add prefix to user and system keys to avoid name collisions

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

3 files changed, 117 insertions, 3 deletions

diff --git a/lib/private/Repair.php b/lib/private/Repair.php
index dae328e6340..4864ad77b8c 100644
--- a/lib/private/Repair.php
+++ b/lib/private/Repair.php
@@ -31,6 +31,7 @@
 namespace OC;
 
 use OC\App\AppStore\Bundles\BundleFetcher;
+use OC\Files\AppData\Factory;
 use OC\Repair\CleanTags;
 use OC\Repair\Collation;
 use OC\Repair\MoveUpdaterStepFile;
@@ -39,6 +40,7 @@ use OC\Repair\NC11\FixMountStorages;
 use OC\Repair\NC11\MoveAvatars;
 use OC\Repair\NC12\InstallCoreBundle;
 use OC\Repair\NC12\UpdateLanguageCodes;
+use OC\Repair\NC13\RepairIdentityProofKeyFolders;
 use OC\Repair\OldGroupMembershipShares;
 use OC\Repair\Owncloud\SaveAccountsTableData;
 use OC\Repair\RemoveRootShares;
@@ -145,7 +147,8 @@ class Repair implements IOutput{
 				\OC::$server->getConfig(),
 				\OC::$server->query(Installer::class)
 			),
-			new RepairInvalidPaths(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig())
+			new RepairInvalidPaths(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig()),
+			new RepairIdentityProofKeyFolders(\OC::$server->getConfig(), \OC::$server->query(Factory::class), \OC::$server->getRootFolder()),
 		];
 	}
 
diff --git a/lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php b/lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php
new file mode 100644
index 00000000000..93a135b5cf0
--- /dev/null
+++ b/lib/private/Repair/NC13/RepairIdentityProofKeyFolders.php
@@ -0,0 +1,110 @@
+<?php
+/**
+ * @copyright Copyright (c) 2017 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OC\Repair\NC13;
+
+
+use OC\Files\AppData\Factory;
+use OCP\Files\IRootFolder;
+use OCP\Files\SimpleFS\ISimpleFolder;
+use OCP\IConfig;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+
+class RepairIdentityProofKeyFolders implements IRepairStep {
+
+	/** @var IConfig */
+	private $config;
+
+	/** @var \OC\Files\AppData\AppData */
+	private $appDataIdentityProof;
+
+	/** @var IRootFolder */
+	private $rootFolder;
+
+	/** @var string */
+	private $identityProofDir;
+
+	/**
+	 * RepairIdentityProofKeyFolders constructor.
+	 *
+	 * @param IConfig $config
+	 * @param Factory $appDataFactory
+	 * @param IRootFolder $rootFolder
+	 */
+	public function __construct(IConfig $config, Factory $appDataFactory, IRootFolder $rootFolder) {
+		$this->config = $config;
+		$this->appDataIdentityProof = $appDataFactory->get('identityproof');
+		$this->rootFolder = $rootFolder;
+
+		$instanceId = $this->config->getSystemValue('instanceid', null);
+		if ($instanceId === null) {
+			throw new \RuntimeException('no instance id!');
+		}
+		$this->identityProofDir = 'appdata_' . $instanceId . '/identityproof/';
+	}
+
+	/**
+	 * Returns the step's name
+	 *
+	 * @return string
+	 * @since 9.1.0
+	 */
+	public function getName() {
+		return "Rename folder with user specific keys";
+	}
+
+	/**
+	 * Run repair step.
+	 * Must throw exception on error.
+	 *
+	 * @param IOutput $output
+	 * @throws \Exception in case of failure
+	 * @since 9.1.0
+	 */
+	public function run(IOutput $output) {
+		$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0');
+		if (version_compare($versionFromBeforeUpdate, '13.0.0.1', '<=')) {
+			$count = $this->repair();
+			$output->info('Repaired ' . $count . ' folders');
+		}
+	}
+
+	/**
+	 * rename all dirs with user specific keys to 'user-uid'
+	 *
+	 * @return int
+	 */
+	private function repair() {
+		$count = 0;
+		$dirListing = $this->appDataIdentityProof->getDirectoryListing();
+		/** @var ISimpleFolder $folder */
+		foreach ($dirListing as $folder) {
+			$name = $folder->getName();
+			$node = $this->rootFolder->get($this->identityProofDir . $name);
+			$node->move($this->identityProofDir . 'user-' . $name);
+			$count++;
+		}
+
+		return $count;
+	}
+}
diff --git a/lib/private/Security/IdentityProof/Manager.php b/lib/private/Security/IdentityProof/Manager.php
index a8c204c84b9..c5134e12b8d 100644
--- a/lib/private/Security/IdentityProof/Manager.php
+++ b/lib/private/Security/IdentityProof/Manager.php
@@ -121,7 +121,8 @@ class Manager {
 	 * @return Key
 	 */
 	public function getKey(IUser $user) {
-		return $this->retrieveKey($user->getUID());
+		$uid = $user->getUID();
+		return $this->retrieveKey('user-' . $uid);
 	}
 
 	/**
@@ -135,7 +136,7 @@ class Manager {
 		if ($instanceId === null) {
 			throw new \RuntimeException('no instance id!');
 		}
-		return $this->retrieveKey($instanceId);
+		return $this->retrieveKey('system-' . $instanceId);
 	}