/**
* @brief replacing encryption keys during password change should be allowed
* until the user logged in for the first time
*/
public function testSetPassphrase()
{
$view = new \OC\Files\View();
// set user password for the first time
\OC_User::createUser(self::TEST_ENCRYPTION_HOOKS_USER3, 'newUserPassword');
\OCA\Files_Encryption\Hooks::postCreateUser(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'newUserPassword'));
$this->assertTrue($view->file_exists(\OCA\Files_Encryption\Keymanager::getPublicKeyPath() . '/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.publicKey'));
$this->assertTrue($view->file_exists(self::TEST_ENCRYPTION_HOOKS_USER3 . '/files_encryption/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '.privateKey'));
// check if we are able to decrypt the private key
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'newUserPassword');
$this->assertTrue(is_string($privateKey));
// change the password before the user logged-in for the first time,
// we can replace the encryption keys
\OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged'));
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
$this->assertTrue(is_string($privateKey));
// now create a files folder to simulate a already used account
$view->mkdir('/' . self::TEST_ENCRYPTION_HOOKS_USER3 . '/files');
// change the password after the user logged in, now the password should not change
\OCA\Files_Encryption\Hooks::setPassphrase(array('uid' => self::TEST_ENCRYPTION_HOOKS_USER3, 'password' => 'passwordChanged2'));
$encryptedKey = \OCA\Files_Encryption\Keymanager::getPrivateKey($view, self::TEST_ENCRYPTION_HOOKS_USER3);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged2');
$this->assertFalse($privateKey);
$privateKey = \OCA\Files_Encryption\Crypt::decryptPrivateKey($encryptedKey, 'passwordChanged');
$this->assertTrue(is_string($privateKey));
}
/**
* @large
*/
function testRecoveryForUser()
{
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
$result = \OCA\Files_Encryption\Helper::adminEnableRecovery(null, 'test123');
$this->assertTrue($result);
$recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryKeyId');
// login as user2
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2);
$util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), self::TEST_ENCRYPTION_SHARE_USER2);
// enable recovery for admin
$this->assertTrue($util->setRecoveryForUser(1));
// add recovery keys for existing files (e.g. the auto-generated welcome.txt)
$util->addRecoveryKeys();
// create folder structure
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1);
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder);
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder);
// save file with content
$cryptedFile1 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename, $this->dataShort);
$cryptedFile2 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort);
// test that data was successfully written
$this->assertInternalType('int', $cryptedFile1);
$this->assertInternalType('int', $cryptedFile2);
// check if share key for user and recovery exists
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
// change password
\OC_User::setPassword(self::TEST_ENCRYPTION_SHARE_USER2, 'test', 'test123');
$params = array('uid' => self::TEST_ENCRYPTION_SHARE_USER2, 'password' => 'test', 'recoveryPassword' => 'test123');
\OCA\Files_Encryption\Hooks::setPassphrase($params);
// login as user2
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2, false, 'test');
// get file contents
$retrievedCryptedFile1 = file_get_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename);
$retrievedCryptedFile2 = file_get_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
// check if data is the same as we previously written
$this->assertEquals($this->dataShort, $retrievedCryptedFile1);
$this->assertEquals($this->dataShort, $retrievedCryptedFile2);
// cleanup
$this->view->chroot('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/');
$this->view->unlink($this->folder1);
$this->view->unlink($this->filename);
$this->view->chroot('/');
// check if share key for user and recovery exists
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// enable recovery for admin
$this->assertTrue($util->setRecoveryForUser(0));
\OCA\Files_Encryption\Helper::adminDisableRecovery('test123');
$this->assertEquals(0, \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled'));
//clean up, reset passwords
\OC_User::setPassword(self::TEST_ENCRYPTION_SHARE_USER2, self::TEST_ENCRYPTION_SHARE_USER2, 'test123');
$params = array('uid' => self::TEST_ENCRYPTION_SHARE_USER2, 'password' => self::TEST_ENCRYPTION_SHARE_USER2, 'recoveryPassword' => 'test123');
\OCA\Files_Encryption\Hooks::setPassphrase($params);
}
