introduce decryptPrivateKey() method which also checks if the result is a valid private key to avoid additional checks on various places

1 files changed, 11 insertions, 11 deletions

diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php
index b0594f967ba..366f634a51c 100644
--- a/apps/files_encryption/ajax/changeRecoveryPassword.php
+++ b/apps/files_encryption/ajax/changeRecoveryPassword.php
@@ -22,28 +22,28 @@ $return = false;
 $oldPassword = $_POST['oldPassword'];
 $newPassword = $_POST['newPassword'];
 
+$view = new \OC\Files\View('/');
 $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser());
 
-$result = $util->checkRecoveryPassword($oldPassword);
+$proxyStatus = \OC_FileProxy::$enabled;
+\OC_FileProxy::$enabled = false;
 
-if ($result) {
-	$keyId = $util->getRecoveryKeyId();
-	$keyPath = '/owncloud_private_key/' . $keyId . '.private.key';
-	$view = new \OC\Files\View('/');
+$keyId = $util->getRecoveryKeyId();
+$keyPath = '/owncloud_private_key/' . $keyId . '.private.key';
 
-	$proxyStatus = \OC_FileProxy::$enabled;
-	\OC_FileProxy::$enabled = false;
+$encryptedRecoveryKey = $view->file_get_contents($keyPath);
+$decryptedRecoveryKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedRecoveryKey, $oldPassword);
+
+if ($decryptedRecoveryKey) {
 
-	$encryptedRecoveryKey = $view->file_get_contents($keyPath);
-	$decryptedRecoveryKey = \OCA\Encryption\Crypt::symmetricDecryptFileContent($encryptedRecoveryKey, $oldPassword);
 	$encryptedRecoveryKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedRecoveryKey, $newPassword);
 	$view->file_put_contents($keyPath, $encryptedRecoveryKey);
 
-	\OC_FileProxy::$enabled = $proxyStatus;
-
 	$return = true;
 }
 
+\OC_FileProxy::$enabled = $proxyStatus;
+
 // success or failure
 if ($return) {
 	\OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.'))));