diff options
Diffstat (limited to 'apps/encryption/lib/Command')
| -rw-r--r-- | apps/encryption/lib/Command/DisableMasterKey.php | 84 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/DropLegacyFileKey.php | 29 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/EnableMasterKey.php | 76 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/FixEncryptedVersion.php | 79 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/FixKeyLocation.php | 111 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/RecoverUser.php | 61 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/ScanLegacyFormat.php | 68 |
7 files changed, 147 insertions, 361 deletions
diff --git a/apps/encryption/lib/Command/DisableMasterKey.php b/apps/encryption/lib/Command/DisableMasterKey.php index 5a07e294248..0b8b8e39e78 100644 --- a/apps/encryption/lib/Command/DisableMasterKey.php +++ b/apps/encryption/lib/Command/DisableMasterKey.php @@ -1,26 +1,8 @@ <?php + /** - * @copyright Copyright (c) 2017 Bjoern Schiessle <bjoern@schiessle.org> - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Encryption\Command; @@ -33,31 +15,15 @@ use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Question\ConfirmationQuestion; class DisableMasterKey extends Command { - - /** @var Util */ - protected $util; - - /** @var IConfig */ - protected $config; - - /** @var QuestionHelper */ - protected $questionHelper; - - /** - * @param Util $util - * @param IConfig $config - * @param QuestionHelper $questionHelper - */ - public function __construct(Util $util, - IConfig $config, - QuestionHelper $questionHelper) { - $this->util = $util; - $this->config = $config; - $this->questionHelper = $questionHelper; + public function __construct( + protected Util $util, + protected IConfig $config, + protected QuestionHelper $questionHelper, + ) { parent::__construct(); } - protected function configure() { + protected function configure(): void { $this ->setName('encryption:disable-master-key') ->setDescription('Disable the master key and use per-user keys instead. Only available for fresh installations with no existing encrypted data! There is no way to enable it again.'); @@ -68,21 +34,23 @@ class DisableMasterKey extends Command { if (!$isMasterKeyEnabled) { $output->writeln('Master key already disabled'); - } else { - $question = new ConfirmationQuestion( - 'Warning: Only perform this operation for a fresh installations with no existing encrypted data! ' - . 'There is no way to enable the master key again. ' - . 'We strongly recommend to keep the master key, it provides significant performance improvements ' - . 'and is easier to handle for both, users and administrators. ' - . 'Do you really want to switch to per-user keys? (y/n) ', false); - if ($this->questionHelper->ask($input, $output, $question)) { - $this->config->setAppValue('encryption', 'useMasterKey', '0'); - $output->writeln('Master key successfully disabled.'); - } else { - $output->writeln('aborted.'); - return 1; - } + return self::SUCCESS; + } + + $question = new ConfirmationQuestion( + 'Warning: Only perform this operation for a fresh installations with no existing encrypted data! ' + . 'There is no way to enable the master key again. ' + . 'We strongly recommend to keep the master key, it provides significant performance improvements ' + . 'and is easier to handle for both, users and administrators. ' + . 'Do you really want to switch to per-user keys? (y/n) ', false); + + if ($this->questionHelper->ask($input, $output, $question)) { + $this->config->setAppValue('encryption', 'useMasterKey', '0'); + $output->writeln('Master key successfully disabled.'); + return self::SUCCESS; } - return 0; + + $output->writeln('aborted.'); + return self::FAILURE; } } diff --git a/apps/encryption/lib/Command/DropLegacyFileKey.php b/apps/encryption/lib/Command/DropLegacyFileKey.php index f0a5f36f30f..a9add1ad93b 100644 --- a/apps/encryption/lib/Command/DropLegacyFileKey.php +++ b/apps/encryption/lib/Command/DropLegacyFileKey.php @@ -3,25 +3,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2023, Côme Chilliet <come.chilliet@nextcloud.com> - * - * @author Côme Chilliet <come.chilliet@nextcloud.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Encryption\Command; @@ -75,10 +58,10 @@ class DropLegacyFileKey extends Command { if ($result) { $output->writeln('All scanned files are properly encrypted.'); - return 0; + return self::SUCCESS; } - return 1; + return self::FAILURE; } private function scanFolder(OutputInterface $output, string $folder): bool { @@ -131,10 +114,10 @@ class DropLegacyFileKey extends Command { $copyResource = $this->rootView->fopen($target, 'r'); $sourceResource = $this->rootView->fopen($source, 'w'); if ($copyResource === false || $sourceResource === false) { - throw new DecryptionFailedException('Failed to open '.$source.' or '.$target); + throw new DecryptionFailedException('Failed to open ' . $source . ' or ' . $target); } if (stream_copy_to_stream($copyResource, $sourceResource) === false) { - $output->writeln('<error>Failed to copy '.$target.' data into '.$source.'</error>'); + $output->writeln('<error>Failed to copy ' . $target . ' data into ' . $source . '</error>'); $output->writeln('<error>Leaving both files in there to avoid data loss</error>'); return; } diff --git a/apps/encryption/lib/Command/EnableMasterKey.php b/apps/encryption/lib/Command/EnableMasterKey.php index 7c49988c7fb..0d8b893e0e2 100644 --- a/apps/encryption/lib/Command/EnableMasterKey.php +++ b/apps/encryption/lib/Command/EnableMasterKey.php @@ -1,25 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\Encryption\Command; @@ -32,31 +16,15 @@ use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Question\ConfirmationQuestion; class EnableMasterKey extends Command { - - /** @var Util */ - protected $util; - - /** @var IConfig */ - protected $config; - - /** @var QuestionHelper */ - protected $questionHelper; - - /** - * @param Util $util - * @param IConfig $config - * @param QuestionHelper $questionHelper - */ - public function __construct(Util $util, - IConfig $config, - QuestionHelper $questionHelper) { - $this->util = $util; - $this->config = $config; - $this->questionHelper = $questionHelper; + public function __construct( + protected Util $util, + protected IConfig $config, + protected QuestionHelper $questionHelper, + ) { parent::__construct(); } - protected function configure() { + protected function configure(): void { $this ->setName('encryption:enable-master-key') ->setDescription('Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again.'); @@ -67,18 +35,20 @@ class EnableMasterKey extends Command { if ($isAlreadyEnabled) { $output->writeln('Master key already enabled'); - } else { - $question = new ConfirmationQuestion( - 'Warning: Only available for fresh installations with no existing encrypted data! ' + return self::SUCCESS; + } + + $question = new ConfirmationQuestion( + 'Warning: Only available for fresh installations with no existing encrypted data! ' . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false); - if ($this->questionHelper->ask($input, $output, $question)) { - $this->config->setAppValue('encryption', 'useMasterKey', '1'); - $output->writeln('Master key successfully enabled.'); - } else { - $output->writeln('aborted.'); - return 1; - } + + if ($this->questionHelper->ask($input, $output, $question)) { + $this->config->setAppValue('encryption', 'useMasterKey', '1'); + $output->writeln('Master key successfully enabled.'); + return self::SUCCESS; } - return 0; + + $output->writeln('aborted.'); + return self::FAILURE; } } diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php index d0fbf1adb31..462e3a5cc2a 100644 --- a/apps/encryption/lib/Command/FixEncryptedVersion.php +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -1,23 +1,9 @@ <?php + /** - * @author Sujith Haridasan <sharidasan@owncloud.com> - * @author Ilja Neumann <ineumann@owncloud.com> - * - * @copyright Copyright (c) 2019, ownCloud GmbH - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2019 ownCloud GmbH + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OCA\Encryption\Command; @@ -26,6 +12,7 @@ use OC\Files\Storage\Wrapper\Encryption; use OC\Files\View; use OC\ServerNotAvailableException; use OCA\Encryption\Util; +use OCP\Encryption\Exceptions\InvalidHeaderException; use OCP\Files\IRootFolder; use OCP\HintException; use OCP\IConfig; @@ -39,7 +26,7 @@ use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; class FixEncryptedVersion extends Command { - private bool $supportLegacy; + private bool $supportLegacy = false; public function __construct( private IConfig $config, @@ -49,8 +36,6 @@ class FixEncryptedVersion extends Command { private Util $util, private View $view, ) { - $this->supportLegacy = false; - parent::__construct(); } @@ -83,47 +68,49 @@ class FixEncryptedVersion extends Command { if ($skipSignatureCheck) { $output->writeln("<error>Repairing is not possible when \"encryption_skip_signature_check\" is set. Please disable this flag in the configuration.</error>\n"); - return 1; + return self::FAILURE; } if (!$this->util->isMasterKeyEnabled()) { $output->writeln("<error>Repairing only works with master key encryption.</error>\n"); - return 1; + return self::FAILURE; } $user = $input->getArgument('user'); $all = $input->getOption('all'); $pathOption = \trim(($input->getOption('path') ?? ''), '/'); + if (!$user && !$all) { + $output->writeln('Either a user id or --all needs to be provided'); + return self::FAILURE; + } + if ($user) { if ($all) { - $output->writeln("Specifying a user id and --all are mutually exclusive"); - return 1; + $output->writeln('Specifying a user id and --all are mutually exclusive'); + return self::FAILURE; } if ($this->userManager->get($user) === null) { $output->writeln("<error>User id $user does not exist. Please provide a valid user id</error>"); - return 1; + return self::FAILURE; } return $this->runForUser($user, $pathOption, $output); - } elseif ($all) { - $result = 0; - $this->userManager->callForSeenUsers(function (IUser $user) use ($pathOption, $output, &$result) { - $output->writeln("Processing files for " . $user->getUID()); - $result = $this->runForUser($user->getUID(), $pathOption, $output); - return $result === 0; - }); - return $result; - } else { - $output->writeln("Either a user id or --all needs to be provided"); - return 1; } + + $result = 0; + $this->userManager->callForSeenUsers(function (IUser $user) use ($pathOption, $output, &$result) { + $output->writeln('Processing files for ' . $user->getUID()); + $result = $this->runForUser($user->getUID(), $pathOption, $output); + return $result === 0; + }); + return $result; } private function runForUser(string $user, string $pathOption, OutputInterface $output): int { $pathToWalk = "/$user/files"; - if ($pathOption !== "") { + if ($pathOption !== '') { $pathToWalk = "$pathToWalk/$pathOption"; } return $this->walkPathOfUser($user, $pathToWalk, $output); @@ -136,13 +123,13 @@ class FixEncryptedVersion extends Command { $this->setupUserFs($user); if (!$this->view->file_exists($path)) { $output->writeln("<error>Path \"$path\" does not exist. Please provide a valid path.</error>"); - return 1; + return self::FAILURE; } if ($this->view->is_file($path)) { $output->writeln("Verifying the content of file \"$path\""); $this->verifyFileContent($path, $output); - return 0; + return self::SUCCESS; } $directories = []; $directories[] = $path; @@ -158,7 +145,7 @@ class FixEncryptedVersion extends Command { } } } - return 0; + return self::SUCCESS; } /** @@ -210,7 +197,7 @@ class FixEncryptedVersion extends Command { \fclose($handle); return true; - } catch (ServerNotAvailableException $e) { + } catch (ServerNotAvailableException|InvalidHeaderException $e) { // not a "bad signature" error and likely "legacy cipher" exception // this could mean that the file is maybe not encrypted but the encrypted version is set if (!$this->supportLegacy && $ignoreCorrectEncVersionCall === true) { @@ -219,7 +206,7 @@ class FixEncryptedVersion extends Command { } return false; } catch (HintException $e) { - $this->logger->warning("Issue: " . $e->getMessage()); + $this->logger->warning('Issue: ' . $e->getMessage()); // If allowOnce is set to false, this becomes recursive. if ($ignoreCorrectEncVersionCall === true) { // Lets rectify the file by correcting encrypted version @@ -268,7 +255,7 @@ class FixEncryptedVersion extends Command { // try with zero first $cacheInfo = ['encryptedVersion' => 0, 'encrypted' => 0]; $cache->put($fileCache->getPath(), $cacheInfo); - $output->writeln("<info>Set the encrypted version to 0 (unencrypted)</info>"); + $output->writeln('<info>Set the encrypted version to 0 (unencrypted)</info>'); if ($this->verifyFileContent($path, $output, false) === true) { $output->writeln("<info>Fixed the file: \"$path\" with version 0 (unencrypted)</info>"); return true; @@ -282,7 +269,7 @@ class FixEncryptedVersion extends Command { $cache->put($fileCache->getPath(), $cacheInfo); $output->writeln("<info>Decrement the encrypted version to $encryptedVersion</info>"); if ($this->verifyFileContent($path, $output, false) === true) { - $output->writeln("<info>Fixed the file: \"$path\" with version " . $encryptedVersion . "</info>"); + $output->writeln("<info>Fixed the file: \"$path\" with version " . $encryptedVersion . '</info>'); return true; } $encryptedVersion--; @@ -305,7 +292,7 @@ class FixEncryptedVersion extends Command { $cache->put($fileCache->getPath(), $cacheInfo); $output->writeln("<info>Increment the encrypted version to $newEncryptedVersion</info>"); if ($this->verifyFileContent($path, $output, false) === true) { - $output->writeln("<info>Fixed the file: \"$path\" with version " . $newEncryptedVersion . "</info>"); + $output->writeln("<info>Fixed the file: \"$path\" with version " . $newEncryptedVersion . '</info>'); return true; } $increment++; diff --git a/apps/encryption/lib/Command/FixKeyLocation.php b/apps/encryption/lib/Command/FixKeyLocation.php index 5001da4bb92..da529a4be2f 100644 --- a/apps/encryption/lib/Command/FixKeyLocation.php +++ b/apps/encryption/lib/Command/FixKeyLocation.php @@ -2,23 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2022 Robin Appelman <robin@icewind.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Encryption\Command; @@ -43,29 +28,21 @@ use Symfony\Component\Console\Input\InputOption; use Symfony\Component\Console\Output\OutputInterface; class FixKeyLocation extends Command { - private IUserManager $userManager; - private IUserMountCache $userMountCache; - private Util $encryptionUtil; - private IRootFolder $rootFolder; private string $keyRootDirectory; private View $rootView; private Manager $encryptionManager; public function __construct( - IUserManager $userManager, - IUserMountCache $userMountCache, - Util $encryptionUtil, - IRootFolder $rootFolder, - IManager $encryptionManager + private IUserManager $userManager, + private IUserMountCache $userMountCache, + private Util $encryptionUtil, + private IRootFolder $rootFolder, + IManager $encryptionManager, ) { - $this->userManager = $userManager; - $this->userMountCache = $userMountCache; - $this->encryptionUtil = $encryptionUtil; - $this->rootFolder = $rootFolder; $this->keyRootDirectory = rtrim($this->encryptionUtil->getKeyStorageRoot(), '/'); $this->rootView = new View(); if (!$encryptionManager instanceof Manager) { - throw new \Exception("Wrong encryption manager"); + throw new \Exception('Wrong encryption manager'); } $this->encryptionManager = $encryptionManager; @@ -80,7 +57,7 @@ class FixKeyLocation extends Command { ->setName('encryption:fix-key-location') ->setDescription('Fix the location of encryption keys for external storage') ->addOption('dry-run', null, InputOption::VALUE_NONE, "Only list files that require key migration, don't try to perform any migration") - ->addArgument('user', InputArgument::REQUIRED, "User id to fix the key locations for"); + ->addArgument('user', InputArgument::REQUIRED, 'User id to fix the key locations for'); } protected function execute(InputInterface $input, OutputInterface $output): int { @@ -89,7 +66,7 @@ class FixKeyLocation extends Command { $user = $this->userManager->get($userId); if (!$user) { $output->writeln("<error>User $userId not found</error>"); - return 1; + return self::FAILURE; } \OC_Util::setupFS($user->getUID()); @@ -98,7 +75,7 @@ class FixKeyLocation extends Command { foreach ($mounts as $mount) { $mountRootFolder = $this->rootFolder->get($mount->getMountPoint()); if (!$mountRootFolder instanceof Folder) { - $output->writeln("<error>System wide mount point is not a directory, skipping: " . $mount->getMountPoint() . "</error>"); + $output->writeln('<error>System wide mount point is not a directory, skipping: ' . $mount->getMountPoint() . '</error>'); continue; } @@ -112,14 +89,14 @@ class FixKeyLocation extends Command { // key was stored incorrectly as user key, migrate if ($dryRun) { - $output->writeln("<info>" . $file->getPath() . "</info> needs migration"); + $output->writeln('<info>' . $file->getPath() . '</info> needs migration'); } else { - $output->write("Migrating key for <info>" . $file->getPath() . "</info> "); + $output->write('Migrating key for <info>' . $file->getPath() . '</info> '); if ($this->copyUserKeyToSystemAndValidate($user, $file)) { - $output->writeln("<info>✓</info>"); + $output->writeln('<info>✓</info>'); } else { - $output->writeln("<fg=red>❌</>"); - $output->writeln(" Failed to validate key for <error>" . $file->getPath() . "</error>, key will not be migrated"); + $output->writeln('<fg=red>❌</>'); + $output->writeln(' Failed to validate key for <error>' . $file->getPath() . '</error>, key will not be migrated'); } } } else { @@ -130,42 +107,42 @@ class FixKeyLocation extends Command { if ($isActuallyEncrypted) { if ($dryRun) { if ($shouldBeEncrypted) { - $output->write("<info>" . $file->getPath() . "</info> needs migration"); + $output->write('<info>' . $file->getPath() . '</info> needs migration'); } else { - $output->write("<info>" . $file->getPath() . "</info> needs decryption"); + $output->write('<info>' . $file->getPath() . '</info> needs decryption'); } $foundKey = $this->findUserKeyForSystemFile($user, $file); if ($foundKey) { - $output->writeln(", valid key found at <info>" . $foundKey . "</info>"); + $output->writeln(', valid key found at <info>' . $foundKey . '</info>'); } else { - $output->writeln(" <error>❌ No key found</error>"); + $output->writeln(' <error>❌ No key found</error>'); } } else { if ($shouldBeEncrypted) { - $output->write("<info>Migrating key for " . $file->getPath() . "</info>"); + $output->write('<info>Migrating key for ' . $file->getPath() . '</info>'); } else { - $output->write("<info>Decrypting " . $file->getPath() . "</info>"); + $output->write('<info>Decrypting ' . $file->getPath() . '</info>'); } $foundKey = $this->findUserKeyForSystemFile($user, $file); if ($foundKey) { if ($shouldBeEncrypted) { $systemKeyPath = $this->getSystemKeyPath($file); $this->rootView->copy($foundKey, $systemKeyPath); - $output->writeln(" Migrated key from <info>" . $foundKey . "</info>"); + $output->writeln(' Migrated key from <info>' . $foundKey . '</info>'); } else { $this->decryptWithSystemKey($file, $foundKey); - $output->writeln(" Decrypted with key from <info>" . $foundKey . "</info>"); + $output->writeln(' Decrypted with key from <info>' . $foundKey . '</info>'); } } else { - $output->writeln(" <error>❌ No key found</error>"); + $output->writeln(' <error>❌ No key found</error>'); } } } else { if ($dryRun) { - $output->writeln("<info>" . $file->getPath() . " needs to be marked as not encrypted</info>"); + $output->writeln('<info>' . $file->getPath() . ' needs to be marked as not encrypted</info>'); } else { $this->markAsUnEncrypted($file); - $output->writeln("<info>" . $file->getPath() . " marked as not encrypted</info>"); + $output->writeln('<info>' . $file->getPath() . ' marked as not encrypted</info>'); } } } @@ -173,7 +150,7 @@ class FixKeyLocation extends Command { } } - return 0; + return self::SUCCESS; } private function getUserRelativePath(string $path): string { @@ -186,7 +163,6 @@ class FixKeyLocation extends Command { } /** - * @param IUser $user * @return ICachedMountInfo[] */ private function getSystemMountsForUser(IUser $user): array { @@ -201,7 +177,6 @@ class FixKeyLocation extends Command { /** * Get all files in a folder which are marked as encrypted * - * @param Folder $folder * @return \Generator<File> */ private function getAllEncryptedFiles(Folder $folder) { @@ -242,10 +217,6 @@ class FixKeyLocation extends Command { /** * Check that the user key stored for a file can decrypt the file - * - * @param IUser $user - * @param File $node - * @return bool */ private function copyUserKeyToSystemAndValidate(IUser $user, File $node): bool { $path = trim(substr($node->getPath(), strlen($user->getUID()) + 1), '/'); @@ -282,7 +253,6 @@ class FixKeyLocation extends Command { /** * Get the contents of a file without decrypting it * - * @param File $node * @return resource */ private function openWithoutDecryption(File $node, string $mode) { @@ -303,16 +273,13 @@ class FixKeyLocation extends Command { } /** @var resource|false $handle */ if ($handle === false) { - throw new \Exception("Failed to open " . $node->getPath()); + throw new \Exception('Failed to open ' . $node->getPath()); } return $handle; } /** * Check if the data stored for a file is encrypted, regardless of it's metadata - * - * @param File $node - * @return bool */ private function isDataEncrypted(File $node): bool { $handle = $this->openWithoutDecryption($node, 'r'); @@ -325,9 +292,6 @@ class FixKeyLocation extends Command { /** * Attempt to find a key (stored for user) for a file (that needs a system key) even when it's not stored in the expected location - * - * @param File $node - * @return string */ private function findUserKeyForSystemFile(IUser $user, File $node): ?string { $userKeyPath = $this->getUserBaseKeyPath($user); @@ -343,8 +307,6 @@ class FixKeyLocation extends Command { /** * Attempt to find a key for a file even when it's not stored in the expected location * - * @param string $basePath - * @param string $name * @return \Generator<string> */ private function findKeysByFileName(string $basePath, string $name) { @@ -354,7 +316,7 @@ class FixKeyLocation extends Command { /** @var false|resource $dh */ $dh = $this->rootView->opendir($basePath); if (!$dh) { - throw new \Exception("Invalid base path " . $basePath); + throw new \Exception('Invalid base path ' . $basePath); } while ($child = readdir($dh)) { if ($child != '..' && $child != '.') { @@ -371,11 +333,6 @@ class FixKeyLocation extends Command { /** * Test if the provided key is valid as a system key for the file - * - * @param IUser $user - * @param string $key - * @param File $node - * @return bool */ private function testSystemKey(IUser $user, string $key, File $node): bool { $systemKeyPath = $this->getSystemKeyPath($node); @@ -393,10 +350,6 @@ class FixKeyLocation extends Command { /** * Decrypt a file with the specified system key and mark the key as not-encrypted - * - * @param File $node - * @param string $key - * @return void */ private function decryptWithSystemKey(File $node, string $key): void { $storage = $node->getStorage(); @@ -413,7 +366,7 @@ class FixKeyLocation extends Command { /** @var false|resource $source */ $source = $storage->fopen($node->getInternalPath(), 'r'); if (!$source) { - throw new \Exception("Failed to open " . $node->getPath() . " with " . $key); + throw new \Exception('Failed to open ' . $node->getPath() . ' with ' . $key); } $decryptedNode = $node->getParent()->newFile($name); @@ -433,7 +386,7 @@ class FixKeyLocation extends Command { } if ($this->isDataEncrypted($decryptedNode)) { - throw new \Exception($node->getPath() . " still encrypted after attempting to decrypt with " . $key); + throw new \Exception($node->getPath() . ' still encrypted after attempting to decrypt with ' . $key); } $this->markAsUnEncrypted($decryptedNode); diff --git a/apps/encryption/lib/Command/RecoverUser.php b/apps/encryption/lib/Command/RecoverUser.php index 97a26b1d404..8da962ac8b1 100644 --- a/apps/encryption/lib/Command/RecoverUser.php +++ b/apps/encryption/lib/Command/RecoverUser.php @@ -1,26 +1,8 @@ <?php + /** - * @copyright Copyright (c) 2018 Bjoern Schiessle <bjoern@schiessle.org> - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Encryption\Command; @@ -35,33 +17,16 @@ use Symfony\Component\Console\Output\OutputInterface; use Symfony\Component\Console\Question\Question; class RecoverUser extends Command { - - /** @var Util */ - protected $util; - - /** @var IUserManager */ - protected $userManager; - - /** @var QuestionHelper */ - protected $questionHelper; - - /** - * @param Util $util - * @param IConfig $config - * @param IUserManager $userManager - * @param QuestionHelper $questionHelper - */ - public function __construct(Util $util, + public function __construct( + protected Util $util, IConfig $config, - IUserManager $userManager, - QuestionHelper $questionHelper) { - $this->util = $util; - $this->questionHelper = $questionHelper; - $this->userManager = $userManager; + protected IUserManager $userManager, + protected QuestionHelper $questionHelper, + ) { parent::__construct(); } - protected function configure() { + protected function configure(): void { $this ->setName('encryption:recover-user') ->setDescription('Recover user data in case of password lost. This only works if the user enabled the recovery key.'); @@ -78,20 +43,20 @@ class RecoverUser extends Command { if ($isMasterKeyEnabled) { $output->writeln('You use the master key, no individual user recovery needed.'); - return 0; + return self::SUCCESS; } $uid = $input->getArgument('user'); $userExists = $this->userManager->userExists($uid); if ($userExists === false) { $output->writeln('User "' . $uid . '" unknown.'); - return 1; + return self::FAILURE; } $recoveryKeyEnabled = $this->util->isRecoveryEnabledForUser($uid); if ($recoveryKeyEnabled === false) { $output->writeln('Recovery key is not enabled for: ' . $uid); - return 1; + return self::FAILURE; } $question = new Question('Please enter the recovery key password: '); @@ -107,6 +72,6 @@ class RecoverUser extends Command { $output->write('Start to recover users files... This can take some time...'); $this->userManager->get($uid)->setPassword($newLoginPassword, $recoveryPassword); $output->writeln('Done.'); - return 0; + return self::SUCCESS; } } diff --git a/apps/encryption/lib/Command/ScanLegacyFormat.php b/apps/encryption/lib/Command/ScanLegacyFormat.php index 8e0178af486..1e46a3d7545 100644 --- a/apps/encryption/lib/Command/ScanLegacyFormat.php +++ b/apps/encryption/lib/Command/ScanLegacyFormat.php @@ -3,26 +3,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2020, Roeland Jago Douma <roeland@famdouma.nl> - * - * @author essys <essys@users.noreply.github.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Encryption\Command; @@ -36,40 +18,20 @@ use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class ScanLegacyFormat extends Command { - /** @var Util */ - protected $util; - - /** @var IConfig */ - protected $config; - - /** @var QuestionHelper */ - protected $questionHelper; - - /** @var IUserManager */ - private $userManager; - - /** @var View */ - private $rootView; - - /** - * @param Util $util - * @param IConfig $config - * @param QuestionHelper $questionHelper - */ - public function __construct(Util $util, - IConfig $config, - QuestionHelper $questionHelper, - IUserManager $userManager) { + private View $rootView; + + public function __construct( + protected Util $util, + protected IConfig $config, + protected QuestionHelper $questionHelper, + private IUserManager $userManager, + ) { parent::__construct(); - $this->util = $util; - $this->config = $config; - $this->questionHelper = $questionHelper; - $this->userManager = $userManager; $this->rootView = new View(); } - protected function configure() { + protected function configure(): void { $this ->setName('encryption:scan:legacy-format') ->setDescription('Scan the files for the legacy format'); @@ -96,10 +58,10 @@ class ScanLegacyFormat extends Command { if ($result) { $output->writeln('All scanned files are properly encrypted. You can disable the legacy compatibility mode.'); - return 0; + return self::SUCCESS; } - return 1; + return self::FAILURE; } private function scanFolder(OutputInterface $output, string $folder): bool { @@ -130,10 +92,8 @@ class ScanLegacyFormat extends Command { /** * setup user file system - * - * @param string $uid */ - protected function setupUserFS($uid) { + protected function setupUserFS(string $uid): void { \OC_Util::tearDownFS(); \OC_Util::setupFS($uid); } |