/**
* @NoAdminRequired
* @UseSession
*
* @param string $oldPassword
* @param string $newPassword
* @return DataResponse
*/
public function updatePrivateKeyPassword($oldPassword, $newPassword)
{
$result = false;
$uid = $this->userSession->getUser()->getUID();
$errorMessage = $this->l->t('Could not update the private key password.');
//check if password is correct
$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($decryptedKey, $newPassword);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
$this->session->setPrivateKey($decryptedKey);
$result = true;
}
} else {
$errorMessage = $this->l->t('The old password was not correct, please try again.');
}
} else {
$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
}
if ($result === true) {
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]);
} else {
return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST);
}
}
/**
* Change a user's encryption passphrase
*
* @param array $params keys: uid, password
* @return boolean|null
*/
public function setPassphrase($params)
{
// Get existing decrypted private key
$privateKey = $this->session->getPrivateKey();
$user = $this->user->getUser();
// current logged in user changes his own password
if ($user && $params['uid'] === $user->getUID() && $privateKey) {
// Encrypt private key with new user pwd as passphrase
$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
// Save private key
if ($encryptedPrivateKey) {
$this->keyManager->setPrivateKey($this->user->getUser()->getUID(), $this->crypt->generateHeader() . $encryptedPrivateKey);
} else {
$this->logger->error('Encryption could not update users encryption password');
}
// NOTE: Session does not need to be updated as the
// private key has not changed, only the passphrase
// used to decrypt it has changed
} else {
// admin changed the password for a different user, create new keys and re-encrypt file keys
$user = $params['uid'];
$this->initMountPoints($user);
$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
// we generate new keys if...
// ...we have a recovery password and the user enabled the recovery key
// ...encryption was activated for the first time (no keys exists)
// ...the user doesn't have any files
if ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword || !$this->keyManager->userHasKeys($user) || !$this->util->userHasFiles($user)) {
// backup old keys
//$this->backupAllKeys('recovery');
$newUserPassword = $params['password'];
$keyPair = $this->crypt->createKeyPair();
// Save public key
$this->keyManager->setPublicKey($user, $keyPair['publicKey']);
// Encrypt private key with new password
$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
if ($encryptedKey) {
$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
if ($recoveryPassword) {
// if recovery key is set we can re-encrypt the key files
$this->recovery->recoverUsersFiles($recoveryPassword, $user);
}
} else {
$this->logger->error('Encryption Could not update users encryption password');
}
}
}
}
/**
* @NoAdminRequired
* @UseSession
*
* @param string $oldPassword
* @param string $newPassword
* @return DataResponse
*/
public function updatePrivateKeyPassword($oldPassword, $newPassword)
{
$result = false;
$uid = $this->userSession->getUser()->getUID();
$errorMessage = $this->l->t('Could not update the private key password.');
//check if password is correct
$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
if ($passwordCorrect === false) {
// if check with uid fails we need to check the password with the login name
// e.g. in the ldap case. For local user we need to check the password with
// the uid because in this case the login name is case insensitive
$loginName = $this->ocSession->get('loginname');
$passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword);
}
if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid);
if ($decryptedKey) {
$encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
$this->session->setPrivateKey($decryptedKey);
$result = true;
}
} else {
$errorMessage = $this->l->t('The old password was not correct, please try again.');
}
} else {
$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
}
if ($result === true) {
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]);
} else {
return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST);
}
}
public function testSetPrivateKey()
{
$this->keyStorageMock->expects($this->any())->method('setUserKey')->with($this->equalTo($this->userId), $this->equalTo('privateKey'), $this->equalTo('key'))->willReturn(true);
$this->assertTrue($this->instance->setPrivateKey($this->userId, 'key'));
}
