From 800942ece74ac336c4a9213228f14406d7e494f7 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 9 Aug 2012 13:47:27 +0200 Subject: change key password when user switches from client to server side encryption. make use of the keymanager class in changekeypasscode() --- apps/files_encryption/ajax/mode.php | 1 + apps/files_encryption/js/settings-personal.js | 6 ++---- apps/files_encryption/lib/crypt.php | 22 ++++++++++++---------- apps/files_encryption/lib/keymanager.php | 9 ++++++--- 4 files changed, 21 insertions(+), 17 deletions(-) (limited to 'apps/files_encryption') diff --git a/apps/files_encryption/ajax/mode.php b/apps/files_encryption/ajax/mode.php index c81d4947956..f1a026ca431 100644 --- a/apps/files_encryption/ajax/mode.php +++ b/apps/files_encryption/ajax/mode.php @@ -32,6 +32,7 @@ if ($result->fetchRow()){ } else { $query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' ); } + if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) { OCP\JSON::success(); } else { diff --git a/apps/files_encryption/js/settings-personal.js b/apps/files_encryption/js/settings-personal.js index fad077a8dd7..f335cf7f880 100644 --- a/apps/files_encryption/js/settings-personal.js +++ b/apps/files_encryption/js/settings-personal.js @@ -18,14 +18,12 @@ $(document).ready(function(){ } } else if (server) { if (prevmode == 'client') { - OC.dialogs.form([{text:'login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Please enter your passwords'), function(data) { + OC.dialogs.form([{text:'login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Change encryption password to login password'), function(data) { $.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) { if (result.status != 'success') { - console.log("change selection back to " + prevmode+'_encryption'); document.getElementById(prevmode+'_encryption').checked = true; - } else { + OC.dialogs.alert(t('encryption', 'Please check your passwords and try again'), t('encryption', 'Could not change encryption password to login password')) } - }); }); } else { diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 64bbc17ec11..1fa7013776a 100644 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -412,21 +412,23 @@ class Crypt { } public static function changekeypasscode($oldPassword, $newPassword) { - if(OCP\User::isLoggedIn()){ - $username=OCP\USER::getUser(); - $view=new OC_FilesystemView('/'.$username); + if(\OCP\User::isLoggedIn()){ + $username = \OCP\USER::getUser(); + $view = new \OC_FilesystemView('/'.$username); // read old key - $key=$view->file_get_contents('/encryption.key'); + $key = Keymanager::getPrivateKey(); // decrypt key with old passcode - $key=OC_Crypt::decrypt($key, $oldPassword); + if ( ($key = self::decrypt($key, $oldPassword)) ) { + // encrypt again with new passcode + $key = self::encrypt($key, $newPassword); - // encrypt again with new passcode - $key=OC_Crypt::encrypt($key, $newPassword); - - // store the new key - $view->file_put_contents('/encryption.key', $key ); + // store the new key + return Keymanager::setPrivateKey($key); + } else { + return false; + } } } diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index e546ba825e4..4c30c163957 100644 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -200,9 +200,12 @@ class Keymanager { } public static function changePasswd($oldpasswd, $newpasswd) { - //TODO change password of private key - error_log("password changed from '$oldpasswd' to '$newpasswd'"); - return true; + if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) { + return Crypt::changekeypasscode($oldpasswd, $newpasswd); + } else { + return false; + } + } } \ No newline at end of file -- cgit v1.2.3