/** * @NoAdminRequired * @UseSession * * @param string $oldPassword * @param string $newPassword * @return DataResponse */ public function updatePrivateKeyPassword($oldPassword, $newPassword) { $result = false; $uid = $this->userSession->getUser()->getUID(); $errorMessage = $this->l->t('Could not update the private key password.'); //check if password is correct $passwordCorrect = $this->userManager->checkPassword($uid, $newPassword); if ($passwordCorrect !== false) { $encryptedKey = $this->keyManager->getPrivateKey($uid); $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword); if ($decryptedKey) { $encryptedKey = $this->crypt->symmetricEncryptFileContent($decryptedKey, $newPassword); $header = $this->crypt->generateHeader(); if ($encryptedKey) { $this->keyManager->setPrivateKey($uid, $header . $encryptedKey); $this->session->setPrivateKey($decryptedKey); $result = true; } } else { $errorMessage = $this->l->t('The old password was not correct, please try again.'); } } else { $errorMessage = $this->l->t('The current log-in password was not correct, please try again.'); } if ($result === true) { $this->session->setStatus(Session::INIT_SUCCESSFUL); return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]); } else { return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST); } }
/** * Decrypt private key and store it * * @param string $uid user id * @param string $passPhrase users password * @return boolean */ public function init($uid, $passPhrase) { $this->session->setStatus(Session::INIT_EXECUTED); try { if ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); $passPhrase = $this->getMasterKeyPassword(); $privateKey = $this->getSystemPrivateKey($uid); } else { $privateKey = $this->getPrivateKey($uid); } $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid); } catch (PrivateKeyMissingException $e) { return false; } catch (DecryptionFailedException $e) { return false; } catch (\Exception $e) { $this->log->warning('Could not decrypt the private key from user "' . $uid . '"" during login. ' . 'Assume password change on the user back-end. Error message: ' . $e->getMessage()); return false; } if ($privateKey) { $this->session->setPrivateKey($privateKey); $this->session->setStatus(Session::INIT_SUCCESSFUL); return true; } return false; }
/** * */ public function testClearWillRemoveValues() { $this->instance->setPrivateKey('privateKey'); $this->instance->setStatus('initStatus'); $this->instance->prepareDecryptAll('user', 'key'); $this->assertNotEmpty(self::$tempStorage); $this->instance->clear(); $this->assertEmpty(self::$tempStorage); }
/** * Decrypt private key and store it * * @param string $uid userid * @param string $passPhrase users password * @return boolean */ public function init($uid, $passPhrase) { try { $privateKey = $this->getPrivateKey($uid); $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase); } catch (PrivateKeyMissingException $e) { return false; } catch (DecryptionFailedException $e) { return false; } $this->session->setPrivateKey($privateKey); $this->session->setStatus(Session::INIT_SUCCESSFUL); return true; }
/** * @NoAdminRequired * @UseSession * * @param string $oldPassword * @param string $newPassword * @return DataResponse */ public function updatePrivateKeyPassword($oldPassword, $newPassword) { $result = false; $uid = $this->userSession->getUser()->getUID(); $errorMessage = $this->l->t('Could not update the private key password.'); //check if password is correct $passwordCorrect = $this->userManager->checkPassword($uid, $newPassword); if ($passwordCorrect === false) { // if check with uid fails we need to check the password with the login name // e.g. in the ldap case. For local user we need to check the password with // the uid because in this case the login name is case insensitive $loginName = $this->ocSession->get('loginname'); $passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword); } if ($passwordCorrect !== false) { $encryptedKey = $this->keyManager->getPrivateKey($uid); $decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid); if ($decryptedKey) { $encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid); $header = $this->crypt->generateHeader(); if ($encryptedKey) { $this->keyManager->setPrivateKey($uid, $header . $encryptedKey); $this->session->setPrivateKey($decryptedKey); $result = true; } } else { $errorMessage = $this->l->t('The old password was not correct, please try again.'); } } else { $errorMessage = $this->l->t('The current log-in password was not correct, please try again.'); } if ($result === true) { $this->session->setStatus(Session::INIT_SUCCESSFUL); return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]); } else { return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST); } }
/** * Decrypt private key and store it * * @param string $uid userid * @param string $passPhrase users password * @return boolean */ public function init($uid, $passPhrase) { $this->session->setStatus(Session::INIT_EXECUTED); try { if ($this->util->isMasterKeyEnabled()) { $uid = $this->getMasterKeyId(); $passPhrase = $this->getMasterKeyPassword(); $privateKey = $this->getSystemPrivateKey($uid); } else { $privateKey = $this->getPrivateKey($uid); } $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid); } catch (PrivateKeyMissingException $e) { return false; } catch (DecryptionFailedException $e) { return false; } if ($privateKey) { $this->session->setPrivateKey($privateKey); $this->session->setStatus(Session::INIT_SUCCESSFUL); return true; } return false; }
/** * @depends testThatGetPrivateKeyThrowsExceptionWhenNotSet */ public function testSetAndGetPrivateKey() { $this->instance->setPrivateKey('dummyPrivateKey'); $this->assertEquals('dummyPrivateKey', $this->instance->getPrivateKey()); }