diff options
author | Bjoern Schiessle <schiessle@owncloud.com> | 2015-10-13 17:54:06 +0200 |
---|---|---|
committer | Björn Schießle <bjoern@schiessle.org> | 2015-10-27 14:24:20 +0100 |
commit | 5fad45b2309426c5b91af1d87beaa9950eadc5ba (patch) | |
tree | 0c45e969b3a5b457c47169ff540df82f46ae14b3 /apps | |
parent | d7d5a3bab51d952e05965e84b784d7eff0efc9c9 (diff) | |
download | nextcloud-server-5fad45b2309426c5b91af1d87beaa9950eadc5ba.tar.gz nextcloud-server-5fad45b2309426c5b91af1d87beaa9950eadc5ba.zip |
make encryption configurable for home storage
Diffstat (limited to 'apps')
-rw-r--r-- | apps/encryption/appinfo/application.php | 3 | ||||
-rw-r--r-- | apps/encryption/appinfo/routes.php | 5 | ||||
-rw-r--r-- | apps/encryption/controller/settingscontroller.php | 21 | ||||
-rw-r--r-- | apps/encryption/js/settings-admin.js | 9 | ||||
-rw-r--r-- | apps/encryption/lib/crypto/encryption.php | 6 | ||||
-rw-r--r-- | apps/encryption/lib/util.php | 42 | ||||
-rw-r--r-- | apps/encryption/settings/settings-admin.php | 15 | ||||
-rw-r--r-- | apps/encryption/templates/settings-admin.php | 103 | ||||
-rw-r--r-- | apps/encryption/tests/controller/SettingsControllerTest.php | 16 | ||||
-rw-r--r-- | apps/encryption/tests/lib/UtilTest.php | 52 | ||||
-rw-r--r-- | apps/encryption/tests/lib/crypto/encryptionTest.php | 36 |
11 files changed, 247 insertions, 61 deletions
diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php index 812f1042a8f..6275047252e 100644 --- a/apps/encryption/appinfo/application.php +++ b/apps/encryption/appinfo/application.php @@ -201,7 +201,8 @@ class Application extends \OCP\AppFramework\App { $c->query('KeyManager'), $c->query('Crypt'), $c->query('Session'), - $server->getSession() + $server->getSession(), + $c->query('Util') ); }); diff --git a/apps/encryption/appinfo/routes.php b/apps/encryption/appinfo/routes.php index 8fa163d0751..260337361e8 100644 --- a/apps/encryption/appinfo/routes.php +++ b/apps/encryption/appinfo/routes.php @@ -36,6 +36,11 @@ namespace OCA\Encryption\AppInfo; 'verb' => 'POST' ], [ + 'name' => 'Settings#setEncryptHomeStorage', + 'url' => '/ajax/setEncryptHomeStorage', + 'verb' => 'POST' + ], + [ 'name' => 'Recovery#changeRecoveryPassword', 'url' => '/ajax/changeRecoveryPassword', 'verb' => 'POST' diff --git a/apps/encryption/controller/settingscontroller.php b/apps/encryption/controller/settingscontroller.php index e5bb79a1d40..59e23087b3a 100644 --- a/apps/encryption/controller/settingscontroller.php +++ b/apps/encryption/controller/settingscontroller.php @@ -25,6 +25,7 @@ namespace OCA\Encryption\Controller; use OCA\Encryption\Crypto\Crypt; use OCA\Encryption\KeyManager; use OCA\Encryption\Session; +use OCA\Encryption\Util; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -57,6 +58,9 @@ class SettingsController extends Controller { /** @var ISession */ private $ocSession; + /** @var Util */ + private $util; + /** * @param string $AppName * @param IRequest $request @@ -67,6 +71,7 @@ class SettingsController extends Controller { * @param Crypt $crypt * @param Session $session * @param ISession $ocSession + * @param Util $util */ public function __construct($AppName, IRequest $request, @@ -76,7 +81,9 @@ class SettingsController extends Controller { KeyManager $keyManager, Crypt $crypt, Session $session, - ISession $ocSession) { + ISession $ocSession, + Util $util +) { parent::__construct($AppName, $request); $this->l = $l10n; $this->userSession = $userSession; @@ -85,6 +92,7 @@ class SettingsController extends Controller { $this->crypt = $crypt; $this->session = $session; $this->ocSession = $ocSession; + $this->util = $util; } @@ -143,4 +151,15 @@ class SettingsController extends Controller { } } + + /** + * @UseSession + * + * @param bool $encryptHomeStorage + * @return DataResponse + */ + public function setEncryptHomeStorage($encryptHomeStorage) { + $this->util->setEncryptHomeStorage($encryptHomeStorage); + return new DataResponse(); + } } diff --git a/apps/encryption/js/settings-admin.js b/apps/encryption/js/settings-admin.js index 39923718c21..9b00a4ec627 100644 --- a/apps/encryption/js/settings-admin.js +++ b/apps/encryption/js/settings-admin.js @@ -76,4 +76,13 @@ $(document).ready(function () { }); }); + $('#encryptHomeStorage').change(function() { + $.post( + OC.generateUrl('/apps/encryption/ajax/setEncryptHomeStorage'), + { + encryptHomeStorage: this.checked + } + ); + }); + }); diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php index 1a05277e20d..d1140ce7cde 100644 --- a/apps/encryption/lib/crypto/encryption.php +++ b/apps/encryption/lib/crypto/encryption.php @@ -378,6 +378,12 @@ class Encryption implements IEncryptionModule { * @return boolean */ public function shouldEncrypt($path) { + if ($this->util->shouldEncryptHomeStorage() === false) { + $storage = $this->util->getStorage($path); + if ($storage->instanceOfStorage('\OCP\Files\IHomeStorage')) { + return false; + } + } $parts = explode('/', $path); if (count($parts) < 4) { return false; diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php index a162dcde305..62c9dc6dc5f 100644 --- a/apps/encryption/lib/util.php +++ b/apps/encryption/lib/util.php @@ -94,12 +94,41 @@ class Util { $recoveryMode = $this->config->getUserValue($uid, 'encryption', 'recoveryEnabled', - 0); + '0'); return ($recoveryMode === '1'); } /** + * check if the home storage should be encrypted + * + * @return bool + */ + public function shouldEncryptHomeStorage() { + $encryptHomeStorage = $this->config->getAppValue( + 'encryption', + 'encryptHomeStorage', + '1' + ); + + return ($encryptHomeStorage === '1'); + } + + /** + * check if the home storage should be encrypted + * + * @param bool $encryptHomeStorage + */ + public function setEncryptHomeStorage($encryptHomeStorage) { + $value = $encryptHomeStorage ? '1' : '0'; + $this->config->setAppValue( + 'encryption', + 'encryptHomeStorage', + $value + ); + } + + /** * check if master key is enabled * * @return bool @@ -157,4 +186,15 @@ class Util { return $owner; } + /** + * get storage of path + * + * @param string $path + * @return \OC\Files\Storage\Storage + */ + public function getStorage($path) { + $storage = $this->files->getMount($path)->getStorage(); + return $storage; + } + } diff --git a/apps/encryption/settings/settings-admin.php b/apps/encryption/settings/settings-admin.php index c7ac8c09c6b..8d55d587fed 100644 --- a/apps/encryption/settings/settings-admin.php +++ b/apps/encryption/settings/settings-admin.php @@ -25,12 +25,27 @@ $tmpl = new OCP\Template('encryption', 'settings-admin'); +$crypt = new \OCA\Encryption\Crypto\Crypt( + \OC::$server->getLogger(), + \OC::$server->getUserSession(), + \OC::$server->getConfig()); + +$util = new \OCA\Encryption\Util( + new \OC\Files\View(), + $crypt, + \OC::$server->getLogger(), + \OC::$server->getUserSession(), + \OC::$server->getConfig(), + \OC::$server->getUserManager()); + // Check if an adminRecovery account is enabled for recovering files after lost pwd $recoveryAdminEnabled = \OC::$server->getConfig()->getAppValue('encryption', 'recoveryAdminEnabled', '0'); $session = new \OCA\Encryption\Session(\OC::$server->getSession()); +$encryptHomeStorage = $util->shouldEncryptHomeStorage($user); $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); $tmpl->assign('initStatus', $session->getStatus()); +$tmpl->assign('encryptHomeStorage', $encryptHomeStorage); return $tmpl->fetchPage(); diff --git a/apps/encryption/templates/settings-admin.php b/apps/encryption/templates/settings-admin.php index 81c7f0607d8..e55aba6757c 100644 --- a/apps/encryption/templates/settings-admin.php +++ b/apps/encryption/templates/settings-admin.php @@ -9,56 +9,63 @@ style('encryption', 'settings-admin'); <?php if(!$_["initStatus"]): ?> <?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?> <?php else: ?> - <p id="encryptionSetRecoveryKey"> - <?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?> - <span class="msg"></span> - <br/> - <em> - <?php p($l->t("The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password.")) ?> - </em> - <br/> - <input type="password" - name="encryptionRecoveryPassword" - id="encryptionRecoveryPassword" - placeholder="<?php p($l->t("Recovery key password")); ?>"/> - <input type="password" - name="encryptionRecoveryPassword" - id="repeatEncryptionRecoveryPassword" - placeholder="<?php p($l->t("Repeat recovery key password")); ?>"/> - <input type="button" - name="enableRecoveryKey" - id="enableRecoveryKey" - status="<?php p($_["recoveryEnabled"]) ?>" - value="<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/> - </p> - <br/><br/> - - <p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>> - <?php p($l->t("Change recovery key password:")); ?> - <span class="msg"></span> - <br/> - <input - type="password" - name="changeRecoveryPassword" - id="oldEncryptionRecoveryPassword" - placeholder="<?php p($l->t("Old recovery key password")); ?>"/> + <p id="encryptHomeStorageSetting"> + <input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage" + value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> /> + <label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br> + <em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em> + </p> <br /> - <input - type="password" - name="changeRecoveryPassword" - id="newEncryptionRecoveryPassword" - placeholder="<?php p($l->t("New recovery key password")); ?>"/> - <input - type="password" - name="changeRecoveryPassword" - id="repeatedNewEncryptionRecoveryPassword" - placeholder="<?php p($l->t("Repeat new recovery key password")); ?>"/> + <p id="encryptionSetRecoveryKey"> + <?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?> + <span class="msg"></span> + <br/> + <em> + <?php p($l->t("The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password.")) ?> + </em> + <br/> + <input type="password" + name="encryptionRecoveryPassword" + id="encryptionRecoveryPassword" + placeholder="<?php p($l->t("Recovery key password")); ?>"/> + <input type="password" + name="encryptionRecoveryPassword" + id="repeatEncryptionRecoveryPassword" + placeholder="<?php p($l->t("Repeat recovery key password")); ?>"/> + <input type="button" + name="enableRecoveryKey" + id="enableRecoveryKey" + status="<?php p($_["recoveryEnabled"]) ?>" + value="<?php $_["recoveryEnabled"] === '0' ? p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>"/> + </p> + <br/><br/> + + <p name="changeRecoveryPasswordBlock" id="encryptionChangeRecoveryKey" <?php if($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>> + <?php p($l->t("Change recovery key password:")); ?> + <span class="msg"></span> + <br/> + <input + type="password" + name="changeRecoveryPassword" + id="oldEncryptionRecoveryPassword" + placeholder="<?php p($l->t("Old recovery key password")); ?>"/> + <br /> + <input + type="password" + name="changeRecoveryPassword" + id="newEncryptionRecoveryPassword" + placeholder="<?php p($l->t("New recovery key password")); ?>"/> + <input + type="password" + name="changeRecoveryPassword" + id="repeatedNewEncryptionRecoveryPassword" + placeholder="<?php p($l->t("Repeat new recovery key password")); ?>"/> - <button - type="button" - name="submitChangeRecoveryKey"> + <button + type="button" + name="submitChangeRecoveryKey"> <?php p($l->t("Change Password")); ?> - </button> - </p> + </button> + </p> <?php endif; ?> </form> diff --git a/apps/encryption/tests/controller/SettingsControllerTest.php b/apps/encryption/tests/controller/SettingsControllerTest.php index 724a01522af..3b30e61a45b 100644 --- a/apps/encryption/tests/controller/SettingsControllerTest.php +++ b/apps/encryption/tests/controller/SettingsControllerTest.php @@ -56,6 +56,9 @@ class SettingsControllerTest extends TestCase { /** @var \PHPUnit_Framework_MockObject_MockObject */ private $ocSessionMock; + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $utilMock; + protected function setUp() { parent::setUp(); @@ -106,6 +109,10 @@ class SettingsControllerTest extends TestCase { $this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session') ->disableOriginalConstructor()->getMock(); + $this->utilMock = $this->getMockBuilder('OCA\Encryption\Util') + ->disableOriginalConstructor() + ->getMock(); + $this->controller = new SettingsController( 'encryption', $this->requestMock, @@ -115,7 +122,8 @@ class SettingsControllerTest extends TestCase { $this->keyManagerMock, $this->cryptMock, $this->sessionMock, - $this->ocSessionMock + $this->ocSessionMock, + $this->utilMock ); } @@ -234,4 +242,10 @@ class SettingsControllerTest extends TestCase { $data['message']); } + function testSetEncryptHomeStorage() { + $value = true; + $this->utilMock->expects($this->once())->method('setEncryptHomeStorage')->with($value); + $this->controller->setEncryptHomeStorage($value); + } + } diff --git a/apps/encryption/tests/lib/UtilTest.php b/apps/encryption/tests/lib/UtilTest.php index 723cc9fb910..d55b6b50b3e 100644 --- a/apps/encryption/tests/lib/UtilTest.php +++ b/apps/encryption/tests/lib/UtilTest.php @@ -39,6 +39,9 @@ class UtilTest extends TestCase { /** @var \PHPUnit_Framework_MockObject_MockObject */ private $userManagerMock; + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $mountMock; + /** @var Util */ private $instance; @@ -65,6 +68,7 @@ class UtilTest extends TestCase { protected function setUp() { parent::setUp(); + $this->mountMock = $this->getMock('\OCP\Files\Mount\IMountPoint'); $this->filesMock = $this->getMock('OC\Files\View'); $this->userManagerMock = $this->getMock('\OCP\IUserManager'); @@ -151,4 +155,52 @@ class UtilTest extends TestCase { ]; } + /** + * @dataProvider dataTestShouldEncryptHomeStorage + * @param $returnValue return value from getAppValue() + * @param $expected + */ + public function testShouldEncryptHomeStorage($returnValue, $expected) { + $this->configMock->expects($this->once())->method('getAppValue') + ->with('encryption', 'encryptHomeStorage', '1') + ->willReturn($returnValue); + + $this->assertSame($expected, + $this->instance->shouldEncryptHomeStorage()); + } + + public function dataTestShouldEncryptHomeStorage() { + return [ + ['1', true], + ['0', false] + ]; + } + + /** + * @dataProvider dataTestSetEncryptHomeStorage + * @param $value + * @param $expected + */ + public function testSetEncryptHomeStorage($value, $expected) { + $this->configMock->expects($this->once())->method('setAppValue') + ->with('encryption', 'encryptHomeStorage', $expected); + $this->instance->setEncryptHomeStorage($value); + } + + public function dataTestSetEncryptHomeStorage() { + return [ + [true, '1'], + [false, '0'] + ]; + } + + public function testGetStorage() { + $path = '/foo/bar.txt'; + $this->filesMock->expects($this->once())->method('getMount')->with($path) + ->willReturn($this->mountMock); + $this->mountMock->expects($this->once())->method('getStorage')->willReturn(true); + + $this->assertTrue($this->instance->getStorage($path)); + } + } diff --git a/apps/encryption/tests/lib/crypto/encryptionTest.php b/apps/encryption/tests/lib/crypto/encryptionTest.php index f76bdfb6d61..138c1bc9446 100644 --- a/apps/encryption/tests/lib/crypto/encryptionTest.php +++ b/apps/encryption/tests/lib/crypto/encryptionTest.php @@ -55,9 +55,14 @@ class EncryptionTest extends TestCase { /** @var \PHPUnit_Framework_MockObject_MockObject */ private $l10nMock; + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $storageMock; + public function setUp() { parent::setUp(); + $this->storageMock = $this->getMockBuilder('OCP\Files\Storage') + ->disableOriginalConstructor()->getMock(); $this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt') ->disableOriginalConstructor() ->getMock(); @@ -312,7 +317,17 @@ class EncryptionTest extends TestCase { * * @dataProvider dataTestShouldEncrypt */ - public function testShouldEncrypt($path, $expected) { + public function testShouldEncrypt($path, $shouldEncryptHomeStorage, $isHomeStorage, $expected) { + $this->utilMock->expects($this->once())->method('shouldEncryptHomeStorage') + ->willReturn($shouldEncryptHomeStorage); + + if ($shouldEncryptHomeStorage === false) { + $this->storageMock->expects($this->once())->method('instanceOfStorage') + ->with('\OCP\Files\IHomeStorage')->willReturn($isHomeStorage); + $this->utilMock->expects($this->once())->method('getStorage')->with($path) + ->willReturn($this->storageMock); + } + $this->assertSame($expected, $this->instance->shouldEncrypt($path) ); @@ -320,14 +335,17 @@ class EncryptionTest extends TestCase { public function dataTestShouldEncrypt() { return array( - array('/user1/files/foo.txt', true), - array('/user1/files_versions/foo.txt', true), - array('/user1/files_trashbin/foo.txt', true), - array('/user1/some_folder/foo.txt', false), - array('/user1/foo.txt', false), - array('/user1/files', false), - array('/user1/files_trashbin', false), - array('/user1/files_versions', false), + array('/user1/files/foo.txt', true, true, true), + array('/user1/files_versions/foo.txt', true, true, true), + array('/user1/files_trashbin/foo.txt', true, true, true), + array('/user1/some_folder/foo.txt', true, true, false), + array('/user1/foo.txt', true, true, false), + array('/user1/files', true, true, false), + array('/user1/files_trashbin', true, true, false), + array('/user1/files_versions', true, true, false), + // test if shouldEncryptHomeStorage is set to false + array('/user1/files/foo.txt', false, true, false), + array('/user1/files_versions/foo.txt', false, false, true), ); } |