Merge branch 'master' into backgroundscan-reuse-etag

1 files changed, 28 insertions, 23 deletions

diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index f142f525cfa..7b13ae2a1d0 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -179,9 +179,9 @@ class Hooks {
 		// the necessary keys)

 		if (Crypt::mode() === 'server') {

 

-			if ($params['uid'] === \OCP\User::getUser()) {

+			$view = new \OC_FilesystemView('/');

 

-				$view = new \OC_FilesystemView('/');

+			if ($params['uid'] === \OCP\User::getUser()) {

 

 				$session = new \OCA\Encryption\Session($view);

 

@@ -202,36 +202,41 @@ class Hooks {
 			} else { // admin changed the password for a different user, create new keys and reencrypt file keys

 

 				$user = $params['uid'];

-				$recoveryPassword = $params['recoveryPassword'];

-				$newUserPassword = $params['password'];

+				$util = new Util($view, $user);

+				$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;

 

-				$view = new \OC_FilesystemView('/');

+				if (($util->recoveryEnabledForUser() && $recoveryPassword)

+						|| !$util->userKeysExists()) {

 

-				// make sure that the users home is mounted

-				\OC\Files\Filesystem::initMountPoints($user);

+					$recoveryPassword = $params['recoveryPassword'];

+					$newUserPassword = $params['password'];

 

-				$keypair = Crypt::createKeypair();

+					// make sure that the users home is mounted

+					\OC\Files\Filesystem::initMountPoints($user);

 

-				// Disable encryption proxy to prevent recursive calls

-				$proxyStatus = \OC_FileProxy::$enabled;

-				\OC_FileProxy::$enabled = false;

+					$keypair = Crypt::createKeypair();

 

-				// Save public key

-				$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);

+					// Disable encryption proxy to prevent recursive calls

+					$proxyStatus = \OC_FileProxy::$enabled;

+					\OC_FileProxy::$enabled = false;

 

-				// Encrypt private key empty passphrase

-				$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);

+					// Save public key

+					$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);

 

-				// Save private key

-				$view->file_put_contents(

-					'/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);

+					// Encrypt private key empty passphrase

+					$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);

 

-				if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files

-					$util = new Util($view, $user);

-					$util->recoverUsersFiles($recoveryPassword);

-				}

+					// Save private key

+					$view->file_put_contents(

+							'/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);

+

+					if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files

+						$util = new Util($view, $user);

+						$util->recoverUsersFiles($recoveryPassword);

+					}

 

-				\OC_FileProxy::$enabled = $proxyStatus;

+					\OC_FileProxy::$enabled = $proxyStatus;

+				}

 			}

 		}

 	}