enable admin to change the recovery password

author: Björn Schießle <schiessle@owncloud.com> 2013-05-15 16:12:20 +0200
committer: Björn Schießle <schiessle@owncloud.com> 2013-05-15 16:12:20 +0200
commit: 64d94c540aeaba67e2f779b2551c72a80334aa3e (patch)
tree: 19387991014feffc016e4f1919f214b5400b8d12
parent: 5b160edebba2a10de83b09a8010a811321dd6370 (diff)
download: nextcloud-server-64d94c540aeaba67e2f779b2551c72a80334aa3e.tar.gz
nextcloud-server-64d94c540aeaba67e2f779b2551c72a80334aa3e.zip
5 files changed, 118 insertions, 28 deletions
diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php
index 520c7156c89..0ab449709c3 100644
--- a/apps/files_encryption/ajax/adminrecovery.php
+++ b/apps/files_encryption/ajax/adminrecovery.php
@@ -15,30 +15,6 @@ use OCA\Encryption;
 
 $return = false;
 
-function checkPassword($view, $password, $recoveryKeyId) {
-	$pathKey = '/owncloud_private_key/'. $recoveryKeyId . ".private.key";
-	$pathControlData = '/control-file/controlfile.enc';
-
-	$proxyStatus = \OC_FileProxy::$enabled;
-    \OC_FileProxy::$enabled = false;
-
-	$recoveryKey = $view->file_get_contents( $pathKey );
-
-	$decryptedRecoveryKey = \OCA\Encryption\Crypt::symmetricDecryptFileContent($recoveryKey, $password);
-
-	$controlData = $view->file_get_contents($pathControlData);
-	$decryptedControlData = \OCA\Encryption\Crypt::keyDecrypt($controlData, $decryptedRecoveryKey);
-
-	\OC_FileProxy::$enabled = $proxyStatus;
-
-	if ($decryptedControlData === 'ownCloud') {
-		return true;
-	} else {
-		return false;
-	}
-}
-
-
 // Enable recoveryAdmin
 
 $recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
@@ -94,7 +70,8 @@ if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] == 1){
 		$return = true;
 
 	} else { // get recovery key and check the password
-		$return = checkPassword($view, $_POST['recoveryPassword'] ,$recoveryKeyId);
+		$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
+		$return = $util->checkRecoveryPassword($_POST['recoveryPassword']);
 		if ($return) {
 			OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1);
 		} 
@@ -105,8 +82,8 @@ if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] == 1){
 	isset($_POST['adminEnableRecovery'])
 	&& 0 == $_POST['adminEnableRecovery']
 ) {
-	$view = new \OC\Files\View('/');
-	$return = checkPassword($view, $_POST['recoveryPassword'], $recoveryKeyId);
+	$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
+	$return = $util->checkRecoveryPassword($_POST['recoveryPassword']);
 
 	if ($return) {
 	// Set recoveryAdmin as disabled
diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index fa353901c3f..9bc6ab6433c 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -5,6 +5,27 @@
  * See the COPYING-README file.
  */
 
+OC.msg={
+	startSaving:function(selector){
+		$(selector)
+			.html( t('settings', 'Saving...') )
+			.removeClass('success')
+			.removeClass('error')
+			.stop(true, true)
+			.show();
+	},
+	finishedSaving:function(selector, data){
+		if( data.status === "success" ){
+			 $(selector).html( data.data.message )
+				.addClass('success')
+				.stop(true, true)
+				.delay(3000)
+				.fadeOut(900);
+		}else{
+			$(selector).html( data.data.message ).addClass('error');
+		}
+	}
+};
 
 $(document).ready(function(){
 	// Trigger ajax on recoveryAdmin status change
@@ -34,10 +55,48 @@ $(document).ready(function(){
 					if (data.status == "error") {
 						alert("Couldn't switch recovery key mode, please check your recovery key password!");
 						$('input:radio[name="adminEnableRecovery"][value="'+oldStatus.toString()+'"]').attr("checked", "true");
+					} else {
+						if (recoveryStatus == "0") {
+							$('button:button[name="submitChangeRecoveryKey"]').attr("disabled", "true");
+							$('input:password[name="changeRecoveryPassword"]').attr("disabled", "true");
+							$('input:password[name="changeRecoveryPassword"]').val("");
+						} else {
+							$('input:password[name="changeRecoveryPassword"]').removeAttr("disabled");
+						}
 					}
 				}
 			);
 		}
 	);
+
+	// change password
+
+	$('input:password[name="changeRecoveryPassword"]').keyup(function(event) {
+		var oldRecoveryPassword = $('input:password[id="oldRecoveryPassword"]').val();
+		var newRecoveryPassword = $('input:password[id="newRecoveryPassword"]').val();
+		if (newRecoveryPassword != '' && oldRecoveryPassword != '' ) {
+			$('button:button[name="submitChangeRecoveryKey"]').removeAttr("disabled");
+		} else {
+			$('button:button[name="submitChangeRecoveryKey"]').attr("disabled", "true");
+		}
+	});
+
+
+	$('button:button[name="submitChangeRecoveryKey"]').click(function() {
+		var oldRecoveryPassword = $('input:password[id="oldRecoveryPassword"]').val();
+		var newRecoveryPassword = $('input:password[id="newRecoveryPassword"]').val();
+		OC.msg.startSaving('#encryption .msg');
+		$.post(
+		OC.filePath( 'files_encryption', 'ajax', 'changeRecoveryPassword.php' )
+			, { oldPassword: oldRecoveryPassword, newPassword: newRecoveryPassword }
+			,  function( data ) {
+				if (data.status == "error") {
+					OC.msg.finishedSaving('#encryption .msg', data);
+				} else {
+					OC.msg.finishedSaving('#encryption .msg', data);
+				}
+			}
+		);
+	});
 	
 })
 \ No newline at end of file
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 19c9cd72a19..6cb4ccb8085 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -1282,4 +1282,32 @@ class Util {
         return $this->userFilesDir;
     }
 
+	public function checkRecoveryPassword($password) {
+
+		$pathKey = '/owncloud_private_key/' . $this->recoveryKeyId . ".private.key";
+		$pathControlData = '/control-file/controlfile.enc';
+
+		$proxyStatus = \OC_FileProxy::$enabled;
+		\OC_FileProxy::$enabled = false;
+
+		$recoveryKey = $this->view->file_get_contents($pathKey);
+
+		$decryptedRecoveryKey = Crypt::symmetricDecryptFileContent($recoveryKey, $password);
+
+		$controlData = $this->view->file_get_contents($pathControlData);
+		$decryptedControlData = Crypt::keyDecrypt($controlData, $decryptedRecoveryKey);
+
+		\OC_FileProxy::$enabled = $proxyStatus;
+
+		if ($decryptedControlData === 'ownCloud') {
+			return true;
+		} 
+		
+		return false;
+	}
+
+	public function getRecoveryKeyId() {
+		return $this->recoveryKeyId;
+	}
+
 }
diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php
index 46efb61b029..90edc0eae24 100644
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@@ -32,6 +32,7 @@ $recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdm
 $recoveryEnabledForUser = $util->recoveryEnabledForUser();
 
 \OCP\Util::addscript( 'files_encryption', 'settings-personal' );
+\OCP\Util::addScript( 'settings', 'personal' );
 
 $tmpl->assign( 'recoveryEnabled', $recoveryAdminEnabled );
 $tmpl->assign( 'recoveryEnabledForUser', $recoveryEnabledForUser );
diff --git a/apps/files_encryption/templates/settings-admin.php b/apps/files_encryption/templates/settings-admin.php
index 95c1b66681c..18fea1845f4 100644
--- a/apps/files_encryption/templates/settings-admin.php
+++ b/apps/files_encryption/templates/settings-admin.php
@@ -10,7 +10,7 @@
 			<br />
 			<br />
 			<input type="password" name="recoveryPassword" id="recoveryPassword" />
-			<label for="recoveryPassword">Recovery account password</label>
+			<label for="recoveryPassword"><?php p($l->t( "Recovery account password" )); ?></label>
 			<br />
 			<input 
 			type='radio'
@@ -27,5 +27,30 @@
 			<?php echo ( $_["recoveryEnabled"] == 0 ? 'checked="checked"' : 'disabled' ); ?> />
 			<?php p($l->t( "Disabled" )); ?>
 		</p>
+		<br /><br />
+		<p>
+			<strong><?php p($l->t( "Change encryption passwords recovery key:" )); ?></strong>
+			<br /><br />
+			<input 
+				type="password"
+				name="changeRecoveryPassword"
+				id="oldRecoveryPassword"
+				<?php echo ( $_["recoveryEnabled"] == 0 ? 'disabled' : '' ); ?> />
+			<label for="oldRecoveryPassword"><?php p($l->t( "Old Recovery account password" )); ?></label>
+			<br />
+			<input 
+				type="password"
+				name="changeRecoveryPassword"
+				id="newRecoveryPassword"
+				<?php echo ( $_["recoveryEnabled"] == 0 ? 'disabled' : '' ); ?> />
+			<label for="newRecoveryPassword"><?php p($l->t( "New Recovery account password" )); ?></label>
+			<br />
+			<button
+				type="button"
+				name="submitChangeRecoveryKey"
+				disabled><?php p($l->t( "Change Password" )); ?>
+			</button>
+			<span class="msg"></span>
+		</p>
 	</fieldset>
 </form>
author	Björn Schießle <schiessle@owncloud.com>	2013-05-15 16:12:20 +0200
committer	Björn Schießle <schiessle@owncloud.com>	2013-05-15 16:12:20 +0200
commit	64d94c540aeaba67e2f779b2551c72a80334aa3e (patch)
tree	19387991014feffc016e4f1919f214b5400b8d12
parent	5b160edebba2a10de83b09a8010a811321dd6370 (diff)
download	nextcloud-server-64d94c540aeaba67e2f779b2551c72a80334aa3e.tar.gz nextcloud-server-64d94c540aeaba67e2f779b2551c72a80334aa3e.zip