aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Files/Storage/Wrapper/Encryption.php
Commit message (Collapse)AuthorAgeFilesLines
* chore: move streamCopy implementation from `OC_Helper` to `OCP\Files`Ferdinand Thiessen2025-05-161-2/+3
| | | | | | | | | The function was already there but called the legacy version. So moved the implementation and migrated all usages of it. Sadly the interface was slightly different so adjusted it to be compatible with both legacy and the OCP one. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(encryption): Only prevent cache deletion if target is not object store ↵Côme Chilliet2025-05-131-2/+3
| | | | | | in moveFromStorage Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(encryption): Improve Update class and event listeneningCôme Chilliet2025-05-131-2/+0
| | | | | | to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Preserve file id when moving from object store even if encryption ↵Côme Chilliet2025-05-131-4/+15
| | | | | | wrapper is present Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Fix mtime preservation when moving a directory across storages with ↵Côme Chilliet2025-05-131-1/+1
| | | | | | encryption registered Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(encryption): Fix filesize for part files in Encryption wrapperCôme Chilliet2025-05-131-2/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #52706 from nextcloud/info-file-more-encryption-checksRobin Appelman2025-05-121-0/+12
|\ | | | | feat: add more encryption checks to info:file
| * feat: add more encryption checks to info:fileinfo-file-more-encryption-checksRobin Appelman2025-05-091-0/+12
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | fix: throw a better error if we can't get the encrypted header sizeencryption-no-header-size-errorRobin Appelman2025-05-091-0/+11
|/ | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix: restore updated encrypted version when copying versionsencryption-version-versionRobin Appelman2025-01-031-0/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix(files): Correctly copy the cache information on copy operationsLouis Chemineau2024-12-031-1/+0
| | | | | | Needed to copy the `encrypted` flag of encrypted files when those files are two level down in a moved folder. Signed-off-by: Louis Chemineau <louis@chmn.me>
* refactor(storage): Code adjustements and simplificationsrefactSmallAdjustGit'Fellow2024-11-211-1/+1
| | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* refactor(Storage): Align all Storage constructorsrefactor/storage/constructorsprovokateurin2024-10-231-1/+1
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(Storage): Make all parameter types strong typesprovokateurin2024-10-071-79/+36
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(Wrapper\Encryption): Migrate to strong typesrefactor/stream-encryption/typingsprovokateurin2024-10-071-59/+15
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(Storage): Fix IStorage return typesprovokateurin2024-09-261-114/+34
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-191-5/+5
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-251-2/+2
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix: use mountpoint from storage to find the encryption keysRobin Appelman2024-08-201-3/+3
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix(encryption): Fix mountpoint check to accept if several are foundCôme Chilliet2024-08-051-1/+1
| | | | | | | There is no strong requirement to have only one mount for a given storage id. Also the error in this case would be misleading. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: fix some commentswithbest2024-07-291-1/+1
| | | | Signed-off-by: withbest <seekseat@outlook.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-241-34/+4
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-021-9/+9
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Only store unencrypted_size if path should be encryptedJulius Härtl2023-09-061-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* extend fix-key-location to handle cases from broken cross-storage movesRobin Appelman2023-08-311-29/+17
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix(sse): don't update uncached filesRichard Steinmetz2023-07-041-13/+21
| | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-151-2/+2
| | | | Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
* Fix file_get_content signatures to make it clear it can return falseCôme Chilliet2023-04-271-1/+1
| | | | | | | In File::getContent, which must return a string, throw an Exception instead of returning false. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #36857 from nextcloud/scan-repair-unencrypted-sizeRobin Appelman2023-04-241-1/+4
|\ | | | | fix unencrypted_size for folders when scanning the filesystem with encryption enabled
| * fix unencrypted_size for files when scanningRobin Appelman2023-04-041-1/+4
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | fix encryption wrapper filesize for non existing filesRobin Appelman2023-04-041-1/+3
|/ | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Respect OCP interface in private classesCôme Chilliet2023-02-071-1/+1
| | | | | | | Because the parameter type was moved to phpdoc it needs to be removed from implementations Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix psalm errors related to filesizesCôme Chilliet2023-02-071-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Strong type filesize related methods to ease 32bits problem findingsCôme Chilliet2023-02-071-4/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(encryption): don't throw on missing fileRichard Steinmetz2023-01-301-4/+1
| | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* composer run cs:fixCôme Chilliet2023-01-201-3/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* clear is-encrypted cache when trying to fix encrypted versionRobin Appelman2022-12-011-0/+4
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix reading newly written encrypted files before their cache entry is writtenRobin Appelman2022-11-301-4/+12
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Rename file1 and file2 to source and target in Storage abstractionCarl Schwan2022-10-181-22/+21
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* store unencrypted size in the unencrypted_size columnRobin Appelman2022-06-021-40/+58
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Fixing psalm errorsCôme Chilliet2022-03-241-9/+9
| | | | | | Encryption constructor is problematic and should still be fixed later. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-241-26/+14
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* updateEncryptedVersion: cleanup on target if cache already got renamedJonas Meurer2022-01-121-1/+10
| | | | | | | | | | | | | | | | | When moving a file to trash with encryption enabled, the cache gets moved before the actual file. According to @icewind1991 this is in order to not break object storage. When moving a file from an unencrypted storage (e.g. a collectives storage) to the encrypted trashbin storage, this causes errors, see This commit fixes it by doing `updateEncryptedVersion()` on the target cache entry *if* the source cache entry doesn't exist anymore, but the corresponding target cache entry does exist already. Fixes: #26544 Signed-off-by: Jonas Meurer <jonas@freesources.org>
* Fix fail when keys/files folder already existsVincent Petry2022-01-101-1/+5
| | | | | | | | | Fixes an issue with transfer ownership in move mode where the folder "files_encryption/keys/files" already exists. Instead of failing, its existence is checked before calling mkdir. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Check resource before closing in encryption wrapperVincent Petry2021-12-091-2/+6
| | | | | | | | | | | In case of error there is no guarantee that $source or $target is set or is a resource when handling an error. Without this fix, there's a risk that fclose will fail and the actual exception will not be thrown, making it impossible to find out about the root cause. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add type hint to fread_block $blockSize param & apply cs:fix.alanmeeson2021-10-231-2/+2
| | | | Signed-off-by: alanmeeson <alan@carefullycalculated.co.uk>
* Fix truncation of files upon read when using object store and encryption.Alan Meeson2021-10-231-2/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using and object store as primary storage and using the default encryption module at the same time, any encrypted file would be truncated when read, and a text error message added to the end. This was caused by a combination of the reliance of the read functions on on knowing the unencrypted file size, and a bug in the function which calculated the unencrypted file size for a given file. In order to calculate the unencrypted file size, the function would first skip the header block, then use fseek to skip to the last encrypted block in the file. Because there was a corresponence between the encrypted and unencrypted blocks, this would also be the last encrypted block. It would then read the final block and decrypt it to get the unencrypted length of the last block. With that, the number of blocks, and the unencrypted block size, it could calculate the unencrypted file size. The trouble was that when using an object store, an fread call doesn't always get you the number of bytes you asked for, even if they are available. To resolve this I adapted the stream_read_block function from lib/private/Files/Streams/Encryption.php to work here. This function wraps the fread call in a loop and repeats until it has the entire set of bytes that were requested, or there are no more to get. This fixes the imediate bug, and should (with luck) allow people to get their encrypted files out of Nextcloud now. (The problem was purely on the decryption side). In the future it would be nice to do some refactoring here. I have tested this with image files ranging from 1kb to 10mb using Nextcloud version 22.1.0 (the nextcloud:22.1-apache docker image), with sqlite and a Linode object store as the primary storage. Signed-off-by: Alan Meeson <alan@carefullycalculated.co.uk>
* Merge pull request #27440 from nextcloud/is-file-handleJohn Molakvoæ2021-10-231-4/+4
|\
| * Handle files with is_file instead of file_existsacsfer2021-08-151-4/+4
| | | | | | Should fix things like `fread(): read of 8192 bytes failed with errno=21 Is a directory`
* | explicitly close source stream on encryption storageDaniel Kesselberg2021-09-211-2/+3
|/ | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-10 04:11:13 +0000