From bf809ac85aa6739010463235fe8f7878993c39ee Mon Sep 17 00:00:00 2001 From: Thomas Müller Date: Tue, 31 Mar 2015 11:50:53 +0200 Subject: Removing left overs from old encryption app --- settings/ajax/decryptall.php | 62 ---------------------------------- settings/ajax/deletekeys.php | 35 ------------------- settings/ajax/restorekeys.php | 35 ------------------- settings/js/personal.js | 75 ----------------------------------------- settings/personal.php | 11 ------ settings/routes.php | 6 ---- settings/templates/personal.php | 52 ---------------------------- 7 files changed, 276 deletions(-) delete mode 100644 settings/ajax/decryptall.php delete mode 100644 settings/ajax/deletekeys.php delete mode 100644 settings/ajax/restorekeys.php (limited to 'settings') diff --git a/settings/ajax/decryptall.php b/settings/ajax/decryptall.php deleted file mode 100644 index 5925cee9dfd..00000000000 --- a/settings/ajax/decryptall.php +++ /dev/null @@ -1,62 +0,0 @@ - - * @author Joas Schilling - * @author Lukas Reschke - * @author Morris Jobke - * @author Robin Appelman - * @author Thomas Müller - * @author Volkan Gezer - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ -OCP\JSON::checkLoggedIn(); -OCP\JSON::callCheck(); - -//encryption app needs to be loaded -OC_App::loadApp('files_encryption'); - -// init encryption app -$params = array('uid' => \OCP\User::getUser(), - 'password' => (string)$_POST['password']); - -$view = new OC\Files\View('/'); -$util = new \OCA\Files_Encryption\Util($view, \OCP\User::getUser()); -$l = \OC::$server->getL10N('settings'); - -$result = $util->initEncryption($params); - -if ($result !== false) { - - try { - $successful = $util->decryptAll(); - } catch (\Exception $ex) { - \OCP\Util::writeLog('encryption library', "Decryption finished unexpected: " . $ex->getMessage(), \OCP\Util::ERROR); - $successful = false; - } - - $util->closeEncryptionSession(); - - if ($successful === true) { - \OCP\JSON::success(array('data' => array('message' => $l->t('Files decrypted successfully')))); - } else { - \OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t decrypt your files, please check your owncloud.log or ask your administrator')))); - } -} else { - \OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t decrypt your files, check your password and try again')))); -} - diff --git a/settings/ajax/deletekeys.php b/settings/ajax/deletekeys.php deleted file mode 100644 index 2192eb8c725..00000000000 --- a/settings/ajax/deletekeys.php +++ /dev/null @@ -1,35 +0,0 @@ - - * @author Morris Jobke - * @author Robin Appelman - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ -OCP\JSON::checkLoggedIn(); -OCP\JSON::callCheck(); - -$l = \OC::$server->getL10N('settings'); - -$util = new \OCA\Files_Encryption\Util(new \OC\Files\View(), \OC_User::getUser()); -$result = $util->deleteBackup('decryptAll'); - -if ($result) { - \OCP\JSON::success(array('data' => array('message' => $l->t('Encryption keys deleted permanently')))); -} else { - \OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t permanently delete your encryption keys, please check your owncloud.log or ask your administrator')))); -} diff --git a/settings/ajax/restorekeys.php b/settings/ajax/restorekeys.php deleted file mode 100644 index 52c02b3aba4..00000000000 --- a/settings/ajax/restorekeys.php +++ /dev/null @@ -1,35 +0,0 @@ - - * @author Morris Jobke - * @author Robin Appelman - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ -OCP\JSON::checkLoggedIn(); -OCP\JSON::callCheck(); - -$l = \OC::$server->getL10N('settings'); - -$util = new \OCA\Files_Encryption\Util(new \OC\Files\View(), \OC_User::getUser()); -$result = $util->restoreBackup('decryptAll'); - -if ($result) { - \OCP\JSON::success(array('data' => array('message' => $l->t('Backups restored successfully')))); -} else { - \OCP\JSON::error(array('data' => array('message' => $l->t('Couldn\'t restore your encryption keys, please check your owncloud.log or ask your administrator')))); -} diff --git a/settings/js/personal.js b/settings/js/personal.js index 30d7f5e9388..a847a1ee3a3 100644 --- a/settings/js/personal.js +++ b/settings/js/personal.js @@ -230,40 +230,6 @@ $(document).ready(function () { return false; }); - $('button:button[name="submitDecryptAll"]').click(function () { - var privateKeyPassword = $('#decryptAll input:password[id="privateKeyPassword"]').val(); - $('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", true); - $('#decryptAll input:password[name="privateKeyPassword"]').prop("disabled", true); - OC.Encryption.decryptAll(privateKeyPassword); - }); - - - $('button:button[name="submitRestoreKeys"]').click(function () { - $('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", true); - $('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", true); - OC.Encryption.restoreKeys(); - }); - - $('button:button[name="submitDeleteKeys"]').click(function () { - $('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", true); - $('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", true); - OC.Encryption.deleteKeys(); - }); - - $('#decryptAll input:password[name="privateKeyPassword"]').keyup(function (event) { - var privateKeyPassword = $('#decryptAll input:password[id="privateKeyPassword"]').val(); - if (privateKeyPassword !== '') { - $('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", false); - if (event.which === 13) { - $('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", true); - $('#decryptAll input:password[name="privateKeyPassword"]').prop("disabled", true); - OC.Encryption.decryptAll(privateKeyPassword); - } - } else { - $('#decryptAll button:button[name="submitDecryptAll"]').prop("disabled", true); - } - }); - var uploadparms = { done: function (e, data) { avatarResponseHandler(data.result); @@ -380,47 +346,6 @@ $(document).ready(function () { }); OC.Encryption = { - decryptAll: function (password) { - var message = t('settings', 'Decrypting files... Please wait, this can take some time.'); - OC.Encryption.msg.start('#decryptAll .msg', message); - $.post('ajax/decryptall.php', {password: password}, function (data) { - if (data.status === "error") { - OC.Encryption.msg.finished('#decryptAll .msg', data); - $('#decryptAll input:password[name="privateKeyPassword"]').prop("disabled", false); - } else { - OC.Encryption.msg.finished('#decryptAll .msg', data); - } - $('#restoreBackupKeys').removeClass('hidden'); - }); - }, - - deleteKeys: function () { - var message = t('settings', 'Delete encryption keys permanently.'); - OC.Encryption.msg.start('#restoreBackupKeys .msg', message); - $.post('ajax/deletekeys.php', null, function (data) { - if (data.status === "error") { - OC.Encryption.msg.finished('#restoreBackupKeys .msg', data); - $('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", false); - $('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", false); - } else { - OC.Encryption.msg.finished('#restoreBackupKeys .msg', data); - } - }); - }, - - restoreKeys: function () { - var message = t('settings', 'Restore encryption keys.'); - OC.Encryption.msg.start('#restoreBackupKeys .msg', message); - $.post('ajax/restorekeys.php', {}, function (data) { - if (data.status === "error") { - OC.Encryption.msg.finished('#restoreBackupKeys .msg', data); - $('#restoreBackupKeys button:button[name="submitDeleteKeys"]').prop("disabled", false); - $('#restoreBackupKeys button:button[name="submitRestoreKeys"]').prop("disabled", false); - } else { - OC.Encryption.msg.finished('#restoreBackupKeys .msg', data); - } - }); - } }; OC.Encryption.msg = { diff --git a/settings/personal.php b/settings/personal.php index e4d278d4f28..12b320ac001 100644 --- a/settings/personal.php +++ b/settings/personal.php @@ -59,11 +59,6 @@ $email=$config->getUserValue(OC_User::getUser(), 'settings', 'email', ''); $userLang=$config->getUserValue( OC_User::getUser(), 'core', 'lang', OC_L10N::findLanguage() ); $languageCodes=OC_L10N::findAvailableLanguages(); -//check if encryption was enabled in the past -$filesStillEncrypted = OC_Util::encryptedFiles(); -$backupKeysExists = OC_Util::backupKeysExists(); -$enableDecryptAll = $filesStillEncrypted || $backupKeysExists; - // array of common languages $commonlangcodes = array( 'en', 'es', 'fr', 'de', 'de_DE', 'ja', 'ar', 'ru', 'nl', 'it', 'pt_BR', 'pt_PT', 'da', 'fi_FI', 'nb_NO', 'sv', 'tr', 'zh_CN', 'ko' @@ -120,9 +115,6 @@ $tmpl->assign('activelanguage', $userLang); $tmpl->assign('passwordChangeSupported', OC_User::canUserChangePassword(OC_User::getUser())); $tmpl->assign('displayNameChangeSupported', OC_User::canUserChangeDisplayName(OC_User::getUser())); $tmpl->assign('displayName', OC_User::getDisplayName()); -$tmpl->assign('enableDecryptAll' , $enableDecryptAll); -$tmpl->assign('backupKeysExists' , $backupKeysExists); -$tmpl->assign('filesStillEncrypted' , $filesStillEncrypted); $tmpl->assign('enableAvatars', $config->getSystemValue('enable_avatars', true)); $tmpl->assign('avatarChangeSupported', OC_User::canUserChangeAvatar(OC_User::getUser())); $tmpl->assign('certs', $certificateManager->listCertificates()); @@ -163,9 +155,6 @@ $formsAndMore = array_merge($formsAndMore, $formsMap); // add bottom hardcoded forms from the template $formsAndMore[]= array( 'anchor' => 'ssl-root-certificates', 'section-name' => $l->t('SSL root certificates') ); -if($enableDecryptAll) { - $formsAndMore[]= array( 'anchor' => 'encryption', 'section-name' => $l->t('Encryption') ); -} $tmpl->assign('forms', $formsAndMore); $tmpl->printPage(); diff --git a/settings/routes.php b/settings/routes.php index 5a069e5a1c6..af9ac1d8eea 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -89,12 +89,6 @@ $this->create('settings_personal_changepassword', '/settings/personal/changepass ->action('OC\Settings\ChangePassword\Controller', 'changePersonalPassword'); $this->create('settings_ajax_setlanguage', '/settings/ajax/setlanguage.php') ->actionInclude('settings/ajax/setlanguage.php'); -$this->create('settings_ajax_decryptall', '/settings/ajax/decryptall.php') - ->actionInclude('settings/ajax/decryptall.php'); -$this->create('settings_ajax_restorekeys', '/settings/ajax/restorekeys.php') - ->actionInclude('settings/ajax/restorekeys.php'); -$this->create('settings_ajax_deletekeys', '/settings/ajax/deletekeys.php') - ->actionInclude('settings/ajax/deletekeys.php'); $this->create('settings_cert_post', '/settings/ajax/addRootCertificate') ->actionInclude('settings/ajax/addRootCertificate.php'); $this->create('settings_cert_remove', '/settings/ajax/removeRootCertificate') diff --git a/settings/templates/personal.php b/settings/templates/personal.php index 2a0b4bb0dc4..dfdc6191805 100644 --- a/settings/templates/personal.php +++ b/settings/templates/personal.php @@ -242,58 +242,6 @@ if($_['passwordChangeSupported']) { - -
- -

- t( 'Encryption' ) ); ?> -

- - - -
- t( "The encryption app is no longer enabled, please decrypt all your files" )); ?> -

- - -
- - -

-
-
- - -
> - - t( "Your encryption keys are moved to a backup location. If something went wrong you can restore the keys. Only delete them permanently if you are sure that all files are decrypted correctly." )); ?> -

- - - - -

-
- -
- - -
- -

t('Version'));?>

getTitle()); ?>
-- cgit v1.2.3 From bd933b1c85dff950e83591a6245ba2e15db33caf Mon Sep 17 00:00:00 2001 From: Thomas Müller Date: Tue, 31 Mar 2015 14:50:31 +0200 Subject: Adding app icon and fixing admin setting --- apps/encryption/img/app.svg | 51 +++++++++++++++++++ apps/encryption/templates/settings-personal.php | 6 +-- apps/encryption_dummy/img/app.svg | 51 +++++++++++++++++++ settings/admin.php | 12 +++-- settings/templates/admin.php | 67 ------------------------- 5 files changed, 112 insertions(+), 75 deletions(-) create mode 100644 apps/encryption/img/app.svg create mode 100644 apps/encryption_dummy/img/app.svg (limited to 'settings') diff --git a/apps/encryption/img/app.svg b/apps/encryption/img/app.svg new file mode 100644 index 00000000000..1157c71c66e --- /dev/null +++ b/apps/encryption/img/app.svg @@ -0,0 +1,51 @@ + +image/svg+xml \ No newline at end of file diff --git a/apps/encryption/templates/settings-personal.php b/apps/encryption/templates/settings-personal.php index b7aa0239eea..cefd6f4ad5c 100644 --- a/apps/encryption/templates/settings-personal.php +++ b/apps/encryption/templates/settings-personal.php @@ -5,11 +5,11 @@

t('ownCloud basic encryption module')); ?>

- + t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?> - +

- +

diff --git a/apps/encryption_dummy/img/app.svg b/apps/encryption_dummy/img/app.svg new file mode 100644 index 00000000000..1157c71c66e --- /dev/null +++ b/apps/encryption_dummy/img/app.svg @@ -0,0 +1,51 @@ + +image/svg+xml \ No newline at end of file diff --git a/settings/admin.php b/settings/admin.php index 95afaf1ac0a..976d0a5c3f1 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -159,6 +159,7 @@ foreach ($forms as $index => $form) { if ($filesExternal) { $formsAndMore[] = array('anchor' => 'files_external', 'section-name' => $l->t('External Storage')); } + $template->assign('fileSharingSettings', $fileSharingSettings); $template->assign('filesExternal', $filesExternal); $template->assign('updaterAppPanel', $updaterAppPanel); @@ -184,12 +185,13 @@ $formsMap = array_map(function ($form) { $formsAndMore = array_merge($formsAndMore, $formsMap); // add bottom hardcoded forms from the template -$formsAndMore[] = array('anchor' => 'backgroundjobs', 'section-name' => $l->t('Cron')); -$formsAndMore[] = array('anchor' => 'mail_general_settings', 'section-name' => $l->t('Email Server')); -$formsAndMore[] = array('anchor' => 'log-section', 'section-name' => $l->t('Log')); -$formsAndMore[] = array('anchor' => 'admin-tips', 'section-name' => $l->t('Tips & tricks')); +$formsAndMore[] = ['anchor' => 'encryptionAPI', 'section-name' => $l->t('Server Side Encryption')]; +$formsAndMore[] = ['anchor' => 'backgroundjobs', 'section-name' => $l->t('Cron')]; +$formsAndMore[] = ['anchor' => 'mail_general_settings', 'section-name' => $l->t('Email Server')]; +$formsAndMore[] = ['anchor' => 'log-section', 'section-name' => $l->t('Log')]; +$formsAndMore[] = ['anchor' => 'admin-tips', 'section-name' => $l->t('Tips & tricks')]; if ($updaterAppPanel) { - $formsAndMore[] = array('anchor' => 'updater', 'section-name' => $l->t('Updates')); + $formsAndMore[] = ['anchor' => 'updater', 'section-name' => $l->t('Updates')]; } $template->assign('forms', $formsAndMore); diff --git a/settings/templates/admin.php b/settings/templates/admin.php index 1b0ed66563e..1b8ab0e3819 100644 --- a/settings/templates/admin.php +++ b/settings/templates/admin.php @@ -295,73 +295,6 @@ if ($_['cronErrors']) {

-
-

t('Sharing'));?>

-

- /> -
-

-

- /> -
-

- -

- /> -
- - /> -
- - /> -
- - /> -
- -

-

- t( 'Expire after ' )); ?> - ' /> - t( 'days' )); ?> - /> -
-

-

- /> -
-

-

- /> -
-

-

- /> -
-

-

- /> -
-

-

- -
- t('These groups will still be able to receive shares, but not to initiate them.')); ?> -

-
-

t('Server Side Encryption'));?>

-- cgit v1.2.3 From a057108c0c1ec77b6f61f6f387c0714c84653254 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Wed, 1 Apr 2015 14:24:56 +0200 Subject: make recovery key work --- apps/encryption/appinfo/application.php | 1 + apps/encryption/controller/recoverycontroller.php | 3 + apps/encryption/hooks/userhooks.php | 23 ++++-- apps/encryption/lib/keymanager.php | 14 +++- apps/encryption/lib/recovery.php | 95 ++++++++++++----------- settings/changepassword/controller.php | 37 +++++++-- settings/users.php | 4 +- 7 files changed, 116 insertions(+), 61 deletions(-) (limited to 'settings') diff --git a/apps/encryption/appinfo/application.php b/apps/encryption/appinfo/application.php index 955146f7182..0d1bd0d6bed 100644 --- a/apps/encryption/appinfo/application.php +++ b/apps/encryption/appinfo/application.php @@ -75,6 +75,7 @@ class Application extends \OCP\AppFramework\App { $server->getUserSession(), $container->query('Util'), new \OCA\Encryption\Session($server->getSession()), + $container->query('Crypt'), $container->query('Recovery')) ]); diff --git a/apps/encryption/controller/recoverycontroller.php b/apps/encryption/controller/recoverycontroller.php index d115feb8e39..24d7f5a06ed 100644 --- a/apps/encryption/controller/recoverycontroller.php +++ b/apps/encryption/controller/recoverycontroller.php @@ -142,6 +142,9 @@ class RecoveryController extends Controller { } } + /** + * @NoAdminRequired + */ public function userSetRecovery($userEnableRecovery) { if ($userEnableRecovery === '0' || $userEnableRecovery === '1') { diff --git a/apps/encryption/hooks/userhooks.php b/apps/encryption/hooks/userhooks.php index 330d8a873ba..3b56135c36b 100644 --- a/apps/encryption/hooks/userhooks.php +++ b/apps/encryption/hooks/userhooks.php @@ -25,6 +25,7 @@ namespace OCA\Encryption\Hooks; use OCP\Util as OCUtil; use OCA\Encryption\Hooks\Contracts\IHook; use OCA\Encryption\KeyManager; +use OCA\Encryption\Crypto\Crypt; use OCA\Encryption\Users\Setup; use OCP\App; use OCP\ILogger; @@ -62,6 +63,10 @@ class UserHooks implements IHook { * @var Recovery */ private $recovery; + /** + * @var Crypt + */ + private $crypt; /** * UserHooks constructor. @@ -72,6 +77,7 @@ class UserHooks implements IHook { * @param IUserSession $user * @param Util $util * @param Session $session + * @param Crypt $crypt * @param Recovery $recovery */ public function __construct(KeyManager $keyManager, @@ -80,6 +86,7 @@ class UserHooks implements IHook { IUserSession $user, Util $util, Session $session, + Crypt $crypt, Recovery $recovery) { $this->keyManager = $keyManager; @@ -89,6 +96,7 @@ class UserHooks implements IHook { $this->util = $util; $this->session = $session; $this->recovery = $recovery; + $this->crypt = $crypt; } /** @@ -214,7 +222,7 @@ class UserHooks implements IHook { // Save private key if ($encryptedPrivateKey) { - $this->setPrivateKey($this->user->getUser()->getUID(), + $this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $encryptedPrivateKey); } else { $this->log->error('Encryption could not update users encryption password'); @@ -231,28 +239,31 @@ class UserHooks implements IHook { // ...we have a recovery password and the user enabled the recovery key // ...encryption was activated for the first time (no keys exists) // ...the user doesn't have any files - if (($util->recoveryEnabledForUser() && $recoveryPassword) || !$this->userHasKeys($user) || !$util->userHasFiles($user) + if ( + ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword) + || !$this->keyManager->userHasKeys($user) + || !$this->util->userHasFiles($user) ) { // backup old keys - $this->backupAllKeys('recovery'); + //$this->backupAllKeys('recovery'); $newUserPassword = $params['password']; $keyPair = $this->crypt->createKeyPair(); // Save public key - $this->setPublicKey($user, $keyPair['publicKey']); + $this->keyManager->setPublicKey($user, $keyPair['publicKey']); // Encrypt private key with new password $encryptedKey = $this->crypt->symmetricEncryptFileContent($keyPair['privateKey'], $newUserPassword); if ($encryptedKey) { - $this->setPrivateKey($user, $encryptedKey); + $this->keyManager->setPrivateKey($user, $encryptedKey); if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files - $this->recovery->recoverUsersFiles($recoveryPassword); + $this->recovery->recoverUsersFiles($recoveryPassword, $user); } } else { $this->log->error('Encryption Could not update users encryption password'); diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index f3f96b9ef21..4c5cb1365ea 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -206,7 +206,6 @@ class KeyManager { if ($encryptedKey) { $this->setPrivateKey($uid, $encryptedKey); - $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0); return true; } return false; @@ -355,6 +354,19 @@ class KeyManager { throw new FileKeyMissingException(); } + /** + * get the encrypted file key + * + * @param $path + * @return string + */ + public function getEncryptedFileKey($path) { + $encryptedFileKey = $this->keyStorage->getFileKey($path, + $this->fileKeyId); + + return $encryptedFileKey; + } + /** * delete share key * diff --git a/apps/encryption/lib/recovery.php b/apps/encryption/lib/recovery.php index 4201b829ec9..34acdd0a6e3 100644 --- a/apps/encryption/lib/recovery.php +++ b/apps/encryption/lib/recovery.php @@ -156,10 +156,15 @@ class Recovery { } /** + * check if recovery is enabled for user + * + * @param string $user if no user is given we check the current logged-in user + * * @return bool */ - public function recoveryEnabledForUser() { - $recoveryMode = $this->config->getUserValue($this->user->getUID(), + public function isRecoveryEnabledForUser($user = '') { + $uid = empty($user) ? $this->user->getUID() : $user; + $recoveryMode = $this->config->getUserValue($uid, 'encryption', 'recoveryEnabled', 0); @@ -167,6 +172,17 @@ class Recovery { return ($recoveryMode === '1'); } + /** + * check if recovery is key is enabled by the administrator + * + * @return bool + */ + public function isRecoveryKeyEnabled() { + $enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0); + + return ($enabled === '1'); + } + /** * @param string $value * @return bool @@ -234,15 +250,18 @@ class Recovery { } /** - * @param $recoveryPassword + * recover users files with the recovery key + * + * @param string $recoveryPassword + * @param string $user */ - public function recoverUsersFiles($recoveryPassword) { - $encryptedKey = $this->keyManager->getSystemPrivateKey(); + public function recoverUsersFiles($recoveryPassword, $user) { + $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId()); $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword); - $this->recoverAllFiles('/', $privateKey); + $this->recoverAllFiles('/' . $user . '/files/', $privateKey); } /** @@ -250,12 +269,12 @@ class Recovery { * @param $privateKey */ private function recoverAllFiles($path, $privateKey) { - $dirContent = $this->files->getDirectoryContent($path); + $dirContent = $this->view->getDirectoryContent($path); foreach ($dirContent as $item) { // Get relative path from encryption/keyfiles - $filePath = substr($item['path'], strlen('encryption/keys')); - if ($this->files->is_dir($this->user->getUID() . '/files' . '/' . $filePath)) { + $filePath = $item->getPath(); + if ($this->view->is_dir($filePath)) { $this->recoverAllFiles($filePath . '/', $privateKey); } else { $this->recoverFile($filePath, $privateKey); @@ -265,50 +284,32 @@ class Recovery { } /** - * @param $filePath - * @param $privateKey + * @param string $path + * @param string $privateKey */ - private function recoverFile($filePath, $privateKey) { - $sharingEnabled = Share::isEnabled(); - $uid = $this->user->getUID(); - - // Find out who, if anyone, is sharing the file - if ($sharingEnabled) { - $result = Share::getUsersSharingFile($filePath, - $uid, - true); - $userIds = $result['users']; - $userIds[] = 'public'; - } else { - $userIds = [ - $uid, - $this->recoveryKeyId - ]; + private function recoverFile($path, $privateKey) { + $encryptedFileKey = $this->keyManager->getEncryptedFileKey($path); + $shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId()); + + if ($encryptedFileKey && $shareKey && $privateKey) { + $fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey, + $shareKey, + $privateKey); } - $filteredUids = $this->filterShareReadyUsers($userIds); - // Decrypt file key - $encKeyFile = $this->keyManager->getFileKey($filePath, - $uid); - - $shareKey = $this->keyManager->getShareKey($filePath, - $uid); - - $plainKeyFile = $this->crypt->multiKeyDecrypt($encKeyFile, - $shareKey, - $privateKey); + if (!empty($fileKey)) { + $accessList = $this->file->getAccessList($path); + $publicKeys = array(); + foreach ($accessList['users'] as $uid) { + $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); + } - // Encrypt the file key again to all users, this time with the new publick keyt for the recovered user - $userPublicKeys = $this->keyManager->getPublicKeys($filteredUids['ready']); - $multiEncryptionKey = $this->crypt->multiKeyEncrypt($plainKeyFile, - $userPublicKeys); + $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys); - $this->keyManager->setFileKey($multiEncryptionKey['data'], - $uid); + $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys); + $this->keyManager->setAllFileKeys($path, $encryptedKeyfiles); + } - $this->keyManager->setShareKey($filePath, - $uid, - $multiEncryptionKey['keys']); } diff --git a/settings/changepassword/controller.php b/settings/changepassword/controller.php index 1be30b725df..f041cb5b29f 100644 --- a/settings/changepassword/controller.php +++ b/settings/changepassword/controller.php @@ -77,16 +77,43 @@ class Controller { exit(); } - if (\OC_App::isEnabled('files_encryption')) { + if (\OC_App::isEnabled('encryption')) { //handle the recovery case - $util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), $username); - $recoveryAdminEnabled = \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); + $crypt = new \OCA\Encryption\Crypto\Crypt( + \OC::$server->getLogger(), + \OC::$server->getUserSession(), + \OC::$server->getConfig()); + $keyStorage = \OC::$server->getEncryptionKeyStorage(\OCA\Encryption\Crypto\Encryption::ID); + $util = new \OCA\Encryption\Util( + new \OC\Files\View(), + $crypt, + \OC::$server->getLogger(), + \OC::$server->getUserSession(), + \OC::$server->getConfig()); + $keyManager = new \OCA\Encryption\KeyManager( + $keyStorage, + $crypt, + \OC::$server->getConfig(), + \OC::$server->getUserSession(), + new \OCA\Encryption\Session(\OC::$server->getSession()), + \OC::$server->getLogger(), + $util); + $recovery = new \OCA\Encryption\Recovery( + \OC::$server->getUserSession(), + $crypt, + \OC::$server->getSecureRandom(), + $keyManager, + \OC::$server->getConfig(), + $keyStorage, + \OC::$server->getEncryptionFilesHelper(), + new \OC\Files\View()); + $recoveryAdminEnabled = $recovery->isRecoveryKeyEnabled(); $validRecoveryPassword = false; $recoveryEnabledForUser = false; if ($recoveryAdminEnabled) { - $validRecoveryPassword = $util->checkRecoveryPassword($recoveryPassword); - $recoveryEnabledForUser = $util->recoveryEnabledForUser(); + $validRecoveryPassword = $keyManager->checkRecoveryPassword($recoveryPassword); + $recoveryEnabledForUser = $recovery->isRecoveryEnabledForUser(); } if ($recoveryEnabledForUser && $recoveryPassword === '') { diff --git a/settings/users.php b/settings/users.php index 08498edec29..0fc9fbeafc2 100644 --- a/settings/users.php +++ b/settings/users.php @@ -45,8 +45,8 @@ $groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager $groupsInfo->setSorting($groupsInfo::SORT_USERCOUNT); list($adminGroup, $groups) = $groupsInfo->get(); -$recoveryAdminEnabled = OC_App::isEnabled('files_encryption') && - $config->getAppValue( 'files_encryption', 'recoveryAdminEnabled', null ); +$recoveryAdminEnabled = OC_App::isEnabled('encryption') && + $config->getAppValue( 'encryption', 'recoveryAdminEnabled', null ); if($isAdmin) { $subadmins = OC_SubAdmin::getAllSubAdmins(); -- cgit v1.2.3