/**
* @dataProvider userSetRecoveryProvider
* @param $enableRecovery
* @param $expectedMessage
* @param $expectedStatus
*/
public function testUserSetRecovery($enableRecovery, $expectedMessage, $expectedStatus)
{
$this->recoveryMock->expects($this->any())->method('setRecoveryForUser')->with($enableRecovery)->will($this->returnValueMap([['1', true], ['0', false]]));
$response = $this->controller->userSetRecovery($enableRecovery);
$this->assertEquals($expectedMessage, $response->getData()['data']['message']);
$this->assertEquals($expectedStatus, $response->getStatus());
}
public function testRecoverUserFiles()
{
$this->viewMock->expects($this->once())->method('getDirectoryContent')->willReturn([]);
$this->cryptMock->expects($this->once())->method('decryptPrivateKey');
$this->instance->recoverUsersFiles('password', 'admin');
$this->assertTrue(true);
}
/**
* @NoAdminRequired
*
* @param string $userEnableRecovery
* @return DataResponse
*/
public function userSetRecovery($userEnableRecovery)
{
if ($userEnableRecovery === '0' || $userEnableRecovery === '1') {
$result = $this->recovery->setRecoveryForUser($userEnableRecovery);
if ($result) {
return new DataResponse(array('status' => 'success', 'data' => array('message' => (string) $this->l->t('Recovery Key enabled'))));
} else {
return new DataResponse(array('data' => array('message' => (string) $this->l->t('Could not enable the recovery key, please try again or contact your administrator'))));
}
}
}
/**
* @NoAdminRequired
*
* @param string $userEnableRecovery
* @return DataResponse
*/
public function userSetRecovery($userEnableRecovery)
{
if ($userEnableRecovery === '0' || $userEnableRecovery === '1') {
$result = $this->recovery->setRecoveryForUser($userEnableRecovery);
if ($result) {
if ($userEnableRecovery === '0') {
return new DataResponse(['data' => ['message' => (string) $this->l->t('Recovery Key disabled')]]);
}
return new DataResponse(['data' => ['message' => (string) $this->l->t('Recovery Key enabled')]]);
}
}
return new DataResponse(['data' => ['message' => (string) $this->l->t('Could not enable the recovery key, please try again or contact your administrator')]], Http::STATUS_BAD_REQUEST);
}
/**
* Change a user's encryption passphrase
*
* @param array $params keys: uid, password
* @return boolean|null
*/
public function setPassphrase($params)
{
// Get existing decrypted private key
$privateKey = $this->session->getPrivateKey();
$user = $this->user->getUser();
// current logged in user changes his own password
if ($user && $params['uid'] === $user->getUID() && $privateKey) {
// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
// Save private key
if ($encryptedPrivateKey) {
$this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->crypt->generateHeader() . $encryptedPrivateKey);
} else {
$this->logger->error('Encryption could not update users encryption password');
}
// NOTE: Session does not need to be updated as the
// private key has not changed, only the passphrase
// used to decrypt it has changed
} else {
// admin changed the password for a different user, create new keys and re-encrypt file keys
$user = $params['uid'];
$this->initMountPoints($user);
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
// we generate new keys if...
// ...we have a recovery password and the user enabled the recovery key
// ...encryption was activated for the first time (no keys exists)
// ...the user doesn't have any files
if ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword || !$this->keyManager->userHasKeys($user) || !$this->util->userHasFiles($user)) {
// backup old keys
//$this->backupAllKeys('recovery');
$newUserPassword = $params['password'];
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyManager->setPublicKey($user, $keyPair['publicKey']);
// Encrypt private key with new password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
if ($encryptedKey) {
$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
if ($recoveryPassword) {
// if recovery key is set we can re-encrypt the key files
$this->recovery->recoverUsersFiles($recoveryPassword, $user);
}
} else {
$this->logger->error('Encryption Could not update users encryption password');
}
}
}
}
