aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/files_encryption/hooks/hooks.php9
-rwxr-xr-xapps/files_encryption/lib/helper.php1
-rw-r--r--apps/files_encryption/lib/util.php8
-rw-r--r--lib/files/cache/backgroundwatcher.php4
-rw-r--r--lib/files/cache/cache.php6
-rw-r--r--lib/files/cache/legacy.php2
-rw-r--r--lib/public/share.php12
-rw-r--r--lib/user/user.php6
-rw-r--r--settings/ajax/changepassword.php30
-rw-r--r--settings/templates/users.php6
-rw-r--r--tests/lib/db.php22
11 files changed, 66 insertions, 40 deletions
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index d1b08a0b978..c4b247da1ed 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -142,6 +142,15 @@ class Hooks {
}
/**
+ * @brief If the password can't be changed within ownCloud, than update the key password in advance.
+ */
+ public static function preSetPassphrase($params) {
+ if ( ! \OC_User::canUserChangePassword($params['uid']) ) {
+ self::setPassphrase($params);
+ }
+ }
+
+ /**
* @brief Change a user's encryption passphrase
* @param array $params keys: uid, password
*/
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index e078ab35541..184e1782494 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -48,6 +48,7 @@ class Helper {
\OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login');
\OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase');
+ \OCP\Util::connectHook('OC_User', 'pre_setPassword', 'OCA\Encryption\Hooks', 'preSetPassphrase');
\OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser');
\OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser');
}
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 04bd4dc8aca..a6711880c20 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -289,7 +289,7 @@ class Util {
*/
public function recoveryEnabledForUser() {
- $sql = 'SELECT `recovery_enabled` FROM `*PREFIX*encryption` WHERE uid = ?';
+ $sql = 'SELECT `recovery_enabled` FROM `*PREFIX*encryption` WHERE `uid` = ?';
$args = array($this->userId);
@@ -347,7 +347,7 @@ class Util {
// Create a new record instead
} else {
- $sql = 'UPDATE `*PREFIX*encryption` SET recovery_enabled = ? WHERE uid = ?';
+ $sql = 'UPDATE `*PREFIX*encryption` SET `recovery_enabled` = ? WHERE `uid` = ?';
$args = array(
$enabled,
@@ -1060,7 +1060,7 @@ class Util {
*/
public function setMigrationStatus($status) {
- $sql = 'UPDATE `*PREFIX*encryption` SET migration_status = ? WHERE uid = ?';
+ $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?';
$args = array(
$status,
@@ -1089,7 +1089,7 @@ class Util {
*/
public function getMigrationStatus() {
- $sql = 'SELECT `migration_status` FROM `*PREFIX*encryption` WHERE uid = ?';
+ $sql = 'SELECT `migration_status` FROM `*PREFIX*encryption` WHERE `uid` = ?';
$args = array($this->userId);
diff --git a/lib/files/cache/backgroundwatcher.php b/lib/files/cache/backgroundwatcher.php
index 8933101577d..8e68f41cf44 100644
--- a/lib/files/cache/backgroundwatcher.php
+++ b/lib/files/cache/backgroundwatcher.php
@@ -59,9 +59,9 @@ class BackgroundWatcher {
*/
static private function getNextFileId($previous, $folder) {
if ($folder) {
- $query = \OC_DB::prepare('SELECT `fileid` FROM `*PREFIX*filecache` WHERE `fileid` > ? AND mimetype = ' . self::getFolderMimetype() . ' ORDER BY `fileid` ASC', 1);
+ $query = \OC_DB::prepare('SELECT `fileid` FROM `*PREFIX*filecache` WHERE `fileid` > ? AND `mimetype` = ' . self::getFolderMimetype() . ' ORDER BY `fileid` ASC', 1);
} else {
- $query = \OC_DB::prepare('SELECT `fileid` FROM `*PREFIX*filecache` WHERE `fileid` > ? AND mimetype != ' . self::getFolderMimetype() . ' ORDER BY `fileid` ASC', 1);
+ $query = \OC_DB::prepare('SELECT `fileid` FROM `*PREFIX*filecache` WHERE `fileid` > ? AND `mimetype` != ' . self::getFolderMimetype() . ' ORDER BY `fileid` ASC', 1);
}
$result = $query->execute(array($previous));
if ($row = $result->fetchRow()) {
diff --git a/lib/files/cache/cache.php b/lib/files/cache/cache.php
index cae2e63e4dc..6c2ef71098b 100644
--- a/lib/files/cache/cache.php
+++ b/lib/files/cache/cache.php
@@ -241,7 +241,7 @@ class Cache {
$params[] = $id;
$query = \OC_DB::prepare('UPDATE `*PREFIX*filecache` SET ' . implode(' = ?, ', $queryParts) . '=?'
- . ' WHERE fileid = ?');
+ . ' WHERE `fileid` = ?');
$query->execute($params);
}
@@ -385,10 +385,10 @@ class Cache {
* remove all entries for files that are stored on the storage from the cache
*/
public function clear() {
- $query = \OC_DB::prepare('DELETE FROM `*PREFIX*filecache` WHERE storage = ?');
+ $query = \OC_DB::prepare('DELETE FROM `*PREFIX*filecache` WHERE `storage` = ?');
$query->execute(array($this->getNumericStorageId()));
- $query = \OC_DB::prepare('DELETE FROM `*PREFIX*storages` WHERE id = ?');
+ $query = \OC_DB::prepare('DELETE FROM `*PREFIX*storages` WHERE `id` = ?');
$query->execute(array($this->storageId));
}
diff --git a/lib/files/cache/legacy.php b/lib/files/cache/legacy.php
index b8e2548639b..ab8ae6dfadd 100644
--- a/lib/files/cache/legacy.php
+++ b/lib/files/cache/legacy.php
@@ -45,7 +45,7 @@ class Legacy {
return $this->cacheHasItems;
}
try {
- $query = \OC_DB::prepare('SELECT `id` FROM `*PREFIX*fscache` WHERE `user` = ? LIMIT 1');
+ $query = \OC_DB::prepare('SELECT `id` FROM `*PREFIX*fscache` WHERE `user` = ?',1);
} catch (\Exception $e) {
$this->cacheHasItems = false;
return false;
diff --git a/lib/public/share.php b/lib/public/share.php
index 81f5515bb4b..6a26101a1ce 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -152,11 +152,11 @@ class Share {
// Fetch all shares of this file path from DB
$query = \OC_DB::prepare(
- 'SELECT share_with
+ 'SELECT `share_with`
FROM
`*PREFIX*share`
WHERE
- item_source = ? AND share_type = ?'
+ `item_source` = ? AND `share_type` = ?'
);
$result = $query->execute(array($source, self::SHARE_TYPE_USER));
@@ -171,11 +171,11 @@ class Share {
// We also need to take group shares into account
$query = \OC_DB::prepare(
- 'SELECT share_with
+ 'SELECT `share_with`
FROM
`*PREFIX*share`
WHERE
- item_source = ? AND share_type = ?'
+ `item_source` = ? AND `share_type` = ?'
);
$result = $query->execute(array($source, self::SHARE_TYPE_GROUP));
@@ -192,11 +192,11 @@ class Share {
//check for public link shares
if (!$publicShare) {
$query = \OC_DB::prepare(
- 'SELECT share_with
+ 'SELECT `share_with`
FROM
`*PREFIX*share`
WHERE
- item_source = ? AND share_type = ?'
+ `item_source` = ? AND `share_type` = ?'
);
$result = $query->execute(array($source, self::SHARE_TYPE_LINK));
diff --git a/lib/user/user.php b/lib/user/user.php
index f9466b71499..55d7848a979 100644
--- a/lib/user/user.php
+++ b/lib/user/user.php
@@ -131,10 +131,10 @@ class User {
* @return bool
*/
public function setPassword($password, $recoveryPassword) {
+ if ($this->emitter) {
+ $this->emitter->emit('\OC\User', 'preSetPassword', array($this, $password, $recoveryPassword));
+ }
if ($this->backend->implementsActions(\OC_USER_BACKEND_SET_PASSWORD)) {
- if ($this->emitter) {
- $this->emitter->emit('\OC\User', 'preSetPassword', array($this, $password, $recoveryPassword));
- }
$result = $this->backend->setPassword($this->uid, $password);
if ($this->emitter) {
$this->emitter->emit('\OC\User', 'postSetPassword', array($this, $password, $recoveryPassword));
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index cb66c57c743..30877810550 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -28,17 +28,29 @@ if(is_null($userstatus)) {
exit();
}
-$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' );
-$recoveryEnabledForUser = $util->recoveryEnabledForUser();
-if ($recoveryAdminEnabled && $recoveryEnabledForUser && $recoveryPassword == '') {
+
+$validRecoveryPassword = false;
+$recoveryPasswordSupported = false;
+
+if ($recoveryAdminEnabled) {
+ $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
+ $validRecoveryPassword = $util->checkRecoveryPassword($recoveryPassword);
+ $recoveryPasswordSupported = $util->recoveryEnabledForUser();
+}
+
+if ($recoveryPasswordSupported && $recoveryPassword == '') {
OC_JSON::error(array("data" => array( "message" => "Please provide a admin recovery password, otherwise all user data will be lost" )));
-}elseif ( $recoveryPassword && ! $util->checkRecoveryPassword($recoveryPassword) ) {
+} elseif ( $recoveryPasswordSupported && ! $validRecoveryPassword) {
OC_JSON::error(array("data" => array( "message" => "Wrong admin recovery password. Please check the password and try again." )));
-}elseif(!is_null($password) && OC_User::setPassword( $username, $password, $recoveryPassword )) {
- OC_JSON::success(array("data" => array( "username" => $username )));
-}
-else{
- OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
+} else { // now we know that everything is file regarding the recovery password, let's try to change the password
+ $result = OC_User::setPassword($username, $password, $recoveryPassword);
+ if (!$result && $recoveryPasswordSupported) {
+ OC_JSON::error(array("data" => array( "message" => "Back-end doesn't support password change, but the users encryption key was successfully updated." )));
+ } elseif (!$result && !$recoveryPasswordSupported) {
+ OC_JSON::error(array("data" => array( "message" => "Unable to change password" )));
+ } else {
+ OC_JSON::success(array("data" => array( "username" => $username )));
+ }
}
diff --git a/settings/templates/users.php b/settings/templates/users.php
index a6df85983dd..b0637814f5d 100644
--- a/settings/templates/users.php
+++ b/settings/templates/users.php
@@ -31,7 +31,11 @@ $_['subadmingroups'] = array_flip($items);
</form>
<?php if((bool)$_['recoveryAdminEnabled']): ?>
<div class="recoveryPassword">
- <input id="recoveryPassword" type="password" placeholder="<?php p($l->t('Admin Recovery Password'))?>" />
+ <input id="recoveryPassword"
+ type="password"
+ placeholder="<?php p($l->t('Admin Recovery Password'))?>"
+ title="<?php p($l->t('Enter the recovery password in order to recover the users files during password change'))?>"
+ alt="<?php p($l->t('Enter the recovery password in order to recover the users files during password change'))?>"/>
</div>
<?php endif; ?>
<div class="quota">
diff --git a/tests/lib/db.php b/tests/lib/db.php
index d6626bc2561..7b2a5e309f0 100644
--- a/tests/lib/db.php
+++ b/tests/lib/db.php
@@ -33,15 +33,15 @@ class Test_DB extends PHPUnit_Framework_TestCase {
}
public function testQuotes() {
- $query = OC_DB::prepare('SELECT `fullname` FROM *PREFIX*'.$this->table2.' WHERE `uri` = ?');
+ $query = OC_DB::prepare('SELECT `fullname` FROM `*PREFIX*'.$this->table2.'` WHERE `uri` = ?');
$result = $query->execute(array('uri_1'));
$this->assertTrue((bool)$result);
$row = $result->fetchRow();
$this->assertFalse($row);
- $query = OC_DB::prepare('INSERT INTO *PREFIX*'.$this->table2.' (`fullname`,`uri`) VALUES (?,?)');
+ $query = OC_DB::prepare('INSERT INTO `*PREFIX*'.$this->table2.'` (`fullname`,`uri`) VALUES (?,?)');
$result = $query->execute(array('fullname test', 'uri_1'));
$this->assertTrue((bool)$result);
- $query = OC_DB::prepare('SELECT `fullname`,`uri` FROM *PREFIX*'.$this->table2.' WHERE `uri` = ?');
+ $query = OC_DB::prepare('SELECT `fullname`,`uri` FROM `*PREFIX*'.$this->table2.'` WHERE `uri` = ?');
$result = $query->execute(array('uri_1'));
$this->assertTrue((bool)$result);
$row = $result->fetchRow();
@@ -52,19 +52,19 @@ class Test_DB extends PHPUnit_Framework_TestCase {
}
public function testNOW() {
- $query = OC_DB::prepare('INSERT INTO *PREFIX*'.$this->table2.' (`fullname`,`uri`) VALUES (NOW(),?)');
+ $query = OC_DB::prepare('INSERT INTO `*PREFIX*'.$this->table2.'` (`fullname`,`uri`) VALUES (NOW(),?)');
$result = $query->execute(array('uri_2'));
$this->assertTrue((bool)$result);
- $query = OC_DB::prepare('SELECT `fullname`,`uri` FROM *PREFIX*'.$this->table2.' WHERE `uri` = ?');
+ $query = OC_DB::prepare('SELECT `fullname`,`uri` FROM `*PREFIX*'.$this->table2.'` WHERE `uri` = ?');
$result = $query->execute(array('uri_2'));
$this->assertTrue((bool)$result);
}
public function testUNIX_TIMESTAMP() {
- $query = OC_DB::prepare('INSERT INTO *PREFIX*'.$this->table2.' (`fullname`,`uri`) VALUES (UNIX_TIMESTAMP(),?)');
+ $query = OC_DB::prepare('INSERT INTO `*PREFIX*'.$this->table2.'` (`fullname`,`uri`) VALUES (UNIX_TIMESTAMP(),?)');
$result = $query->execute(array('uri_3'));
$this->assertTrue((bool)$result);
- $query = OC_DB::prepare('SELECT `fullname`,`uri` FROM *PREFIX*'.$this->table2.' WHERE `uri` = ?');
+ $query = OC_DB::prepare('SELECT `fullname`,`uri` FROM `*PREFIX*'.$this->table2.'` WHERE `uri` = ?');
$result = $query->execute(array('uri_3'));
$this->assertTrue((bool)$result);
}
@@ -88,7 +88,7 @@ class Test_DB extends PHPUnit_Framework_TestCase {
$this->assertTrue((bool)$result);
}
- $query = OC_DB::prepare('SELECT * FROM *PREFIX*'.$this->table3);
+ $query = OC_DB::prepare('SELECT * FROM `*PREFIX*'.$this->table3.'`');
$result = $query->execute();
$this->assertTrue((bool)$result);
$this->assertEquals('4', $result->numRows());
@@ -100,10 +100,10 @@ class Test_DB extends PHPUnit_Framework_TestCase {
$carddata = 'This is a vCard';
// Normal test to have same known data inserted.
- $query = OC_DB::prepare('INSERT INTO *PREFIX*'.$this->table2.' (`fullname`, `uri`, `carddata`) VALUES (?, ?, ?)');
+ $query = OC_DB::prepare('INSERT INTO `*PREFIX*'.$this->table2.'` (`fullname`, `uri`, `carddata`) VALUES (?, ?, ?)');
$result = $query->execute(array($fullname, $uri, $carddata));
$this->assertTrue((bool)$result);
- $query = OC_DB::prepare('SELECT `fullname`, `uri`, `carddata` FROM *PREFIX*'.$this->table2.' WHERE `uri` = ?');
+ $query = OC_DB::prepare('SELECT `fullname`, `uri`, `carddata` FROM `*PREFIX*'.$this->table2.'` WHERE `uri` = ?');
$result = $query->execute(array($uri));
$this->assertTrue((bool)$result);
$row = $result->fetchRow();
@@ -119,7 +119,7 @@ class Test_DB extends PHPUnit_Framework_TestCase {
));
$this->assertTrue((bool)$result);
- $query = OC_DB::prepare('SELECT `fullname`, `uri`, `carddata` FROM *PREFIX*'.$this->table2.' WHERE `uri` = ?');
+ $query = OC_DB::prepare('SELECT `fullname`, `uri`, `carddata` FROM `*PREFIX*'.$this->table2.'` WHERE `uri` = ?');
$result = $query->execute(array($uri));
$this->assertTrue((bool)$result);
$row = $result->fetchRow();
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 01:24:51 +0000