diff options
| author | Björn Schießle <schiessle@owncloud.com> | 2013-05-24 12:42:08 +0200 |
|---|---|---|
| committer | Björn Schießle <schiessle@owncloud.com> | 2013-05-24 12:42:08 +0200 |
| commit | c4b40af602105284d88af01b53f067fc9eefe476 (patch) | |
| tree | 34b030a2869302b0c493d31d1b677598d38ae809 | |
| parent | 1c3ced26c1497474c6e7077a686ed82020daf9ff (diff) | |
| download | nextcloud-server-c4b40af602105284d88af01b53f067fc9eefe476.tar.gz nextcloud-server-c4b40af602105284d88af01b53f067fc9eefe476.zip | |
backport: enable admin to recover encrypted files
| -rw-r--r-- | settings/ajax/changepassword.php | 12 | ||||
| -rw-r--r-- | settings/js/users.js | 9 | ||||
| -rw-r--r-- | settings/templates/users.php | 5 | ||||
| -rw-r--r-- | settings/users.php | 3 |
4 files changed, 26 insertions, 3 deletions
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index 1fc6d0e1000..cb66c57c743 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -10,6 +10,7 @@ OC_APP::loadApps(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $password = isset($_POST["password"]) ? $_POST["password"] : null; $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:''; +$recoveryPassword=isset($_POST["recoveryPassword"])?$_POST["recoveryPassword"]:null; $userstatus = null; if(OC_User::isAdminUser(OC_User::getUser())) { @@ -27,8 +28,15 @@ if(is_null($userstatus)) { exit(); } -// Return Success story -if(!is_null($password) && OC_User::setPassword( $username, $password )) { +$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); +$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); +$recoveryEnabledForUser = $util->recoveryEnabledForUser(); + +if ($recoveryAdminEnabled && $recoveryEnabledForUser && $recoveryPassword == '') { + OC_JSON::error(array("data" => array( "message" => "Please provide a admin recovery password, otherwise all user data will be lost" ))); +}elseif ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) { + OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." ))); +}elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) { OC_JSON::success(array("data" => array( "username" => $username ))); } else{ diff --git a/settings/js/users.js b/settings/js/users.js index a33fcea3223..dcb1a165420 100644 --- a/settings/js/users.js +++ b/settings/js/users.js @@ -351,10 +351,14 @@ $(document).ready(function () { input.keypress(function (event) { if (event.keyCode == 13) { if ($(this).val().length > 0) { + var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val(); $.post( OC.filePath('settings', 'ajax', 'changepassword.php'), - {username: uid, password: $(this).val()}, + {username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal}, function (result) { + if (result.status != 'success') { + OC.Notification.show(t('admin', result.data.message)); + } } ); input.blur(); @@ -368,6 +372,9 @@ $(document).ready(function () { img.css('display', ''); }); }); + $('input:password[id="recoveryPassword"]').keyup(function(event) { + OC.Notification.hide(); + }); $('table').on('click', 'td.password', function (event) { $(this).children('img').click(); }); diff --git a/settings/templates/users.php b/settings/templates/users.php index 6113337f4ee..7049f354fbf 100644 --- a/settings/templates/users.php +++ b/settings/templates/users.php @@ -31,6 +31,11 @@ $_['subadmingroups'] = array_flip($items); <?php endforeach;?> </select> <input type="submit" value="<?php p($l->t('Create'))?>" /> </form> + <?php if((bool)$_['recoveryAdminEnabled']): ?> + <div class="recoveryPassword"> + <input id="recoveryPassword" type="password" placeholder="<?php p($l->t('Admin Recovery Password'))?>" /> + </div> + <?php endif; ?> <div class="quota"> <span><?php p($l->t('Default Storage'));?></span> <?php if((bool) $_['isadmin']): ?> diff --git a/settings/users.php b/settings/users.php index 94e6d0a9a10..e5c8a7aaa8d 100644 --- a/settings/users.php +++ b/settings/users.php @@ -20,6 +20,8 @@ $users = array(); $groups = array(); $isadmin = OC_User::isAdminUser(OC_User::getUser()); +$recoveryAdminEnabled = OC_App::isEnabled('files_encryption') && + OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); if($isadmin) { $accessiblegroups = OC_Group::getGroups(); @@ -77,4 +79,5 @@ $tmpl->assign( 'numofgroups', count($accessiblegroups)); $tmpl->assign( 'quota_preset', $quotaPreset); $tmpl->assign( 'default_quota', $defaultQuota); $tmpl->assign( 'defaultQuotaIsUserDefined', $defaultQuotaIsUserDefined); +$tmpl->assign( 'recoveryAdminEnabled', $recoveryAdminEnabled); $tmpl->printPage(); |