make encryption configurable for home storage

11 files changed, 247 insertions, 61 deletions

diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php
index 812f1042a8f..6275047252e 100644
--- a/apps/encryption/appinfo/application.php
+++ b/apps/encryption/appinfo/application.php
@@ -201,7 +201,8 @@ class Application extends \OCP\AppFramework\App {
 				$c->query('KeyManager'),
 				$c->query('Crypt'),
 				$c->query('Session'),
-				$server->getSession()
+				$server->getSession(),
+				$c->query('Util')
 			);
 		});
 
diff --git a/apps/encryption/appinfo/routes.php b/apps/encryption/appinfo/routes.php
index 8fa163d0751..260337361e8 100644
--- a/apps/encryption/appinfo/routes.php
+++ b/apps/encryption/appinfo/routes.php
@@ -36,6 +36,11 @@ namespace OCA\Encryption\AppInfo;
 		'verb' => 'POST'
 	],
 	[
+		'name' => 'Settings#setEncryptHomeStorage',
+		'url' => '/ajax/setEncryptHomeStorage',
+		'verb' => 'POST'
+	],
+	[
 		'name' => 'Recovery#changeRecoveryPassword',
 		'url' => '/ajax/changeRecoveryPassword',
 		'verb' => 'POST'
diff --git a/apps/encryption/controller/settingscontroller.php b/apps/encryption/controller/settingscontroller.php
index e5bb79a1d40..59e23087b3a 100644
--- a/apps/encryption/controller/settingscontroller.php
+++ b/apps/encryption/controller/settingscontroller.php
@@ -25,6 +25,7 @@ namespace OCA\Encryption\Controller;
 use OCA\Encryption\Crypto\Crypt;
 use OCA\Encryption\KeyManager;
 use OCA\Encryption\Session;
+use OCA\Encryption\Util;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -57,6 +58,9 @@ class SettingsController extends Controller {
 	/** @var ISession  */
 	private $ocSession;
 
+	/** @var  Util */
+	private $util;
+
 	/**
 	 * @param string $AppName
 	 * @param IRequest $request
@@ -67,6 +71,7 @@ class SettingsController extends Controller {
 	 * @param Crypt $crypt
 	 * @param Session $session
 	 * @param ISession $ocSession
+	 * @param Util $util
 	 */
 	public function __construct($AppName,
 								IRequest $request,
@@ -76,7 +81,9 @@ class SettingsController extends Controller {
 								KeyManager $keyManager,
 								Crypt $crypt,
 								Session $session,
-								ISession $ocSession) {
+								ISession $ocSession,
+								Util $util
+) {
 		parent::__construct($AppName, $request);
 		$this->l = $l10n;
 		$this->userSession = $userSession;
@@ -85,6 +92,7 @@ class SettingsController extends Controller {
 		$this->crypt = $crypt;
 		$this->session = $session;
 		$this->ocSession = $ocSession;
+		$this->util = $util;
 	}
 
 
@@ -143,4 +151,15 @@ class SettingsController extends Controller {
 		}
 
 	}
+
+	/**
+	 * @UseSession
+	 *
+	 * @param bool $encryptHomeStorage
+	 * @return DataResponse
+	 */
+	public function setEncryptHomeStorage($encryptHomeStorage) {
+		$this->util->setEncryptHomeStorage($encryptHomeStorage);
+		return new DataResponse();
+	}
 }
diff --git a/apps/encryption/js/settings-admin.js b/apps/encryption/js/settings-admin.js
index 39923718c21..9b00a4ec627 100644
--- a/apps/encryption/js/settings-admin.js
+++ b/apps/encryption/js/settings-admin.js
@@ -76,4 +76,13 @@ $(document).ready(function () {
 			});
 	});
 
+	$('#encryptHomeStorage').change(function() {
+		$.post(
+			OC.generateUrl('/apps/encryption/ajax/setEncryptHomeStorage'),
+			{
+				encryptHomeStorage: this.checked
+			}
+		);
+	});
+
 });
diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php
index 1a05277e20d..d1140ce7cde 100644
--- a/apps/encryption/lib/crypto/encryption.php
+++ b/apps/encryption/lib/crypto/encryption.php
@@ -378,6 +378,12 @@ class Encryption implements IEncryptionModule {
 	 * @return boolean
 	 */
 	public function shouldEncrypt($path) {
+		if ($this->util->shouldEncryptHomeStorage() === false) {
+			$storage = $this->util->getStorage($path);
+			if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) {
+				return false;
+			}
+		}
 		$parts = explode('/', $path);
 		if (count($parts) < 4) {
 			return false;
diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php
index a162dcde305..62c9dc6dc5f 100644
--- a/apps/encryption/lib/util.php
+++ b/apps/encryption/lib/util.php
@@ -94,12 +94,41 @@ class Util {
 		$recoveryMode = $this->config->getUserValue($uid,
 			'encryption',
 			'recoveryEnabled',
-			0);
+			'0');
 
 		return ($recoveryMode === '1');
 	}
 
 	/**
+	 * check if the home storage should be encrypted
+	 *
+	 * @return bool
+	 */
+	public function shouldEncryptHomeStorage() {
+		$encryptHomeStorage = $this->config->getAppValue(
+			'encryption',
+			'encryptHomeStorage',
+			'1'
+		);
+
+		return ($encryptHomeStorage === '1');
+	}
+
+	/**
+	 * check if the home storage should be encrypted
+	 *
+	 * @param bool $encryptHomeStorage
+	 */
+	public function setEncryptHomeStorage($encryptHomeStorage) {
+		$value = $encryptHomeStorage ? '1' : '0';
+		$this->config->setAppValue(
+			'encryption',
+			'encryptHomeStorage',
+			$value
+		);
+	}
+
+	/**
 	 * check if master key is enabled
 	 *
 	 * @return bool
@@ -157,4 +186,15 @@ class Util {
 		return $owner;
 	}
 
+	/**
+	 * get storage of path
+	 *
+	 * @param string $path
+	 * @return \OC\Files\Storage\Storage
+	 */
+	public function getStorage($path) {
+		$storage = $this->files->getMount($path)->getStorage();
+		return $storage;
+	}
+
 }
diff --git a/apps/encryption/settings/settings-admin.php b/apps/encryption/settings/settings-admin.php
index c7ac8c09c6b..8d55d587fed 100644
--- a/apps/encryption/settings/settings-admin.php
+++ b/apps/encryption/settings/settings-admin.php
@@ -25,12 +25,27 @@
 
 $tmpl = new OCP\Template('encryption', 'settings-admin');
 
+$crypt = new \OCA\Encryption\Crypto\Crypt(
+	\OC::$server->getLogger(),
+	\OC::$server->getUserSession(),
+	\OC::$server->getConfig());
+
+$util = new \OCA\Encryption\Util(
+	new \OC\Files\View(),
+	$crypt,
+	\OC::$server->getLogger(),
+	\OC::$server->getUserSession(),
+	\OC::$server->getConfig(),
+	\OC::$server->getUserManager());
+
 // Check if an adminRecovery account is enabled for recovering files after lost pwd
 $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0');
 $session = new \OCA\Encryption\Session(\OC::$server->getSession());
 
+$encryptHomeStorage = $util->shouldEncryptHomeStorage($user);
 
 $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
 $tmpl->assign('initStatus', $session->getStatus());
+$tmpl->assign('encryptHomeStorage', $encryptHomeStorage);
 
 return $tmpl->fetchPage();
diff --git a/apps/encryption/templates/settings-admin.php b/apps/encryption/templates/settings-admin.php
index 81c7f0607d8..e55aba6757c 100644
--- a/apps/encryption/templates/settings-admin.php
+++ b/apps/encryption/templates/settings-admin.php
@@ -9,56 +9,63 @@ style('encryption', 'settings-admin');
 	<?php if(!$_["initStatus"]): ?>
 		<?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?>
 	<?php else: ?>
-	<p id="encryptionSetRecoveryKey">
-		<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
-		<span class="msg"></span>
-		<br/>
-		<em>
-		<?php p($l->t("The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password.")) ?>
-		</em>
-		<br/>
-		<input type="password"
-			   name="encryptionRecoveryPassword"
-			   id="encryptionRecoveryPassword"
-			   placeholder="<?php p($l->t("Recovery key password")); ?>"/>
-		<input type="password"
-			   name="encryptionRecoveryPassword"
-			   id="repeatEncryptionRecoveryPassword"
-			   placeholder="<?php p($l->t("Repeat recovery key password")); ?>"/>
-		<input type="button"
-			   name="enableRecoveryKey"
-			   id="enableRecoveryKey"
-			   status="<?php p($_["recoveryEnabled"]) ?>"
-			   value="<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/>
-	</p>
-	<br/><br/>
-
-	<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
-		<?php p($l->t("Change recovery key password:")); ?>
-		<span class="msg"></span>
-		<br/>
-		<input
-			type="password"
-			name="changeRecoveryPassword"
-			id="oldEncryptionRecoveryPassword"
-			placeholder="<?php p($l->t("Old recovery key password")); ?>"/>
+		<p id="encryptHomeStorageSetting">
+			<input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage"
+				   value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> />
+			<label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br>
+			<em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em>
+		</p>
 		<br />
-		<input
-			type="password"
-			name="changeRecoveryPassword"
-			id="newEncryptionRecoveryPassword"
-			placeholder="<?php p($l->t("New recovery key password")); ?>"/>
-		<input
-			type="password"
-			name="changeRecoveryPassword"
-			id="repeatedNewEncryptionRecoveryPassword"
-			placeholder="<?php p($l->t("Repeat new recovery key password")); ?>"/>
+		<p id="encryptionSetRecoveryKey">
+			<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
+			<span class="msg"></span>
+			<br/>
+			<em>
+				<?php p($l->t("The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password.")) ?>
+			</em>
+			<br/>
+			<input type="password"
+				   name="encryptionRecoveryPassword"
+				   id="encryptionRecoveryPassword"
+				   placeholder="<?php p($l->t("Recovery key password")); ?>"/>
+			<input type="password"
+				   name="encryptionRecoveryPassword"
+				   id="repeatEncryptionRecoveryPassword"
+				   placeholder="<?php p($l->t("Repeat recovery key password")); ?>"/>
+			<input type="button"
+				   name="enableRecoveryKey"
+				   id="enableRecoveryKey"
+				   status="<?php p($_["recoveryEnabled"]) ?>"
+				   value="<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/>
+		</p>
+		<br/><br/>
+
+		<p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
+			<?php p($l->t("Change recovery key password:")); ?>
+			<span class="msg"></span>
+			<br/>
+			<input
+				type="password"
+				name="changeRecoveryPassword"
+				id="oldEncryptionRecoveryPassword"
+				placeholder="<?php p($l->t("Old recovery key password")); ?>"/>
+			<br />
+			<input
+				type="password"
+				name="changeRecoveryPassword"
+				id="newEncryptionRecoveryPassword"
+				placeholder="<?php p($l->t("New recovery key password")); ?>"/>
+			<input
+				type="password"
+				name="changeRecoveryPassword"
+				id="repeatedNewEncryptionRecoveryPassword"
+				placeholder="<?php p($l->t("Repeat new recovery key password")); ?>"/>
 
-		<button
-			type="button"
-			name="submitChangeRecoveryKey">
+			<button
+				type="button"
+				name="submitChangeRecoveryKey">
 				<?php p($l->t("Change Password")); ?>
-		</button>
-	</p>
+			</button>
+		</p>
 	<?php endif; ?>
 </form>
diff --git a/apps/encryption/tests/controller/SettingsControllerTest.php b/apps/encryption/tests/controller/SettingsControllerTest.php
index 724a01522af..3b30e61a45b 100644
--- a/apps/encryption/tests/controller/SettingsControllerTest.php
+++ b/apps/encryption/tests/controller/SettingsControllerTest.php
@@ -56,6 +56,9 @@ class SettingsControllerTest extends TestCase {
 	/** @var  \PHPUnit_Framework_MockObject_MockObject */
 	private $ocSessionMock;
 
+	/** @var \PHPUnit_Framework_MockObject_MockObject */
+	private $utilMock;
+
 	protected function setUp() {
 
 		parent::setUp();
@@ -106,6 +109,10 @@ class SettingsControllerTest extends TestCase {
 		$this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session')
 			->disableOriginalConstructor()->getMock();
 
+		$this->utilMock = $this->getMockBuilder('OCA\Encryption\Util')
+			->disableOriginalConstructor()
+			->getMock();
+
 		$this->controller = new SettingsController(
 			'encryption',
 			$this->requestMock,
@@ -115,7 +122,8 @@ class SettingsControllerTest extends TestCase {
 			$this->keyManagerMock,
 			$this->cryptMock,
 			$this->sessionMock,
-			$this->ocSessionMock
+			$this->ocSessionMock,
+			$this->utilMock
 		);
 	}
 
@@ -234,4 +242,10 @@ class SettingsControllerTest extends TestCase {
 			$data['message']);
 	}
 
+	function testSetEncryptHomeStorage() {
+		$value = true;
+		$this->utilMock->expects($this->once())->method('setEncryptHomeStorage')->with($value);
+		$this->controller->setEncryptHomeStorage($value);
+	}
+
 }
diff --git a/apps/encryption/tests/lib/UtilTest.php b/apps/encryption/tests/lib/UtilTest.php
index 723cc9fb910..d55b6b50b3e 100644
--- a/apps/encryption/tests/lib/UtilTest.php
+++ b/apps/encryption/tests/lib/UtilTest.php
@@ -39,6 +39,9 @@ class UtilTest extends TestCase {
 	/** @var \PHPUnit_Framework_MockObject_MockObject */
 	private $userManagerMock;
 
+	/** @var \PHPUnit_Framework_MockObject_MockObject */
+	private $mountMock;
+
 	/** @var Util */
 	private $instance;
 
@@ -65,6 +68,7 @@ class UtilTest extends TestCase {
 
 	protected function setUp() {
 		parent::setUp();
+		$this->mountMock = $this->getMock('\OCP\Files\Mount\IMountPoint');
 		$this->filesMock = $this->getMock('OC\Files\View');
 		$this->userManagerMock = $this->getMock('\OCP\IUserManager');
 
@@ -151,4 +155,52 @@ class UtilTest extends TestCase {
 		];
 	}
 
+	/**
+	 * @dataProvider dataTestShouldEncryptHomeStorage
+	 * @param $returnValue return value from getAppValue()
+	 * @param $expected
+	 */
+	public function testShouldEncryptHomeStorage($returnValue, $expected) {
+		$this->configMock->expects($this->once())->method('getAppValue')
+			->with('encryption', 'encryptHomeStorage', '1')
+			->willReturn($returnValue);
+
+		$this->assertSame($expected,
+			$this->instance->shouldEncryptHomeStorage());
+	}
+
+	public function dataTestShouldEncryptHomeStorage() {
+		return [
+			['1', true],
+			['0', false]
+		];
+	}
+
+	/**
+	 * @dataProvider dataTestSetEncryptHomeStorage
+	 * @param $value
+	 * @param $expected
+	 */
+	public function testSetEncryptHomeStorage($value, $expected) {
+		$this->configMock->expects($this->once())->method('setAppValue')
+			->with('encryption', 'encryptHomeStorage', $expected);
+		$this->instance->setEncryptHomeStorage($value);
+	}
+
+	public function dataTestSetEncryptHomeStorage() {
+		return [
+			[true, '1'],
+			[false, '0']
+		];
+	}
+
+	public function testGetStorage() {
+		$path = '/foo/bar.txt';
+		$this->filesMock->expects($this->once())->method('getMount')->with($path)
+			->willReturn($this->mountMock);
+		$this->mountMock->expects($this->once())->method('getStorage')->willReturn(true);
+
+		$this->assertTrue($this->instance->getStorage($path));
+	}
+
 }
diff --git a/apps/encryption/tests/lib/crypto/encryptionTest.php b/apps/encryption/tests/lib/crypto/encryptionTest.php
index f76bdfb6d61..138c1bc9446 100644
--- a/apps/encryption/tests/lib/crypto/encryptionTest.php
+++ b/apps/encryption/tests/lib/crypto/encryptionTest.php
@@ -55,9 +55,14 @@ class EncryptionTest extends TestCase {
 	/** @var \PHPUnit_Framework_MockObject_MockObject */
 	private $l10nMock;
 
+	/** @var \PHPUnit_Framework_MockObject_MockObject */
+	private $storageMock;
+
 	public function setUp() {
 		parent::setUp();
 
+		$this->storageMock = $this->getMockBuilder('OCP\Files\Storage')
+			->disableOriginalConstructor()->getMock();
 		$this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
 			->disableOriginalConstructor()
 			->getMock();
@@ -312,7 +317,17 @@ class EncryptionTest extends TestCase {
 	 *
 	 * @dataProvider dataTestShouldEncrypt
 	 */
-	public function testShouldEncrypt($path, $expected) {
+	public function testShouldEncrypt($path, $shouldEncryptHomeStorage, $isHomeStorage, $expected) {
+		$this->utilMock->expects($this->once())->method('shouldEncryptHomeStorage')
+			->willReturn($shouldEncryptHomeStorage);
+
+		if ($shouldEncryptHomeStorage === false) {
+			$this->storageMock->expects($this->once())->method('instanceOfStorage')
+				->with('\OCP\Files\IHomeStorage')->willReturn($isHomeStorage);
+			$this->utilMock->expects($this->once())->method('getStorage')->with($path)
+				->willReturn($this->storageMock);
+		}
+
 		$this->assertSame($expected,
 			$this->instance->shouldEncrypt($path)
 		);
@@ -320,14 +335,17 @@ class EncryptionTest extends TestCase {
 
 	public function dataTestShouldEncrypt() {
 		return array(
-			array('/user1/files/foo.txt', true),
-			array('/user1/files_versions/foo.txt', true),
-			array('/user1/files_trashbin/foo.txt', true),
-			array('/user1/some_folder/foo.txt', false),
-			array('/user1/foo.txt', false),
-			array('/user1/files', false),
-			array('/user1/files_trashbin', false),
-			array('/user1/files_versions', false),
+			array('/user1/files/foo.txt', true, true, true),
+			array('/user1/files_versions/foo.txt', true, true, true),
+			array('/user1/files_trashbin/foo.txt', true, true, true),
+			array('/user1/some_folder/foo.txt', true, true, false),
+			array('/user1/foo.txt', true, true, false),
+			array('/user1/files', true, true, false),
+			array('/user1/files_trashbin', true, true, false),
+			array('/user1/files_versions', true, true, false),
+			// test if shouldEncryptHomeStorage is set to false
+			array('/user1/files/foo.txt', false, true, false),
+			array('/user1/files_versions/foo.txt', false, false, true),
 		);
 	}