/** * @brief Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ public static function login($params) { if (\OCP\App::isEnabled('files_encryption') === false) { return true; } $l = new \OC_L10N('files_encryption'); $view = new \OC_FilesystemView('/'); // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS($params['uid']); } $privateKey = \OCA\Encryption\Keymanager::getPrivateKey($view, $params['uid']); // if no private key exists, check server configuration if (!$privateKey) { //check if all requirements are met if (!Helper::checkRequirements() || !Helper::checkConfiguration()) { $error_msg = $l->t("Missing requirements."); $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.'); \OC_App::disable('files_encryption'); \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR); \OCP\Template::printErrorPage($error_msg, $hint); } } $util = new Util($view, $params['uid']); // setup user, if user not ready force relogin if (Helper::setupUser($util, $params['password']) === false) { return false; } $session = $util->initEncryption($params); // Check if first-run file migration has already been performed $ready = false; if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) { $ready = $util->beginMigration(); } // If migration not yet done if ($ready) { $userView = new \OC_FilesystemView('/' . $params['uid']); // Set legacy encryption key if it exists, to support // depreciated encryption system if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) { $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']); $session->setLegacyKey($plainLegacyKey); } // Encrypt existing user files: if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) { \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO); } // Register successful migration in DB $util->finishMigration(); } return true; }
/** * Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ public static function login($params) { if (\OCP\App::isEnabled('files_encryption') === false) { return true; } $l = new \OC_L10N('files_encryption'); $view = new \OC\Files\View('/'); // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS($params['uid']); } $privateKey = \OCA\Encryption\Keymanager::getPrivateKey($view, $params['uid']); // if no private key exists, check server configuration if (!$privateKey) { //check if all requirements are met if (!Helper::checkRequirements() || !Helper::checkConfiguration()) { $error_msg = $l->t("Missing requirements."); $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.'); \OC_App::disable('files_encryption'); \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR); \OCP\Template::printErrorPage($error_msg, $hint); } } $util = new Util($view, $params['uid']); // setup user, if user not ready force relogin if (Helper::setupUser($util, $params['password']) === false) { return false; } $session = $util->initEncryption($params); // Check if first-run file migration has already been performed $ready = false; $migrationStatus = $util->getMigrationStatus(); if ($migrationStatus === Util::MIGRATION_OPEN && $session !== false) { $ready = $util->beginMigration(); } elseif ($migrationStatus === Util::MIGRATION_IN_PROGRESS) { // refuse login as long as the initial encryption is running sleep(5); \OCP\User::logout(); return false; } $result = true; // If migration not yet done if ($ready) { // Encrypt existing user files try { $result = $util->encryptAll('/' . $params['uid'] . '/' . 'files'); } catch (\Exception $ex) { \OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL); $result = false; } if ($result) { \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO); // Register successful migration in DB $util->finishMigration(); } else { \OCP\Util::writeLog('Encryption library', 'Initial encryption failed!', \OCP\Util::FATAL); $util->resetMigrationStatus(); \OCP\User::logout(); } } return $result; }