occ script to disable encryption and to decrypt all files again

1 files changed, 148 insertions, 0 deletions

diff --git a/core/command/encryption/decryptall.php b/core/command/encryption/decryptall.php
new file mode 100644
index 00000000000..374f635725f
--- /dev/null
+++ b/core/command/encryption/decryptall.php
@@ -0,0 +1,148 @@
+<?php
+/**
+ * @author Björn Schießle <schiessle@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Core\Command\Encryption;
+
+use OCP\App\IAppManager;
+use OCP\Encryption\IManager;
+use OCP\IConfig;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
+
+class DecryptAll extends Command {
+
+	/** @var IManager */
+	protected $encryptionManager;
+
+	/** @var  IAppManager */
+	protected $appManager;
+
+	/** @var IConfig */
+	protected $config;
+
+	/** @var  QuestionHelper */
+	protected $questionHelper;
+
+	/** @var bool */
+	protected $wasTrashbinEnabled;
+
+	/** @var  bool */
+	protected $wasSingleUserModeEnabled;
+
+	/** @var \OC\Encryption\DecryptAll */
+	protected $decryptAll;
+
+	/**
+	 * @param IManager $encryptionManager
+	 * @param IAppManager $appManager
+	 * @param IConfig $config
+	 * @param \OC\Encryption\DecryptAll $decryptAll
+	 * @param QuestionHelper $questionHelper
+	 */
+	public function __construct(
+		IManager $encryptionManager,
+		IAppManager $appManager,
+		IConfig $config,
+		\OC\Encryption\DecryptAll $decryptAll,
+		QuestionHelper $questionHelper
+	) {
+		parent::__construct();
+
+		$this->appManager = $appManager;
+		$this->encryptionManager = $encryptionManager;
+		$this->config = $config;
+		$this->decryptAll = $decryptAll;
+		$this->questionHelper = $questionHelper;
+
+		$this->wasTrashbinEnabled = $this->appManager->isEnabledForUser('files_trashbin');
+		$this->wasSingleUserModeEnabled = $this->config->getSystemValue('singleUser', false);
+		$this->config->setSystemValue('singleUser', true);
+		$this->appManager->disableApp('files_trashbin');
+	}
+
+	public function __destruct() {
+		$this->config->setSystemValue('singleUser', $this->wasSingleUserModeEnabled);
+		if ($this->wasTrashbinEnabled) {
+			$this->appManager->enableApp('files_trashbin');
+		}
+	}
+
+	protected function configure() {
+		parent::configure();
+
+		$this->setName('encryption:decrypt-all');
+		$this->setDescription(
+			'This will disable server-side encryption and decrypt all files for '
+			. 'all users if it is supported by your encryption module. '
+			. 'Please make sure that no user access his files during this process!'
+		);
+		$this->addArgument(
+			'user',
+			InputArgument::OPTIONAL,
+			'user for which you want to decrypt all files (optional)'
+		);
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output) {
+
+		try {
+			if ($this->encryptionManager->isEnabled() === true) {
+				$output->write('Disable server side encryption... ');
+				$this->config->setAppValue('core', 'encryption_enabled', 'no');
+				$output->writeln('done.');
+			} else {
+				$output->writeln('Server side encryption not enabled. Nothing to do.');
+				return;
+
+			}
+
+			$output->writeln("\n");
+			$output->writeln('You are about to start to decrypt all files stored in your ownCloud.');
+			$output->writeln('It will depend on the encryption module and your setup if this is possible.');
+			$output->writeln('Depending on the number and size of your files this can take some time');
+			$output->writeln('Please make sure that no user access his files during this process!');
+			$output->writeln('');
+			$question = new ConfirmationQuestion('Do you really want to continue? (y/n) ', false);
+			if ($this->questionHelper->ask($input, $output, $question)) {
+				$user = $input->getArgument('user');
+				$result = $this->decryptAll->decryptAll($input, $output, $user);
+				if ($result === false) {
+					$this->output->writeln(' aborted.');
+					$this->config->setAppValue('core', 'encryption_enabled', 'yes');
+				}
+			} else {
+				$output->write('Enable server side encryption... ');
+				$this->config->setAppValue('core', 'encryption_enabled', 'yes');
+				$output->writeln('done.');
+				$output->writeln('aborted');
+			}
+		} catch (\Exception $e) {
+			// enable server side encryption again if something went wrong
+			$this->config->setAppValue('core', 'encryption_enabled', 'yes');
+			throw $e;
+		}
+	}
+
+}