Merge branch 'master' into rename-lostpassword-controller

Conflicts:
	core/lostpassword/controller.php

5 files changed, 50 insertions, 13 deletions

diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index de306462d79..85169e6a1d0 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -36,14 +36,6 @@ class Hooks {
 	 */

 	public static function login($params) {

 		$l = new \OC_L10N('files_encryption');

-		//check if all requirements are met

-		if(!Helper::checkRequirements() || !Helper::checkConfiguration() ) {

-			$error_msg = $l->t("Missing requirements.");

-			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');

-			\OC_App::disable('files_encryption');

-			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);

-			\OCP\Template::printErrorPage($error_msg, $hint);

-		}

 

 		$view = new \OC_FilesystemView('/');

 

@@ -54,6 +46,15 @@ class Hooks {
 

 		$util = new Util($view, $params['uid']);

 

+		//check if all requirements are met

+		if(!$util->ready() && (!Helper::checkRequirements() || !Helper::checkConfiguration())) {

+			$error_msg = $l->t("Missing requirements.");

+			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');

+			\OC_App::disable('files_encryption');

+			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);

+			\OCP\Template::printErrorPage($error_msg, $hint);

+		}

+

 		// setup user, if user not ready force relogin

 		if (Helper::setupUser($util, $params['password']) === false) {

 			return false;

diff --git a/apps/files_encryption/l10n/fr.php b/apps/files_encryption/l10n/fr.php
index 12af8101394..358937441e2 100644
--- a/apps/files_encryption/l10n/fr.php
+++ b/apps/files_encryption/l10n/fr.php
@@ -10,6 +10,8 @@ $TRANSLATIONS = array(
 "Could not update the private key password. Maybe the old password was not correct." => "Impossible de mettre à jour le mot de passe de la clé privé. Peut-être que l'ancien mot de passe n'était pas correcte.",
 "Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files." => "Votre clé de sécurité privée n'est pas valide! Il est probable que votre mot de passe ait été changé sans passer par le système ownCloud (par éxemple: le serveur de votre entreprise). Ain d'avoir à nouveau accès à vos fichiers cryptés, vous pouvez mettre à jour votre clé de sécurité privée dans les paramètres personnels de votre compte.",
 "Missing requirements." => "Système minimum requis non respecté.",
+"Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Veuillez vous assurer qu'une version de PHP 5.3.3 ou supérieure est installée et qu'OpenSSL et son extension PHP sont activés et configurés correctement. En attendant, l'application de chiffrement été désactivée.",
+"Following users are not set up for encryption:" => "Les utilisateurs suivants ne sont pas configurés pour le chiffrement :",
 "Saving..." => "Enregistrement...",
 "Your private key is not valid! Maybe the your password was changed from outside." => "Votre clef privée est invalide ! Votre mot de passe a peut-être été modifié depuis l'extérieur.",
 "You can unlock your private key in your " => "Vous pouvez déverrouiller votre clé privée dans votre",
diff --git a/apps/files_encryption/l10n/hu_HU.php b/apps/files_encryption/l10n/hu_HU.php
index 49dcf817fb7..323291bbfbe 100644
--- a/apps/files_encryption/l10n/hu_HU.php
+++ b/apps/files_encryption/l10n/hu_HU.php
@@ -1,6 +1,18 @@
 <?php
 $TRANSLATIONS = array(
+"Recovery key successfully disabled" => "Visszaállítási kulcs sikeresen kikapcsolva",
+"Password successfully changed." => "Jelszó sikeresen megváltoztatva.",
+"Could not change the password. Maybe the old password was not correct." => "A jelszót nem lehet megváltoztatni! Lehet, hogy hibás volt a régi jelszó.",
+"Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled." => "Kérlek győződj meg arról, hogy PHP 5.3.3 vagy annál frissebb van telepítve, valamint a PHP-hez tartozó OpenSSL bővítmény be van-e kapcsolva és az helyesen van-e konfigurálva! Ki lett kapcsolva ideiglenesen a titkosító alkalmazás.",
 "Saving..." => "Mentés...",
-"Encryption" => "Titkosítás"
+"personal settings" => "személyes beállítások",
+"Encryption" => "Titkosítás",
+"Enabled" => "Bekapcsolva",
+"Disabled" => "Kikapcsolva",
+"Change Password" => "Jelszó megváltoztatása",
+"Old log-in password" => "Régi bejelentkezési jelszó",
+"Current log-in password" => "Jelenlegi bejelentkezési jelszó",
+"Update Private Key Password" => "Privát kulcs jelszó frissítése",
+"Enable password recovery:" => "Jelszó-visszaállítás bekapcsolása"
 );
 $PLURAL_FORMS = "nplurals=2; plural=(n != 1);";
diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php
index e129bc9313e..c009718160a 100755
--- a/apps/files_encryption/lib/crypt.php
+++ b/apps/files_encryption/lib/crypt.php
@@ -52,14 +52,14 @@ class Crypt {
 

 		$return = false;

 

-		$res = openssl_pkey_new(array('private_key_bits' => 4096));

+		$res = Helper::getOpenSSLPkey();

 

 		if ($res === false) {

 			\OCP\Util::writeLog('Encryption library', 'couldn\'t generate users key-pair for ' . \OCP\User::getUser(), \OCP\Util::ERROR);

 			while ($msg = openssl_error_string()) {

 				\OCP\Util::writeLog('Encryption library', 'openssl_pkey_new() fails:  ' . $msg, \OCP\Util::ERROR);

 			}

-		} elseif (openssl_pkey_export($res, $privateKey)) {

+		} elseif (openssl_pkey_export($res, $privateKey, null, Helper::getOpenSSLConfig())) {

 			// Get public key

 			$keyDetails = openssl_pkey_get_details($res);

 			$publicKey = $keyDetails['key'];

@@ -70,7 +70,9 @@ class Crypt {
 			);

 		} else {

 			\OCP\Util::writeLog('Encryption library', 'couldn\'t export users private key, please check your servers openSSL configuration.' . \OCP\User::getUser(), \OCP\Util::ERROR);

-			\OCP\Util::writeLog('Encryption library', openssl_error_string(), \OCP\Util::ERROR);

+			while($errMsg = openssl_error_string()) {

+				\OCP\Util::writeLog('Encryption library', $errMsg, \OCP\Util::ERROR);

+			}

 		}

 

 		return $return;

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 0209a5d18b7..445d7ff8ca7 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -265,7 +265,7 @@ class Helper {
 	 * @return bool true if configuration seems to be OK
 	 */
 	public static function checkConfiguration() {
-		if(openssl_pkey_new(array('private_key_bits' => 4096))) {
+		if(self::getOpenSSLPkey()) {
 			return true;
 		} else {
 			while ($msg = openssl_error_string()) {
@@ -276,6 +276,26 @@ class Helper {
 	}
 
 	/**
+	 * Create an openssl pkey with config-supplied settings
+	 * WARNING: This initializes a new private keypair, which is computationally expensive
+	 * @return resource The pkey resource created
+	 */
+	public static function getOpenSSLPkey() {
+		return openssl_pkey_new(self::getOpenSSLConfig());
+	}
+
+	/**
+	 * Return an array of OpenSSL config options, default + config
+	 * Used for multiple OpenSSL functions
+	 * @return array The combined defaults and config settings
+	 */
+	public static function getOpenSSLConfig() {
+		$config = array('private_key_bits' => 4096);
+		$config = array_merge(\OCP\Config::getSystemValue('openssl', array()), $config);
+		return $config;
+	}
+
+	/**
 	 * @brief glob uses different pattern than regular expressions, escape glob pattern only
 	 * @param unescaped path
 	 * @return escaped path