/** * @brief Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ public static function login($params) { $l = new \OC_L10N('files_encryption'); //check if all requirements are met if (!Helper::checkRequirements()) { $error_msg = $l->t("Missing requirements."); $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that the OpenSSL PHP extension is enabled and configured properly. For now, the encryption app has been disabled.'); \OC_App::disable('files_encryption'); \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR); \OCP\Template::printErrorPage($error_msg, $hint); } $view = new \OC_FilesystemView('/'); // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS($params['uid']); } $util = new Util($view, $params['uid']); // setup user, if user not ready force relogin if (Helper::setupUser($util, $params['password']) === false) { return false; } $encryptedKey = Keymanager::getPrivateKey($view, $params['uid']); $privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']); if ($privateKey === false) { \OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR); } $session = new \OCA\Encryption\Session($view); $session->setPrivateKey($privateKey); // Check if first-run file migration has already been performed $ready = false; if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) { $ready = $util->beginMigration(); } // If migration not yet done if ($ready) { $userView = new \OC_FilesystemView('/' . $params['uid']); // Set legacy encryption key if it exists, to support // depreciated encryption system if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) { $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']); $session->setLegacyKey($plainLegacyKey); } // Encrypt existing user files: // This serves to upgrade old versions of the encryption // app (see appinfo/spec.txt) if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) { \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO); } // Register successful migration in DB $util->finishMigration(); } return true; }
/** * @brief Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ public static function login($params) { if (\OCP\App::isEnabled('files_encryption') === false) { return true; } $l = new \OC_L10N('files_encryption'); $view = new \OC_FilesystemView('/'); // ensure filesystem is loaded if (!\OC\Files\Filesystem::$loaded) { \OC_Util::setupFS($params['uid']); } $privateKey = \OCA\Encryption\Keymanager::getPrivateKey($view, $params['uid']); // if no private key exists, check server configuration if (!$privateKey) { //check if all requirements are met if (!Helper::checkRequirements() || !Helper::checkConfiguration()) { $error_msg = $l->t("Missing requirements."); $hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.'); \OC_App::disable('files_encryption'); \OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR); \OCP\Template::printErrorPage($error_msg, $hint); } } $util = new Util($view, $params['uid']); // setup user, if user not ready force relogin if (Helper::setupUser($util, $params['password']) === false) { return false; } $session = $util->initEncryption($params); // Check if first-run file migration has already been performed $ready = false; if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) { $ready = $util->beginMigration(); } // If migration not yet done if ($ready) { $userView = new \OC_FilesystemView('/' . $params['uid']); // Set legacy encryption key if it exists, to support // depreciated encryption system if ($userView->file_exists('encryption.key') && ($encLegacyKey = $userView->file_get_contents('encryption.key'))) { $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']); $session->setLegacyKey($plainLegacyKey); } // Encrypt existing user files: if ($util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])) { \OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO); } // Register successful migration in DB $util->finishMigration(); } return true; }