Merge pull request #21693 from nextcloud/fix/noid/import-certificates-only-by-system

Improve CertificateManager to not be user context dependent

3 files changed, 92 insertions, 3 deletions

diff --git a/core/BackgroundJobs/CheckForUserCertificates.php b/core/BackgroundJobs/CheckForUserCertificates.php
new file mode 100644
index 00000000000..8b106c8ce74
--- /dev/null
+++ b/core/BackgroundJobs/CheckForUserCertificates.php
@@ -0,0 +1,79 @@
+<?php
+/**
+ * @copyright 2020 Morris Jobke <hey@morrisjobke.de>
+ *
+ * @author Morris Jobke <hey@morrisjobke.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OC\Core\BackgroundJobs;
+
+use OC\BackgroundJob\QueuedJob;
+use OCP\Files\Folder;
+use OCP\Files\IRootFolder;
+use OCP\Files\NotFoundException;
+use OCP\IConfig;
+use OCP\IUser;
+use OCP\IUserManager;
+
+class CheckForUserCertificates extends QueuedJob {
+
+	/** @var IConfig */
+	protected $config;
+	/** @var IUserManager */
+	private $userManager;
+	/** @var IRootFolder */
+	private $rootFolder;
+
+	public function __construct(IConfig $config, IUserManager $userManager, IRootFolder $rootFolder) {
+		$this->config = $config;
+		$this->userManager = $userManager;
+		$this->rootFolder = $rootFolder;
+	}
+
+	/**
+	 * Checks all user directories for old user uploaded certificates
+	 */
+	public function run($arguments) {
+		$uploadList = [];
+		$this->userManager->callForSeenUsers(function (IUser $user) use (&$uploadList) {
+			$userId = $user->getUID();
+			try {
+				\OC_Util::setupFS($userId);
+				$filesExternalUploadsFolder = $this->rootFolder->get($userId . '/files_external/uploads');
+			} catch (NotFoundException $e) {
+				\OC_Util::tearDownFS();
+				return;
+			}
+			if ($filesExternalUploadsFolder instanceof Folder) {
+				$files = $filesExternalUploadsFolder->getDirectoryListing();
+				foreach ($files as $file) {
+					$filename = $file->getName();
+					$uploadList[] = "$userId/files_external/uploads/$filename";
+				}
+			}
+			\OC_Util::tearDownFS();
+		});
+
+		if (empty($uploadList)) {
+			$this->config->deleteAppValue('files_external', 'user_certificate_scan');
+		} else {
+			$this->config->setAppValue('files_external', 'user_certificate_scan', json_encode($uploadList));
+		}
+	}
+}
diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index cd933d5f603..204401064f9 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -488,6 +488,7 @@
 					OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\PhpDefaultCharset', messages)
 					OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\PhpOutputBuffering', messages)
 					OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat', messages)
+					OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\CheckUserCertificates', messages)
 
 				} else {
 					messages.push({
@@ -520,6 +521,15 @@
 			if (setupCheck.linkToDocumentation) {
 				message += ' ' + t('core', 'For more details see the <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', {docLink: setupCheck.linkToDocumentation});
 			}
+			if (setupCheck.elements) {
+				message += '<br><ul>'
+				setupCheck.elements.forEach(function(element){
+					message += '<li>';
+					message += element
+					message += '</li>';
+				});
+				message += '</ul>'
+			}
 
 			if (!setupCheck.pass) {
 				messages.push({
diff --git a/core/register_command.php b/core/register_command.php
index 840c73484bf..af6bd677251 100644
--- a/core/register_command.php
+++ b/core/register_command.php
@@ -183,9 +183,9 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) {
 	$application->add(new OC\Core\Command\Group\AddUser(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
 	$application->add(new OC\Core\Command\Group\RemoveUser(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
 
-	$application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(null), \OC::$server->getL10N('core')));
-	$application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager(null)));
-	$application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager(null)));
+	$application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(), \OC::$server->getL10N('core')));
+	$application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager()));
+	$application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager()));
 	$application->add(new OC\Core\Command\Security\ResetBruteforceAttempts(\OC::$server->getBruteForceThrottler()));
 } else {
 	$application->add(\OC::$server->get(\OC\Core\Command\Maintenance\Install::class));