/**
* Tests that filterShareReadyUsers() returns the correct list of
* users that are ready or not ready for encryption
*/
public function testFilterShareReadyUsers()
{
$appConfig = \OC::$server->getAppConfig();
$publicShareKeyId = $appConfig->getValue('files_encryption', 'publicShareKeyId');
$recoveryKeyId = $appConfig->getValue('files_encryption', 'recoveryKeyId');
$usersToTest = array('readyUser', 'notReadyUser', 'nonExistingUser', $publicShareKeyId, $recoveryKeyId);
self::loginHelper('readyUser', true);
self::loginHelper('notReadyUser', true);
// delete encryption dir to make it not ready
$this->view->unlink('notReadyUser/files_encryption/');
// login as user1
self::loginHelper(self::TEST_ENCRYPTION_UTIL_USER1);
$result = $this->util->filterShareReadyUsers($usersToTest);
$this->assertEquals(array('readyUser', $publicShareKeyId, $recoveryKeyId), $result['ready']);
$this->assertEquals(array('notReadyUser', 'nonExistingUser'), $result['unready']);
\OC_User::deleteUser('readyUser');
}
/**
* Returns whether the given user is ready for encryption.
* Also returns true if the given user is the public user
* or the recovery key user.
*
* @param string $user user to check
*
* @return boolean true if the user is ready, false otherwise
*/
private function isUserReady($user)
{
if ($user === $this->publicShareKeyId || $user === $this->recoveryKeyId) {
return true;
}
try {
$util = new Util($this->view, $user);
return $util->ready();
} catch (NoUserException $e) {
\OCP\Util::writeLog('Encryption library', 'No User object for ' . $user, \OCP\Util::DEBUG);
return false;
}
}
/**
* @return bool
*/
public function stream_close()
{
$this->flush();
// if there is no valid private key return false
if ($this->privateKey === false) {
// cleanup
if ($this->meta['mode'] !== 'r' && $this->meta['mode'] !== 'rb' && !$this->isLocalTmpFile) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
if ($this->rootView->file_exists($this->rawPath) && $this->size === 0) {
fclose($this->handle);
$this->rootView->unlink($this->rawPath);
}
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
}
// if private key is not valid redirect user to a error page
Helper::redirectToErrorPage($this->session);
}
if ($this->meta['mode'] !== 'r' && $this->meta['mode'] !== 'rb' && $this->isLocalTmpFile === false && $this->size > 0 && $this->unencryptedSize > 0) {
// only write keyfiles if it was a new file
if ($this->newFile === true) {
// Disable encryption proxy to prevent recursive calls
$proxyStatus = \OC_FileProxy::$enabled;
\OC_FileProxy::$enabled = false;
// Fetch user's public key
$this->publicKey = Keymanager::getPublicKey($this->rootView, $this->keyId);
// Check if OC sharing api is enabled
$sharingEnabled = \OCP\Share::isEnabled();
// Get all users sharing the file includes current user
$uniqueUserIds = $this->util->getSharingUsersArray($sharingEnabled, $this->relPath);
$checkedUserIds = $this->util->filterShareReadyUsers($uniqueUserIds);
// Fetch public keys for all sharing users
$publicKeys = Keymanager::getPublicKeys($this->rootView, $checkedUserIds['ready']);
// Encrypt enc key for all sharing users
$this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys);
// Save the new encrypted file key
Keymanager::setFileKey($this->rootView, $this->util, $this->relPath, $this->encKeyfiles['data']);
// Save the sharekeys
Keymanager::setShareKeys($this->rootView, $this->util, $this->relPath, $this->encKeyfiles['keys']);
// Re-enable proxy - our work is done
\OC_FileProxy::$enabled = $proxyStatus;
}
// we need to update the file info for the real file, not for the
// part file.
$path = Helper::stripPartialFileExtension($this->rawPath);
$fileInfo = array('mimetype' => $this->rootView->getMimeType($this->rawPath), 'encrypted' => true, 'unencrypted_size' => $this->unencryptedSize);
// if we write a part file we also store the unencrypted size for
// the part file so that it can be re-used later
$this->rootView->putFileInfo($this->rawPath, $fileInfo);
if ($path !== $this->rawPath) {
$this->rootView->putFileInfo($path, $fileInfo);
}
}
$result = fclose($this->handle);
if ($result === false) {
\OCP\Util::writeLog('Encryption library', 'Could not close stream, file could be corrupted', \OCP\Util::FATAL);
}
return $result;
}
/**
* get path to key folder for a given file
*
* @param \OC\Files\View $view relative to data directory
* @param \OCA\Files_Encryption\Util $util
* @param string $path path to the file, relative to the users file directory
* @return string
*/
public static function getKeyPath($view, $util, $path)
{
if ($view->is_dir('/' . \OCP\User::getUser() . '/' . $path)) {
throw new Exception\EncryptionException('file was expected but directoy was given', Exception\EncryptionException::GENERIC);
}
list($owner, $filename) = $util->getUidAndFilename($path);
$filename = Helper::stripPartialFileExtension($filename);
$filePath_f = ltrim($filename, '/');
// in case of system wide mount points the keys are stored directly in the data directory
if ($util->isSystemWideMountPoint($filename)) {
$keyPath = self::$keys_base_dir . $filePath_f . '/';
} else {
$keyPath = '/' . $owner . self::$keys_base_dir . $filePath_f . '/';
}
return $keyPath;
}
<?php
/**
* Copyright (c) 2013, Bjoern Schiessle <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* check migration status
*/
use OCA\Files_Encryption\Util;
\OCP\JSON::checkAppEnabled('files_encryption');
$loginname = isset($_POST['user']) ? $_POST['user'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';
$migrationStatus = Util::MIGRATION_COMPLETED;
if ($loginname !== '' && $password !== '') {
$username = \OCP\User::checkPassword($loginname, $password);
if ($username) {
$util = new Util(new \OC\Files\View('/'), $username);
$migrationStatus = $util->getMigrationStatus();
}
}
\OCP\JSON::success(array('data' => array('migrationStatus' => $migrationStatus)));
