diff options
Diffstat (limited to 'apps/encryption/lib/Controller')
| -rw-r--r-- | apps/encryption/lib/Controller/RecoveryController.php | 192 | ||||
| -rw-r--r-- | apps/encryption/lib/Controller/SettingsController.php | 165 | ||||
| -rw-r--r-- | apps/encryption/lib/Controller/StatusController.php | 98 |
3 files changed, 455 insertions, 0 deletions
diff --git a/apps/encryption/lib/Controller/RecoveryController.php b/apps/encryption/lib/Controller/RecoveryController.php new file mode 100644 index 00000000000..e4b02e004dc --- /dev/null +++ b/apps/encryption/lib/Controller/RecoveryController.php @@ -0,0 +1,192 @@ +<?php +/** + * @author Björn Schießle <schiessle@owncloud.com> + * @author Clark Tomlinson <fallen013@gmail.com> + * @author Lukas Reschke <lukas@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\Encryption\Controller; + + +use OCA\Encryption\Recovery; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\IConfig; +use OCP\IL10N; +use OCP\IRequest; +use OCP\AppFramework\Http\DataResponse; + +class RecoveryController extends Controller { + /** + * @var IConfig + */ + private $config; + /** + * @var IL10N + */ + private $l; + /** + * @var Recovery + */ + private $recovery; + + /** + * @param string $AppName + * @param IRequest $request + * @param IConfig $config + * @param IL10N $l10n + * @param Recovery $recovery + */ + public function __construct($AppName, + IRequest $request, + IConfig $config, + IL10N $l10n, + Recovery $recovery) { + parent::__construct($AppName, $request); + $this->config = $config; + $this->l = $l10n; + $this->recovery = $recovery; + } + + /** + * @param string $recoveryPassword + * @param string $confirmPassword + * @param string $adminEnableRecovery + * @return DataResponse + */ + public function adminRecovery($recoveryPassword, $confirmPassword, $adminEnableRecovery) { + // Check if both passwords are the same + if (empty($recoveryPassword)) { + $errorMessage = (string)$this->l->t('Missing recovery key password'); + return new DataResponse(['data' => ['message' => $errorMessage]], + Http::STATUS_BAD_REQUEST); + } + + if (empty($confirmPassword)) { + $errorMessage = (string)$this->l->t('Please repeat the recovery key password'); + return new DataResponse(['data' => ['message' => $errorMessage]], + Http::STATUS_BAD_REQUEST); + } + + if ($recoveryPassword !== $confirmPassword) { + $errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password'); + return new DataResponse(['data' => ['message' => $errorMessage]], + Http::STATUS_BAD_REQUEST); + } + + if (isset($adminEnableRecovery) && $adminEnableRecovery === '1') { + if ($this->recovery->enableAdminRecovery($recoveryPassword)) { + return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully enabled')]]); + } + return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST); + } elseif (isset($adminEnableRecovery) && $adminEnableRecovery === '0') { + if ($this->recovery->disableAdminRecovery($recoveryPassword)) { + return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully disabled')]]); + } + return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST); + } + // this response should never be sent but just in case. + return new DataResponse(['data' => ['message' => (string)$this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST); + } + + /** + * @param string $newPassword + * @param string $oldPassword + * @param string $confirmPassword + * @return DataResponse + */ + public function changeRecoveryPassword($newPassword, $oldPassword, $confirmPassword) { + //check if both passwords are the same + if (empty($oldPassword)) { + $errorMessage = (string)$this->l->t('Please provide the old recovery password'); + return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST); + } + + if (empty($newPassword)) { + $errorMessage = (string)$this->l->t('Please provide a new recovery password'); + return new DataResponse (['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST); + } + + if (empty($confirmPassword)) { + $errorMessage = (string)$this->l->t('Please repeat the new recovery password'); + return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST); + } + + if ($newPassword !== $confirmPassword) { + $errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password'); + return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST); + } + + $result = $this->recovery->changeRecoveryKeyPassword($newPassword, + $oldPassword); + + if ($result) { + return new DataResponse( + [ + 'data' => [ + 'message' => (string)$this->l->t('Password successfully changed.')] + ] + ); + } + return new DataResponse( + [ + 'data' => [ + 'message' => (string)$this->l->t('Could not change the password. Maybe the old password was not correct.') + ] + ], Http::STATUS_BAD_REQUEST); + } + + /** + * @NoAdminRequired + * + * @param string $userEnableRecovery + * @return DataResponse + */ + public function userSetRecovery($userEnableRecovery) { + if ($userEnableRecovery === '0' || $userEnableRecovery === '1') { + + $result = $this->recovery->setRecoveryForUser($userEnableRecovery); + + if ($result) { + if ($userEnableRecovery === '0') { + return new DataResponse( + [ + 'data' => [ + 'message' => (string)$this->l->t('Recovery Key disabled')] + ] + ); + } + return new DataResponse( + [ + 'data' => [ + 'message' => (string)$this->l->t('Recovery Key enabled')] + ] + ); + } + + } + return new DataResponse( + [ + 'data' => [ + 'message' => (string)$this->l->t('Could not enable the recovery key, please try again or contact your administrator') + ] + ], Http::STATUS_BAD_REQUEST); + } + +} diff --git a/apps/encryption/lib/Controller/SettingsController.php b/apps/encryption/lib/Controller/SettingsController.php new file mode 100644 index 00000000000..5c171a23aec --- /dev/null +++ b/apps/encryption/lib/Controller/SettingsController.php @@ -0,0 +1,165 @@ +<?php +/** + * @author Björn Schießle <schiessle@owncloud.com> + * @author Joas Schilling <nickvergessen@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\Encryption\Controller; + +use OCA\Encryption\Crypto\Crypt; +use OCA\Encryption\KeyManager; +use OCA\Encryption\Session; +use OCA\Encryption\Util; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\DataResponse; +use OCP\IL10N; +use OCP\IRequest; +use OCP\ISession; +use OCP\IUserManager; +use OCP\IUserSession; + +class SettingsController extends Controller { + + /** @var IL10N */ + private $l; + + /** @var IUserManager */ + private $userManager; + + /** @var IUserSession */ + private $userSession; + + /** @var KeyManager */ + private $keyManager; + + /** @var Crypt */ + private $crypt; + + /** @var Session */ + private $session; + + /** @var ISession */ + private $ocSession; + + /** @var Util */ + private $util; + + /** + * @param string $AppName + * @param IRequest $request + * @param IL10N $l10n + * @param IUserManager $userManager + * @param IUserSession $userSession + * @param KeyManager $keyManager + * @param Crypt $crypt + * @param Session $session + * @param ISession $ocSession + * @param Util $util + */ + public function __construct($AppName, + IRequest $request, + IL10N $l10n, + IUserManager $userManager, + IUserSession $userSession, + KeyManager $keyManager, + Crypt $crypt, + Session $session, + ISession $ocSession, + Util $util +) { + parent::__construct($AppName, $request); + $this->l = $l10n; + $this->userSession = $userSession; + $this->userManager = $userManager; + $this->keyManager = $keyManager; + $this->crypt = $crypt; + $this->session = $session; + $this->ocSession = $ocSession; + $this->util = $util; + } + + + /** + * @NoAdminRequired + * @UseSession + * + * @param string $oldPassword + * @param string $newPassword + * @return DataResponse + */ + public function updatePrivateKeyPassword($oldPassword, $newPassword) { + $result = false; + $uid = $this->userSession->getUser()->getUID(); + $errorMessage = $this->l->t('Could not update the private key password.'); + + //check if password is correct + $passwordCorrect = $this->userManager->checkPassword($uid, $newPassword); + if ($passwordCorrect === false) { + // if check with uid fails we need to check the password with the login name + // e.g. in the ldap case. For local user we need to check the password with + // the uid because in this case the login name is case insensitive + $loginName = $this->ocSession->get('loginname'); + $passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword); + } + + if ($passwordCorrect !== false) { + $encryptedKey = $this->keyManager->getPrivateKey($uid); + $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid); + + if ($decryptedKey) { + $encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid); + $header = $this->crypt->generateHeader(); + if ($encryptedKey) { + $this->keyManager->setPrivateKey($uid, $header . $encryptedKey); + $this->session->setPrivateKey($decryptedKey); + $result = true; + } + } else { + $errorMessage = $this->l->t('The old password was not correct, please try again.'); + } + } else { + $errorMessage = $this->l->t('The current log-in password was not correct, please try again.'); + } + + if ($result === true) { + $this->session->setStatus(Session::INIT_SUCCESSFUL); + return new DataResponse( + ['message' => (string) $this->l->t('Private key password successfully updated.')] + ); + } else { + return new DataResponse( + ['message' => (string) $errorMessage], + Http::STATUS_BAD_REQUEST + ); + } + + } + + /** + * @UseSession + * + * @param bool $encryptHomeStorage + * @return DataResponse + */ + public function setEncryptHomeStorage($encryptHomeStorage) { + $this->util->setEncryptHomeStorage($encryptHomeStorage); + return new DataResponse(); + } +} diff --git a/apps/encryption/lib/Controller/StatusController.php b/apps/encryption/lib/Controller/StatusController.php new file mode 100644 index 00000000000..99fdc68c3d0 --- /dev/null +++ b/apps/encryption/lib/Controller/StatusController.php @@ -0,0 +1,98 @@ +<?php +/** + * @author Björn Schießle <schiessle@owncloud.com> + * @author Thomas Müller <thomas.mueller@tmit.eu> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + + +namespace OCA\Encryption\Controller; + + +use OCA\Encryption\Session; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\DataResponse; +use OCP\IL10N; +use OCP\IRequest; + +class StatusController extends Controller { + + /** @var IL10N */ + private $l; + + /** @var Session */ + private $session; + + /** + * @param string $AppName + * @param IRequest $request + * @param IL10N $l10n + * @param Session $session + */ + public function __construct($AppName, + IRequest $request, + IL10N $l10n, + Session $session + ) { + parent::__construct($AppName, $request); + $this->l = $l10n; + $this->session = $session; + } + + /** + * @NoAdminRequired + * @return DataResponse + */ + public function getStatus() { + + $status = 'error'; + $message = 'no valid init status'; + switch( $this->session->getStatus()) { + case Session::RUN_MIGRATION: + $status = 'interactionNeeded'; + $message = (string)$this->l->t( + 'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please run \'occ encryption:migrate\' or contact your administrator' + ); + break; + case Session::INIT_EXECUTED: + $status = 'interactionNeeded'; + $message = (string)$this->l->t( + 'Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files.' + ); + break; + case Session::NOT_INITIALIZED: + $status = 'interactionNeeded'; + $message = (string)$this->l->t( + 'Encryption App is enabled but your keys are not initialized, please log-out and log-in again' + ); + break; + case Session::INIT_SUCCESSFUL: + $status = 'success'; + $message = (string)$this->l->t('Encryption App is enabled and ready'); + } + + return new DataResponse( + [ + 'status' => $status, + 'data' => [ + 'message' => $message] + ] + ); + } + +} |