[wip] make encryption work with public gallery sharing

5 files changed, 65 insertions, 56 deletions

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 0ac6fcf403a..e66a84d909f 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -225,10 +225,7 @@ class Helper {
 	 * @return bool
 	 */
 	public static function isPublicAccess() {
-		if (\OCP\USER::getUser() === false
-			|| (isset($_GET['service']) && $_GET['service'] == 'files'
-				&& isset($_GET['t']))
-		) {
+		if (\OCP\USER::getUser() === false) {
 			return true;
 		} else {
 			return false;
@@ -255,6 +252,35 @@ class Helper {
 		return $relPath;
 	}
 
+	public static function getUser($path) {
+
+		$user = \OCP\User::getUser();
+
+		// if we are logged in, than we return the userid
+		if ($user) {
+			return $user;
+		}
+
+		// if no user is logged in we try to access a publically shared files.
+		// In this case we need to try to get the user from the path
+
+		$trimmed = ltrim($path, '/');
+		$split = explode('/', $trimmed);
+
+		// it is not a file relative to data/user/files
+		if (count($split) < 2 || $split[1] !== 'files') {
+			return false;
+		}
+
+		$user = $split[0];
+
+		if (\OCP\User::userExists($user)) {
+			return $user;
+		}
+
+		return false;
+	}
+
 	/**
 	 * @brief get path to the correspondig file in data/user/files if path points
 	 *        to a version or to a file in cache
diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php
index 6dadd12a62e..8d3e72b422b 100755
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@@ -172,16 +172,14 @@ class Keymanager {
 	/**
 	 * @brief retrieve keyfile for an encrypted file
 	 * @param \OC_FilesystemView $view
-	 * @param $userId
+	 * @param \OCA\Encryption\Util $util
 	 * @param $filePath
 	 * @internal param \OCA\Encryption\file $string name
 	 * @return string file key or false
 	 * @note The keyfile returned is asymmetrically encrypted. Decryption
 	 * of the keyfile must be performed by client code
 	 */
-	public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) {
-
-		$util = new Util($view, \OCP\User::getUser());
+	public static function getFileKey(\OC_FilesystemView $view, $util, $filePath) {
 
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
 		$filename = Helper::stripPartialFileExtension($filename);
@@ -364,21 +362,19 @@ class Keymanager {
 	 * @brief retrieve shareKey for an encrypted file
 	 * @param \OC_FilesystemView $view
 	 * @param string $userId
+	 * @param \OCA\Encryption\Util $util
 	 * @param string $filePath
 	 * @internal param \OCA\Encryption\file $string name
 	 * @return string file key or false
 	 * @note The sharekey returned is encrypted. Decryption
 	 * of the keyfile must be performed by client code
 	 */
-	public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) {
+	public static function getShareKey(\OC_FilesystemView $view, $userId, $util, $filePath) {
 
 		// try reusing key file if part file
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
 
-		//here we need the currently logged in user, while userId can be a different user
-		$util = new Util($view, \OCP\User::getUser());
-
 		list($owner, $filename) = $util->getUidAndFilename($filePath);
 		$filename = Helper::stripPartialFileExtension($filename);
 		// in case of system wide mount points the keys are stored directly in the data directory
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index 54c3b9caa15..f7253b4591b 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -260,7 +260,8 @@ class Proxy extends \OC_FileProxy {
 
 		$view = new \OC_FilesystemView('');
 
-		$util = new Util($view, \OCP\USER::getUser());
+		$userId = Helper::getUser($path);
+		$util = new Util($view, $userId);
 
 		// If file is already encrypted, decrypt using crypto protocol
 		if (
@@ -323,7 +324,7 @@ class Proxy extends \OC_FileProxy {
 
 		$view = new \OC_FilesystemView('/');
 
-		$userId = \OCP\User::getUser();
+		$userId = Helper::getUser($path);
 		$util = new Util($view, $userId);
 
 		// if encryption is no longer enabled or if the files aren't migrated yet
@@ -398,7 +399,7 @@ class Proxy extends \OC_FileProxy {
 
 		$view = new \OC_FilesystemView('/');
 		$session = new \OCA\Encryption\Session($view);
-		$userId = \OCP\User::getUser();
+		$userId = Helper::getUser($path);
 		$util = new Util($view, $userId);
 
 		// split the path parts
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 1738955d1aa..393c133d765 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -250,12 +250,14 @@ class Stream {
 
 		// Fetch and decrypt keyfile
 		// Fetch existing keyfile
-		$this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath);
+		$userId = Helper::getUser($this->rawPath);
+		$util = new \OCA\Encryption\Util($this->rootView, $userId);
+		$this->encKeyfile = Keymanager::getFileKey($this->rootView, $util, $this->relPath);
 
 		// If a keyfile already exists
 		if ($this->encKeyfile) {
 
-			$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
+			$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $util, $this->relPath);
 
 			// if there is no valid private key return false
 			if ($this->privateKey === false) {
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index f9beb9de670..08c88704083 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -38,7 +38,8 @@ class Util {
 	const MIGRATION_OPEN = 0;         // user still needs to be migrated
 
 	private $view; // OC_FilesystemView object for filesystem operations
-	private $userId; // ID of the currently logged-in user
+	private $userId; // ID of the user we use to encrypt/decrypt files
+	private $ownerId; // ID of the user who accesses the file/folder
 	private $client; // Client side encryption mode flag
 	private $publicKeyDir; // Dir containing all public user keys
 	private $encryptionDir; // Dir containing user's files_encryption
@@ -58,51 +59,34 @@ class Util {
 	public function __construct(\OC_FilesystemView $view, $userId, $client = false) {
 
 		$this->view = $view;
-		$this->userId = $userId;
 		$this->client = $client;
-		$this->isPublic = false;
 
 		$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
 		$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
 
-		// if we are anonymous/public
+		$this->userDir = '/' . $userId;
+		$this->fileFolderName = 'files';
+		$this->userFilesDir =
+				'/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
+		$this->publicKeyDir = '/' . 'public-keys';
+		$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
+		$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
+		$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
+		$this->publicKeyPath =
+				$this->publicKeyDir . '/' . $userId . '.public.key'; // e.g. data/public-keys/admin.public.key
+		$this->privateKeyPath =
+				$this->encryptionDir . '/' . $userId . '.private.key'; // e.g. data/admin/admin.private.key
+		// make sure that the owners home is mounted
+		\OC\Files\Filesystem::initMountPoints($userId);
+
 		if (\OCA\Encryption\Helper::isPublicAccess()) {
 			$this->userId = $this->publicShareKeyId;
-
-			// only handle for files_sharing app
-			if (isset($GLOBALS['app']) && $GLOBALS['app'] === 'files_sharing') {
-				$this->userDir = '/' . $GLOBALS['fileOwner'];
-				$this->fileFolderName = 'files';
-				$this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/'
-									  . $this->fileFolderName; // TODO: Does this need to be user configurable?
-				$this->publicKeyDir = '/' . 'public-keys';
-				$this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption';
-				$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
-				$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
-				$this->publicKeyPath =
-					$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
-				$this->privateKeyPath =
-					'/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
-				$this->isPublic = true;
-				// make sure that the owners home is mounted
-				\OC\Files\Filesystem::initMountPoints($GLOBALS['fileOwner']);
-			}
-
+			$this->ownerId = $userId;
+			$this->isPublic = true;
 		} else {
-			$this->userDir = '/' . $this->userId;
-			$this->fileFolderName = 'files';
-			$this->userFilesDir =
-				'/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
-			$this->publicKeyDir = '/' . 'public-keys';
-			$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
-			$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
-			$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
-			$this->publicKeyPath =
-				$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
-			$this->privateKeyPath =
-				$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
-			// make sure that the owners home is mounted
-			\OC\Files\Filesystem::initMountPoints($this->userId);
+			$this->userId = $userId;
+			$this->ownerId = $userId;
+			$this->isPublic = false;
 		}
 	}
 
@@ -1338,7 +1322,7 @@ class Util {
 		// handle public access
 		if ($this->isPublic) {
 			$filename = $path;
-			$fileOwnerUid = $GLOBALS['fileOwner'];
+			$fileOwnerUid = $this->ownerId;
 
 			return array(
 				$fileOwnerUid,