summaryrefslogtreecommitdiffstats
path: root/apps/encryption
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2015-05-12 18:49:25 +0200
committerBjoern Schiessle <schiessle@owncloud.com>2015-05-18 10:15:17 +0200
commit887be709f5f0dbbc6ad7b1cc1a9793d04421c5b9 (patch)
tree15cfcb45871688ecd6208f461b0d1e25171a917f /apps/encryption
parent73a3086945b41afa39debd89481c021934dedb67 (diff)
downloadnextcloud-server-887be709f5f0dbbc6ad7b1cc1a9793d04421c5b9.tar.gz
nextcloud-server-887be709f5f0dbbc6ad7b1cc1a9793d04421c5b9.zip
a new approach to display the error message
Diffstat (limited to 'apps/encryption')
-rw-r--r--apps/encryption/appinfo/application.php3
-rw-r--r--apps/encryption/lib/crypto/encryption.php40
-rw-r--r--apps/encryption/lib/util.php31
-rw-r--r--apps/encryption/settings/settings-personal.php3
-rw-r--r--apps/encryption/tests/lib/UtilTest.php18
5 files changed, 85 insertions, 10 deletions
diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php
index 0d6f57f46e9..79b2ad3abaf 100644
--- a/apps/encryption/appinfo/application.php
+++ b/apps/encryption/appinfo/application.php
@@ -209,7 +209,8 @@ class Application extends \OCP\AppFramework\App {
$c->query('Crypt'),
$server->getLogger(),
$server->getUserSession(),
- $server->getConfig());
+ $server->getConfig(),
+ $server->getUserManager());
});
}
diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php
index a4abcd7dc5a..0fd85fa4e9a 100644
--- a/apps/encryption/lib/crypto/encryption.php
+++ b/apps/encryption/lib/crypto/encryption.php
@@ -270,6 +270,15 @@ class Encryption implements IEncryptionModule {
* @return mixed decrypted data
*/
public function decrypt($data) {
+ if (empty($this->fileKey)) {
+ $msg = $this->l->t('Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+ $this->logger->error('Can not decrypt this file,
+ probably this is a shared file.
+ Please ask the file owner to reshare the file with you.');
+
+ throw new DecryptionFailedException($msg);
+ }
+
$result = '';
if (!empty($data)) {
$result = $this->crypt->symmetricDecryptFileContent($data, $this->fileKey, $this->cipher);
@@ -346,6 +355,36 @@ class Encryption implements IEncryptionModule {
}
/**
+ * check if the encryption module is able to read the file,
+ * e.g. if all encryption keys exists
+ *
+ * @param string $path
+ * @param string $uid user for whom we want to check if he can read the file
+ * @return bool
+ * @throws DecryptionFailedException
+ */
+ public function isReadable($path, $uid) {
+ $fileKey = $this->keyManager->getFileKey($path, $uid);
+ if (empty($fileKey)) {
+ $owner = $this->util->getOwner($path);
+ if ($owner !== $uid) {
+ // if it is a shared file we throw a exception with a useful
+ // error message because in this case it means that the file was
+ // shared with the user at a point where the user didn't had a
+ // valid private/public key
+ $msg = 'Encryption module "' . $this->getDisplayName() .
+ '" is not able to read ' . $path;
+ $hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
+ $this->logger->warning($msg);
+ throw new DecryptionFailedException($msg, 0, null, $hint);
+ }
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* @param string $path
* @return string
*/
@@ -360,4 +399,5 @@ class Encryption implements IEncryptionModule {
return $realPath;
}
+
}
diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php
index 51d5241122f..afed96aaa38 100644
--- a/apps/encryption/lib/util.php
+++ b/apps/encryption/lib/util.php
@@ -29,6 +29,7 @@ use OCA\Encryption\Crypto\Crypt;
use OCP\IConfig;
use OCP\ILogger;
use OCP\IUser;
+use OCP\IUserManager;
use OCP\IUserSession;
use OCP\PreConditionNotMetException;
@@ -53,6 +54,10 @@ class Util {
* @var IConfig
*/
private $config;
+ /**
+ * @var IUserManager
+ */
+ private $userManager;
/**
* Util constructor.
@@ -62,18 +67,21 @@ class Util {
* @param ILogger $logger
* @param IUserSession $userSession
* @param IConfig $config
+ * @param IUserManager $userManager
*/
public function __construct(View $files,
Crypt $crypt,
ILogger $logger,
IUserSession $userSession,
- IConfig $config
+ IConfig $config,
+ IUserManager $userManager
) {
$this->files = $files;
$this->crypt = $crypt;
$this->logger = $logger;
$this->user = $userSession && $userSession->isLoggedIn() ? $userSession->getUser() : false;
$this->config = $config;
+ $this->userManager = $userManager;
}
/**
@@ -117,5 +125,26 @@ class Util {
return $this->files->file_exists($uid . '/files');
}
+ /**
+ * get owner from give path, path relative to data/ expected
+ *
+ * @param string $path relative to data/
+ * @return string
+ * @throws \BadMethodCallException
+ */
+ public function getOwner($path) {
+ $owner = '';
+ $parts = explode('/', $path, 3);
+ if (count($parts) > 1) {
+ $owner = $parts[1];
+ if ($this->userManager->userExists($owner) === false) {
+ throw new \BadMethodCallException('Unknown user: ' .
+ 'method expects path to a user folder relative to the data folder');
+ }
+
+ }
+
+ return $owner;
+ }
}
diff --git a/apps/encryption/settings/settings-personal.php b/apps/encryption/settings/settings-personal.php
index 003a27da71d..3815626ee64 100644
--- a/apps/encryption/settings/settings-personal.php
+++ b/apps/encryption/settings/settings-personal.php
@@ -35,7 +35,8 @@ $util = new \OCA\Encryption\Util(
$crypt,
\OC::$server->getLogger(),
$userSession,
- \OC::$server->getConfig());
+ \OC::$server->getConfig(),
+ \OC::$server->getUserManager());
$keyManager = new \OCA\Encryption\KeyManager(
\OC::$server->getEncryptionKeyStorage(),
diff --git a/apps/encryption/tests/lib/UtilTest.php b/apps/encryption/tests/lib/UtilTest.php
index eab912b82d4..18cf0386793 100644
--- a/apps/encryption/tests/lib/UtilTest.php
+++ b/apps/encryption/tests/lib/UtilTest.php
@@ -28,11 +28,17 @@ use Test\TestCase;
class UtilTest extends TestCase {
private static $tempStorage = [];
+
+ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $configMock;
+
+ /** @var \PHPUnit_Framework_MockObject_MockObject */
private $filesMock;
- /**
- * @var Util
- */
+
+ /** @var \PHPUnit_Framework_MockObject_MockObject */
+ private $userManagerMock;
+
+ /** @var Util */
private $instance;
public function testSetRecoveryForUser() {
@@ -40,9 +46,6 @@ class UtilTest extends TestCase {
$this->assertArrayHasKey('recoveryEnabled', self::$tempStorage);
}
- /**
- *
- */
public function testIsRecoveryEnabledForUser() {
$this->assertTrue($this->instance->isRecoveryEnabledForUser('admin'));
@@ -62,6 +65,7 @@ class UtilTest extends TestCase {
protected function setUp() {
parent::setUp();
$this->filesMock = $this->getMock('OC\Files\View');
+ $this->userManagerMock = $this->getMock('\OCP\IUserManager');
$cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt')
->disableOriginalConstructor()
@@ -98,7 +102,7 @@ class UtilTest extends TestCase {
->method('setUserValue')
->will($this->returnCallback([$this, 'setValueTester']));
- $this->instance = new Util($this->filesMock, $cryptMock, $loggerMock, $userSessionMock, $configMock);
+ $this->instance = new Util($this->filesMock, $cryptMock, $loggerMock, $userSessionMock, $configMock, $this->userManagerMock);
}
/**