Merge pull request #4030 from nextcloud/masterkey-publiclink-nc12

Make public links work with master key

2 files changed, 34 insertions, 18 deletions

diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php
index caae154b2d3..32872ae99b3 100644
--- a/apps/encryption/lib/KeyManager.php
+++ b/apps/encryption/lib/KeyManager.php
@@ -399,6 +399,10 @@ class KeyManager {
 	 * @return string
 	 */
 	public function getFileKey($path, $uid) {
+		if ($uid === '') {
+			$uid = null;
+		}
+		$publicAccess = is_null($uid);
 		$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
 
 		if (empty($encryptedFileKey)) {
@@ -407,9 +411,16 @@ class KeyManager {
 
 		if ($this->util->isMasterKeyEnabled()) {
 			$uid = $this->getMasterKeyId();
-		}
-
-		if (is_null($uid)) {
+			$shareKey = $this->getShareKey($path, $uid);
+			if ($publicAccess) {
+				$privateKey = $this->getSystemPrivateKey($uid);
+				$privateKey = $this->crypt->decryptPrivateKey($privateKey, $this->getMasterKeyPassword(), $uid);
+			} else {
+				// when logged in, the master key is already decrypted in the session
+				$privateKey = $this->session->getPrivateKey();
+			}
+		} else if ($publicAccess) {
+			// use public share key for public links
 			$uid = $this->getPublicShareKeyId();
 			$shareKey = $this->getShareKey($path, $uid);
 			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.privateKey', Encryption::ID);
diff --git a/apps/encryption/tests/KeyManagerTest.php b/apps/encryption/tests/KeyManagerTest.php
index 40def135816..a8441427a2c 100644
--- a/apps/encryption/tests/KeyManagerTest.php
+++ b/apps/encryption/tests/KeyManagerTest.php
@@ -349,6 +349,19 @@ class KeyManagerTest extends TestCase {
 		$this->assertTrue($this->instance->getEncryptedFileKey('/'));
 	}
 
+	public function dataTestGetFileKey() {
+		return [
+			['user1', false, 'privateKey', true],
+			['user1', false, false, ''],
+			['user1', true, 'privateKey', true],
+			['user1', true, false, ''],
+			[null, false, 'privateKey', true],
+			[null, false, false, ''],
+			[null, true, 'privateKey', true],
+			[null, true, false, '']
+		];
+	}
+
 	/**
 	 * @dataProvider dataTestGetFileKey
 	 *
@@ -363,6 +376,10 @@ class KeyManagerTest extends TestCase {
 
 		if ($isMasterKeyEnabled) {
 			$expectedUid = 'masterKeyId';
+			$this->configMock->expects($this->any())->method('getSystemValue')->with('secret')
+				->willReturn('password');
+		} else if (!$uid) {
+			$expectedUid = 'systemKeyId';
 		} else {
 			$expectedUid = $uid;
 		}
@@ -379,6 +396,9 @@ class KeyManagerTest extends TestCase {
 			->with($path, $expectedUid . '.shareKey', 'OC_DEFAULT_MODULE')
 			->willReturn(true);
 
+		$this->utilMock->expects($this->any())->method('isMasterKeyEnabled')
+			->willReturn($isMasterKeyEnabled);
+
 		if (is_null($uid)) {
 			$this->keyStorageMock->expects($this->once())
 				->method('getSystemUserKey')
@@ -389,8 +409,6 @@ class KeyManagerTest extends TestCase {
 		} else {
 			$this->keyStorageMock->expects($this->never())
 				->method('getSystemUserKey');
-			$this->utilMock->expects($this->once())->method('isMasterKeyEnabled')
-				->willReturn($isMasterKeyEnabled);
 			$this->sessionMock->expects($this->once())->method('getPrivateKey')->willReturn($privateKey);
 		}
 
@@ -409,19 +427,6 @@ class KeyManagerTest extends TestCase {
 
 	}
 
-	public function dataTestGetFileKey() {
-		return [
-			['user1', false, 'privateKey', true],
-			['user1', false, false, ''],
-			['user1', true, 'privateKey', true],
-			['user1', true, false, ''],
-			['', false, 'privateKey', true],
-			['', false, false, ''],
-			['', true, 'privateKey', true],
-			['', true, false, '']
-		];
-	}
-
 	public function testDeletePrivateKey() {
 		$this->keyStorageMock->expects($this->once())
 			->method('deleteUserKey')