diff options
| -rw-r--r-- | apps/files_encryption/appinfo/version | 2 | ||||
| -rw-r--r-- | apps/files_encryption/files/error.php | 23 | ||||
| -rw-r--r-- | apps/files_encryption/hooks/hooks.php | 25 | ||||
| -rwxr-xr-x | apps/files_encryption/lib/helper.php | 42 | ||||
| -rw-r--r-- | apps/files_encryption/lib/session.php | 30 | ||||
| -rw-r--r-- | apps/files_encryption/lib/stream.php | 34 | ||||
| -rw-r--r-- | apps/files_encryption/lib/util.php | 8 | ||||
| -rw-r--r-- | apps/files_encryption/settings-personal.php | 5 | ||||
| -rw-r--r-- | apps/files_encryption/templates/settings-personal.php | 10 | ||||
| -rw-r--r-- | settings/ajax/changepassword.php | 2 | ||||
| -rw-r--r-- | settings/templates/personal.php | 2 |
11 files changed, 107 insertions, 76 deletions
diff --git a/apps/files_encryption/appinfo/version b/apps/files_encryption/appinfo/version index bd73f47072b..2eb3c4fe4ee 100644 --- a/apps/files_encryption/appinfo/version +++ b/apps/files_encryption/appinfo/version @@ -1 +1 @@ -0.4 +0.5 diff --git a/apps/files_encryption/files/error.php b/apps/files_encryption/files/error.php deleted file mode 100644 index 2dd27257abe..00000000000 --- a/apps/files_encryption/files/error.php +++ /dev/null @@ -1,23 +0,0 @@ -<?php -if (!isset($_)) { //also provide standalone error page - require_once __DIR__ . '/../../../lib/base.php'; - - $l = OC_L10N::get('files_encryption'); - - $errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.'); - - if(isset($_GET['p']) && $_GET['p'] === '1') { - header('HTTP/1.0 404 ' . $errorMsg); - } - - // check if ajax request - if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { - \OCP\JSON::error(array('data' => array('message' => $errorMsg))); - } else { - header('HTTP/1.0 404 ' . $errorMsg); - $tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest'); - $tmpl->printPage(); - } - - exit; -} diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index de306462d79..4c6122b7c2b 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -72,7 +72,7 @@ class Hooks { $userView = new \OC_FilesystemView('/' . $params['uid']);
- // Set legacy encryption key if it exists, to support
+ // Set legacy encryption key if it exists, to support
// depreciated encryption system
if (
$userView->file_exists('encryption.key')
@@ -153,7 +153,6 @@ class Hooks { * @param array $params keys: uid, password
*/
public static function setPassphrase($params) {
-
// Only attempt to change passphrase if server-side encryption
// is in use (client-side encryption does not have access to
// the necessary keys)
@@ -248,7 +247,7 @@ class Hooks { $params['run'] = false;
$params['error'] = $l->t('Following users are not set up for encryption:') . ' ' . join(', ' , $notConfigured);
}
-
+
}
/**
@@ -259,7 +258,7 @@ class Hooks { // NOTE: $params has keys:
// [itemType] => file
// itemSource -> int, filecache file ID
- // [parent] =>
+ // [parent] =>
// [itemTarget] => /13
// shareWith -> string, uid of user being shared to
// fileTarget -> path of file being shared
@@ -300,13 +299,13 @@ class Hooks { // NOTE: parent is folder but shared was a file!
// we try to rebuild the missing path
// some examples we face here
- // user1 share folder1 with user2 folder1 has
- // the following structure
+ // user1 share folder1 with user2 folder1 has
+ // the following structure
// /folder1/subfolder1/subsubfolder1/somefile.txt
// user2 re-share subfolder2 with user3
// user3 re-share somefile.txt user4
- // so our path should be
- // /Shared/subfolder1/subsubfolder1/somefile.txt
+ // so our path should be
+ // /Shared/subfolder1/subsubfolder1/somefile.txt
// while user3 is sharing
if ($params['itemType'] === 'file') {
@@ -537,14 +536,18 @@ class Hooks { }
/**
- * set migration status back to '0' so that all new files get encrypted
+ * set migration status and the init status back to '0' so that all new files get encrypted
* if the app gets enabled again
* @param array $params contains the app ID
*/
public static function preDisable($params) {
if ($params['app'] === 'files_encryption') {
- $query = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
- $query->execute();
+
+ $setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
+ $setMigrationStatus->execute();
+
+ $session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
+ $session->setInitialized(false);
}
}
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index 0209a5d18b7..7d466b88523 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -199,12 +199,12 @@ class Helper { public static function stripUserFilesPath($path) { $trimmed = ltrim($path, '/'); $split = explode('/', $trimmed); - + // it is not a file relative to data/user/files if (count($split) < 3 || $split[1] !== 'files') { return false; } - + $sliced = array_slice($split, 2); $relPath = implode('/', $sliced); @@ -219,30 +219,46 @@ class Helper { public static function getPathToRealFile($path) { $trimmed = ltrim($path, '/'); $split = explode('/', $trimmed); - + if (count($split) < 3 || $split[1] !== "files_versions") { return false; } - + $sliced = array_slice($split, 2); $realPath = implode('/', $sliced); //remove the last .v $realPath = substr($realPath, 0, strrpos($realPath, '.v')); return $realPath; - } - + } + /** * @brief redirect to a error page */ - public static function redirectToErrorPage() { - $location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php'); - $post = 0; + public static function redirectToErrorPage($session) { + + $l = \OC_L10N::get('files_encryption'); + + if ($session->getInitialized() === false) { + $errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.'); + } else { + $errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.'); + } + if(count($_POST) > 0) { - $post = 1; + header('HTTP/1.0 404 ' . $errorMsg); + } + + // check if ajax request + if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { + \OCP\JSON::error(array('data' => array('message' => $errorMsg))); + } else { + header('HTTP/1.0 404 ' . $errorMsg); + $tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest'); + $tmpl->printPage(); } - header('Location: ' . $location . '?p=' . $post); - exit(); + + exit; } /** @@ -259,7 +275,7 @@ class Helper { return (bool) $result; } - + /** * check some common errors if the server isn't configured properly for encryption * @return bool true if configuration seems to be OK diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index 1911386cd12..648e6e9ab07 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -113,6 +113,36 @@ class Session { } /** + * @brief Sets status if we tried to initialize the encyption app + * @param bool $privateKey true=initialized false=not initialized + * @return bool + * + * @note this doesn not indicate of the init was successful, we just remeber the try! + */ + public function setInitialized($init) { + + \OC::$session->set('encryptionInitialized', $init); + + return true; + + } + + + /** + * @brief Gets status if we already tried to initialize the encryption app + * @returns bool + * + * @note this doesn not indicate of the init was successful, we just remeber the try! + */ + public function getInitialized() { + if (!is_null(\OC::$session->get('encryptionInitialized'))) { + return \OC::$session->get('encryptionInitialized'); + } else { + return false; + } + } + + /** * @brief Gets user or public share private key from session * @returns string $privateKey The user's plaintext private key * diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index 335ea3733eb..9215352aa78 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -81,7 +81,7 @@ class Stream { * @return bool */ public function stream_open($path, $mode, $options, &$opened_path) { - + // assume that the file already exist before we decide it finally in getKey() $this->newFile = false; @@ -106,12 +106,12 @@ class Stream { if ($this->relPath === false) { $this->relPath = Helper::getPathToRealFile($this->rawPath); } - + if($this->relPath === false) { \OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to user/files or to user/files_versions', \OCP\Util::ERROR); return false; } - + // Disable fileproxies so we can get the file size and open the source file without recursive encryption $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; @@ -131,7 +131,7 @@ class Stream { if($this->privateKey === false) { // if private key is not valid redirect user to a error page - \OCA\Encryption\Helper::redirectToErrorPage(); + \OCA\Encryption\Helper::redirectToErrorPage($this->session); } $this->size = $this->rootView->filesize($this->rawPath, $mode); @@ -272,7 +272,7 @@ class Stream { } else { $this->newFile = true; - + return false; } @@ -296,9 +296,9 @@ class Stream { return strlen($data); } - // Disable the file proxies so that encryption is not - // automatically attempted when the file is written to disk - - // we are handling that separately here and we don't want to + // Disable the file proxies so that encryption is not + // automatically attempted when the file is written to disk - + // we are handling that separately here and we don't want to // get into an infinite loop $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; @@ -311,7 +311,7 @@ class Stream { $pointer = ftell($this->handle); // Get / generate the keyfile for the file we're handling - // If we're writing a new file (not overwriting an existing + // If we're writing a new file (not overwriting an existing // one), save the newly generated keyfile if (!$this->getKey()) { @@ -319,7 +319,7 @@ class Stream { } - // If extra data is left over from the last round, make sure it + // If extra data is left over from the last round, make sure it // is integrated into the next 6126 / 8192 block if ($this->writeCache) { @@ -344,12 +344,12 @@ class Stream { if ($remainingLength < 6126) { // Set writeCache to contents of $data - // The writeCache will be carried over to the - // next write round, and added to the start of - // $data to ensure that written blocks are - // always the correct length. If there is still - // data in writeCache after the writing round - // has finished, then the data will be written + // The writeCache will be carried over to the + // next write round, and added to the start of + // $data to ensure that written blocks are + // always the correct length. If there is still + // data in writeCache after the writing round + // has finished, then the data will be written // to disk by $this->flush(). $this->writeCache = $data; @@ -363,7 +363,7 @@ class Stream { $encrypted = $this->preWriteEncrypt($chunk, $this->plainKey); - // Write the data chunk to disk. This will be + // Write the data chunk to disk. This will be // attended to the last data chunk if the file // being handled totals more than 6126 bytes fwrite($this->handle, $encrypted); diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index b8d68623493..17096a787f2 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -37,7 +37,6 @@ class Util { const MIGRATION_IN_PROGRESS = -1; // migration is running const MIGRATION_OPEN = 0; // user still needs to be migrated - private $view; // OC_FilesystemView object for filesystem operations private $userId; // ID of the currently logged-in user private $client; // Client side encryption mode flag @@ -1722,6 +1721,11 @@ class Util { */ public function initEncryption($params) { + $session = new \OCA\Encryption\Session($this->view); + + // we tried to initialize the encryption app for this session + $session->setInitialized(true); + $encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); @@ -1732,8 +1736,6 @@ class Util { return false; } - $session = new \OCA\Encryption\Session($this->view); - $session->setPrivateKey($privateKey); return $session; diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php index 589219f32ad..ffcb99602e2 100644 --- a/apps/files_encryption/settings-personal.php +++ b/apps/files_encryption/settings-personal.php @@ -16,7 +16,9 @@ $view = new \OC_FilesystemView('/'); $util = new \OCA\Encryption\Util($view, $user);
$session = new \OCA\Encryption\Session($view);
-$privateKeySet = $session->getPrivateKey() !== false; +$privateKeySet = $session->getPrivateKey() !== false;
+// did we tried to initialize the keys for this session?
+$initialized = $session->getInitialized();
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
@@ -31,6 +33,7 @@ if ($recoveryAdminEnabled || !$privateKeySet) { $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
$tmpl->assign('privateKeySet', $privateKeySet);
+ $tmpl->assign('initialized', $initialized);
$result = $tmpl->fetchPage();
}
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php index 38512453207..ff04556dd53 100644 --- a/apps/files_encryption/templates/settings-personal.php +++ b/apps/files_encryption/templates/settings-personal.php @@ -4,7 +4,7 @@ <?php p( $l->t( 'Encryption' ) ); ?>
</legend>
- <?php if ( ! $_["privateKeySet"] ): ?>
+ <?php if ( ! $_["privateKeySet"] && $_["initialized"] ): ?>
<p>
<a name="changePKPasswd" />
<label for="changePrivateKeyPasswd">
@@ -39,22 +39,22 @@ <?php endif; ?>
<br />
-
+
<?php if ( $_["recoveryEnabled"] && $_["privateKeySet"] ): ?>
<p>
<label for="userEnableRecovery"><?php p( $l->t( "Enable password recovery:" ) ); ?></label>
<br />
<em><?php p( $l->t( "Enabling this option will allow you to reobtain access to your encrypted files in case of password loss" ) ); ?></em>
<br />
- <input
+ <input
type='radio'
name='userEnableRecovery'
value='1'
<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />
<?php p( $l->t( "Enabled" ) ); ?>
<br />
-
- <input
+
+ <input
type='radio'
name='userEnableRecovery'
value='0'
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index 47ceb5ab873..d409904ebc7 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -8,7 +8,7 @@ OC_JSON::checkLoggedIn(); OC_APP::loadApps(); $username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser(); -$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null; +$password = isset($_POST['password']) ? $_POST['password'] : null; $oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : ''; $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null; diff --git a/settings/templates/personal.php b/settings/templates/personal.php index 63e1258b958..bad88142da9 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -40,7 +40,7 @@ if($_['passwordChangeSupported']) { <div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div> <div id="passworderror"><?php echo $l->t('Unable to change your password');?></div> <input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" /> - <input type="password" id="pass2" name="personal-password" + <input type="password" id="pass2" name="password" placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" /> <input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label> <input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" /> |