From a6dc81d419c8719216c0f55b00918bebe786be63 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 23 Jun 2021 16:46:01 +0200 Subject: Downstream encryption:fix-encrypted-version For fixing "Bad signature" errors. Signed-off-by: Vincent Petry --- apps/encryption/appinfo/info.xml | 1 + .../composer/composer/autoload_classmap.php | 1 + .../composer/composer/autoload_static.php | 1 + .../encryption/lib/Command/FixEncryptedVersion.php | 244 +++++++++++++++++++++ 4 files changed, 247 insertions(+) create mode 100644 apps/encryption/lib/Command/FixEncryptedVersion.php (limited to 'apps') diff --git a/apps/encryption/appinfo/info.xml b/apps/encryption/appinfo/info.xml index 6a1453f7d6f..eaa28c111f8 100644 --- a/apps/encryption/appinfo/info.xml +++ b/apps/encryption/appinfo/info.xml @@ -45,6 +45,7 @@ OCA\Encryption\Command\DisableMasterKey OCA\Encryption\Command\RecoverUser OCA\Encryption\Command\ScanLegacyFormat + OCA\Encryption\Command\FixEncryptedVersion diff --git a/apps/encryption/composer/composer/autoload_classmap.php b/apps/encryption/composer/composer/autoload_classmap.php index 7d5b84f6147..00c57e913a3 100644 --- a/apps/encryption/composer/composer/autoload_classmap.php +++ b/apps/encryption/composer/composer/autoload_classmap.php @@ -10,6 +10,7 @@ return array( 'OCA\\Encryption\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php', 'OCA\\Encryption\\Command\\DisableMasterKey' => $baseDir . '/../lib/Command/DisableMasterKey.php', 'OCA\\Encryption\\Command\\EnableMasterKey' => $baseDir . '/../lib/Command/EnableMasterKey.php', + 'OCA\\Encryption\\Command\\FixEncryptedVersion' => $baseDir . '/../lib/Command/FixEncryptedVersion.php', 'OCA\\Encryption\\Command\\RecoverUser' => $baseDir . '/../lib/Command/RecoverUser.php', 'OCA\\Encryption\\Command\\ScanLegacyFormat' => $baseDir . '/../lib/Command/ScanLegacyFormat.php', 'OCA\\Encryption\\Controller\\RecoveryController' => $baseDir . '/../lib/Controller/RecoveryController.php', diff --git a/apps/encryption/composer/composer/autoload_static.php b/apps/encryption/composer/composer/autoload_static.php index 64d608a6457..fc1fcbcf63b 100644 --- a/apps/encryption/composer/composer/autoload_static.php +++ b/apps/encryption/composer/composer/autoload_static.php @@ -25,6 +25,7 @@ class ComposerStaticInitEncryption 'OCA\\Encryption\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php', 'OCA\\Encryption\\Command\\DisableMasterKey' => __DIR__ . '/..' . '/../lib/Command/DisableMasterKey.php', 'OCA\\Encryption\\Command\\EnableMasterKey' => __DIR__ . '/..' . '/../lib/Command/EnableMasterKey.php', + 'OCA\\Encryption\\Command\\FixEncryptedVersion' => __DIR__ . '/..' . '/../lib/Command/FixEncryptedVersion.php', 'OCA\\Encryption\\Command\\RecoverUser' => __DIR__ . '/..' . '/../lib/Command/RecoverUser.php', 'OCA\\Encryption\\Command\\ScanLegacyFormat' => __DIR__ . '/..' . '/../lib/Command/ScanLegacyFormat.php', 'OCA\\Encryption\\Controller\\RecoveryController' => __DIR__ . '/..' . '/../lib/Controller/RecoveryController.php', diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php new file mode 100644 index 00000000000..534ddc4c689 --- /dev/null +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -0,0 +1,244 @@ + + * @author Ilja Neumann + * + * @copyright Copyright (c) 2019, ownCloud GmbH + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Encryption\Command; + +use OC\Files\View; +use OC\HintException; +use OCP\Files\IRootFolder; +use OCP\IUserManager; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Input\InputArgument; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; + +class FixEncryptedVersion extends Command { + /** @var IRootFolder */ + private $rootFolder; + + /** @var IUserManager */ + private $userManager; + + /** @var View */ + private $view; + + public function __construct(IRootFolder $rootFolder, IUserManager $userManager, View $view) { + $this->rootFolder = $rootFolder; + $this->userManager = $userManager; + $this->view = $view; + parent::__construct(); + } + + protected function configure() { + parent::configure(); + + $this + ->setName('encryption:fix-encrypted-version') + ->setDescription('Fix the encrypted version if the encrypted file(s) are not downloadable.') + ->addArgument( + 'user', + InputArgument::REQUIRED, + 'The id of the user whose files need fixing' + )->addOption( + 'path', + 'p', + InputArgument::OPTIONAL, + 'Limit files to fix with path, e.g., --path="/Music/Artist". If path indicates a directory, all the files inside directory will be fixed.' + ); + } + + /** + * @param InputInterface $input + * @param OutputInterface $output + * @return int + */ + protected function execute(InputInterface $input, OutputInterface $output) { + $user = $input->getArgument('user'); + $pathToWalk = "/$user/files"; + + /** + * trim() returns an empty string when the argument is an unset/null + */ + $pathOption = \trim($input->getOption('path'), '/'); + if ($pathOption !== "") { + $pathToWalk = "$pathToWalk/$pathOption"; + } + + if ($user === null) { + $output->writeln("No user id provided.\n"); + return 1; + } + + if ($this->userManager->get($user) === null) { + $output->writeln("User id $user does not exist. Please provide a valid user id"); + return 1; + } + return $this->walkPathOfUser($user, $pathToWalk, $output); + } + + /** + * @param string $user + * @param string $path + * @param OutputInterface $output + * @return int 0 for success, 1 for error + */ + private function walkPathOfUser($user, $path, OutputInterface $output) { + $this->setupUserFs($user); + if (!$this->view->file_exists($path)) { + $output->writeln("Path $path does not exist. Please provide a valid path."); + return 1; + } + + if ($this->view->is_file($path)) { + $output->writeln("Verifying the content of file $path"); + $this->verifyFileContent($path, $output); + return 0; + } + $directories = []; + $directories[] = $path; + while ($root = \array_pop($directories)) { + $directoryContent = $this->view->getDirectoryContent($root); + foreach ($directoryContent as $file) { + $path = $root . '/' . $file['name']; + if ($this->view->is_dir($path)) { + $directories[] = $path; + } else { + $output->writeln("Verifying the content of file $path"); + $this->verifyFileContent($path, $output); + } + } + } + return 0; + } + + /** + * @param string $path + * @param OutputInterface $output + * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion + */ + private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true) { + try { + /** + * In encryption, the files are read in a block size of 8192 bytes + * Read block size of 8192 and a bit more (808 bytes) + * If there is any problem, the first block should throw the signature + * mismatch error. Which as of now, is enough to proceed ahead to + * correct the encrypted version. + */ + $handle = $this->view->fopen($path, 'rb'); + + if (\fread($handle, 9001) !== false) { + $output->writeln("The file $path is: OK"); + } + + \fclose($handle); + + return true; + } catch (HintException $e) { + \OC::$server->getLogger()->warning("Issue: " . $e->getMessage()); + //If allowOnce is set to false, this becomes recursive. + if ($ignoreCorrectEncVersionCall === true) { + //Lets rectify the file by correcting encrypted version + $output->writeln("Attempting to fix the path: $path"); + return $this->correctEncryptedVersion($path, $output); + } + return false; + } + } + + /** + * @param string $path + * @param OutputInterface $output + * @return bool + */ + private function correctEncryptedVersion($path, OutputInterface $output) { + $fileInfo = $this->view->getFileInfo($path); + $fileId = $fileInfo->getId(); + $encryptedVersion = $fileInfo->getEncryptedVersion(); + $wrongEncryptedVersion = $encryptedVersion; + + $storage = $fileInfo->getStorage(); + + $cache = $storage->getCache(); + $fileCache = $cache->get($fileId); + + if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) { + $output->writeln("The file: $path is a share. Hence kindly fix this by running the script for the owner of share"); + return true; + } + + // Save original encrypted version so we can restore it if decryption fails with all version + $originalEncryptedVersion = $encryptedVersion; + if ($encryptedVersion >= 0) { + //test by decrementing the value till 1 and if nothing works try incrementing + $encryptedVersion--; + while ($encryptedVersion > 0) { + $cacheInfo = ['encryptedVersion' => $encryptedVersion, 'encrypted' => $encryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("Decrement the encrypted version to $encryptedVersion"); + if ($this->verifyFileContent($path, $output, false) === true) { + $output->writeln("Fixed the file: $path with version " . $encryptedVersion . ""); + return true; + } + $encryptedVersion--; + } + + //So decrementing did not work. Now lets increment. Max increment is till 5 + $increment = 1; + while ($increment <= 5) { + /** + * The wrongEncryptedVersion would not be incremented so nothing to worry about here. + * Only the newEncryptedVersion is incremented. + * For example if the wrong encrypted version is 4 then + * cycle1 -> newEncryptedVersion = 5 ( 4 + 1) + * cycle2 -> newEncryptedVersion = 6 ( 4 + 2) + * cycle3 -> newEncryptedVersion = 7 ( 4 + 3) + */ + $newEncryptedVersion = $wrongEncryptedVersion + $increment; + + $cacheInfo = ['encryptedVersion' => $newEncryptedVersion, 'encrypted' => $newEncryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("Increment the encrypted version to $newEncryptedVersion"); + if ($this->verifyFileContent($path, $output, false) === true) { + $output->writeln("Fixed the file: $path with version " . $newEncryptedVersion . ""); + return true; + } + $increment++; + } + } + + $cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion]; + $cache->put($fileCache->getPath(), $cacheInfo); + $output->writeln("No fix found for $path, restored version to original: $originalEncryptedVersion"); + + return false; + } + + /** + * Setup user file system + * @param string $uid + */ + private function setupUserFs($uid) { + \OC_Util::tearDownFS(); + \OC_Util::setupFS($uid); + } +} -- cgit v1.2.3 From 43a0016aa7f09e55c0b828f9f21c7c6a68526b29 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 24 Jun 2021 09:19:47 +0200 Subject: Downstream FixEncryptedVersionTest Signed-off-by: Vincent Petry --- .../tests/Command/FixEncryptedVersionTest.php | 373 +++++++++++++++++++++ 1 file changed, 373 insertions(+) create mode 100644 apps/encryption/tests/Command/FixEncryptedVersionTest.php (limited to 'apps') diff --git a/apps/encryption/tests/Command/FixEncryptedVersionTest.php b/apps/encryption/tests/Command/FixEncryptedVersionTest.php new file mode 100644 index 00000000000..42556288556 --- /dev/null +++ b/apps/encryption/tests/Command/FixEncryptedVersionTest.php @@ -0,0 +1,373 @@ + + * + * @copyright Copyright (c) 2019, ownCloud GmbH + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Encryption\Tests\Command; + +use OC\Files\Filesystem; +use OC\Files\View; +use OCA\Encryption\Command\FixEncryptedVersion; +use OCA\Encryption\Crypto\Crypt; +use OCA\Encryption\KeyManager; +use OCA\Encryption\Session; +use OCA\Encryption\Util; +use OCP\Files\IRootFolder; +use OCP\IUserManager; +use Symfony\Component\Console\Tester\CommandTester; +use OCA\Encryption\Users\Setup; +use Test\TestCase; + +/** + * Class FixEncryptedVersionTest + * + * @group DB + * @package OCA\Encryption\Tests\Command + */ +class FixEncryptedVersionTest extends TestCase { + public const TEST_ENCRYPTION_VERSION_AFFECTED_USER = 'test_enc_version_affected_user1'; + + /** @var IRootFolder */ + private $rootFolder; + + /** @var IUserManager */ + private $userManager; + + /** @var View */ + private $view; + + /** @var FixEncryptedVersion */ + private $fixEncryptedVersion; + + /** @var CommandTester */ + private $commandTester; + + public static function setUpBeforeClass(): void { + parent::setUpBeforeClass(); + //Enable encryption + \OC::$server->getConfig()->setAppValue('core', 'encryption_enabled', 'yes'); + //Enable Masterkey + \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '1'); + $crypt = new Crypt(\OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getL10N('encryption')); + $encryptionSession = new Session(\OC::$server->getSession()); + $view = new View("/"); + $encryptionUtil = new Util($view, $crypt, \OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getUserManager()); + $keyManager = new KeyManager( + \OC::$server->getEncryptionKeyStorage(), + $crypt, + \OC::$server->getConfig(), + \OC::$server->getUserSession(), + $encryptionSession, + \OC::$server->getLogger(), + $encryptionUtil + ); + $userSetup = new Setup(\OC::$server->getLogger(), \OC::$server->getUserSession(), $crypt, $keyManager); + $userSetup->setupSystem(); + \OC::$server->getUserManager()->createUser(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + } + + public static function tearDownAfterClass(): void { + parent::tearDownAfterClass(); + \OC\Files\Filesystem::clearMounts(); + $user = \OC::$server->getUserManager()->get(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER); + if ($user !== null) { + $user->delete(); + } + \OC::$server->getConfig()->deleteAppValue('core', 'encryption_enabled'); + \OC::$server->getConfig()->deleteAppValue('core', 'default_encryption_module'); + \OC::$server->getConfig()->deleteAppValues('encryption'); + Filesystem::getLoader()->removeStorageWrapper("oc_encryption"); + } + + public function setUp(): void { + parent::setUp(); + $this->rootFolder = \OC::$server->getRootFolder(); + $this->userManager = \OC::$server->getUserManager(); + $this->view = new View("/"); + $this->fixEncryptedVersion = new FixEncryptedVersion($this->rootFolder, $this->userManager, $this->view); + $this->commandTester = new CommandTester($this->fixEncryptedVersion); + } + + /** + * In this test the encrypted version is set to zero whereas it should have been + * set to a positive non zero number. + */ + public function testEncryptedVersionIsNotZero() { + \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + + $view->touch('hello.txt'); + $view->touch('world.txt'); + $view->file_put_contents('hello.txt', 'a test string for hello'); + $view->file_put_contents('world.txt', 'a test string for world'); + + $fileInfo = $view->getFileInfo('hello.txt'); + + $storage = $fileInfo->getStorage(); + $cache = $storage->getCache(); + $fileCache = $cache->get($fileInfo->getId()); + + //Now change the encrypted version to zero + $cacheInfo = ['encryptedVersion' => 0, 'encrypted' => 0]; + $cache->put($fileCache->getPath(), $cacheInfo); + + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt +Attempting to fix the path: /test_enc_version_affected_user1/files/hello.txt +Increment the encrypted version to 1 +The file /test_enc_version_affected_user1/files/hello.txt is: OK +Fixed the file: /test_enc_version_affected_user1/files/hello.txt with version 1", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt +The file /test_enc_version_affected_user1/files/world.txt is: OK", $output); + } + + /** + * In this test the encrypted version of the file is less than the original value + * but greater than zero + */ + public function testEncryptedVersionLessThanOriginalValue() { + \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + + $view->touch('hello.txt'); + $view->touch('world.txt'); + $view->touch('foo.txt'); + $view->file_put_contents('hello.txt', 'a test string for hello'); + $view->file_put_contents('hello.txt', 'Yet another value'); + $view->file_put_contents('hello.txt', 'Lets modify again1'); + $view->file_put_contents('hello.txt', 'Lets modify again2'); + $view->file_put_contents('hello.txt', 'Lets modify again3'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('foo.txt', 'a foo test'); + + $fileInfo1 = $view->getFileInfo('hello.txt'); + + $storage1 = $fileInfo1->getStorage(); + $cache1 = $storage1->getCache(); + $fileCache1 = $cache1->get($fileInfo1->getId()); + + //Now change the encrypted version to two + $cacheInfo = ['encryptedVersion' => 2, 'encrypted' => 2]; + $cache1->put($fileCache1->getPath(), $cacheInfo); + + $fileInfo2 = $view->getFileInfo('world.txt'); + $storage2 = $fileInfo2->getStorage(); + $cache2 = $storage2->getCache(); + $filecache2 = $cache2->get($fileInfo2->getId()); + + //Now change the encrypted version to 1 + $cacheInfo = ['encryptedVersion' => 1, 'encrypted' => 1]; + $cache2->put($filecache2->getPath(), $cacheInfo); + + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/foo.txt +The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt +Attempting to fix the path: /test_enc_version_affected_user1/files/hello.txt +Decrement the encrypted version to 1 +Increment the encrypted version to 3 +Increment the encrypted version to 4 +Increment the encrypted version to 5 +Increment the encrypted version to 6 +The file /test_enc_version_affected_user1/files/hello.txt is: OK +Fixed the file: /test_enc_version_affected_user1/files/hello.txt with version 6", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt +Attempting to fix the path: /test_enc_version_affected_user1/files/world.txt +Increment the encrypted version to 2 +Increment the encrypted version to 3 +Increment the encrypted version to 4 +Increment the encrypted version to 5 +The file /test_enc_version_affected_user1/files/world.txt is: OK +Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 5", $output); + } + + /** + * In this test the encrypted version of the file is greater than the original value + * but greater than zero + */ + public function testEncryptedVersionGreaterThanOriginalValue() { + \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + + $view->touch('hello.txt'); + $view->touch('world.txt'); + $view->touch('foo.txt'); + $view->file_put_contents('hello.txt', 'a test string for hello'); + $view->file_put_contents('hello.txt', 'Lets modify again2'); + $view->file_put_contents('hello.txt', 'Lets modify again3'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('world.txt', 'a test string for world'); + $view->file_put_contents('foo.txt', 'a foo test'); + + $fileInfo1 = $view->getFileInfo('hello.txt'); + + $storage1 = $fileInfo1->getStorage(); + $cache1 = $storage1->getCache(); + $fileCache1 = $cache1->get($fileInfo1->getId()); + + //Now change the encrypted version to fifteen + $cacheInfo = ['encryptedVersion' => 15, 'encrypted' => 15]; + $cache1->put($fileCache1->getPath(), $cacheInfo); + + $fileInfo2 = $view->getFileInfo('world.txt'); + $storage2 = $fileInfo2->getStorage(); + $cache2 = $storage2->getCache(); + $filecache2 = $cache2->get($fileInfo2->getId()); + + //Now change the encrypted version to 1 + $cacheInfo = ['encryptedVersion' => 15, 'encrypted' => 15]; + $cache2->put($filecache2->getPath(), $cacheInfo); + + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/foo.txt +The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt +Attempting to fix the path: /test_enc_version_affected_user1/files/hello.txt +Decrement the encrypted version to 14 +Decrement the encrypted version to 13 +Decrement the encrypted version to 12 +Decrement the encrypted version to 11 +Decrement the encrypted version to 10 +Decrement the encrypted version to 9 +The file /test_enc_version_affected_user1/files/hello.txt is: OK +Fixed the file: /test_enc_version_affected_user1/files/hello.txt with version 9", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt +Attempting to fix the path: /test_enc_version_affected_user1/files/world.txt +Decrement the encrypted version to 14 +Decrement the encrypted version to 13 +Decrement the encrypted version to 12 +Decrement the encrypted version to 11 +Decrement the encrypted version to 10 +Decrement the encrypted version to 9 +The file /test_enc_version_affected_user1/files/world.txt is: OK +Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 9", $output); + } + + public function testVersionIsRestoredToOriginalIfNoFixIsFound() { + \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + + $view->touch('bar.txt'); + for ($i = 0; $i < 40; $i++) { + $view->file_put_contents('bar.txt', 'a test string for hello ' . $i); + } + + $fileInfo = $view->getFileInfo('bar.txt'); + + $storage = $fileInfo->getStorage(); + $cache = $storage->getCache(); + $fileCache = $cache->get($fileInfo->getId()); + + $cacheInfo = ['encryptedVersion' => 15, 'encrypted' => 15]; + $cache->put($fileCache->getPath(), $cacheInfo); + + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + ]); + + $cacheInfo = $cache->get($fileInfo->getId()); + $encryptedVersion = $cacheInfo["encryptedVersion"]; + + $this->assertEquals(15, $encryptedVersion); + } + + /** + * Test commands with a file path + */ + public function testExecuteWithFilePathOption() { + \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, + '--path' => "/hello.txt" + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt +The file /test_enc_version_affected_user1/files/hello.txt is: OK", $output); + } + + /** + * Test commands with a directory path + */ + public function testExecuteWithDirectoryPathOption() { + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, + '--path' => "/" + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt +The file /test_enc_version_affected_user1/files/hello.txt is: OK", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt +The file /test_enc_version_affected_user1/files/world.txt is: OK", $output); + $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/foo.txt +The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); + } + + /** + * Test commands with a directory path + */ + public function testExecuteWithNoUser() { + $this->commandTester->execute([ + 'user' => null, + '--path' => "/" + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("No user id provided.", $output); + } + + /** + * Test commands with a directory path + */ + public function testExecuteWithNonExistentPath() { + $this->commandTester->execute([ + 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, + '--path' => "/non-exist" + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString("Please provide a valid path.", $output); + } +} -- cgit v1.2.3 From 4e9241c706a9faf9c677439931c0d191f38ad4dc Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 24 Jun 2021 09:31:52 +0200 Subject: Detect disabled signature check when reparing When running occ encryption:fix-encrypted-version, detect whether the setting 'encryption_skip_signature_check' is set and abort if it is, because the repair cannot detect version mismatch errors with it enabled. Signed-off-by: Vincent Petry --- apps/encryption/lib/Command/FixEncryptedVersion.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php index 534ddc4c689..39239925850 100644 --- a/apps/encryption/lib/Command/FixEncryptedVersion.php +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -25,6 +25,7 @@ namespace OCA\Encryption\Command; use OC\Files\View; use OC\HintException; use OCP\Files\IRootFolder; +use OCP\IConfig; use OCP\IUserManager; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputArgument; @@ -32,6 +33,9 @@ use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class FixEncryptedVersion extends Command { + /** @var IConfig */ + private $config; + /** @var IRootFolder */ private $rootFolder; @@ -41,7 +45,8 @@ class FixEncryptedVersion extends Command { /** @var View */ private $view; - public function __construct(IRootFolder $rootFolder, IUserManager $userManager, View $view) { + public function __construct(IConfig $config, IRootFolder $rootFolder, IUserManager $userManager, View $view) { + $this->config = $config; $this->rootFolder = $rootFolder; $this->userManager = $userManager; $this->view = $view; @@ -72,6 +77,13 @@ class FixEncryptedVersion extends Command { * @return int */ protected function execute(InputInterface $input, OutputInterface $output) { + $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); + + if ($skipSignatureCheck) { + $output->writeln("Repairing is not possible when \"encryption_skip_signature_check\" is set. Please disable this flag in the configuration.\n"); + return 1; + } + $user = $input->getArgument('user'); $pathToWalk = "/$user/files"; -- cgit v1.2.3 From 6170912acec2d60467dd07e5d0871e68796e1408 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 24 Jun 2021 10:34:55 +0200 Subject: Fix warnings in FixEncryptedVersion command Fixed code warnings Signed-off-by: Vincent Petry --- .../encryption/lib/Command/FixEncryptedVersion.php | 39 ++++++++++++++-------- 1 file changed, 26 insertions(+), 13 deletions(-) (limited to 'apps') diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php index 39239925850..88a72f43324 100644 --- a/apps/encryption/lib/Command/FixEncryptedVersion.php +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -26,6 +26,7 @@ use OC\Files\View; use OC\HintException; use OCP\Files\IRootFolder; use OCP\IConfig; +use OCP\ILogger; use OCP\IUserManager; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputArgument; @@ -36,6 +37,9 @@ class FixEncryptedVersion extends Command { /** @var IConfig */ private $config; + /** @var ILogger */ + private $logger; + /** @var IRootFolder */ private $rootFolder; @@ -45,15 +49,16 @@ class FixEncryptedVersion extends Command { /** @var View */ private $view; - public function __construct(IConfig $config, IRootFolder $rootFolder, IUserManager $userManager, View $view) { + public function __construct(IConfig $config, ILogger $logger, IRootFolder $rootFolder, IUserManager $userManager, View $view) { $this->config = $config; + $this->logger = $logger; $this->rootFolder = $rootFolder; $this->userManager = $userManager; $this->view = $view; parent::__construct(); } - protected function configure() { + protected function configure(): void { parent::configure(); $this @@ -76,7 +81,7 @@ class FixEncryptedVersion extends Command { * @param OutputInterface $output * @return int */ - protected function execute(InputInterface $input, OutputInterface $output) { + protected function execute(InputInterface $input, OutputInterface $output): int { $skipSignatureCheck = $this->config->getSystemValue('encryption_skip_signature_check', false); if ($skipSignatureCheck) { @@ -84,7 +89,7 @@ class FixEncryptedVersion extends Command { return 1; } - $user = $input->getArgument('user'); + $user = (string)$input->getArgument('user'); $pathToWalk = "/$user/files"; /** @@ -113,7 +118,7 @@ class FixEncryptedVersion extends Command { * @param OutputInterface $output * @return int 0 for success, 1 for error */ - private function walkPathOfUser($user, $path, OutputInterface $output) { + private function walkPathOfUser($user, $path, OutputInterface $output): int { $this->setupUserFs($user); if (!$this->view->file_exists($path)) { $output->writeln("Path $path does not exist. Please provide a valid path."); @@ -147,7 +152,7 @@ class FixEncryptedVersion extends Command { * @param OutputInterface $output * @param bool $ignoreCorrectEncVersionCall, setting this variable to false avoids recursion */ - private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true) { + private function verifyFileContent($path, OutputInterface $output, $ignoreCorrectEncVersionCall = true): bool { try { /** * In encryption, the files are read in a block size of 8192 bytes @@ -166,7 +171,7 @@ class FixEncryptedVersion extends Command { return true; } catch (HintException $e) { - \OC::$server->getLogger()->warning("Issue: " . $e->getMessage()); + $this->logger->warning("Issue: " . $e->getMessage()); //If allowOnce is set to false, this becomes recursive. if ($ignoreCorrectEncVersionCall === true) { //Lets rectify the file by correcting encrypted version @@ -182,8 +187,12 @@ class FixEncryptedVersion extends Command { * @param OutputInterface $output * @return bool */ - private function correctEncryptedVersion($path, OutputInterface $output) { + private function correctEncryptedVersion($path, OutputInterface $output): bool { $fileInfo = $this->view->getFileInfo($path); + if (!$fileInfo) { + $output->writeln("File info not found for file: \"$path\""); + return true; + } $fileId = $fileInfo->getId(); $encryptedVersion = $fileInfo->getEncryptedVersion(); $wrongEncryptedVersion = $encryptedVersion; @@ -192,9 +201,13 @@ class FixEncryptedVersion extends Command { $cache = $storage->getCache(); $fileCache = $cache->get($fileId); + if (!$fileCache) { + $output->writeln("File cache entry not found for file: \"$path\""); + return true; + } if ($storage->instanceOfStorage('OCA\Files_Sharing\ISharedStorage')) { - $output->writeln("The file: $path is a share. Hence kindly fix this by running the script for the owner of share"); + $output->writeln("The file: \"$path\" is a share. Please also run the script for the owner of the share"); return true; } @@ -208,7 +221,7 @@ class FixEncryptedVersion extends Command { $cache->put($fileCache->getPath(), $cacheInfo); $output->writeln("Decrement the encrypted version to $encryptedVersion"); if ($this->verifyFileContent($path, $output, false) === true) { - $output->writeln("Fixed the file: $path with version " . $encryptedVersion . ""); + $output->writeln("Fixed the file: \"$path\" with version " . $encryptedVersion . ""); return true; } $encryptedVersion--; @@ -231,7 +244,7 @@ class FixEncryptedVersion extends Command { $cache->put($fileCache->getPath(), $cacheInfo); $output->writeln("Increment the encrypted version to $newEncryptedVersion"); if ($this->verifyFileContent($path, $output, false) === true) { - $output->writeln("Fixed the file: $path with version " . $newEncryptedVersion . ""); + $output->writeln("Fixed the file: \"$path\" with version " . $newEncryptedVersion . ""); return true; } $increment++; @@ -240,7 +253,7 @@ class FixEncryptedVersion extends Command { $cacheInfo = ['encryptedVersion' => $originalEncryptedVersion, 'encrypted' => $originalEncryptedVersion]; $cache->put($fileCache->getPath(), $cacheInfo); - $output->writeln("No fix found for $path, restored version to original: $originalEncryptedVersion"); + $output->writeln("No fix found for \"$path\", restored version to original: $originalEncryptedVersion"); return false; } @@ -249,7 +262,7 @@ class FixEncryptedVersion extends Command { * Setup user file system * @param string $uid */ - private function setupUserFs($uid) { + private function setupUserFs($uid): void { \OC_Util::tearDownFS(); \OC_Util::setupFS($uid); } -- cgit v1.2.3 From 101c65a94981b1ac6b01166c5e5e3c0bbf6128a7 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Thu, 24 Jun 2021 10:51:07 +0200 Subject: Fix FixEncryptedVersionTest test Fixed setup to use EncryptionTrait like other existing tests. Fix expectations to not rely on side effects from previous test cases. Signed-off-by: Vincent Petry --- .../encryption/lib/Command/FixEncryptedVersion.php | 10 +- .../tests/Command/FixEncryptedVersionTest.php | 233 +++++++-------------- 2 files changed, 85 insertions(+), 158 deletions(-) (limited to 'apps') diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php index 88a72f43324..e2181f9a229 100644 --- a/apps/encryption/lib/Command/FixEncryptedVersion.php +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -121,12 +121,12 @@ class FixEncryptedVersion extends Command { private function walkPathOfUser($user, $path, OutputInterface $output): int { $this->setupUserFs($user); if (!$this->view->file_exists($path)) { - $output->writeln("Path $path does not exist. Please provide a valid path."); + $output->writeln("Path \"$path\" does not exist. Please provide a valid path."); return 1; } if ($this->view->is_file($path)) { - $output->writeln("Verifying the content of file $path"); + $output->writeln("Verifying the content of file \"$path\""); $this->verifyFileContent($path, $output); return 0; } @@ -139,7 +139,7 @@ class FixEncryptedVersion extends Command { if ($this->view->is_dir($path)) { $directories[] = $path; } else { - $output->writeln("Verifying the content of file $path"); + $output->writeln("Verifying the content of file \"$path\""); $this->verifyFileContent($path, $output); } } @@ -164,7 +164,7 @@ class FixEncryptedVersion extends Command { $handle = $this->view->fopen($path, 'rb'); if (\fread($handle, 9001) !== false) { - $output->writeln("The file $path is: OK"); + $output->writeln("The file \"$path\" is: OK"); } \fclose($handle); @@ -175,7 +175,7 @@ class FixEncryptedVersion extends Command { //If allowOnce is set to false, this becomes recursive. if ($ignoreCorrectEncVersionCall === true) { //Lets rectify the file by correcting encrypted version - $output->writeln("Attempting to fix the path: $path"); + $output->writeln("Attempting to fix the path: \"$path\""); return $this->correctEncryptedVersion($path, $output); } return false; diff --git a/apps/encryption/tests/Command/FixEncryptedVersionTest.php b/apps/encryption/tests/Command/FixEncryptedVersionTest.php index 42556288556..a530275784a 100644 --- a/apps/encryption/tests/Command/FixEncryptedVersionTest.php +++ b/apps/encryption/tests/Command/FixEncryptedVersionTest.php @@ -21,18 +21,13 @@ namespace OCA\Encryption\Tests\Command; -use OC\Files\Filesystem; use OC\Files\View; use OCA\Encryption\Command\FixEncryptedVersion; -use OCA\Encryption\Crypto\Crypt; -use OCA\Encryption\KeyManager; -use OCA\Encryption\Session; -use OCA\Encryption\Util; -use OCP\Files\IRootFolder; -use OCP\IUserManager; use Symfony\Component\Console\Tester\CommandTester; -use OCA\Encryption\Users\Setup; use Test\TestCase; +use Test\Traits\EncryptionTrait; +use Test\Traits\MountProviderTrait; +use Test\Traits\UserTrait; /** * Class FixEncryptedVersionTest @@ -41,16 +36,11 @@ use Test\TestCase; * @package OCA\Encryption\Tests\Command */ class FixEncryptedVersionTest extends TestCase { - public const TEST_ENCRYPTION_VERSION_AFFECTED_USER = 'test_enc_version_affected_user1'; + use MountProviderTrait; + use EncryptionTrait; + use UserTrait; - /** @var IRootFolder */ - private $rootFolder; - - /** @var IUserManager */ - private $userManager; - - /** @var View */ - private $view; + private $userId; /** @var FixEncryptedVersion */ private $fixEncryptedVersion; @@ -58,88 +48,31 @@ class FixEncryptedVersionTest extends TestCase { /** @var CommandTester */ private $commandTester; - public static function setUpBeforeClass(): void { - parent::setUpBeforeClass(); - //Enable encryption - \OC::$server->getConfig()->setAppValue('core', 'encryption_enabled', 'yes'); - //Enable Masterkey - \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '1'); - $crypt = new Crypt(\OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getL10N('encryption')); - $encryptionSession = new Session(\OC::$server->getSession()); - $view = new View("/"); - $encryptionUtil = new Util($view, $crypt, \OC::$server->getLogger(), \OC::$server->getUserSession(), \OC::$server->getConfig(), \OC::$server->getUserManager()); - $keyManager = new KeyManager( - \OC::$server->getEncryptionKeyStorage(), - $crypt, - \OC::$server->getConfig(), - \OC::$server->getUserSession(), - $encryptionSession, - \OC::$server->getLogger(), - $encryptionUtil - ); - $userSetup = new Setup(\OC::$server->getLogger(), \OC::$server->getUserSession(), $crypt, $keyManager); - $userSetup->setupSystem(); - \OC::$server->getUserManager()->createUser(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); - } - - public static function tearDownAfterClass(): void { - parent::tearDownAfterClass(); - \OC\Files\Filesystem::clearMounts(); - $user = \OC::$server->getUserManager()->get(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER); - if ($user !== null) { - $user->delete(); - } - \OC::$server->getConfig()->deleteAppValue('core', 'encryption_enabled'); - \OC::$server->getConfig()->deleteAppValue('core', 'default_encryption_module'); - \OC::$server->getConfig()->deleteAppValues('encryption'); - Filesystem::getLoader()->removeStorageWrapper("oc_encryption"); - } - public function setUp(): void { parent::setUp(); - $this->rootFolder = \OC::$server->getRootFolder(); - $this->userManager = \OC::$server->getUserManager(); - $this->view = new View("/"); - $this->fixEncryptedVersion = new FixEncryptedVersion($this->rootFolder, $this->userManager, $this->view); - $this->commandTester = new CommandTester($this->fixEncryptedVersion); - } - - /** - * In this test the encrypted version is set to zero whereas it should have been - * set to a positive non zero number. - */ - public function testEncryptedVersionIsNotZero() { - \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); - $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); - - $view->touch('hello.txt'); - $view->touch('world.txt'); - $view->file_put_contents('hello.txt', 'a test string for hello'); - $view->file_put_contents('world.txt', 'a test string for world'); - - $fileInfo = $view->getFileInfo('hello.txt'); - $storage = $fileInfo->getStorage(); - $cache = $storage->getCache(); - $fileCache = $cache->get($fileInfo->getId()); + \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '1'); - //Now change the encrypted version to zero - $cacheInfo = ['encryptedVersion' => 0, 'encrypted' => 0]; - $cache->put($fileCache->getPath(), $cacheInfo); + $this->userId = $this->getUniqueId('user_'); - $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER - ]); + $this->createUser($this->userId, 'foo12345678'); + $tmpFolder = \OC::$server->getTempManager()->getTemporaryFolder(); + $this->registerMount($this->userId, '\OC\Files\Storage\Local', '/' . $this->userId, ['datadir' => $tmpFolder]); + $this->setupForUser($this->userId, 'foo12345678'); + $this->loginWithEncryption($this->userId); - $output = $this->commandTester->getDisplay(); + $this->fixEncryptedVersion = new FixEncryptedVersion( + \OC::$server->getConfig(), + \OC::$server->getLogger(), + \OC::$server->getRootFolder(), + \OC::$server->getUserManager(), + new View('/') + ); + $this->commandTester = new CommandTester($this->fixEncryptedVersion); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt -Attempting to fix the path: /test_enc_version_affected_user1/files/hello.txt -Increment the encrypted version to 1 -The file /test_enc_version_affected_user1/files/hello.txt is: OK -Fixed the file: /test_enc_version_affected_user1/files/hello.txt with version 1", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt -The file /test_enc_version_affected_user1/files/world.txt is: OK", $output); + $this->assertTrue(\OC::$server->getEncryptionManager()->isEnabled()); + $this->assertTrue(\OC::$server->getEncryptionManager()->isReady()); + $this->assertTrue(\OC::$server->getEncryptionManager()->isReadyForUser($this->userId)); } /** @@ -147,8 +80,7 @@ The file /test_enc_version_affected_user1/files/world.txt is: OK", $output); * but greater than zero */ public function testEncryptedVersionLessThanOriginalValue() { - \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); - $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + $view = new View("/" . $this->userId . "/files"); $view->touch('hello.txt'); $view->touch('world.txt'); @@ -184,30 +116,28 @@ The file /test_enc_version_affected_user1/files/world.txt is: OK", $output); $cache2->put($filecache2->getPath(), $cacheInfo); $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + 'user' => $this->userId ]); $output = $this->commandTester->getDisplay(); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/foo.txt -The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt -Attempting to fix the path: /test_enc_version_affected_user1/files/hello.txt + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/foo.txt\" +The file \"/$this->userId/files/foo.txt\" is: OK", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/hello.txt\" +Attempting to fix the path: \"/$this->userId/files/hello.txt\" Decrement the encrypted version to 1 Increment the encrypted version to 3 Increment the encrypted version to 4 Increment the encrypted version to 5 -Increment the encrypted version to 6 -The file /test_enc_version_affected_user1/files/hello.txt is: OK -Fixed the file: /test_enc_version_affected_user1/files/hello.txt with version 6", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt -Attempting to fix the path: /test_enc_version_affected_user1/files/world.txt +The file \"/$this->userId/files/hello.txt\" is: OK +Fixed the file: \"/$this->userId/files/hello.txt\" with version 5", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/world.txt\" +Attempting to fix the path: \"/$this->userId/files/world.txt\" Increment the encrypted version to 2 Increment the encrypted version to 3 Increment the encrypted version to 4 -Increment the encrypted version to 5 -The file /test_enc_version_affected_user1/files/world.txt is: OK -Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 5", $output); +The file \"/$this->userId/files/world.txt\" is: OK +Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output); } /** @@ -215,8 +145,7 @@ Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 5" * but greater than zero */ public function testEncryptedVersionGreaterThanOriginalValue() { - \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); - $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + $view = new View("/" . $this->userId . "/files"); $view->touch('hello.txt'); $view->touch('world.txt'); @@ -237,7 +166,7 @@ Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 5" $fileCache1 = $cache1->get($fileInfo1->getId()); //Now change the encrypted version to fifteen - $cacheInfo = ['encryptedVersion' => 15, 'encrypted' => 15]; + $cacheInfo = ['encryptedVersion' => 5, 'encrypted' => 5]; $cache1->put($fileCache1->getPath(), $cacheInfo); $fileInfo2 = $view->getFileInfo('world.txt'); @@ -246,42 +175,33 @@ Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 5" $filecache2 = $cache2->get($fileInfo2->getId()); //Now change the encrypted version to 1 - $cacheInfo = ['encryptedVersion' => 15, 'encrypted' => 15]; + $cacheInfo = ['encryptedVersion' => 6, 'encrypted' => 6]; $cache2->put($filecache2->getPath(), $cacheInfo); $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + 'user' => $this->userId ]); $output = $this->commandTester->getDisplay(); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/foo.txt -The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt -Attempting to fix the path: /test_enc_version_affected_user1/files/hello.txt -Decrement the encrypted version to 14 -Decrement the encrypted version to 13 -Decrement the encrypted version to 12 -Decrement the encrypted version to 11 -Decrement the encrypted version to 10 -Decrement the encrypted version to 9 -The file /test_enc_version_affected_user1/files/hello.txt is: OK -Fixed the file: /test_enc_version_affected_user1/files/hello.txt with version 9", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt -Attempting to fix the path: /test_enc_version_affected_user1/files/world.txt -Decrement the encrypted version to 14 -Decrement the encrypted version to 13 -Decrement the encrypted version to 12 -Decrement the encrypted version to 11 -Decrement the encrypted version to 10 -Decrement the encrypted version to 9 -The file /test_enc_version_affected_user1/files/world.txt is: OK -Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 9", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/foo.txt\" +The file \"/$this->userId/files/foo.txt\" is: OK", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/hello.txt\" +Attempting to fix the path: \"/$this->userId/files/hello.txt\" +Decrement the encrypted version to 4 +Decrement the encrypted version to 3 +The file \"/$this->userId/files/hello.txt\" is: OK +Fixed the file: \"/$this->userId/files/hello.txt\" with version 3", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/world.txt\" +Attempting to fix the path: \"/$this->userId/files/world.txt\" +Decrement the encrypted version to 5 +Decrement the encrypted version to 4 +The file \"/$this->userId/files/world.txt\" is: OK +Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output); } public function testVersionIsRestoredToOriginalIfNoFixIsFound() { - \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); - $view = new View("/" . self::TEST_ENCRYPTION_VERSION_AFFECTED_USER . "/files"); + $view = new View("/" . $this->userId . "/files"); $view->touch('bar.txt'); for ($i = 0; $i < 40; $i++) { @@ -298,7 +218,7 @@ Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 9" $cache->put($fileCache->getPath(), $cacheInfo); $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER + 'user' => $this->userId ]); $cacheInfo = $cache->get($fileInfo->getId()); @@ -311,36 +231,43 @@ Fixed the file: /test_enc_version_affected_user1/files/world.txt with version 9" * Test commands with a file path */ public function testExecuteWithFilePathOption() { - \OC::$server->getUserSession()->login(self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, 'foo'); + $view = new View("/" . $this->userId . "/files"); + + $view->touch('hello.txt'); + $view->touch('world.txt'); $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, + 'user' => $this->userId, '--path' => "/hello.txt" ]); $output = $this->commandTester->getDisplay(); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt -The file /test_enc_version_affected_user1/files/hello.txt is: OK", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/hello.txt\" +The file \"/$this->userId/files/hello.txt\" is: OK", $output); + $this->assertStringNotContainsString('world.txt', $output); } /** * Test commands with a directory path */ public function testExecuteWithDirectoryPathOption() { + $view = new View("/" . $this->userId . "/files"); + + $view->mkdir('sub'); + $view->touch('sub/hello.txt'); + $view->touch('world.txt'); + $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, - '--path' => "/" + 'user' => $this->userId, + '--path' => "/sub" ]); $output = $this->commandTester->getDisplay(); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/hello.txt -The file /test_enc_version_affected_user1/files/hello.txt is: OK", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/world.txt -The file /test_enc_version_affected_user1/files/world.txt is: OK", $output); - $this->assertStringContainsString("Verifying the content of file /test_enc_version_affected_user1/files/foo.txt -The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); + $this->assertStringContainsString("Verifying the content of file \"/$this->userId/files/sub/hello.txt\" +The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output); + $this->assertStringNotContainsString('world.txt', $output); } /** @@ -354,7 +281,7 @@ The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); $output = $this->commandTester->getDisplay(); - $this->assertStringContainsString("No user id provided.", $output); + $this->assertStringContainsString('does not exist', $output); } /** @@ -362,12 +289,12 @@ The file /test_enc_version_affected_user1/files/foo.txt is: OK", $output); */ public function testExecuteWithNonExistentPath() { $this->commandTester->execute([ - 'user' => self::TEST_ENCRYPTION_VERSION_AFFECTED_USER, - '--path' => "/non-exist" + 'user' => $this->userId, + '--path' => '/non-exist' ]); $output = $this->commandTester->getDisplay(); - $this->assertStringContainsString("Please provide a valid path.", $output); + $this->assertStringContainsString('Please provide a valid path.', $output); } } -- cgit v1.2.3 From d3eeecba54fc891da20093c88648e5f10ed0e706 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Tue, 29 Jun 2021 20:44:07 +0200 Subject: Prevent running FixEncryptedVersion without master key Return an error when running occ encryption:fix-encrypted-version when master key encryption is not enabled. Signed-off-by: Vincent Petry --- .../encryption/lib/Command/FixEncryptedVersion.php | 19 ++++++++- .../tests/Command/FixEncryptedVersionTest.php | 46 ++++++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/encryption/lib/Command/FixEncryptedVersion.php b/apps/encryption/lib/Command/FixEncryptedVersion.php index e2181f9a229..a85a96258fc 100644 --- a/apps/encryption/lib/Command/FixEncryptedVersion.php +++ b/apps/encryption/lib/Command/FixEncryptedVersion.php @@ -24,6 +24,7 @@ namespace OCA\Encryption\Command; use OC\Files\View; use OC\HintException; +use OCA\Encryption\Util; use OCP\Files\IRootFolder; use OCP\IConfig; use OCP\ILogger; @@ -46,14 +47,25 @@ class FixEncryptedVersion extends Command { /** @var IUserManager */ private $userManager; + /** @var Util */ + private $util; + /** @var View */ private $view; - public function __construct(IConfig $config, ILogger $logger, IRootFolder $rootFolder, IUserManager $userManager, View $view) { + public function __construct( + IConfig $config, + ILogger $logger, + IRootFolder $rootFolder, + IUserManager $userManager, + Util $util, + View $view + ) { $this->config = $config; $this->logger = $logger; $this->rootFolder = $rootFolder; $this->userManager = $userManager; + $this->util = $util; $this->view = $view; parent::__construct(); } @@ -89,6 +101,11 @@ class FixEncryptedVersion extends Command { return 1; } + if (!$this->util->isMasterKeyEnabled()) { + $output->writeln("Repairing only works with master key encryption.\n"); + return 1; + } + $user = (string)$input->getArgument('user'); $pathToWalk = "/$user/files"; diff --git a/apps/encryption/tests/Command/FixEncryptedVersionTest.php b/apps/encryption/tests/Command/FixEncryptedVersionTest.php index a530275784a..22ae239aec2 100644 --- a/apps/encryption/tests/Command/FixEncryptedVersionTest.php +++ b/apps/encryption/tests/Command/FixEncryptedVersionTest.php @@ -23,6 +23,7 @@ namespace OCA\Encryption\Tests\Command; use OC\Files\View; use OCA\Encryption\Command\FixEncryptedVersion; +use OCA\Encryption\Util; use Symfony\Component\Console\Tester\CommandTester; use Test\TestCase; use Test\Traits\EncryptionTrait; @@ -48,11 +49,17 @@ class FixEncryptedVersionTest extends TestCase { /** @var CommandTester */ private $commandTester; + /** @var Util|\PHPUnit\Framework\MockObject\MockObject */ + protected $util; + public function setUp(): void { parent::setUp(); \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '1'); + $this->util = $this->getMockBuilder(Util::class) + ->disableOriginalConstructor()->getMock(); + $this->userId = $this->getUniqueId('user_'); $this->createUser($this->userId, 'foo12345678'); @@ -66,6 +73,7 @@ class FixEncryptedVersionTest extends TestCase { \OC::$server->getLogger(), \OC::$server->getRootFolder(), \OC::$server->getUserManager(), + $this->util, new View('/') ); $this->commandTester = new CommandTester($this->fixEncryptedVersion); @@ -80,6 +88,9 @@ class FixEncryptedVersionTest extends TestCase { * but greater than zero */ public function testEncryptedVersionLessThanOriginalValue() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $view = new View("/" . $this->userId . "/files"); $view->touch('hello.txt'); @@ -145,6 +156,9 @@ Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output); * but greater than zero */ public function testEncryptedVersionGreaterThanOriginalValue() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $view = new View("/" . $this->userId . "/files"); $view->touch('hello.txt'); @@ -201,6 +215,9 @@ Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output); } public function testVersionIsRestoredToOriginalIfNoFixIsFound() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $view = new View("/" . $this->userId . "/files"); $view->touch('bar.txt'); @@ -231,6 +248,9 @@ Fixed the file: \"/$this->userId/files/world.txt\" with version 4", $output); * Test commands with a file path */ public function testExecuteWithFilePathOption() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $view = new View("/" . $this->userId . "/files"); $view->touch('hello.txt'); @@ -252,6 +272,9 @@ The file \"/$this->userId/files/hello.txt\" is: OK", $output); * Test commands with a directory path */ public function testExecuteWithDirectoryPathOption() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $view = new View("/" . $this->userId . "/files"); $view->mkdir('sub'); @@ -274,6 +297,9 @@ The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output); * Test commands with a directory path */ public function testExecuteWithNoUser() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $this->commandTester->execute([ 'user' => null, '--path' => "/" @@ -288,6 +314,9 @@ The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output); * Test commands with a directory path */ public function testExecuteWithNonExistentPath() { + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(true); + $this->commandTester->execute([ 'user' => $this->userId, '--path' => '/non-exist' @@ -297,4 +326,21 @@ The file \"/$this->userId/files/sub/hello.txt\" is: OK", $output); $this->assertStringContainsString('Please provide a valid path.', $output); } + + /** + * Test commands without master key + */ + public function testExecuteWithNoMasterKey() { + \OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '0'); + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn(false); + + $this->commandTester->execute([ + 'user' => $this->userId, + ]); + + $output = $this->commandTester->getDisplay(); + + $this->assertStringContainsString('only works with master key', $output); + } } -- cgit v1.2.3