diff options
author | Bjoern Schiessle <bjoern@schiessle.org> | 2017-01-02 21:24:37 +0100 |
---|---|---|
committer | Bjoern Schiessle <bjoern@schiessle.org> | 2017-01-10 17:04:32 +0100 |
commit | fcda3a20f455795b898161ec4ada0aeb500b9218 (patch) | |
tree | d1819e6c04954377ede49bbf80ebc02335acf2a2 /apps/encryption/lib | |
parent | 40239decb1b36f1daff53710e01d81e18c24f4fc (diff) | |
download | nextcloud-server-fcda3a20f455795b898161ec4ada0aeb500b9218.tar.gz nextcloud-server-fcda3a20f455795b898161ec4ada0aeb500b9218.zip |
create new encryption keys on password reset and backup the old one
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Diffstat (limited to 'apps/encryption/lib')
-rw-r--r-- | apps/encryption/lib/Hooks/UserHooks.php | 61 | ||||
-rw-r--r-- | apps/encryption/lib/KeyManager.php | 8 |
2 files changed, 45 insertions, 24 deletions
diff --git a/apps/encryption/lib/Hooks/UserHooks.php b/apps/encryption/lib/Hooks/UserHooks.php index 16e4e962432..d189ce3eeef 100644 --- a/apps/encryption/lib/Hooks/UserHooks.php +++ b/apps/encryption/lib/Hooks/UserHooks.php @@ -40,6 +40,13 @@ use OCA\Encryption\Session; use OCA\Encryption\Recovery; class UserHooks implements IHook { + + /** + * list of user for which we perform a password reset + * @var array + */ + protected static $passwordResetUsers = []; + /** * @var KeyManager */ @@ -132,6 +139,16 @@ class UserHooks implements IHook { $this, 'preSetPassphrase'); + OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController', + 'post_passwordReset', + $this, + 'postPasswordReset'); + + OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController', + 'pre_passwordReset', + $this, + 'prePasswordReset'); + OCUtil::connectHook('OC_User', 'post_createUser', $this, @@ -202,6 +219,22 @@ class UserHooks implements IHook { } } + public function prePasswordReset($params) { + if (App::isEnabled('encryption')) { + $user = $params['uid']; + self::$passwordResetUsers[$user] = true; + } + } + + public function postPasswordReset($params) { + $uid = $params['uid']; + $password = $params['password']; + $this->keyManager->backupUserKeys('passwordReset', $uid); + $this->keyManager->deleteUserKeys($uid); + $this->userSetup->setupUser($uid, $password); + unset(self::$passwordResetUsers[$uid]); + } + /** * If the password can't be changed within ownCloud, than update the key password in advance. * @@ -209,13 +242,10 @@ class UserHooks implements IHook { * @return boolean|null */ public function preSetPassphrase($params) { - if (App::isEnabled('encryption')) { - - $user = $this->userManager->get($params['uid']); + $user = $this->userManager->get($params['uid']); - if ($user && !$user->canChangePassword()) { - $this->setPassphrase($params); - } + if ($user && !$user->canChangePassword()) { + $this->setPassphrase($params); } } @@ -227,6 +257,12 @@ class UserHooks implements IHook { */ public function setPassphrase($params) { + // if we are in the process to resetting a user password, we have nothing + // to do here + if (isset(self::$passwordResetUsers[$params['uid']])) { + return true; + } + // Get existing decrypted private key $privateKey = $this->session->getPrivateKey(); $user = $this->user->getUser(); @@ -299,19 +335,6 @@ class UserHooks implements IHook { Filesystem::initMountPoints($user); } - - /** - * after password reset we create a new key pair for the user - * - * @param array $params - */ - public function postPasswordReset($params) { - $password = $params['password']; - - $this->keyManager->deleteUserKeys($params['uid']); - $this->userSetup->setupUser($params['uid'], $password); - } - /** * setup file system for user * diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php index 26f023ed8f9..caae154b2d3 100644 --- a/apps/encryption/lib/KeyManager.php +++ b/apps/encryption/lib/KeyManager.php @@ -560,11 +560,10 @@ class KeyManager { /** * @param string $purpose - * @param bool $timestamp - * @param bool $includeUserKeys + * @param string $uid */ - public function backupAllKeys($purpose, $timestamp = true, $includeUserKeys = true) { -// $backupDir = $this->keyStorage->; + public function backupUserKeys($purpose, $uid) { + $this->keyStorage->backupUserKeys(Encryption::ID, $purpose, $uid); } /** @@ -573,7 +572,6 @@ class KeyManager { * @param string $uid */ public function deleteUserKeys($uid) { - $this->backupAllKeys('password_reset'); $this->deletePublicKey($uid); $this->deletePrivateKey($uid); } |