/**
* prepare encryption module to decrypt all files
*
* @param InputInterface $input
* @param OutputInterface $output
* @param $user
* @return bool
*/
public function prepare(InputInterface $input, OutputInterface $output, $user)
{
$question = new Question('Please enter the recovery key password: '******'Do you want to use the users login password to decrypt all files? (y/n) ', false);
$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
if ($useLoginPassword) {
$question = new Question('Please enter the users login password: '******'No recovery key available for user ' . $user);
return false;
} else {
$user = $recoveryKeyId;
}
}
} else {
$user = $recoveryKeyId;
}
$question->setHidden(true);
$question->setHiddenFallback(false);
$password = $this->questionHelper->ask($input, $output, $question);
$privateKey = $this->getPrivateKey($user, $password);
if ($privateKey !== false) {
$this->updateSession($user, $privateKey);
return true;
} else {
$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
}
return false;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$isAlreadyEnabled = $this->util->isMasterKeyEnabled();
if ($isAlreadyEnabled) {
$output->writeln('Master key already enabled');
} else {
$question = new ConfirmationQuestion('Warning: Only available for fresh installations with no existing encrypted data! ' . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
if ($this->questionHelper->ask($input, $output, $question)) {
$this->config->setAppValue('encryption', 'useMasterKey', '1');
$output->writeln('Master key successfully enabled.');
} else {
$output->writeln('aborted.');
}
}
}
public function testGetStorage()
{
$path = '/foo/bar.txt';
$this->filesMock->expects($this->once())->method('getMount')->with($path)->willReturn($this->mountMock);
$this->mountMock->expects($this->once())->method('getStorage')->willReturn(true);
$this->assertTrue($this->instance->getStorage($path));
}
public function testGetStorage()
{
$return = $this->getMockBuilder('OC\\Files\\Storage\\Storage')->disableOriginalConstructor()->getMock();
$path = '/foo/bar.txt';
$this->filesMock->expects($this->once())->method('getMount')->with($path)->willReturn($this->mountMock);
$this->mountMock->expects($this->once())->method('getStorage')->willReturn($return);
$this->assertEquals($return, $this->instance->getStorage($path));
}
/**
* by default the encryption module should encrypt regular files, files in
* files_versions and files in files_trashbin
*
* @dataProvider dataTestShouldEncrypt
*/
public function testShouldEncrypt($path, $shouldEncryptHomeStorage, $isHomeStorage, $expected)
{
$this->utilMock->expects($this->once())->method('shouldEncryptHomeStorage')->willReturn($shouldEncryptHomeStorage);
if ($shouldEncryptHomeStorage === false) {
$this->storageMock->expects($this->once())->method('instanceOfStorage')->with('\\OCP\\Files\\IHomeStorage')->willReturn($isHomeStorage);
$this->utilMock->expects($this->once())->method('getStorage')->with($path)->willReturn($this->storageMock);
}
$this->assertSame($expected, $this->instance->shouldEncrypt($path));
}
/**
* prepare encryption module to decrypt all files
*
* @param InputInterface $input
* @param OutputInterface $output
* @param $user
* @return bool
*/
public function prepare(InputInterface $input, OutputInterface $output, $user)
{
$question = new Question('Please enter the recovery key password: '******'Use master key to decrypt all files');
$user = $this->keyManager->getMasterKeyId();
$password = $this->keyManager->getMasterKeyPassword();
} else {
$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
if (!empty($user)) {
$output->writeln('You can only decrypt the users files if you know');
$output->writeln('the users password or if he activated the recovery key.');
$output->writeln('');
$questionUseLoginPassword = new ConfirmationQuestion('Do you want to use the users login password to decrypt all files? (y/n) ', false);
$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
if ($useLoginPassword) {
$question = new Question('Please enter the user\'s login password: '******'No recovery key available for user ' . $user);
return false;
} else {
$user = $recoveryKeyId;
}
}
} else {
$output->writeln('You can only decrypt the files of all users if the');
$output->writeln('recovery key is enabled by the admin and activated by the users.');
$output->writeln('');
$user = $recoveryKeyId;
}
$question->setHidden(true);
$question->setHiddenFallback(false);
$password = $this->questionHelper->ask($input, $output, $question);
}
$privateKey = $this->getPrivateKey($user, $password);
if ($privateKey !== false) {
$this->updateSession($user, $privateKey);
return true;
} else {
$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
}
return false;
}
/**
* add system keys such as the public share key and the recovery key
*
* @param array $accessList
* @param array $publicKeys
* @return array
*/
public function addSystemKeys(array $accessList, array $publicKeys)
{
if (!empty($accessList['public'])) {
$publicKeys[$this->keyManager->getPublicShareKeyId()] = $this->keyManager->getPublicShareKey();
}
if ($this->keyManager->recoveryKeyExists() && $this->util->isRecoveryEnabledForUser()) {
$publicKeys[$this->keyManager->getRecoveryKeyId()] = $this->keyManager->getRecoveryKey();
}
return $publicKeys;
}
/**
* add system keys such as the public share key and the recovery key
*
* @param array $accessList
* @param array $publicKeys
* @param string $uid
* @return array
* @throws PublicKeyMissingException
*/
public function addSystemKeys(array $accessList, array $publicKeys, $uid)
{
if (!empty($accessList['public'])) {
$publicShareKey = $this->getPublicShareKey();
if (empty($publicShareKey)) {
throw new PublicKeyMissingException($this->getPublicShareKeyId());
}
$publicKeys[$this->getPublicShareKeyId()] = $publicShareKey;
}
if ($this->recoveryKeyExists() && $this->util->isRecoveryEnabledForUser($uid)) {
$publicKeys[$this->getRecoveryKeyId()] = $this->getRecoveryKey();
}
return $publicKeys;
}
/**
* Change a user's encryption passphrase
*
* @param array $params keys: uid, password
* @return boolean|null
*/
public function setPassphrase($params)
{
// Get existing decrypted private key
$privateKey = $this->session->getPrivateKey();
$user = $this->user->getUser();
// current logged in user changes his own password
if ($user && $params['uid'] === $user->getUID() && $privateKey) {
// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
// Save private key
if ($encryptedPrivateKey) {
$this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->crypt->generateHeader() . $encryptedPrivateKey);
} else {
$this->logger->error('Encryption could not update users encryption password');
}
// NOTE: Session does not need to be updated as the
// private key has not changed, only the passphrase
// used to decrypt it has changed
} else {
// admin changed the password for a different user, create new keys and re-encrypt file keys
$user = $params['uid'];
$this->initMountPoints($user);
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
// we generate new keys if...
// ...we have a recovery password and the user enabled the recovery key
// ...encryption was activated for the first time (no keys exists)
// ...the user doesn't have any files
if ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword || !$this->keyManager->userHasKeys($user) || !$this->util->userHasFiles($user)) {
// backup old keys
//$this->backupAllKeys('recovery');
$newUserPassword = $params['password'];
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyManager->setPublicKey($user, $keyPair['publicKey']);
// Encrypt private key with new password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
if ($encryptedKey) {
$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
if ($recoveryPassword) {
// if recovery key is set we can re-encrypt the key files
$this->recovery->recoverUsersFiles($recoveryPassword, $user);
}
} else {
$this->logger->error('Encryption Could not update users encryption password');
}
}
}
}
/**
* Tests that filterShareReadyUsers() returns the correct list of
* users that are ready or not ready for encryption
*/
public function testFilterShareReadyUsers()
{
$appConfig = \OC::$server->getAppConfig();
$publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId');
$recoveryKeyId = $appConfig->getValue('files_encryption', 'recoveryKeyId');
$usersToTest = array('readyUser', 'notReadyUser', 'nonExistingUser', $publicShareKeyId, $recoveryKeyId);
\Test_Encryption_Util::loginHelper('readyUser', true);
\Test_Encryption_Util::loginHelper('notReadyUser', true);
// delete encryption dir to make it not ready
$this->view->unlink('notReadyUser/files_encryption/');
// login as user1
\Test_Encryption_Util::loginHelper(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_USER1);
$result = $this->util->filterShareReadyUsers($usersToTest);
$this->assertEquals(array('readyUser', $publicShareKeyId, $recoveryKeyId), $result['ready']);
$this->assertEquals(array('notReadyUser', 'nonExistingUser'), $result['unready']);
\OC_User::deleteUser('readyUser');
}
/**
* check if the encryption module is able to read the file,
* e.g. if all encryption keys exists
*
* @param string $path
* @param string $uid user for whom we want to check if he can read the file
* @return bool
* @throws DecryptionFailedException
*/
public function isReadable($path, $uid)
{
$fileKey = $this->keyManager->getFileKey($path, $uid);
if (empty($fileKey)) {
$owner = $this->util->getOwner($path);
if ($owner !== $uid) {
// if it is a shared file we throw a exception with a useful
// error message because in this case it means that the file was
// shared with the user at a point where the user didn't had a
// valid private/public key
$msg = 'Encryption module "' . $this->getDisplayName() . '" is not able to read ' . $path;
$hint = $this->l->t('Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you.');
$this->logger->warning($msg);
throw new DecryptionFailedException($msg, $hint);
}
return false;
}
return true;
}
/**
* iterate over all user and encrypt their files
*/
protected function encryptAllUsersFiles()
{
$this->output->writeln("\n");
$progress = new ProgressBar($this->output);
$progress->setFormat(" %message% \n [%bar%]");
$progress->start();
$numberOfUsers = count($this->userPasswords);
$userNo = 1;
if ($this->util->isMasterKeyEnabled()) {
$this->encryptAllUserFilesWithMasterKey($progress);
} else {
foreach ($this->userPasswords as $uid => $password) {
$userCount = "{$uid} ({$userNo} of {$numberOfUsers})";
$this->encryptUsersFiles($uid, $progress, $userCount);
$userNo++;
}
}
$progress->setMessage("all files encrypted");
$progress->finish();
}
/**
* test add public share key and or recovery key to the list of public keys
*
* @dataProvider dataTestAddSystemKeys
*
* @param array $accessList
* @param array $publicKeys
* @param string $uid
* @param array $expectedKeys
*/
public function testAddSystemKeys($accessList, $publicKeys, $uid, $expectedKeys)
{
$publicShareKeyId = 'publicShareKey';
$recoveryKeyId = 'recoveryKey';
$this->keyStorageMock->expects($this->any())->method('getSystemUserKey')->willReturnCallback(function ($keyId, $encryptionModuleId) {
return $keyId;
});
$this->utilMock->expects($this->any())->method('isRecoveryEnabledForUser')->willReturnCallback(function ($uid) {
if ($uid === 'user1') {
return true;
}
return false;
});
// set key IDs
self::invokePrivate($this->instance, 'publicShareKeyId', [$publicShareKeyId]);
self::invokePrivate($this->instance, 'recoveryKeyId', [$recoveryKeyId]);
$result = $this->instance->addSystemKeys($accessList, $publicKeys, $uid);
foreach ($expectedKeys as $expected) {
$this->assertArrayHasKey($expected, $result);
}
$this->assertSameSize($expectedKeys, $result);
}
/**
* @brief remember the file which should be deleted and it's owner
* @param array $params
* @return boolean
*/
public static function preDelete($params)
{
$path = $params[\OC\Files\Filesystem::signal_param_path];
// skip this method if the trash bin is enabled or if we delete a file
// outside of /data/user/files
if (\OCP\App::isEnabled('files_trashbin')) {
return true;
}
$util = new Util(new \OC_FilesystemView('/'), \OCP\USER::getUser());
list($owner, $ownerPath) = $util->getUidAndFilename($path);
self::$deleteFiles[$params[\OC\Files\Filesystem::signal_param_path]] = array('uid' => $owner, 'path' => $ownerPath);
}
/**
* Returns whether the given user is ready for encryption.
* Also returns true if the given user is the public user
* or the recovery key user.
*
* @param string $user user to check
*
* @return boolean true if the user is ready, false otherwise
*/
private function isUserReady($user)
{
if ($user === $this->publicShareKeyId || $user === $this->recoveryKeyId) {
return true;
}
try {
$util = new Util($this->view, $user);
return $util->ready();
} catch (NoUserException $e) {
\OCP\Util::writeLog('Encryption library', 'No User object for ' . $user, \OCP\Util::DEBUG);
return false;
}
}
/**
* unmount file from yourself
*/
public static function postUmount($params)
{
if (!isset(self::$umountedFiles[$params[\OC\Files\Filesystem::signal_param_path]])) {
return true;
}
$umountedFile = self::$umountedFiles[$params[\OC\Files\Filesystem::signal_param_path]];
$path = $umountedFile['path'];
$user = $umountedFile['uid'];
$itemType = $umountedFile['itemType'];
$view = new \OC\Files\View();
$util = new Util($view, $user);
// we don't need to remember the file any longer
unset(self::$umountedFiles[$params[\OC\Files\Filesystem::signal_param_path]]);
// if we unshare a folder we need a list of all (sub-)files
if ($itemType === 'folder') {
$allFiles = $util->getAllFiles($path);
} else {
$allFiles = array($path);
}
foreach ($allFiles as $path) {
// check if the user still has access to the file, otherwise delete share key
$sharingUsers = \OCP\Share::getUsersSharingFile($path, $user);
if (!in_array(\OCP\User::getUser(), $sharingUsers['users'])) {
Keymanager::delShareKey($view, array(\OCP\User::getUser()), $path, $user);
}
}
}
/**
* retrieve shareKey for an encrypted file
* @param \OC\Files\View $view
* @param string $userId
* @param \OCA\Encryption\Util $util
* @param string $filePath
* @return string file key or false
* @note The sharekey returned is encrypted. Decryption
* of the keyfile must be performed by client code
*/
public static function getShareKey(\OC\Files\View $view, $userId, $util, $filePath)
{
// try reusing key file if part file
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
list($owner, $filename) = $util->getUidAndFilename($filePath);
$filename = Helper::stripPartialFileExtension($filename);
// in case of system wide mount points the keys are stored directly in the data directory
if ($util->isSystemWideMountPoint($filename)) {
$shareKeyPath = '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
} else {
$shareKeyPath = '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey';
}
if ($view->file_exists($shareKeyPath)) {
$result = $view->file_get_contents($shareKeyPath);
} else {
$result = false;
}
\OC_FileProxy::$enabled = $proxyStatus;
return $result;
}
function testSetEncryptHomeStorage()
{
$value = true;
$this->utilMock->expects($this->once())->method('setEncryptHomeStorage')->with($value);
$this->controller->setEncryptHomeStorage($value);
}
function testDescryptAllWithBrokenFiles()
{
$file1 = "/decryptAll1" . uniqid() . ".txt";
$file2 = "/decryptAll2" . uniqid() . ".txt";
$util = new Encryption\Util($this->view, $this->userId);
$this->view->file_put_contents($this->userId . '/files/' . $file1, $this->dataShort);
$this->view->file_put_contents($this->userId . '/files/' . $file2, $this->dataShort);
$fileInfoEncrypted1 = $this->view->getFileInfo($this->userId . '/files/' . $file1);
$fileInfoEncrypted2 = $this->view->getFileInfo($this->userId . '/files/' . $file2);
$this->assertTrue($fileInfoEncrypted1 instanceof \OC\Files\FileInfo);
$this->assertTrue($fileInfoEncrypted2 instanceof \OC\Files\FileInfo);
$this->assertEquals($fileInfoEncrypted1['encrypted'], 1);
$this->assertEquals($fileInfoEncrypted2['encrypted'], 1);
// rename keyfile for file1 so that the decryption for file1 fails
// Expected behaviour: decryptAll() returns false, file2 gets decrypted anyway
$this->view->rename($this->userId . '/files_encryption/keyfiles/' . $file1 . '.key', $this->userId . '/files_encryption/keyfiles/' . $file1 . '.key.moved');
// decrypt all encrypted files
$result = $util->decryptAll();
$this->assertFalse($result);
$fileInfoUnencrypted1 = $this->view->getFileInfo($this->userId . '/files/' . $file1);
$fileInfoUnencrypted2 = $this->view->getFileInfo($this->userId . '/files/' . $file2);
$this->assertTrue($fileInfoUnencrypted1 instanceof \OC\Files\FileInfo);
$this->assertTrue($fileInfoUnencrypted2 instanceof \OC\Files\FileInfo);
// file1 should be still encrypted; file2 should be decrypted
$this->assertEquals(1, $fileInfoUnencrypted1['encrypted']);
$this->assertEquals(0, $fileInfoUnencrypted2['encrypted']);
// keyfiles and share keys should still exist
$this->assertTrue($this->view->is_dir($this->userId . '/files_encryption/keyfiles/'));
$this->assertTrue($this->view->is_dir($this->userId . '/files_encryption/share-keys/'));
// rename the keyfile for file1 back
$this->view->rename($this->userId . '/files_encryption/keyfiles/' . $file1 . '.key.moved', $this->userId . '/files_encryption/keyfiles/' . $file1 . '.key');
// try again to decrypt all encrypted files
$result = $util->decryptAll();
$this->assertTrue($result);
$fileInfoUnencrypted1 = $this->view->getFileInfo($this->userId . '/files/' . $file1);
$fileInfoUnencrypted2 = $this->view->getFileInfo($this->userId . '/files/' . $file2);
$this->assertTrue($fileInfoUnencrypted1 instanceof \OC\Files\FileInfo);
$this->assertTrue($fileInfoUnencrypted2 instanceof \OC\Files\FileInfo);
// now both files should be decrypted
$this->assertEquals(0, $fileInfoUnencrypted1['encrypted']);
$this->assertEquals(0, $fileInfoUnencrypted2['encrypted']);
// keyfiles and share keys should be deleted
$this->assertFalse($this->view->is_dir($this->userId . '/files_encryption/keyfiles/'));
$this->assertFalse($this->view->is_dir($this->userId . '/files_encryption/share-keys/'));
//cleanup
$this->view->unlink($this->userId . '/files/' . $file1);
$this->view->unlink($this->userId . '/files/' . $file2);
$this->view->deleteAll($this->userId . '/files_encryption/keyfiles.backup');
$this->view->deleteAll($this->userId . '/files_encryption/share-keys.backup');
}
public function testUserHasFiles()
{
$this->filesMock->expects($this->once())->method('file_exists')->will($this->returnValue(true));
$this->assertTrue($this->instance->userHasFiles('admin'));
}
<?php
/**
* Copyright (c) 2013, Bjoern Schiessle <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* @brief check migration status
*/
use OCA\Encryption\Util;
\OCP\JSON::checkAppEnabled('files_encryption');
$loginname = isset($_POST['user']) ? $_POST['user'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$migrationCompleted = true;
if ($loginname !== '' && $password !== '') {
$username = \OCP\User::checkPassword($loginname, $password);
if ($username) {
$util = new Util(new \OC_FilesystemView('/'), $username);
if ($util->getMigrationStatus() !== Util::MIGRATION_COMPLETED) {
$migrationCompleted = false;
}
}
}
\OCP\JSON::success(array('data' => array('migrationCompleted' => $migrationCompleted)));
/**
* @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing
* @param array with oldpath and newpath
*
* This function is connected to the rename signal of OC_Filesystem and adjust the name and location
* of the stored versions along the actual file
*/
public static function postRename($params)
{
if (\OCP\App::isEnabled('files_encryption') === false) {
return true;
}
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$view = new \OC_FilesystemView('/');
$session = new \OCA\Encryption\Session($view);
$userId = \OCP\User::getUser();
$util = new Util($view, $userId);
// Format paths to be relative to user files dir
if ($util->isSystemWideMountPoint($params['oldpath'])) {
$baseDir = 'files_encryption/';
$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];
} else {
$baseDir = $userId . '/' . 'files_encryption/';
$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];
}
if ($util->isSystemWideMountPoint($params['newpath'])) {
$newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath'];
} else {
$newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath'];
}
// add key ext if this is not an folder
if (!$view->is_dir($oldKeyfilePath)) {
$oldKeyfilePath .= '.key';
$newKeyfilePath .= '.key';
// handle share-keys
$localKeyPath = $view->getLocalFile($baseDir . 'share-keys/' . $params['oldpath']);
$escapedPath = Helper::escapeGlobPattern($localKeyPath);
$matches = glob($escapedPath . '*.shareKey');
foreach ($matches as $src) {
$dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src));
// create destination folder if not exists
if (!file_exists(dirname($dst))) {
mkdir(dirname($dst), 0750, true);
}
rename($src, $dst);
}
} else {
// handle share-keys folders
$oldShareKeyfilePath = $baseDir . 'share-keys/' . $params['oldpath'];
$newShareKeyfilePath = $baseDir . 'share-keys/' . $params['newpath'];
// create destination folder if not exists
if (!$view->file_exists(dirname($newShareKeyfilePath))) {
$view->mkdir(dirname($newShareKeyfilePath), 0750, true);
}
$view->rename($oldShareKeyfilePath, $newShareKeyfilePath);
}
// Rename keyfile so it isn't orphaned
if ($view->file_exists($oldKeyfilePath)) {
// create destination folder if not exists
if (!$view->file_exists(dirname($newKeyfilePath))) {
$view->mkdir(dirname($newKeyfilePath), 0750, true);
}
$view->rename($oldKeyfilePath, $newKeyfilePath);
}
// build the path to the file
$newPath = '/' . $userId . '/files' . $params['newpath'];
$newPathRelative = $params['newpath'];
if ($util->fixFileSize($newPath)) {
// get sharing app state
$sharingEnabled = \OCP\Share::isEnabled();
// get users
$usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative);
// update sharing-keys
$util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative);
}
\OC_FileProxy::$enabled = $proxyStatus;
}
/**
* @UseSession
*
* @param bool $encryptHomeStorage
* @return DataResponse
*/
public function setEncryptHomeStorage($encryptHomeStorage)
{
$this->util->setEncryptHomeStorage($encryptHomeStorage);
return new DataResponse();
}
/**
* @dataProvider dataTestIsMasterKeyEnabled
*
* @param string $value
* @param bool $expect
*/
public function testIsMasterKeyEnabled($value, $expect)
{
$this->configMock->expects($this->once())->method('getAppValue')->with('encryption', 'useMasterKey', '0')->willReturn($value);
$this->assertSame($expect, $this->instance->isMasterKeyEnabled());
}
<?php
/**
* Copyright (c) 2013, Bjoern Schiessle <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* check migration status
*/
use OCA\Encryption\Util;
\OCP\JSON::checkAppEnabled('files_encryption');
$loginname = isset($_POST['user']) ? $_POST['user'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$migrationStatus = Util::MIGRATION_COMPLETED;
if ($loginname !== '' && $password !== '') {
$username = \OCP\User::checkPassword($loginname, $password);
if ($username) {
$util = new Util(new \OC\Files\View('/'), $username);
$migrationStatus = $util->getMigrationStatus();
}
}
\OCP\JSON::success(array('data' => array('migrationStatus' => $migrationStatus)));
/**
* @large
*/
function testEncryptLegacyFiles()
{
\Test_Encryption_Util::loginHelper(\Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$userView = new \OC_FilesystemView('/' . \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$view = new \OC_FilesystemView('/' . \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER . '/files');
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
$encryptionKeyContent = file_get_contents($this->legacyEncryptedDataKey);
$userView->file_put_contents('/encryption.key', $encryptionKeyContent);
$legacyEncryptedData = file_get_contents($this->legacyEncryptedData);
$view->mkdir('/test/');
$view->mkdir('/test/subtest/');
$view->file_put_contents('/test/subtest/legacy-encrypted-text.txt', $legacyEncryptedData);
$fileInfo = $view->getFileInfo('/test/subtest/legacy-encrypted-text.txt');
$fileInfo['encrypted'] = true;
$view->putFileInfo('/test/subtest/legacy-encrypted-text.txt', $fileInfo);
\OC_FileProxy::$enabled = $proxyStatus;
$params['uid'] = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER;
$params['password'] = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER;
$util = new Encryption\Util($this->view, \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$this->setMigrationStatus(0, \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$this->assertTrue(OCA\Encryption\Hooks::login($params));
$this->assertEquals($this->legacyKey, \OC::$session->get('legacyKey'));
$files = $util->findEncFiles('/' . \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER . '/files/');
$this->assertTrue(is_array($files));
$found = false;
foreach ($files['encrypted'] as $encryptedFile) {
if ($encryptedFile['name'] === 'legacy-encrypted-text.txt') {
$found = true;
break;
}
}
$this->assertTrue($found);
}