diff options
Diffstat (limited to 'apps/encryption/lib')
| -rw-r--r-- | apps/encryption/lib/AppInfo/Application.php | 26 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/DisableMasterKey.php | 1 | ||||
| -rw-r--r-- | apps/encryption/lib/Command/RecoverUser.php | 1 | ||||
| -rw-r--r-- | apps/encryption/lib/Crypto/EncryptAll.php | 28 | ||||
| -rw-r--r-- | apps/encryption/lib/Crypto/Encryption.php | 4 | ||||
| -rw-r--r-- | apps/encryption/lib/KeyManager.php | 8 | ||||
| -rw-r--r-- | apps/encryption/lib/Migration/SetMasterKeyStatus.php | 1 | ||||
| -rw-r--r-- | apps/encryption/lib/Services/PassphraseService.php | 5 | ||||
| -rw-r--r-- | apps/encryption/lib/Settings/Admin.php | 1 | ||||
| -rw-r--r-- | apps/encryption/lib/Settings/Personal.php | 1 | ||||
| -rw-r--r-- | apps/encryption/lib/Util.php | 4 |
11 files changed, 61 insertions, 19 deletions
diff --git a/apps/encryption/lib/AppInfo/Application.php b/apps/encryption/lib/AppInfo/Application.php index a4e9426c3e5..b1bf93b9dea 100644 --- a/apps/encryption/lib/AppInfo/Application.php +++ b/apps/encryption/lib/AppInfo/Application.php @@ -72,7 +72,12 @@ class Application extends App implements IBootstrap { } } - public function registerEventListeners(IConfig $config, IEventDispatcher $eventDispatcher, IManager $encryptionManager): void { + public function registerEventListeners( + IConfig $config, + IEventDispatcher $eventDispatcher, + IManager $encryptionManager, + Util $util, + ): void { if (!$encryptionManager->isEnabled()) { return; } @@ -84,18 +89,23 @@ class Application extends App implements IBootstrap { } // No maintenance so register all events - $eventDispatcher->addServiceListener(UserCreatedEvent::class, UserEventsListener::class); - $eventDispatcher->addServiceListener(UserDeletedEvent::class, UserEventsListener::class); - $eventDispatcher->addServiceListener(BeforePasswordUpdatedEvent::class, UserEventsListener::class); - $eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, UserEventsListener::class); - $eventDispatcher->addServiceListener(BeforePasswordResetEvent::class, UserEventsListener::class); - $eventDispatcher->addServiceListener(PasswordResetEvent::class, UserEventsListener::class); $eventDispatcher->addServiceListener(UserLoggedInEvent::class, UserEventsListener::class); $eventDispatcher->addServiceListener(UserLoggedInWithCookieEvent::class, UserEventsListener::class); $eventDispatcher->addServiceListener(UserLoggedOutEvent::class, UserEventsListener::class); + if (!$util->isMasterKeyEnabled()) { + // Only make sense if no master key is used + $eventDispatcher->addServiceListener(UserCreatedEvent::class, UserEventsListener::class); + $eventDispatcher->addServiceListener(UserDeletedEvent::class, UserEventsListener::class); + $eventDispatcher->addServiceListener(BeforePasswordUpdatedEvent::class, UserEventsListener::class); + $eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, UserEventsListener::class); + $eventDispatcher->addServiceListener(BeforePasswordResetEvent::class, UserEventsListener::class); + $eventDispatcher->addServiceListener(PasswordResetEvent::class, UserEventsListener::class); + } } - public function registerEncryptionModule(IManager $encryptionManager) { + public function registerEncryptionModule( + IManager $encryptionManager, + ) { $container = $this->getContainer(); $encryptionManager->registerEncryptionModule( diff --git a/apps/encryption/lib/Command/DisableMasterKey.php b/apps/encryption/lib/Command/DisableMasterKey.php index 1912d09728d..0b8b8e39e78 100644 --- a/apps/encryption/lib/Command/DisableMasterKey.php +++ b/apps/encryption/lib/Command/DisableMasterKey.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/encryption/lib/Command/RecoverUser.php b/apps/encryption/lib/Command/RecoverUser.php index aea90f158f6..8da962ac8b1 100644 --- a/apps/encryption/lib/Command/RecoverUser.php +++ b/apps/encryption/lib/Command/RecoverUser.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/encryption/lib/Crypto/EncryptAll.php b/apps/encryption/lib/Crypto/EncryptAll.php index 6dfa36e6e3d..d9db616e6f1 100644 --- a/apps/encryption/lib/Crypto/EncryptAll.php +++ b/apps/encryption/lib/Crypto/EncryptAll.php @@ -20,6 +20,7 @@ use OCP\L10N\IFactory; use OCP\Mail\Headers\AutoSubmitted; use OCP\Mail\IMailer; use OCP\Security\ISecureRandom; +use Psr\Log\LoggerInterface; use Symfony\Component\Console\Helper\ProgressBar; use Symfony\Component\Console\Helper\QuestionHelper; use Symfony\Component\Console\Helper\Table; @@ -50,6 +51,7 @@ class EncryptAll { protected IFactory $l10nFactory, protected QuestionHelper $questionHelper, protected ISecureRandom $secureRandom, + protected LoggerInterface $logger, ) { // store one time passwords for the users $this->userPasswords = []; @@ -207,9 +209,22 @@ class EncryptAll { } else { $progress->setMessage("encrypt files for user $userCount: $path"); $progress->advance(); - if ($this->encryptFile($path) === false) { - $progress->setMessage("encrypt files for user $userCount: $path (already encrypted)"); + try { + if ($this->encryptFile($path) === false) { + $progress->setMessage("encrypt files for user $userCount: $path (already encrypted)"); + $progress->advance(); + } + } catch (\Exception $e) { + $progress->setMessage("Failed to encrypt path $path: " . $e->getMessage()); $progress->advance(); + $this->logger->error( + 'Failed to encrypt path {path}', + [ + 'user' => $uid, + 'path' => $path, + 'exception' => $e, + ] + ); } } } @@ -234,7 +249,14 @@ class EncryptAll { $target = $path . '.encrypted.' . time(); try { - $this->rootView->copy($source, $target); + $copySuccess = $this->rootView->copy($source, $target); + if ($copySuccess === false) { + /* Copy failed, abort */ + if ($this->rootView->file_exists($target)) { + $this->rootView->unlink($target); + } + throw new \Exception('Copy failed for ' . $source); + } $this->rootView->rename($target, $source); } catch (DecryptionFailedException $e) { if ($this->rootView->file_exists($target)) { diff --git a/apps/encryption/lib/Crypto/Encryption.php b/apps/encryption/lib/Crypto/Encryption.php index 68bc7df808d..6d388624e48 100644 --- a/apps/encryption/lib/Crypto/Encryption.php +++ b/apps/encryption/lib/Crypto/Encryption.php @@ -446,8 +446,8 @@ class Encryption implements IEncryptionModule { // error message because in this case it means that the file was // shared with the user at a point where the user didn't had a // valid private/public key - $msg = 'Encryption module "' . $this->getDisplayName() . - '" is not able to read ' . $path; + $msg = 'Encryption module "' . $this->getDisplayName() + . '" is not able to read ' . $path; $hint = $this->l->t('Cannot read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.'); $this->logger->warning($msg); throw new DecryptionFailedException($msg, $hint); diff --git a/apps/encryption/lib/KeyManager.php b/apps/encryption/lib/KeyManager.php index f694e6550f1..f9c1ef94634 100644 --- a/apps/encryption/lib/KeyManager.php +++ b/apps/encryption/lib/KeyManager.php @@ -211,8 +211,8 @@ class KeyManager { */ public function setRecoveryKey($password, $keyPair) { // Save Public Key - $this->keyStorage->setSystemUserKey($this->getRecoveryKeyId() . - '.' . $this->publicKeyId, + $this->keyStorage->setSystemUserKey($this->getRecoveryKeyId() + . '.' . $this->publicKeyId, $keyPair['publicKey'], Encryption::ID); @@ -633,8 +633,8 @@ class KeyManager { $publicKeys[$this->getPublicShareKeyId()] = $publicShareKey; } - if ($this->recoveryKeyExists() && - $this->util->isRecoveryEnabledForUser($uid)) { + if ($this->recoveryKeyExists() + && $this->util->isRecoveryEnabledForUser($uid)) { $publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey(); } diff --git a/apps/encryption/lib/Migration/SetMasterKeyStatus.php b/apps/encryption/lib/Migration/SetMasterKeyStatus.php index 96194351296..5f98308de89 100644 --- a/apps/encryption/lib/Migration/SetMasterKeyStatus.php +++ b/apps/encryption/lib/Migration/SetMasterKeyStatus.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/encryption/lib/Services/PassphraseService.php b/apps/encryption/lib/Services/PassphraseService.php index 0786cd3399a..bdcc3f1108a 100644 --- a/apps/encryption/lib/Services/PassphraseService.php +++ b/apps/encryption/lib/Services/PassphraseService.php @@ -55,6 +55,11 @@ class PassphraseService { return true; } + if ($this->util->isMasterKeyEnabled()) { + $this->logger->error('setPassphraseForUser should never be called when master key is enabled'); + return true; + } + // Check user exists on backend $user = $this->userManager->get($userId); if ($user === null) { diff --git a/apps/encryption/lib/Settings/Admin.php b/apps/encryption/lib/Settings/Admin.php index e8290b778ad..a5de4ba68ff 100644 --- a/apps/encryption/lib/Settings/Admin.php +++ b/apps/encryption/lib/Settings/Admin.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/encryption/lib/Settings/Personal.php b/apps/encryption/lib/Settings/Personal.php index 63e50ccc078..8814d3afb58 100644 --- a/apps/encryption/lib/Settings/Personal.php +++ b/apps/encryption/lib/Settings/Personal.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/encryption/lib/Util.php b/apps/encryption/lib/Util.php index 20b2c0e5804..ccbdcdcb242 100644 --- a/apps/encryption/lib/Util.php +++ b/apps/encryption/lib/Util.php @@ -121,8 +121,8 @@ class Util { if (count($parts) > 1) { $owner = $parts[1]; if ($this->userManager->userExists($owner) === false) { - throw new \BadMethodCallException('Unknown user: ' . - 'method expects path to a user folder relative to the data folder'); + throw new \BadMethodCallException('Unknown user: ' + . 'method expects path to a user folder relative to the data folder'); } } |