summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2013-09-02 11:26:11 +0200
committerBjoern Schiessle <schiessle@owncloud.com>2013-09-02 11:26:11 +0200
commitbab63c22eea058ea619de5c021d16803ba48ab8d (patch)
tree6d0b7f2e0b343ef46f35968ac7d7c5e1ee6f4751
parentd7dca966a2a926be8b45ab337488143eac3ce9ba (diff)
downloadnextcloud-server-bab63c22eea058ea619de5c021d16803ba48ab8d.tar.gz
nextcloud-server-bab63c22eea058ea619de5c021d16803ba48ab8d.zip
encryption error messages, distinguish between a re-enabled encryption app and a password change from outside
-rw-r--r--apps/files_encryption/appinfo/database.xml7
-rw-r--r--apps/files_encryption/hooks/hooks.php8
-rwxr-xr-xapps/files_encryption/lib/helper.php4
-rw-r--r--apps/files_encryption/lib/session.php27
-rw-r--r--apps/files_encryption/lib/stream.php2
-rw-r--r--apps/files_encryption/lib/util.php60
-rw-r--r--apps/files_encryption/settings-personal.php5
-rw-r--r--apps/files_encryption/templates/settings-personal.php10
-rw-r--r--settings/ajax/changepassword.php2
-rw-r--r--settings/templates/personal.php2
10 files changed, 48 insertions, 79 deletions
diff --git a/apps/files_encryption/appinfo/database.xml b/apps/files_encryption/appinfo/database.xml
index cd5434b8c27..4587930da0a 100644
--- a/apps/files_encryption/appinfo/database.xml
+++ b/apps/files_encryption/appinfo/database.xml
@@ -34,13 +34,6 @@
<default>0</default>
<comments>Whether encryption migration has been performed</comments>
</field>
- <field>
- <name>initialized</name>
- <type>integer</type>
- <notnull>true</notnull>
- <default>0</default>
- <comments>Did the user initialized the encryption app at least once</comments>
- </field>
</declaration>
</table>
</database> \ No newline at end of file
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index aefb274e1c4..4c6122b7c2b 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -70,8 +70,6 @@ class Hooks {
// If migration not yet done
if ($ready) {
- $util->setInitialized(Util::ENCRYPTION_INITIALIZED);
-
$userView = new \OC_FilesystemView('/' . $params['uid']);
// Set legacy encryption key if it exists, to support
@@ -145,7 +143,6 @@ class Hooks {
* @brief If the password can't be changed within ownCloud, than update the key password in advance.
*/
public static function preSetPassphrase($params) {
- return true;
if ( ! \OC_User::canUserChangePassword($params['uid']) ) {
self::setPassphrase($params);
}
@@ -156,7 +153,6 @@ class Hooks {
* @param array $params keys: uid, password
*/
public static function setPassphrase($params) {
- return true;
// Only attempt to change passphrase if server-side encryption
// is in use (client-side encryption does not have access to
// the necessary keys)
@@ -550,8 +546,8 @@ class Hooks {
$setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
$setMigrationStatus->execute();
- $setInitStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `initialized`=0');
- $setInitStatus->execute();
+ $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
+ $session->setInitialized(false);
}
}
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 105c5357e96..7d466b88523 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -235,11 +235,11 @@ class Helper {
/**
* @brief redirect to a error page
*/
- public static function redirectToErrorPage($util) {
+ public static function redirectToErrorPage($session) {
$l = \OC_L10N::get('files_encryption');
- if ($util->getInitialized() === false) {
+ if ($session->getInitialized() === false) {
$errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
} else {
$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 1911386cd12..f5ce7083af0 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -113,6 +113,33 @@ class Session {
}
/**
+ * @brief Sets status if we tried to initialize the encyption app
+ * @param bool $privateKey true=initialized false=not initialized
+ * @return bool
+ */
+ public function setInitialized($init) {
+
+ \OC::$session->set('encryptionInitialized', $init);
+
+ return true;
+
+ }
+
+
+ /**
+ * @brief Gets status if we already tried to initialize the encryption app
+ * @returns bool
+ *
+ */
+ public function getInitialized() {
+ if (!is_null(\OC::$session->get('encryptionInitialized'))) {
+ return \OC::$session->get('encryptionInitialized');
+ } else {
+ return false;
+ }
+ }
+
+ /**
* @brief Gets user or public share private key from session
* @returns string $privateKey The user's plaintext private key
*
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 87b8dc3ee2f..9215352aa78 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -131,7 +131,7 @@ class Stream {
if($this->privateKey === false) {
// if private key is not valid redirect user to a error page
- \OCA\Encryption\Helper::redirectToErrorPage($util);
+ \OCA\Encryption\Helper::redirectToErrorPage($this->session);
}
$this->size = $this->rootView->filesize($this->rawPath, $mode);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index edb9564e73a..17096a787f2 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -37,9 +37,6 @@ class Util {
const MIGRATION_IN_PROGRESS = -1; // migration is running
const MIGRATION_OPEN = 0; // user still needs to be migrated
- const ENCRYPTION_INITIALIZED = 1;
- const ENCRYPTION_NOT_INITIALIZED = 0;
-
private $view; // OC_FilesystemView object for filesystem operations
private $userId; // ID of the currently logged-in user
private $client; // Client side encryption mode flag
@@ -1219,56 +1216,6 @@ class Util {
}
/**
- * set remember if the encryption app was already initialized or not
- * @param type $status
- */
- public function setInitialized($status) {
- $sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
- $args = array($status, $this->userId);
- $query = \OCP\DB::prepare($sql);
- $query->execute($args);
- }
-
- /**
- * set remember if the encryption app was already initialized or not
- */
- public function getInitialized() {
- $sql = 'SELECT `initialized` FROM `*PREFIX*encryption` WHERE `uid` = ?';
- $args = array($this->userId);
- $query = \OCP\DB::prepare($sql);
-
- $result = $query->execute($args);
- $initializedStatus = null;
-
- if (\OCP\DB::isError($result)) {
- \OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
- } else {
- if ($result->numRows() > 0) {
- $row = $result->fetchRow();
- if (isset($row['initialized'])) {
- $initializedStatus = (int)$row['initialized'];
- }
- }
- }
-
- // If no record is found
- if (empty($initializedStatus)) {
- \OCP\Util::writeLog('Encryption library', "Could not get initialized status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
- return false;
- // If a record is found
- } else {
- return (bool)$initializedStatus;
- }
-
-
-
- $sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
- $args = array($status, $this->userId);
- $query = \OCP\DB::prepare($sql);
- $query->execute($args);
- }
-
- /**
* @brief close migration mode after users data has been encrypted successfully
* @return boolean
*/
@@ -1774,6 +1721,11 @@ class Util {
*/
public function initEncryption($params) {
+ $session = new \OCA\Encryption\Session($this->view);
+
+ // we tried to initialize the encryption app for this session
+ $session->setInitialized(true);
+
$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
@@ -1784,8 +1736,6 @@ class Util {
return false;
}
- $session = new \OCA\Encryption\Session($this->view);
-
$session->setPrivateKey($privateKey);
return $session;
diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php
index 589219f32ad..c0c91bdf652 100644
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@@ -16,7 +16,9 @@ $view = new \OC_FilesystemView('/');
$util = new \OCA\Encryption\Util($view, $user);
$session = new \OCA\Encryption\Session($view);
-$privateKeySet = $session->getPrivateKey() !== false;
+$privateKeySet = $session->getPrivateKey() !== false;
+// was the key successfully initialized during log-in
+$initialized = $session->getInitialized();
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
@@ -31,6 +33,7 @@ if ($recoveryAdminEnabled || !$privateKeySet) {
$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
$tmpl->assign('privateKeySet', $privateKeySet);
+ $tmpl->assign('initialized', $initialized);
$result = $tmpl->fetchPage();
}
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 38512453207..ff04556dd53 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -4,7 +4,7 @@
<?php p( $l->t( 'Encryption' ) ); ?>
</legend>
- <?php if ( ! $_["privateKeySet"] ): ?>
+ <?php if ( ! $_["privateKeySet"] && $_["initialized"] ): ?>
<p>
<a name="changePKPasswd" />
<label for="changePrivateKeyPasswd">
@@ -39,22 +39,22 @@
<?php endif; ?>
<br />
-
+
<?php if ( $_["recoveryEnabled"] && $_["privateKeySet"] ): ?>
<p>
<label for="userEnableRecovery"><?php p( $l->t( "Enable password recovery:" ) ); ?></label>
<br />
<em><?php p( $l->t( "Enabling this option will allow you to reobtain access to your encrypted files in case of password loss" ) ); ?></em>
<br />
- <input
+ <input
type='radio'
name='userEnableRecovery'
value='1'
<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />
<?php p( $l->t( "Enabled" ) ); ?>
<br />
-
- <input
+
+ <input
type='radio'
name='userEnableRecovery'
value='0'
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 47ceb5ab873..d409904ebc7 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -8,7 +8,7 @@ OC_JSON::checkLoggedIn();
OC_APP::loadApps();
$username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser();
-$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
+$password = isset($_POST['password']) ? $_POST['password'] : null;
$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
$recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 63e1258b958..bad88142da9 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -40,7 +40,7 @@ if($_['passwordChangeSupported']) {
<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
- <input type="password" id="pass2" name="personal-password"
+ <input type="password" id="pass2" name="password"
placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" />
<input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label>
<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />