->userExists($root[1]) + && in_array($root[2], $this->excludedPaths)) { + return true; } } diff --git a/lib/private/files/storage/wrapper/encryption.php b/lib/private/files/storage/wrapper/encryption.php index 44fc2124f7a..0e70c99c8d7 100644 --- a/lib/private/files/storage/wrapper/encryption.php +++ b/lib/private/files/storage/wrapper/encryption.php @@ -254,7 +254,7 @@ class Encryption extends Wrapper { '" not found, file will be stored unencrypted'); } - if($shouldEncrypt === true && !$this->util->isExcluded($path) && $encryptionModule !== null) { + if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) { $source = $this->storage->fopen($path, $mode); $handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header, $this->uid, $encryptionModule, $this->storage, $this, $this->util, $mode, diff --git a/lib/public/encryption/iencryptionmodule.php b/lib/public/encryption/iencryptionmodule.php index 2527e35e639..7265fee1259 100644 --- a/lib/public/encryption/iencryptionmodule.php +++ b/lib/public/encryption/iencryptionmodule.php @@ -84,10 +84,11 @@ interface IEncryptionModule { * update encrypted file, e.g. give additional users access to the file * * @param string $path path to the file which should be updated + * @param string $uid of the user who performs the operation * @param array $accessList who has access to the file contains the key 'users' and 'public' * @return boolean */ - public function update($path, $accessList); + public function update($path, $uid, $accessList); /** * should the file be encrypted or not diff --git a/lib/public/encryption/keys/istorage.php b/lib/public/encryption/keys/istorage.php index 24f6efd6e51..4c2b01f4ad0 100644 --- a/lib/public/encryption/keys/istorage.php +++ b/lib/public/encryption/keys/istorage.php @@ -105,6 +105,14 @@ interface IStorage { public function deleteFileKey($path, $keyId); /** + * delete all file keys for a given file + * + * @param string $path to the file + * @return boolean + */ + public function deleteAllFileKeys($path); + + /** * delete system-wide encryption keys not related to a specific user, * e.g something like a key for public link shares * diff --git a/tests/lib/encryption/utiltest.php b/tests/lib/encryption/utiltest.php index 00a9ab9c578..672f9ff5e97 100644 --- a/tests/lib/encryption/utiltest.php +++ b/tests/lib/encryption/utiltest.php @@ -98,4 +98,39 @@ class UtilTest extends TestCase { $u->createHeader($header, $em); } + /** + * @dataProvider providePathsForTestIsExcluded + */ + public function testIsEcluded($path, $expected) { + $this->userManager + ->expects($this->any()) + ->method('userExists') + ->will($this->returnCallback(array($this, 'isExcludedCallback'))); + + $u = new Util($this->view, $this->userManager); + + $this->assertSame($expected, + $u->isExcluded($path) + ); + } + + public function providePathsForTestIsExcluded() { + return array( + array('files_encryption/foo.txt', true), + array('test/foo.txt', false), + array('/user1/files_encryption/foo.txt', true), + array('/user1/files/foo.txt', false), + + ); + } + + public function isExcludedCallback() { + $args = func_get_args(); + if ($args[0] === 'user1') { + return true; + } + + return false; + } + } |