From d0a6fb1f2ca7899831b20575f692be2168f942e0 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 16 Apr 2015 15:42:13 +0200 Subject: let user update the private key password in case the login password was changed from outside --- apps/encryption/appinfo/application.php | 14 ++ apps/encryption/appinfo/routes.php | 5 + apps/encryption/controller/settingscontroller.php | 144 ++++++++++++++ .../tests/controller/SettingsControllerTest.php | 221 +++++++++++++++++++++ 4 files changed, 384 insertions(+) create mode 100644 apps/encryption/controller/settingscontroller.php create mode 100644 apps/encryption/tests/controller/SettingsControllerTest.php (limited to 'apps') diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php index dbeb1171bd8..417b944c02f 100644 --- a/apps/encryption/appinfo/application.php +++ b/apps/encryption/appinfo/application.php @@ -167,6 +167,20 @@ class Application extends \OCP\AppFramework\App { ); }); + $container->registerService('SettingsController', function (IAppContainer $c) { + $server = $c->getServer(); + return new \OCA\Encryption\Controller\SettingsController( + $c->getAppName(), + $server->getRequest(), + $server->getL10N($c->getAppName()), + $server->getUserManager(), + $server->getUserSession(), + $c->query('KeyManager'), + $c->query('Crypt'), + $c->query('Session') + ); + }); + $container->registerService('UserSetup', function (IAppContainer $c) { $server = $c->getServer(); diff --git a/apps/encryption/appinfo/routes.php b/apps/encryption/appinfo/routes.php index 4194308a0ce..8fa163d0751 100644 --- a/apps/encryption/appinfo/routes.php +++ b/apps/encryption/appinfo/routes.php @@ -30,6 +30,11 @@ namespace OCA\Encryption\AppInfo; 'url' => '/ajax/adminRecovery', 'verb' => 'POST' ], + [ + 'name' => 'Settings#updatePrivateKeyPassword', + 'url' => '/ajax/updatePrivateKeyPassword', + 'verb' => 'POST' + ], [ 'name' => 'Recovery#changeRecoveryPassword', 'url' => '/ajax/changeRecoveryPassword', diff --git a/apps/encryption/controller/settingscontroller.php b/apps/encryption/controller/settingscontroller.php new file mode 100644 index 00000000000..ec45b0596cf --- /dev/null +++ b/apps/encryption/controller/settingscontroller.php @@ -0,0 +1,144 @@ + + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Encryption\Controller; + + +use OCA\Encryption\Crypto\Crypt; +use OCA\Encryption\KeyManager; +use OCA\Encryption\Session; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\DataResponse; +use OCP\IL10N; +use OCP\IRequest; +use OCP\IUserManager; +use OCP\IUserSession; + +class SettingsController extends Controller { + + /** @var IL10N */ + private $l; + + /** @var IUserManager */ + private $userManager; + + /** @var IUserSession */ + private $userSession; + + /** @var KeyManager */ + private $keyManager; + + /** @var Crypt */ + private $crypt; + + /** @var Session */ + private $session; + + /** + * @param string $AppName + * @param IRequest $request + * @param IL10N $l10n + * @param IUserManager $userManager + * @param IUserSession $userSession + * @param KeyManager $keyManager + * @param Crypt $crypt + * @param Session $session + */ + public function __construct($AppName, + IRequest $request, + IL10N $l10n, + IUserManager $userManager, + IUserSession $userSession, + KeyManager $keyManager, + Crypt $crypt, + Session $session) { + parent::__construct($AppName, $request); + $this->l = $l10n; + $this->userSession = $userSession; + $this->userManager = $userManager; + $this->keyManager = $keyManager; + $this->crypt = $crypt; + $this->session = $session; + } + + + /** + * @NoAdminRequired + * @UseSession + * + * @param string $oldPassword + * @param string $newPassword + * @return DataResponse + */ + public function updatePrivateKeyPassword($oldPassword, $newPassword) { + $result = false; + $uid = $this->userSession->getUser()->getUID(); + $errorMessage = $this->l->t('Could not update the private key password.'); + + //check if password is correct + $passwordCorrect = $this->userManager->checkPassword($uid, $newPassword); + + if ($passwordCorrect !== false) { + $encryptedKey = $this->keyManager->getPrivateKey($uid); + $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword); + + if ($decryptedKey) { + $encryptedKey = $this->crypt->symmetricEncryptFileContent($decryptedKey, $newPassword); + $header = $this->crypt->generateHeader(); + if ($encryptedKey) { + $this->keyManager->setPrivateKey($uid, $header . $encryptedKey); + $this->session->setPrivateKey($decryptedKey); + $result = true; + } + } else { + $result = false; + $errorMessage = $this->l->t( + 'The old password was not correct, please try again.'); + } + } else { + $result = false; + $errorMessage = $this->l->t( + 'The current log-in password was not correct, please try again.'); + } + + if ($result === true) { + $this->session->setStatus(Session::INIT_SUCCESSFUL); + return new DataResponse( + array( + 'status' => 'success', + 'data' => array( + 'message' => (string) $this->l->t('Private key password successfully updated.')) + ) + ); + } else { + return new DataResponse( + array( + 'data' => array + ('message' => (string) $errorMessage) + ) + ); + } + + } + + +} diff --git a/apps/encryption/tests/controller/SettingsControllerTest.php b/apps/encryption/tests/controller/SettingsControllerTest.php new file mode 100644 index 00000000000..37a67652a12 --- /dev/null +++ b/apps/encryption/tests/controller/SettingsControllerTest.php @@ -0,0 +1,221 @@ + + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OCA\Encryption\Tests\Controller; + + +use OCA\Encryption\Controller\SettingsController; +use OCA\Encryption\Session; +use Test\TestCase; + +class SettingsControllerTest extends TestCase { + + /** @var SettingsController */ + private $controller; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $requestMock; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $l10nMock; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $userManagerMock; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $userSessionMock; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $keyManagerMock; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $cryptMock; + + /** @var \PHPUnit_Framework_MockObject_MockObject */ + private $sessionMock; + + public function setUp() { + + parent::setUp(); + + $this->requestMock = $this->getMock('OCP\IRequest'); + + $this->l10nMock = $this->getMockBuilder('OCP\IL10N') + ->disableOriginalConstructor()->getMock(); + + $this->l10nMock->expects($this->any()) + ->method('t') + ->will($this->returnCallback(function($message) { + return $message; })); + + $this->userManagerMock = $this->getMockBuilder('OCP\IUserManager') + ->disableOriginalConstructor()->getMock(); + + $this->keyManagerMock = $this->getMockBuilder('OCA\Encryption\KeyManager') + ->disableOriginalConstructor()->getMock(); + + $this->cryptMock = $this->getMockBuilder('OCA\Encryption\Crypto\Crypt') + ->disableOriginalConstructor()->getMock(); + + $this->userSessionMock = $this->getMockBuilder('OCP\IUserSession') + ->disableOriginalConstructor() + ->setMethods([ + 'isLoggedIn', + 'getUID', + 'login', + 'logout', + 'setUser', + 'getUser', + 'canChangePassword' + ]) + ->getMock(); + + $this->userSessionMock->expects($this->any()) + ->method('getUID') + ->willReturn('testUser'); + + $this->userSessionMock->expects($this->any()) + ->method($this->anything()) + ->will($this->returnSelf()); + + $this->sessionMock = $this->getMockBuilder('OCA\Encryption\Session') + ->disableOriginalConstructor()->getMock(); + + $this->controller = new SettingsController( + 'encryption', + $this->requestMock, + $this->l10nMock, + $this->userManagerMock, + $this->userSessionMock, + $this->keyManagerMock, + $this->cryptMock, + $this->sessionMock + ); + } + + /** + * test updatePrivateKeyPassword() if wrong new password was entered + */ + public function testUpdatePrivateKeyPasswordWrongNewPassword() { + + $oldPassword = 'old'; + $newPassword = 'new'; + + $this->userManagerMock + ->expects($this->once()) + ->method('checkPassword') + ->willReturn(false); + + $result = $this->controller->updatePrivateKeyPassword($oldPassword, $newPassword); + + $data = $result->getData(); + + $this->assertSame('The current log-in password was not correct, please try again.', + $data['data']['message']); + } + + /** + * test updatePrivateKeyPassword() if wrong old password was entered + */ + public function testUpdatePrivateKeyPasswordWrongOldPassword() { + + $oldPassword = 'old'; + $newPassword = 'new'; + + $this->userManagerMock + ->expects($this->once()) + ->method('checkPassword') + ->willReturn(true); + + $this->cryptMock + ->expects($this->once()) + ->method('decryptPrivateKey') + ->willReturn(false); + + $result = $this->controller->updatePrivateKeyPassword($oldPassword, $newPassword); + + $data = $result->getData(); + + $this->assertSame('The old password was not correct, please try again.', + $data['data']['message']); + } + + /** + * test updatePrivateKeyPassword() with the correct old and new password + */ + public function testUpdatePrivateKeyPassword() { + + $oldPassword = 'old'; + $newPassword = 'new'; + + $this->userSessionMock + ->expects($this->once()) + ->method('getUID') + ->willReturn('testUser'); + + $this->userManagerMock + ->expects($this->once()) + ->method('checkPassword') + ->willReturn(true); + + $this->cryptMock + ->expects($this->once()) + ->method('decryptPrivateKey') + ->willReturn('decryptedKey'); + + $this->cryptMock + ->expects($this->once()) + ->method('symmetricEncryptFileContent') + ->willReturn('encryptedKey'); + + $this->cryptMock + ->expects($this->once()) + ->method('generateHeader') + ->willReturn('header.'); + + // methods which must be called after successful changing the key password + $this->keyManagerMock + ->expects($this->once()) + ->method('setPrivateKey') + ->with($this->equalTo('testUser'), $this->equalTo('header.encryptedKey')); + + $this->sessionMock + ->expects($this->once()) + ->method('setPrivateKey') + ->with($this->equalTo('decryptedKey')); + + $this->sessionMock + ->expects($this->once()) + ->method('setStatus') + ->with($this->equalTo(Session::INIT_SUCCESSFUL)); + + $result = $this->controller->updatePrivateKeyPassword($oldPassword, $newPassword); + + $data = $result->getData(); + + $this->assertSame('success', $data['status']); + + $this->assertSame('Private key password successfully updated.', + $data['data']['message']); + } + +} -- cgit v1.2.3 From 3f96662609a93f4da653c5962175ae42f4768fc1 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 20 Apr 2015 17:44:34 +0200 Subject: Fix several minor things --- apps/encryption/controller/settingscontroller.php | 30 ++++++++++------------ .../tests/controller/SettingsControllerTest.php | 15 ++++++----- 2 files changed, 21 insertions(+), 24 deletions(-) (limited to 'apps') diff --git a/apps/encryption/controller/settingscontroller.php b/apps/encryption/controller/settingscontroller.php index ec45b0596cf..1555ff0c654 100644 --- a/apps/encryption/controller/settingscontroller.php +++ b/apps/encryption/controller/settingscontroller.php @@ -19,14 +19,13 @@ * */ - namespace OCA\Encryption\Controller; - use OCA\Encryption\Crypto\Crypt; use OCA\Encryption\KeyManager; use OCA\Encryption\Session; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\IL10N; use OCP\IRequest; @@ -110,31 +109,28 @@ class SettingsController extends Controller { $result = true; } } else { - $result = false; - $errorMessage = $this->l->t( - 'The old password was not correct, please try again.'); + $errorMessage = $this->l->t('The old password was not correct, please try again.'); } } else { - $result = false; - $errorMessage = $this->l->t( - 'The current log-in password was not correct, please try again.'); + $errorMessage = $this->l->t('The current log-in password was not correct, please try again.'); } if ($result === true) { $this->session->setStatus(Session::INIT_SUCCESSFUL); return new DataResponse( - array( - 'status' => 'success', - 'data' => array( - 'message' => (string) $this->l->t('Private key password successfully updated.')) - ) + ['data' => [ + 'status' => 'success', + 'message' => (string) $this->l->t('Private key password successfully updated.'), + ], + ] ); } else { return new DataResponse( - array( - 'data' => array - ('message' => (string) $errorMessage) - ) + ['data' => [ + 'message' => (string) $errorMessage, + ], + ], + Http::STATUS_BAD_REQUEST ); } diff --git a/apps/encryption/tests/controller/SettingsControllerTest.php b/apps/encryption/tests/controller/SettingsControllerTest.php index 37a67652a12..a12773790a9 100644 --- a/apps/encryption/tests/controller/SettingsControllerTest.php +++ b/apps/encryption/tests/controller/SettingsControllerTest.php @@ -19,12 +19,11 @@ * */ - namespace OCA\Encryption\Tests\Controller; - use OCA\Encryption\Controller\SettingsController; use OCA\Encryption\Session; +use OCP\AppFramework\Http; use Test\TestCase; class SettingsControllerTest extends TestCase { @@ -53,7 +52,7 @@ class SettingsControllerTest extends TestCase { /** @var \PHPUnit_Framework_MockObject_MockObject */ private $sessionMock; - public function setUp() { + protected function setUp() { parent::setUp(); @@ -65,7 +64,8 @@ class SettingsControllerTest extends TestCase { $this->l10nMock->expects($this->any()) ->method('t') ->will($this->returnCallback(function($message) { - return $message; })); + return $message; + })); $this->userManagerMock = $this->getMockBuilder('OCP\IUserManager') ->disableOriginalConstructor()->getMock(); @@ -85,7 +85,7 @@ class SettingsControllerTest extends TestCase { 'logout', 'setUser', 'getUser', - 'canChangePassword' + 'canChangePassword', ]) ->getMock(); @@ -129,6 +129,7 @@ class SettingsControllerTest extends TestCase { $data = $result->getData(); + $this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus()); $this->assertSame('The current log-in password was not correct, please try again.', $data['data']['message']); } @@ -155,6 +156,7 @@ class SettingsControllerTest extends TestCase { $data = $result->getData(); + $this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus()); $this->assertSame('The old password was not correct, please try again.', $data['data']['message']); } @@ -212,8 +214,7 @@ class SettingsControllerTest extends TestCase { $data = $result->getData(); - $this->assertSame('success', $data['status']); - + $this->assertSame(Http::STATUS_OK, $result->getStatus()); $this->assertSame('Private key password successfully updated.', $data['data']['message']); } -- cgit v1.2.3 From 04674c06cca5884e6269461b2ae9a6e64a00953d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 20 Apr 2015 18:15:06 +0200 Subject: Dont use the old .status way --- apps/encryption/controller/settingscontroller.php | 13 ++----------- apps/encryption/js/settings-personal.js | 17 +++++++---------- .../tests/controller/SettingsControllerTest.php | 6 +++--- 3 files changed, 12 insertions(+), 24 deletions(-) (limited to 'apps') diff --git a/apps/encryption/controller/settingscontroller.php b/apps/encryption/controller/settingscontroller.php index 1555ff0c654..7fa3f469a14 100644 --- a/apps/encryption/controller/settingscontroller.php +++ b/apps/encryption/controller/settingscontroller.php @@ -118,23 +118,14 @@ class SettingsController extends Controller { if ($result === true) { $this->session->setStatus(Session::INIT_SUCCESSFUL); return new DataResponse( - ['data' => [ - 'status' => 'success', - 'message' => (string) $this->l->t('Private key password successfully updated.'), - ], - ] + ['message' => (string) $this->l->t('Private key password successfully updated.')] ); } else { return new DataResponse( - ['data' => [ - 'message' => (string) $errorMessage, - ], - ], + ['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST ); } } - - } diff --git a/apps/encryption/js/settings-personal.js b/apps/encryption/js/settings-personal.js index dcfbba4ecde..68609877c05 100644 --- a/apps/encryption/js/settings-personal.js +++ b/apps/encryption/js/settings-personal.js @@ -9,16 +9,13 @@ function updatePrivateKeyPasswd() { var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val(); OC.msg.startSaving('#encryption .msg'); $.post( - OC.generateUrl('/apps/encryption/ajax/updatePrivateKeyPassword') - , { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword } - , function( data ) { - if (data.status === "error") { - OC.msg.finishedSaving('#encryption .msg', data); - } else { - OC.msg.finishedSaving('#encryption .msg', data); - } - } - ); + OC.generateUrl('/apps/encryption/ajax/updatePrivateKeyPassword'), + { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword } + ).success(function(response) { + OC.msg.finishedSuccess('#encryption .msg', response.message); + }).fail(function(response) { + OC.msg.finishedError('#encryption .msg', response.responseJSON.message); + }); } $(document).ready(function(){ diff --git a/apps/encryption/tests/controller/SettingsControllerTest.php b/apps/encryption/tests/controller/SettingsControllerTest.php index a12773790a9..478bf8213b5 100644 --- a/apps/encryption/tests/controller/SettingsControllerTest.php +++ b/apps/encryption/tests/controller/SettingsControllerTest.php @@ -131,7 +131,7 @@ class SettingsControllerTest extends TestCase { $this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus()); $this->assertSame('The current log-in password was not correct, please try again.', - $data['data']['message']); + $data['message']); } /** @@ -158,7 +158,7 @@ class SettingsControllerTest extends TestCase { $this->assertSame(Http::STATUS_BAD_REQUEST, $result->getStatus()); $this->assertSame('The old password was not correct, please try again.', - $data['data']['message']); + $data['message']); } /** @@ -216,7 +216,7 @@ class SettingsControllerTest extends TestCase { $this->assertSame(Http::STATUS_OK, $result->getStatus()); $this->assertSame('Private key password successfully updated.', - $data['data']['message']); + $data['message']); } } -- cgit v1.2.3