diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-12-08 09:28:49 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <rullzer@owncloud.com> | 2016-01-07 21:30:44 +0100 |
| commit | 00a01a8de29614e95575a2e1689508e0871948e8 (patch) | |
| tree | 96ef0c9dd1e932762057b5b9243cac998e73ee67 /apps/encryption | |
| parent | 1cc6fddead3f71d170557e99ef8676724cb58a6e (diff) | |
| download | nextcloud-server-00a01a8de29614e95575a2e1689508e0871948e8.tar.gz nextcloud-server-00a01a8de29614e95575a2e1689508e0871948e8.zip | |
Fix PHPDoc + Add handling for error cases
Makes static code analyzers happier.
Diffstat (limited to 'apps/encryption')
| -rw-r--r-- | apps/encryption/lib/keymanager.php | 2 | ||||
| -rw-r--r-- | apps/encryption/lib/recovery.php | 12 | ||||
| -rw-r--r-- | apps/encryption/tests/lib/RecoveryTest.php | 64 |
3 files changed, 69 insertions, 9 deletions
diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 0c8418c67a8..8fa42be27fc 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -213,7 +213,7 @@ class KeyManager { } /** - * @param $password + * @param string $password * @return bool */ public function checkRecoveryPassword($password) { diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index cffa641f517..32e3ec16dee 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -102,7 +102,6 @@ class Recovery { } /** - * @param $recoveryKeyId * @param string $password * @return bool */ @@ -112,6 +111,9 @@ class Recovery { if (!$keyManager->recoveryKeyExists()) { $keyPair = $this->crypt->createKeyPair(); + if(!is_array($keyPair)) { + return false; + } $this->keyManager->setRecoveryKey($password, $keyPair); } @@ -134,6 +136,9 @@ class Recovery { public function changeRecoveryKeyPassword($newPassword, $oldPassword) { $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword); + if($decryptedRecoveryKey === false) { + return false; + } $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword); $header = $this->crypt->generateHeader(); if ($encryptedRecoveryKey) { @@ -264,8 +269,9 @@ class Recovery { $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword); - - $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user); + if($privateKey !== false) { + $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user); + } } /** diff --git a/apps/encryption/tests/lib/RecoveryTest.php b/apps/encryption/tests/lib/RecoveryTest.php index 0cdd76d6b44..82f5341960e 100644 --- a/apps/encryption/tests/lib/RecoveryTest.php +++ b/apps/encryption/tests/lib/RecoveryTest.php @@ -59,14 +59,44 @@ class RecoveryTest extends TestCase { */ private $instance; - public function testEnableAdminRecovery() { + public function testEnableAdminRecoverySuccessful() { $this->keyManagerMock->expects($this->exactly(2)) ->method('recoveryKeyExists') ->willReturnOnConsecutiveCalls(false, true); $this->cryptMock->expects($this->once()) ->method('createKeyPair') - ->willReturn(true); + ->willReturn([ + 'publicKey' => 'privateKey', + 'privateKey' => 'publicKey', + ]); + + $this->keyManagerMock->expects($this->once()) + ->method('setRecoveryKey') + ->willReturn(false); + + $this->keyManagerMock->expects($this->exactly(2)) + ->method('checkRecoveryPassword') + ->willReturnOnConsecutiveCalls(true, true); + + $this->assertTrue($this->instance->enableAdminRecovery('password')); + $this->assertArrayHasKey('recoveryAdminEnabled', self::$tempStorage); + $this->assertEquals(1, self::$tempStorage['recoveryAdminEnabled']); + + $this->assertTrue($this->instance->enableAdminRecovery('password')); + } + + public function testEnableAdminRecoveryCouldNotCheckPassword() { + $this->keyManagerMock->expects($this->exactly(2)) + ->method('recoveryKeyExists') + ->willReturnOnConsecutiveCalls(false, true); + + $this->cryptMock->expects($this->once()) + ->method('createKeyPair') + ->willReturn([ + 'publicKey' => 'privateKey', + 'privateKey' => 'publicKey', + ]); $this->keyManagerMock->expects($this->once()) ->method('setRecoveryKey') @@ -83,7 +113,19 @@ class RecoveryTest extends TestCase { $this->assertFalse($this->instance->enableAdminRecovery('password')); } - public function testChangeRecoveryKeyPassword() { + public function testEnableAdminRecoveryCouldNotCreateKey() { + $this->keyManagerMock->expects($this->once()) + ->method('recoveryKeyExists') + ->willReturn(false); + + $this->cryptMock->expects($this->once()) + ->method('createKeyPair') + ->willReturn(false); + + $this->assertFalse($this->instance->enableAdminRecovery('password')); + } + + public function testChangeRecoveryKeyPasswordSuccessful() { $this->assertFalse($this->instance->changeRecoveryKeyPassword('password', 'passwordOld')); @@ -101,6 +143,19 @@ class RecoveryTest extends TestCase { 'passwordOld')); } + public function testChangeRecoveryKeyPasswordCouldNotDecryptPrivateRecoveryKey() { + $this->assertFalse($this->instance->changeRecoveryKeyPassword('password', 'passwordOld')); + + $this->keyManagerMock->expects($this->once()) + ->method('getSystemPrivateKey'); + + $this->cryptMock->expects($this->once()) + ->method('decryptPrivateKey') + ->will($this->returnValue(false)); + + $this->assertFalse($this->instance->changeRecoveryKeyPassword('password', 'passwordOld')); + } + public function testDisableAdminRecovery() { $this->keyManagerMock->expects($this->exactly(2)) @@ -145,8 +200,7 @@ class RecoveryTest extends TestCase { $this->cryptMock->expects($this->once()) ->method('decryptPrivateKey'); - $this->assertNull($this->instance->recoverUsersFiles('password', - 'admin')); + $this->assertNull($this->instance->recoverUsersFiles('password', 'admin')); } public function testRecoverFile() { |