diff options
| -rw-r--r-- | settings/Controller/UsersController.php | 23 | ||||
| -rw-r--r-- | tests/Settings/Controller/UsersControllerTest.php | 36 |
2 files changed, 54 insertions, 5 deletions
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php index a193f9bc8de..76394fcb6c6 100644 --- a/settings/Controller/UsersController.php +++ b/settings/Controller/UsersController.php @@ -42,6 +42,8 @@ use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\BackgroundJob\IJobList; use OCP\Files\Config\IUserMountCache; +use OCP\Encryption\IEncryptionModule; +use OCP\Encryption\IManager; use OCP\IConfig; use OCP\IGroupManager; use OCP\IL10N; @@ -99,9 +101,14 @@ class UsersController extends Controller { private $keyManager; /** @var IJobList */ private $jobList; + /** @var IUserMountCache */ private $userMountCache; + /** @var IManager */ + private $encryptionManager; + + /** * @param string $appName * @param IRequest $request @@ -124,6 +131,7 @@ class UsersController extends Controller { * @param Manager $keyManager * @param IJobList $jobList * @param IUserMountCache $userMountCache + * @param IManager $encryptionManager */ public function __construct($appName, IRequest $request, @@ -145,7 +153,8 @@ class UsersController extends Controller { ICrypto $crypto, Manager $keyManager, IJobList $jobList, - IUserMountCache $userMountCache) { + IUserMountCache $userMountCache, + IManager $encryptionManager) { parent::__construct($appName, $request); $this->userManager = $userManager; $this->groupManager = $groupManager; @@ -165,6 +174,7 @@ class UsersController extends Controller { $this->keyManager = $keyManager; $this->jobList = $jobList; $this->userMountCache = $userMountCache; + $this->encryptionManager = $encryptionManager; // check for encryption state - TODO see formatUserForIndex $this->isEncryptionAppEnabled = $appManager->isEnabledForUser('encryption'); @@ -200,6 +210,17 @@ class UsersController extends Controller { // user also has recovery mode enabled $restorePossible = true; } + } else { + $modules = $this->encryptionManager->getEncryptionModules(); + $restorePossible = true; + foreach ($modules as $id => $module) { + /* @var IEncryptionModule $instance */ + $instance = call_user_func($module['callback']); + if ($instance->needDetailedAccessList()) { + $restorePossible = false; + break; + } + } } } else { // recovery is possible if encryption is disabled (plain files are diff --git a/tests/Settings/Controller/UsersControllerTest.php b/tests/Settings/Controller/UsersControllerTest.php index 0780f5219c0..cd08c834147 100644 --- a/tests/Settings/Controller/UsersControllerTest.php +++ b/tests/Settings/Controller/UsersControllerTest.php @@ -20,6 +20,8 @@ use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\BackgroundJob\IJobList; use OCP\Files\Config\IUserMountCache; +use OCP\Encryption\IEncryptionModule; +use OCP\Encryption\IManager; use OCP\IAvatar; use OCP\IAvatarManager; use OCP\IConfig; @@ -82,6 +84,10 @@ class UsersControllerTest extends \Test\TestCase { private $securityManager; /** @var IUserMountCache |\PHPUnit_Framework_MockObject_MockObject */ private $userMountCache; + /** @var IManager | \PHPUnit_Framework_MockObject_MockObject */ + private $encryptionManager; + /** @var IEncryptionModule | \PHPUnit_Framework_MockObject_MockObject */ + private $encryptionModule; protected function setUp() { parent::setUp(); @@ -104,6 +110,7 @@ class UsersControllerTest extends \Test\TestCase { $this->crypto = $this->createMock(ICrypto::class); $this->securityManager = $this->getMockBuilder(\OC\Security\IdentityProof\Manager::class)->disableOriginalConstructor()->getMock(); $this->jobList = $this->createMock(IJobList::class); + $this->encryptionManager = $this->createMock(IManager::class); $this->l = $this->createMock(IL10N::class); $this->l->method('t') ->will($this->returnCallback(function ($text, $parameters = []) { @@ -111,6 +118,10 @@ class UsersControllerTest extends \Test\TestCase { })); $this->userMountCache = $this->createMock(IUserMountCache::class); + $this->encryptionModule = $this->createMock(IEncryptionModule::class); + $this->encryptionManager->expects($this->any())->method('getEncryptionModules') + ->willReturn(['encryptionModule' => ['callback' => function() { return $this->encryptionModule;}]]); + /* * Set default avatar behaviour for whole test suite */ @@ -154,8 +165,8 @@ class UsersControllerTest extends \Test\TestCase { $this->crypto, $this->securityManager, $this->jobList, - $this->userMountCache - + $this->userMountCache, + $this->encryptionManager ); } else { return $this->getMockBuilder(UsersController::class) @@ -182,6 +193,7 @@ class UsersControllerTest extends \Test\TestCase { $this->securityManager, $this->jobList, $this->userMountCache, + $this->encryptionManager ] )->setMethods($mockedMethods)->getMock(); } @@ -1689,9 +1701,17 @@ class UsersControllerTest extends \Test\TestCase { $this->assertEquals($expectedResult, $result); } - public function testRestoreNotPossibleWithoutAdminRestore() { + /** + * @dataProvider dataTestRestoreNotPossibleWithoutAdminRestore + * + * @param bool $masterKeyEnabled + */ + public function testRestoreNotPossibleWithoutAdminRestore($masterKeyEnabled) { list($user, $expectedResult) = $this->mockUser(); + // without the master key enabled we use per-user keys + $this->encryptionModule->expects($this->once())->method('needDetailedAccessList')->willReturn(!$masterKeyEnabled); + $this->appManager ->method('isEnabledForUser') ->with( @@ -1699,7 +1719,8 @@ class UsersControllerTest extends \Test\TestCase { ) ->will($this->returnValue(true)); - $expectedResult['isRestoreDisabled'] = true; + // without the master key enabled we use per-user keys -> restore is disabled + $expectedResult['isRestoreDisabled'] = !$masterKeyEnabled; $subadmin = $this->getMockBuilder('\OC\SubAdmin') ->disableOriginalConstructor() @@ -1718,6 +1739,13 @@ class UsersControllerTest extends \Test\TestCase { $this->assertEquals($expectedResult, $result); } + public function dataTestRestoreNotPossibleWithoutAdminRestore() { + return [ + [true], + [false] + ]; + } + public function testRestoreNotPossibleWithoutUserRestore() { list($user, $expectedResult) = $this->mockUser(); |