diff options
Diffstat (limited to 'apps/files_encryption')
| -rw-r--r-- | apps/files_encryption/ajax/getMigrationStatus.php | 8 | ||||
| -rw-r--r-- | apps/files_encryption/appinfo/app.php | 1 | ||||
| -rw-r--r-- | apps/files_encryption/hooks/hooks.php | 29 | ||||
| -rw-r--r-- | apps/files_encryption/js/detect-migration.js | 6 | ||||
| -rw-r--r-- | apps/files_encryption/js/encryption.js | 12 | ||||
| -rw-r--r-- | apps/files_encryption/lib/proxy.php | 8 | ||||
| -rw-r--r-- | apps/files_encryption/lib/stream.php | 2 | ||||
| -rw-r--r-- | apps/files_encryption/lib/util.php | 91 | ||||
| -rw-r--r-- | apps/files_encryption/tests/hooks.php | 2 | ||||
| -rwxr-xr-x | apps/files_encryption/tests/share.php | 14 | ||||
| -rwxr-xr-x | apps/files_encryption/tests/util.php | 89 |
11 files changed, 193 insertions, 69 deletions
diff --git a/apps/files_encryption/ajax/getMigrationStatus.php b/apps/files_encryption/ajax/getMigrationStatus.php index 17469a1af0c..7c9e0dcc51c 100644 --- a/apps/files_encryption/ajax/getMigrationStatus.php +++ b/apps/files_encryption/ajax/getMigrationStatus.php @@ -13,16 +13,14 @@ use OCA\Encryption\Util; $loginname = isset($_POST['user']) ? $_POST['user'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; -$migrationCompleted = true; +$migrationStatus = Util::MIGRATION_COMPLETED; if ($loginname !== '' && $password !== '') { $username = \OCP\User::checkPassword($loginname, $password); if ($username) { $util = new Util(new \OC_FilesystemView('/'), $username); - if ($util->getMigrationStatus() !== Util::MIGRATION_COMPLETED) { - $migrationCompleted = false; - } + $migrationStatus = $util->getMigrationStatus(); } } -\OCP\JSON::success(array('data' => array('migrationCompleted' => $migrationCompleted))); +\OCP\JSON::success(array('data' => array('migrationStatus' => $migrationStatus))); diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index fd9aa429b01..21de421c195 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -10,6 +10,7 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php'; OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php'; OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php'; +\OCP\Util::addscript('files_encryption', 'encryption'); \OCP\Util::addscript('files_encryption', 'detect-migration'); if (!OC_Config::getValue('maintenance', false)) { diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 83abf3ba9de..50f322ddef4 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -85,10 +85,9 @@ class Hooks { $ready = $util->beginMigration();
} elseif ($migrationStatus === Util::MIGRATION_IN_PROGRESS) {
// refuse login as long as the initial encryption is running
- while ($migrationStatus === Util::MIGRATION_IN_PROGRESS) {
- sleep(60);
- $migrationStatus = $util->getMigrationStatus();
- }
+ sleep(5);
+ \OCP\User::logout();
+ return false;
}
// If migration not yet done
@@ -109,21 +108,27 @@ class Hooks { }
- // Encrypt existing user files:
- if (
- $util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])
- ) {
+ // Encrypt existing user files
+ try {
+ $result = $util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password']);
+ } catch (\Exception $ex) {
+ \OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL);
+ $util->resetMigrationStatus();
+ \OCP\User::logout();
+ $result = false;
+ }
+
+ if ($result) {
\OC_Log::write(
'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed'
, \OC_Log::INFO
);
- }
-
- // Register successful migration in DB
- $util->finishMigration();
+ // Register successful migration in DB
+ $util->finishMigration();
+ }
}
return true;
diff --git a/apps/files_encryption/js/detect-migration.js b/apps/files_encryption/js/detect-migration.js index 301e77f24f7..f5627edf4e4 100644 --- a/apps/files_encryption/js/detect-migration.js +++ b/apps/files_encryption/js/detect-migration.js @@ -17,10 +17,14 @@ $(document).ready(function(){ data: {user: user, password: password}, async: false, success: function(response) { - if (response.data.migrationCompleted === false) { + if (response.data.migrationStatus === OC.Encryption.MIGRATION_OPEN) { var message = t('files_encryption', 'Initial encryption started... This can take some time. Please wait.'); $('#messageText').text(message); $('#message').removeClass('hidden').addClass('update'); + } else if (response.data.migrationStatus === OC.Encryption.MIGRATION_IN_PROGRESS) { + var message = t('files_encryption', 'Initial encryption running... Please try again later.'); + $('#messageText').text(message); + $('#message').removeClass('hidden').addClass('update'); } } }); diff --git a/apps/files_encryption/js/encryption.js b/apps/files_encryption/js/encryption.js new file mode 100644 index 00000000000..65ffabe55e6 --- /dev/null +++ b/apps/files_encryption/js/encryption.js @@ -0,0 +1,12 @@ +/** + * Copyright (c) 2014 + * Bjoern Schiessle <schiessle@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or later. + * See the COPYING-README file. + */ + +OC.Encryption={ + MIGRATION_OPEN:0, + MIGRATION_COMPLETED:1, + MIGRATION_IN_PROGRESS:-1, +}; diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index 11048005969..9d456f6c517 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -262,7 +262,7 @@ class Proxy extends \OC_FileProxy { } elseif ( self::shouldEncrypt($path) - and $meta ['mode'] !== 'r' + and $meta['mode'] !== 'r' and $meta['mode'] !== 'rb' ) { $result = fopen('crypt://' . $path, $meta['mode']); @@ -283,7 +283,7 @@ class Proxy extends \OC_FileProxy { public function postGetFileInfo($path, $data) { // if path is a folder do nothing - if (\OCP\App::isEnabled('files_encryption') && is_array($data) && array_key_exists('size', $data)) { + if (\OCP\App::isEnabled('files_encryption') && $data !== false && array_key_exists('size', $data)) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; @@ -341,7 +341,7 @@ class Proxy extends \OC_FileProxy { } // if file is encrypted return real file size - if (is_array($fileInfo) && $fileInfo['encrypted'] === true) { + if ($fileInfo && $fileInfo['encrypted'] === true) { // try to fix unencrypted file size if it doesn't look plausible if ((int)$fileInfo['size'] > 0 && (int)$fileInfo['unencrypted_size'] === 0 ) { $fixSize = $util->getFileSize($path); @@ -354,7 +354,7 @@ class Proxy extends \OC_FileProxy { $size = $fileInfo['unencrypted_size']; } else { // self healing if file was removed from file cache - if (!is_array($fileInfo)) { + if (!$fileInfo) { $fileInfo = array(); } diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index b3bf34ddb82..88eacc6f136 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -567,7 +567,7 @@ class Stream { // get file info $fileInfo = $this->rootView->getFileInfo($path); - if (is_array($fileInfo)) { + if ($fileInfo) { // set encryption data $fileInfo['encrypted'] = true; $fileInfo['size'] = $this->size; diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 13184b50dbf..a338f90c8be 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -318,7 +318,8 @@ class Util { $found = array( 'plain' => array(), 'encrypted' => array(), - 'legacy' => array() + 'legacy' => array(), + 'broken' => array(), ); } @@ -329,10 +330,7 @@ class Util { if(is_resource($handle)) { while (false !== ($file = readdir($handle))) { - if ( - $file !== "." - && $file !== ".." - ) { + if ($file !== "." && $file !== "..") { $filePath = $directory . '/' . $this->view->getRelativePath('/' . $file); $relPath = \OCA\Encryption\Helper::stripUserFilesPath($filePath); @@ -359,15 +357,23 @@ class Util { // NOTE: This is inefficient; // scanning every file like this // will eat server resources :( - if ( - Keymanager::getFileKey($this->view, $this, $relPath) - && $isEncryptedPath - ) { - - $found['encrypted'][] = array( - 'name' => $file, - 'path' => $filePath - ); + if ($isEncryptedPath) { + + $fileKey = Keymanager::getFileKey($this->view, $this, $relPath); + $shareKey = Keymanager::getShareKey($this->view, $this->userId, $this, $relPath); + // if file is encrypted but now file key is available, throw exception + if ($fileKey === false || $shareKey === false) { + \OCP\Util::writeLog('encryption library', 'No keys available to decrypt the file: ' . $filePath, \OCP\Util::ERROR); + $found['broken'][] = array( + 'name' => $file, + 'path' => $filePath, + ); + } else { + $found['encrypted'][] = array( + 'name' => $file, + 'path' => $filePath, + ); + } // If the file uses old // encryption system @@ -773,6 +779,12 @@ class Util { $successful = false; } + // if there are broken encrypted files than the complete decryption + // was not successful + if (!empty($found['broken'])) { + $successful = false; + } + if ($successful) { $this->view->deleteAll($this->keyfilesPath); $this->view->deleteAll($this->shareKeysPath); @@ -1190,26 +1202,48 @@ class Util { } /** - * @brief start migration mode to initially encrypt users data + * @brief set migration status + * @param int $status * @return boolean */ - public function beginMigration() { + private function setMigrationStatus($status) { - $return = false; - - $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; - $args = array(self::MIGRATION_IN_PROGRESS, $this->userId, self::MIGRATION_OPEN); + $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?'; + $args = array($status, $this->userId); $query = \OCP\DB::prepare($sql); $manipulatedRows = $query->execute($args); if ($manipulatedRows === 1) { - $return = true; + $result = true; + \OCP\Util::writeLog('Encryption library', "Migration status set to " . self::MIGRATION_OPEN, \OCP\Util::INFO); + } else { + $result = false; + \OCP\Util::writeLog('Encryption library', "Could not set migration status to " . self::MIGRATION_OPEN, \OCP\Util::WARN); + } + + return $result; + } + + /** + * @brief start migration mode to initially encrypt users data + * @return boolean + */ + public function beginMigration() { + + $result = $this->setMigrationStatus(self::MIGRATION_IN_PROGRESS); + + if ($result) { \OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO); } else { \OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ". Probably another process already started the initial encryption", \OCP\Util::WARN); } - return $return; + return $result; + } + + public function resetMigrationStatus() { + return $this->setMigrationStatus(self::MIGRATION_OPEN); + } /** @@ -1217,22 +1251,15 @@ class Util { * @return boolean */ public function finishMigration() { + $result = $this->setMigrationStatus(self::MIGRATION_COMPLETED); - $return = false; - - $sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?'; - $args = array(self::MIGRATION_COMPLETED, $this->userId, self::MIGRATION_IN_PROGRESS); - $query = \OCP\DB::prepare($sql); - $manipulatedRows = $query->execute($args); - - if ($manipulatedRows === 1) { - $return = true; + if ($result) { \OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO); } else { \OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN); } - return $return; + return $result; } /** diff --git a/apps/files_encryption/tests/hooks.php b/apps/files_encryption/tests/hooks.php index 44525791743..7d926caea1b 100644 --- a/apps/files_encryption/tests/hooks.php +++ b/apps/files_encryption/tests/hooks.php @@ -203,7 +203,7 @@ class Test_Encryption_Hooks extends \PHPUnit_Framework_TestCase { $fileInfo = $this->user1View->getFileInfo($this->filename); // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // share the file with user2 \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, self::TEST_ENCRYPTION_HOOKS_USER2, OCP\PERMISSION_ALL); diff --git a/apps/files_encryption/tests/share.php b/apps/files_encryption/tests/share.php index 076459c562e..46a21dd55cd 100755 --- a/apps/files_encryption/tests/share.php +++ b/apps/files_encryption/tests/share.php @@ -150,7 +150,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // check if the unencrypted file size is stored $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); @@ -310,7 +310,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files' . $this->folder1); // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; @@ -388,7 +388,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { . $this->subfolder); // check if we have a valid file info - $this->assertTrue(is_array($fileInfoSubFolder)); + $this->assertTrue($fileInfoSubFolder instanceof \OC\Files\FileInfo); // re-enable the file proxy \OC_FileProxy::$enabled = $proxyStatus; @@ -422,7 +422,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { . $this->subsubfolder . '/' . $this->filename); // check if we have fileInfos - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // share the file with user3 \OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_USER, \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER4, OCP\PERMISSION_ALL); @@ -517,7 +517,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // check if the unencrypted file size is stored $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); @@ -595,7 +595,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // check if the unencrypted file size is stored $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); @@ -888,7 +888,7 @@ class Test_Encryption_Share extends \PHPUnit_Framework_TestCase { '/' . \Test_Encryption_Share::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename); // check if we have a valid file info - $this->assertTrue(is_array($fileInfo)); + $this->assertTrue($fileInfo instanceof \OC\Files\FileInfo); // check if the unencrypted file size is stored $this->assertGreaterThan(0, $fileInfo['unencrypted_size']); diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php index 97e3c518dac..321bdc76f8b 100755 --- a/apps/files_encryption/tests/util.php +++ b/apps/files_encryption/tests/util.php @@ -64,6 +64,8 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { function setUp() { + // login user + \Test_Encryption_Util::loginHelper(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1); \OC_User::setUserId(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1); $this->userId = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1; $this->pass = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1; @@ -328,7 +330,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { $fileInfoUnencrypted = $this->view->getFileInfo($this->userId . '/files/' . $filename); - $this->assertTrue(is_array($fileInfoUnencrypted)); + $this->assertTrue($fileInfoUnencrypted instanceof \OC\Files\FileInfo); // enable file encryption again \OC_App::enable('files_encryption'); @@ -338,7 +340,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { $fileInfoEncrypted = $this->view->getFileInfo($this->userId . '/files/' . $filename); - $this->assertTrue(is_array($fileInfoEncrypted)); + $this->assertTrue($fileInfoEncrypted instanceof \OC\Files\FileInfo); // check if mtime and etags unchanged $this->assertEquals($fileInfoEncrypted['mtime'], $fileInfoUnencrypted['mtime']); @@ -357,23 +359,98 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase { $fileInfoEncrypted = $this->view->getFileInfo($this->userId . '/files/' . $filename); - $this->assertTrue(is_array($fileInfoEncrypted)); + $this->assertTrue($fileInfoEncrypted instanceof \OC\Files\FileInfo); + $this->assertEquals($fileInfoEncrypted['encrypted'], 1); - // encrypt all unencrypted files - $util->decryptAll('/' . $this->userId . '/' . 'files'); + // decrypt all encrypted files + $result = $util->decryptAll('/' . $this->userId . '/' . 'files'); + + $this->assertTrue($result); $fileInfoUnencrypted = $this->view->getFileInfo($this->userId . '/files/' . $filename); - $this->assertTrue(is_array($fileInfoUnencrypted)); + $this->assertTrue($fileInfoUnencrypted instanceof \OC\Files\FileInfo); // check if mtime and etags unchanged $this->assertEquals($fileInfoEncrypted['mtime'], $fileInfoUnencrypted['mtime']); $this->assertEquals($fileInfoEncrypted['etag'], $fileInfoUnencrypted['etag']); + // file should no longer be encrypted + $this->assertEquals(0, $fileInfoUnencrypted['encrypted']); $this->view->unlink($this->userId . '/files/' . $filename); } + function testDescryptAllWithBrokenFiles() { + + $file1 = "/decryptAll1" . uniqid() . ".txt"; + $file2 = "/decryptAll2" . uniqid() . ".txt"; + + $util = new Encryption\Util($this->view, $this->userId); + + $this->view->file_put_contents($this->userId . '/files/' . $file1, $this->dataShort); + $this->view->file_put_contents($this->userId . '/files/' . $file2, $this->dataShort); + + $fileInfoEncrypted1 = $this->view->getFileInfo($this->userId . '/files/' . $file1); + $fileInfoEncrypted2 = $this->view->getFileInfo($this->userId . '/files/' . $file2); + + $this->assertTrue($fileInfoEncrypted1 instanceof \OC\Files\FileInfo); + $this->assertTrue($fileInfoEncrypted2 instanceof \OC\Files\FileInfo); + $this->assertEquals($fileInfoEncrypted1['encrypted'], 1); + $this->assertEquals($fileInfoEncrypted2['encrypted'], 1); + + // rename keyfile for file1 so that the decryption for file1 fails + // Expected behaviour: decryptAll() returns false, file2 gets decrypted anyway + $this->view->rename($this->userId . '/files_encryption/keyfiles/' . $file1 . '.key', + $this->userId . '/files_encryption/keyfiles/' . $file1 . '.key.moved'); + + // decrypt all encrypted files + $result = $util->decryptAll('/' . $this->userId . '/' . 'files'); + + $this->assertFalse($result); + + $fileInfoUnencrypted1 = $this->view->getFileInfo($this->userId . '/files/' . $file1); + $fileInfoUnencrypted2 = $this->view->getFileInfo($this->userId . '/files/' . $file2); + + $this->assertTrue($fileInfoUnencrypted1 instanceof \OC\Files\FileInfo); + $this->assertTrue($fileInfoUnencrypted2 instanceof \OC\Files\FileInfo); + + // file1 should be still encrypted; file2 should be decrypted + $this->assertEquals(1, $fileInfoUnencrypted1['encrypted']); + $this->assertEquals(0, $fileInfoUnencrypted2['encrypted']); + + // keyfiles and share keys should still exist + $this->assertTrue($this->view->is_dir($this->userId . '/files_encryption/keyfiles/')); + $this->assertTrue($this->view->is_dir($this->userId . '/files_encryption/share-keys/')); + + // rename the keyfile for file1 back + $this->view->rename($this->userId . '/files_encryption/keyfiles/' . $file1 . '.key.moved', + $this->userId . '/files_encryption/keyfiles/' . $file1 . '.key'); + + // try again to decrypt all encrypted files + $result = $util->decryptAll('/' . $this->userId . '/' . 'files'); + + $this->assertTrue($result); + + $fileInfoUnencrypted1 = $this->view->getFileInfo($this->userId . '/files/' . $file1); + $fileInfoUnencrypted2 = $this->view->getFileInfo($this->userId . '/files/' . $file2); + + $this->assertTrue($fileInfoUnencrypted1 instanceof \OC\Files\FileInfo); + $this->assertTrue($fileInfoUnencrypted2 instanceof \OC\Files\FileInfo); + + // now both files should be decrypted + $this->assertEquals(0, $fileInfoUnencrypted1['encrypted']); + $this->assertEquals(0, $fileInfoUnencrypted2['encrypted']); + + // keyfiles and share keys should be deleted + $this->assertFalse($this->view->is_dir($this->userId . '/files_encryption/keyfiles/')); + $this->assertFalse($this->view->is_dir($this->userId . '/files_encryption/share-keys/')); + + $this->view->unlink($this->userId . '/files/' . $file1); + $this->view->unlink($this->userId . '/files/' . $file2); + + } + /** * @large */ |