/**
* @NoAdminRequired
* @UseSession
*
* @param string $oldPassword
* @param string $newPassword
* @return DataResponse
*/
public function updatePrivateKeyPassword($oldPassword, $newPassword)
{
$result = false;
$uid = $this->userSession->getUser()->getUID();
$errorMessage = $this->l->t('Could not update the private key password.');
//check if password is correct
$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($decryptedKey, $newPassword);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
$this->session->setPrivateKey($decryptedKey);
$result = true;
}
} else {
$errorMessage = $this->l->t('The old password was not correct, please try again.');
}
} else {
$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
}
if ($result === true) {
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]);
} else {
return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST);
}
}
/**
* get the private key which will be used to decrypt all files
*
* @param string $user
* @param string $password
* @return bool|string
* @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
*/
protected function getPrivateKey($user, $password)
{
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if ($user === $recoveryKeyId) {
$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
} else {
$userKey = $this->keyManager->getPrivateKey($user);
$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
}
return $privateKey;
}
/**
* @NoAdminRequired
* @UseSession
*
* @param string $oldPassword
* @param string $newPassword
* @return DataResponse
*/
public function updatePrivateKeyPassword($oldPassword, $newPassword)
{
$result = false;
$uid = $this->userSession->getUser()->getUID();
$errorMessage = $this->l->t('Could not update the private key password.');
//check if password is correct
$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
if ($passwordCorrect === false) {
// if check with uid fails we need to check the password with the login name
// e.g. in the ldap case. For local user we need to check the password with
// the uid because in this case the login name is case insensitive
$loginName = $this->ocSession->get('loginname');
$passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword);
}
if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid);
if ($decryptedKey) {
$encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
$this->session->setPrivateKey($decryptedKey);
$result = true;
}
} else {
$errorMessage = $this->l->t('The old password was not correct, please try again.');
}
} else {
$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
}
if ($result === true) {
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]);
} else {
return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST);
}
}
public function testGetPrivateKey()
{
$this->keyStorageMock->expects($this->any())->method('getUserKey')->with($this->equalTo($this->userId), $this->equalTo('privateKey'))->willReturn('privateKey');
$this->assertSame('privateKey', $this->instance->getPrivateKey($this->userId));
}
