backup the encryption key after the encryption was disabled so that the user

can restore them if needed

6 files changed, 135 insertions, 12 deletions

diff --git a/settings/ajax/deletekeys.php b/settings/ajax/deletekeys.php
new file mode 100644
index 00000000000..1f84452e117
--- /dev/null
+++ b/settings/ajax/deletekeys.php
@@ -0,0 +1,17 @@
+<?php
+
+OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
+$l = \OC_L10N::get('settings');
+$user = \OC_User::getUser();
+$view = new \OC\Files\View('/' . $user . '/files_encryption');
+
+$keyfilesDeleted = $view->deleteAll('keyfiles.backup');
+$sharekeysDeleted = $view->deleteAll('share-keys.backup');
+
+if ($keyfilesDeleted && $sharekeysDeleted) {
+	\OCP\JSON::success(array('data' => array('message' => $l->t('Encryption keys deleted permanently'))));
+} else {
+	\OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t permanently delete your encryption keys, please check your owncloud.log or ask your administrator'))));
+}
diff --git a/settings/ajax/restorekeys.php b/settings/ajax/restorekeys.php
new file mode 100644
index 00000000000..68e19c90457
--- /dev/null
+++ b/settings/ajax/restorekeys.php
@@ -0,0 +1,24 @@
+<?php
+
+OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
+$l = \OC_L10N::get('settings');
+$user = \OC_User::getUser();
+$view = new \OC\Files\View('/' . $user . '/files_encryption');
+
+$keyfilesRestored = $view->rename('keyfiles.backup', 'keyfiles');
+$sharekeysRestored = $view->rename('share-keys.backup' , 'share-keys');
+
+if ($keyfilesRestored && $sharekeysRestored) {
+	\OCP\JSON::success(array('data' => array('message' => $l->t('Backups restored successfully'))));
+} else {
+	// if one of the move operation was succesful we remove the files back to have a consistent state
+	if($keyfilesRestored) {
+		$view->rename('keyfiles', 'keyfiles.backup');
+	}
+	if($sharekeysRestored) {
+		$view->rename('share-keys' , 'share-keys.backup');
+	}
+	\OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t restore your encryption keys, please check your owncloud.log or ask your administrator'))));
+}
diff --git a/settings/js/personal.js b/settings/js/personal.js
index c1f1ef7466b..f297e3c1b1a 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -212,17 +212,30 @@ $(document).ready(function(){
 		OC.Encryption.decryptAll(privateKeyPassword);
 	});
 
+
+	$('button:button[name="submitRestoreKeys"]').click(function() {
+		$('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", true);
+		$('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", true);
+		OC.Encryption.restoreKeys();
+	});
+
+	$('button:button[name="submitDeleteKeys"]').click(function() {
+		$('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", true);
+		$('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", true);
+		OC.Encryption.deleteKeys();
+	});
+
 	$('#decryptAll input:password[name="privateKeyPassword"]').keyup(function(event) {
 		var privateKeyPassword = $('#decryptAll input:password[id="privateKeyPassword"]').val();
 		if (privateKeyPassword !== '' ) {
-			$('#decryptAll button:button[name="submitDecryptAll"]').removeAttr("disabled");
+			$('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", false);
 			if(event.which === 13) {
 				$('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", true);
 				$('#decryptAll input:password[name="privateKeyPassword"]').prop("disabled", true);
 				OC.Encryption.decryptAll(privateKeyPassword);
 			}
 		} else {
-			$('#decryptAll button:button[name="submitDecryptAll"]').attr("disabled", "true");
+			$('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", true);
 		}
 	});
 
@@ -294,29 +307,59 @@ $(document).ready(function(){
 
 OC.Encryption = {
 	decryptAll: function(password) {
-		OC.Encryption.msg.startDecrypting('#decryptAll .msg');
+		var message = t('settings', 'Decrypting files... Please wait, this can take some time.');
+		OC.Encryption.msg.start('#decryptAll .msg', message);
 		$.post('ajax/decryptall.php', {password:password}, function(data) {
 			if (data.status === "error") {
-				OC.Encryption.msg.finishedDecrypting('#decryptAll .msg', data);
-				$('#decryptAll input:password[name="privateKeyPassword"]').removeAttr("disabled");
+				OC.Encryption.msg.finished('#decryptAll .msg', data);
+				$('#decryptAll input:password[name="privateKeyPassword"]').prop("disabled", false);
+			} else {
+				OC.Encryption.msg.finished('#decryptAll .msg', data);
+			}
+			$('#restoreBackupKeys').removeClass('hidden');
+		});
+	},
+
+	deleteKeys: function() {
+		var message = t('settings', 'Delete encryptin keys permanently.');
+		OC.Encryption.msg.start('#restoreBackupKeys .msg', message);
+		$.post('ajax/deletekeys.php', null, function(data) {
+			if (data.status === "error") {
+				OC.Encryption.msg.finished('#restoreBackupKeys .msg', data);
+				$('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", false);
+				$('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", false);
+			} else {
+				OC.Encryption.msg.finished('#restoreBackupKeys .msg', data);
+			}
+		});
+	},
+
+	restoreKeys: function() {
+		var message = t('settings', 'Restore encryptin keys.');
+		OC.Encryption.msg.start('#restoreBackupKeys .msg', message);
+		$.post('ajax/restorekeys.php', {}, function(data) {
+			if (data.status === "error") {
+				OC.Encryption.msg.finished('#restoreBackupKeys .msg', data);
+				$('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", false);
+				$('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", false);
 			} else {
-				OC.Encryption.msg.finishedDecrypting('#decryptAll .msg', data);
+				OC.Encryption.msg.finished('#restoreBackupKeys .msg', data);
 			}
 		});
 	}
 };
 
 OC.Encryption.msg={
-	startDecrypting:function(selector){
+	start:function(selector, msg){
 		var spinner = '<img src="'+ OC.imagePath('core', 'loading-small.gif') +'">';
 		$(selector)
-			.html( t('settings', 'Decrypting files... Please wait, this can take some time.') + ' ' + spinner )
+			.html( msg + ' ' + spinner )
 			.removeClass('success')
 			.removeClass('error')
 			.stop(true, true)
 			.show();
 	},
-	finishedDecrypting:function(selector, data){
+	finished:function(selector, data){
 		if( data.status === "success" ){
 			$(selector).html( data.data.message )
 				.addClass('success')
diff --git a/settings/personal.php b/settings/personal.php
index 0da14a8c8c4..47b2dc1a46a 100644
--- a/settings/personal.php
+++ b/settings/personal.php
@@ -33,7 +33,9 @@ $userLang=OC_Preferences::getValue( OC_User::getUser(), 'core', 'lang', OC_L10N:
 $languageCodes=OC_L10N::findAvailableLanguages();
 
 //check if encryption was enabled in the past
-$enableDecryptAll = OC_Util::encryptedFiles();
+$filesStillEncrypted = OC_Util::encryptedFiles();
+$backupKeysExists = OC_Util::backupKeysExists();
+$enableDecryptAll = $filesStillEncrypted || $backupKeysExists;
 
 // array of common languages
 $commonlangcodes = array(
@@ -92,6 +94,8 @@ $tmpl->assign('passwordChangeSupported', OC_User::canUserChangePassword(OC_User:
 $tmpl->assign('displayNameChangeSupported', OC_User::canUserChangeDisplayName(OC_User::getUser()));
 $tmpl->assign('displayName', OC_User::getDisplayName());
 $tmpl->assign('enableDecryptAll' , $enableDecryptAll);
+$tmpl->assign('backupKeysExists' , $backupKeysExists);
+$tmpl->assign('filesStillEncrypted' , $filesStillEncrypted);
 $tmpl->assign('enableAvatars', \OC_Config::getValue('enable_avatars', true));
 $tmpl->assign('avatarChangeSupported', OC_User::canUserChangeAvatar(OC_User::getUser()));
 
diff --git a/settings/routes.php b/settings/routes.php
index a8bb0d981e8..21d406beeca 100644
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -54,6 +54,10 @@ $this->create('settings_ajax_setlanguage', '/settings/ajax/setlanguage.php')
 	->actionInclude('settings/ajax/setlanguage.php');
 $this->create('settings_ajax_decryptall', '/settings/ajax/decryptall.php')
 	->actionInclude('settings/ajax/decryptall.php');
+$this->create('settings_ajax_restorekeys', '/settings/ajax/restorekeys.php')
+	->actionInclude('settings/ajax/restorekeys.php');
+$this->create('settings_ajax_deletekeys', '/settings/ajax/deletekeys.php')
+	->actionInclude('settings/ajax/deletekeys.php');
 // apps
 $this->create('settings_ajax_apps_ocs', '/settings/ajax/apps/ocs.php')
 	->actionInclude('settings/ajax/apps/ocs.php');
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index cc1fce88c9f..afa3f5d700a 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -144,10 +144,15 @@ if($_['passwordChangeSupported']) {
 };?>
 
 <?php if($_['enableDecryptAll']): ?>
-<div class="section" id="decryptAll">
+<div class="section">
+
 	<h2>
 		<?php p( $l->t( 'Encryption' ) ); ?>
 	</h2>
+
+	<?php if($_['filesStillEncrypted']): ?>
+
+	<div id="decryptAll">
 	<?php p($l->t( "The encryption app is no longer enabled, please decrypt all your files" )); ?>
 	<p>
 		<input
@@ -164,8 +169,34 @@ if($_['passwordChangeSupported']) {
 		<span class="msg"></span>
 	</p>
 	<br />
+	</div>
+
+	<?php endif; ?>
+
+
+
+	<div id="restoreBackupKeys" <?php $_['backupKeysExists'] ? '' : print_unescaped("class='hidden'") ?>>
+
+	<?php p($l->t( "Your encryption keys are moved to a backup location. If something went wrong you can restore the keys. Only delete them permanently if you are sure that all files are decrypted correctly." )); ?>
+	<p>
+		<button
+			type="button"
+			name="submitRestoreKeys"><?php p($l->t( "Restore Encryption Keys" )); ?>
+		</button>
+		<button
+			type="button"
+			name="submitDeleteKeys"><?php p($l->t( "Delete Encryption Keys" )); ?>
+		</button>
+		<span class="msg"></span>
+
+	</p>
+	<br />
+
+	</div>
+
+
 </div>
-<?php endif; ?>
+	<?php endif; ?>
 
 <div class="section">
 	<h2><?php p($l->t('Version'));?></h2>