/** * @param string $uid user id * @param string $password user password * @return bool */ public function setupUser($uid, $password) { if (!$this->keyManager->userHasKeys($uid)) { return $this->keyManager->storeKeyPair($uid, $password, $this->crypt->createKeyPair()); } return true; }
/** * @param string $uid userid * @param string $password user password * @return bool */ public function setupServerSide($uid, $password) { // Check if user already has keys if (!$this->keyManager->userHasKeys($uid)) { return $this->keyManager->storeKeyPair($uid, $password, $this->crypt->createKeyPair()); } return true; }
/** * create key-pair for every user */ protected function createKeyPairs() { $this->output->writeln("\n"); $progress = new ProgressBar($this->output); $progress->setFormat(" %message% \n [%bar%]"); $progress->start(); foreach ($this->userManager->getBackends() as $backend) { $limit = 500; $offset = 0; do { $users = $backend->getUsers('', $limit, $offset); foreach ($users as $user) { if ($this->keyManager->userHasKeys($user) === false) { $progress->setMessage('Create key-pair for ' . $user); $progress->advance(); $this->setupUserFS($user); $password = $this->generateOneTimePassword($user); $this->userSetup->setupUser($user, $password); } else { // users which already have a key-pair will be stored with a // empty password and filtered out later $this->userPasswords[$user] = ''; } } $offset += $limit; } while (count($users) >= $limit); } $progress->setMessage('Key-pair created for all users'); $progress->finish(); }
/** * @expectedException \OCA\Encryption\Exceptions\PublicKeyMissingException */ public function testUserHasKeysMissingPublicKey() { $this->keyStorageMock->expects($this->exactly(2))->method('getUserKey')->willReturnCallback(function ($uid, $keyID, $encryptionModuleId) { if ($keyID === 'publicKey') { return ''; } return 'key'; }); $this->instance->userHasKeys($this->userId); }
/** * Change a user's encryption passphrase * * @param array $params keys: uid, password * @return boolean|null */ public function setPassphrase($params) { // Get existing decrypted private key $privateKey = $this->session->getPrivateKey(); $user = $this->user->getUser(); // current logged in user changes his own password if ($user && $params['uid'] === $user->getUID() && $privateKey) { // Encrypt private key with new user pwd as passphrase $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']); // Save private key if ($encryptedPrivateKey) { $this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->crypt->generateHeader() . $encryptedPrivateKey); } else { $this->logger->error('Encryption could not update users encryption password'); } // NOTE: Session does not need to be updated as the // private key has not changed, only the passphrase // used to decrypt it has changed } else { // admin changed the password for a different user, create new keys and re-encrypt file keys $user = $params['uid']; $this->initMountPoints($user); $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null; // we generate new keys if... // ...we have a recovery password and the user enabled the recovery key // ...encryption was activated for the first time (no keys exists) // ...the user doesn't have any files if ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword || !$this->keyManager->userHasKeys($user) || !$this->util->userHasFiles($user)) { // backup old keys //$this->backupAllKeys('recovery'); $newUserPassword = $params['password']; $keyPair = $this->crypt->createKeyPair(); // Save public key $this->keyManager->setPublicKey($user, $keyPair['publicKey']); // Encrypt private key with new password $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user); if ($encryptedKey) { $this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey); if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files $this->recovery->recoverUsersFiles($recoveryPassword, $user); } } else { $this->logger->error('Encryption Could not update users encryption password'); } } } }
/** * Check if the module is ready to be used by that specific user. * In case a module is not ready - because e.g. key pairs have not been generated * upon login this method can return false before any operation starts and might * cause issues during operations. * * @param string $user * @return boolean * @since 9.1.0 */ public function isReadyForUser($user) { return $this->keyManager->userHasKeys($user); }
public function testUserHasKeys() { $this->keyStorageMock->expects($this->exactly(2))->method('getUserKey')->with($this->equalTo($this->userId), $this->anything())->willReturn('key'); $this->assertTrue($this->instance->userHasKeys($this->userId)); }