/**
* @large
*/
function testRecoveryForUser()
{
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
$result = \OCA\Files_Encryption\Helper::adminEnableRecovery(null, 'test123');
$this->assertTrue($result);
$recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryKeyId');
// login as user2
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2);
$util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), self::TEST_ENCRYPTION_SHARE_USER2);
// enable recovery for admin
$this->assertTrue($util->setRecoveryForUser(1));
// add recovery keys for existing files (e.g. the auto-generated welcome.txt)
$util->addRecoveryKeys();
// create folder structure
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1);
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder);
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder);
// save file with content
$cryptedFile1 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename, $this->dataShort);
$cryptedFile2 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort);
// test that data was successfully written
$this->assertInternalType('int', $cryptedFile1);
$this->assertInternalType('int', $cryptedFile2);
// check if share key for user and recovery exists
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
// change password
\OC_User::setPassword(self::TEST_ENCRYPTION_SHARE_USER2, 'test', 'test123');
$params = array('uid' => self::TEST_ENCRYPTION_SHARE_USER2, 'password' => 'test', 'recoveryPassword' => 'test123');
\OCA\Files_Encryption\Hooks::setPassphrase($params);
// login as user2
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2, false, 'test');
// get file contents
$retrievedCryptedFile1 = file_get_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename);
$retrievedCryptedFile2 = file_get_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename);
// check if data is the same as we previously written
$this->assertEquals($this->dataShort, $retrievedCryptedFile1);
$this->assertEquals($this->dataShort, $retrievedCryptedFile2);
// cleanup
$this->view->chroot('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/');
$this->view->unlink($this->folder1);
$this->view->unlink($this->filename);
$this->view->chroot('/');
// check if share key for user and recovery exists
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// enable recovery for admin
$this->assertTrue($util->setRecoveryForUser(0));
\OCA\Files_Encryption\Helper::adminDisableRecovery('test123');
$this->assertEquals(0, \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled'));
//clean up, reset passwords
\OC_User::setPassword(self::TEST_ENCRYPTION_SHARE_USER2, self::TEST_ENCRYPTION_SHARE_USER2, 'test123');
$params = array('uid' => self::TEST_ENCRYPTION_SHARE_USER2, 'password' => self::TEST_ENCRYPTION_SHARE_USER2, 'recoveryPassword' => 'test123');
\OCA\Files_Encryption\Hooks::setPassphrase($params);
}
/**
* Copyright (c) 2013, Sam Tuke <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* Script to handle admin settings for encrypted key recovery
*/
\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('files_encryption');
if (isset($_POST['userEnableRecovery']) && (0 == $_POST['userEnableRecovery'] || '1' === $_POST['userEnableRecovery'])) {
$userId = \OCP\USER::getUser();
$view = new \OC\Files\View('/');
$util = new \OCA\Files_Encryption\Util($view, $userId);
// Save recovery preference to DB
$return = $util->setRecoveryForUser($_POST['userEnableRecovery']);
if ($_POST['userEnableRecovery'] === '1') {
$util->addRecoveryKeys();
} else {
$util->removeRecoveryKeys();
}
} else {
$return = false;
}
// Return success or failure
if ($return) {
\OCP\JSON::success(array('data' => array('message' => $l->t('File recovery settings updated'))));
} else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update file recovery'))));
}
