summaryrefslogtreecommitdiffstats
path: root/apps/encryption/lib
diff options
context:
space:
mode:
authorBjoern Schiessle <bjoern@schiessle.org>2017-01-02 21:24:37 +0100
committerBjoern Schiessle <bjoern@schiessle.org>2017-01-10 17:04:32 +0100
commitfcda3a20f455795b898161ec4ada0aeb500b9218 (patch)
treed1819e6c04954377ede49bbf80ebc02335acf2a2 /apps/encryption/lib
parent40239decb1b36f1daff53710e01d81e18c24f4fc (diff)
downloadnextcloud-server-fcda3a20f455795b898161ec4ada0aeb500b9218.tar.gz
nextcloud-server-fcda3a20f455795b898161ec4ada0aeb500b9218.zip
create new encryption keys on password reset and backup the old one
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Diffstat (limited to 'apps/encryption/lib')
-rw-r--r--apps/encryption/lib/Hooks/UserHooks.php61
-rw-r--r--apps/encryption/lib/KeyManager.php8
2 files changed, 45 insertions, 24 deletions
diff --git a/apps/encryption/lib/Hooks/UserHooks.php b/apps/encryption/lib/Hooks/UserHooks.php
index 16e4e962432..d189ce3eeef 100644
--- a/apps/encryption/lib/Hooks/UserHooks.php
+++ b/apps/encryption/lib/Hooks/UserHooks.php
@@ -40,6 +40,13 @@ use OCA\Encryption\Session;
use OCA\Encryption\Recovery;
class UserHooks implements IHook {
+
+ /**
+ * list of user for which we perform a password reset
+ * @var array
+ */
+ protected static $passwordResetUsers = [];
+
/**
* @var KeyManager
*/
@@ -132,6 +139,16 @@ class UserHooks implements IHook {
$this,
'preSetPassphrase');
+ OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
+ 'post_passwordReset',
+ $this,
+ 'postPasswordReset');
+
+ OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
+ 'pre_passwordReset',
+ $this,
+ 'prePasswordReset');
+
OCUtil::connectHook('OC_User',
'post_createUser',
$this,
@@ -202,6 +219,22 @@ class UserHooks implements IHook {
}
}
+ public function prePasswordReset($params) {
+ if (App::isEnabled('encryption')) {
+ $user = $params['uid'];
+ self::$passwordResetUsers[$user] = true;
+ }
+ }
+
+ public function postPasswordReset($params) {
+ $uid = $params['uid'];
+ $password = $params['password'];
+ $this->keyManager->backupUserKeys('passwordReset', $uid);
+ $this->keyManager->deleteUserKeys($uid);
+ $this->userSetup->setupUser($uid, $password);
+ unset(self::$passwordResetUsers[$uid]);
+ }
+
/**
* If the password can't be changed within ownCloud, than update the key password in advance.
*
@@ -209,13 +242,10 @@ class UserHooks implements IHook {
* @return boolean|null
*/
public function preSetPassphrase($params) {
- if (App::isEnabled('encryption')) {
-
- $user = $this->userManager->get($params['uid']);
+ $user = $this->userManager->get($params['uid']);
- if ($user && !$user->canChangePassword()) {
- $this->setPassphrase($params);
- }
+ if ($user && !$user->canChangePassword()) {
+ $this->setPassphrase($params);
}
}
@@ -227,6 +257,12 @@ class UserHooks implements IHook {
*/
public function setPassphrase($params) {
+ // if we are in the process to resetting a user password, we have nothing
+ // to do here
+ if (isset(self::$passwordResetUsers[$params['uid']])) {
+ return true;
+ }
+
// Get existing decrypted private key
$privateKey = $this->session->getPrivateKey();
$user = $this->user->getUser();
@@ -299,19 +335,6 @@ class UserHooks implements IHook {
Filesystem::initMountPoints($user);
}
-
- /**
- * after password reset we create a new key pair for the user
- *
- * @param array $params
- */
- public function postPasswordReset($params) {
- $password = $params['password'];
-
- $this->keyManager->deleteUserKeys($params['uid']);
- $this->userSetup->setupUser($params['uid'], $password);
- }
-
/**
* setup file system for user
*
diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php
index 26f023ed8f9..caae154b2d3 100644
--- a/apps/encryption/lib/KeyManager.php
+++ b/apps/encryption/lib/KeyManager.php
@@ -560,11 +560,10 @@ class KeyManager {
/**
* @param string $purpose
- * @param bool $timestamp
- * @param bool $includeUserKeys
+ * @param string $uid
*/
- public function backupAllKeys($purpose, $timestamp = true, $includeUserKeys = true) {
-// $backupDir = $this->keyStorage->;
+ public function backupUserKeys($purpose, $uid) {
+ $this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid);
}
/**
@@ -573,7 +572,6 @@ class KeyManager {
* @param string $uid
*/
public function deleteUserKeys($uid) {
- $this->backupAllKeys('password_reset');
$this->deletePublicKey($uid);
$this->deletePrivateKey($uid);
}