/**
* @NoAdminRequired
* @UseSession
*
* @param string $oldPassword
* @param string $newPassword
* @return DataResponse
*/
public function updatePrivateKeyPassword($oldPassword, $newPassword)
{
$result = false;
$uid = $this->userSession->getUser()->getUID();
$errorMessage = $this->l->t('Could not update the private key password.');
//check if password is correct
$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword);
if ($decryptedKey) {
$encryptedKey = $this->crypt->symmetricEncryptFileContent($decryptedKey, $newPassword);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
$this->session->setPrivateKey($decryptedKey);
$result = true;
}
} else {
$errorMessage = $this->l->t('The old password was not correct, please try again.');
}
} else {
$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
}
if ($result === true) {
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]);
} else {
return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST);
}
}
/**
* Decrypt private key and store it
*
* @param string $uid user id
* @param string $passPhrase users password
* @return boolean
*/
public function init($uid, $passPhrase)
{
$this->session->setStatus(Session::INIT_EXECUTED);
try {
if ($this->util->isMasterKeyEnabled()) {
$uid = $this->getMasterKeyId();
$passPhrase = $this->getMasterKeyPassword();
$privateKey = $this->getSystemPrivateKey($uid);
} else {
$privateKey = $this->getPrivateKey($uid);
}
$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
} catch (PrivateKeyMissingException $e) {
return false;
} catch (DecryptionFailedException $e) {
return false;
} catch (\Exception $e) {
$this->log->warning('Could not decrypt the private key from user "' . $uid . '"" during login. ' . 'Assume password change on the user back-end. Error message: ' . $e->getMessage());
return false;
}
if ($privateKey) {
$this->session->setPrivateKey($privateKey);
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return true;
}
return false;
}
/**
*
*/
public function testClearWillRemoveValues()
{
$this->instance->setPrivateKey('privateKey');
$this->instance->setStatus('initStatus');
$this->instance->prepareDecryptAll('user', 'key');
$this->assertNotEmpty(self::$tempStorage);
$this->instance->clear();
$this->assertEmpty(self::$tempStorage);
}
/**
* Decrypt private key and store it
*
* @param string $uid userid
* @param string $passPhrase users password
* @return boolean
*/
public function init($uid, $passPhrase)
{
try {
$privateKey = $this->getPrivateKey($uid);
$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase);
} catch (PrivateKeyMissingException $e) {
return false;
} catch (DecryptionFailedException $e) {
return false;
}
$this->session->setPrivateKey($privateKey);
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return true;
}
/**
* @NoAdminRequired
* @UseSession
*
* @param string $oldPassword
* @param string $newPassword
* @return DataResponse
*/
public function updatePrivateKeyPassword($oldPassword, $newPassword)
{
$result = false;
$uid = $this->userSession->getUser()->getUID();
$errorMessage = $this->l->t('Could not update the private key password.');
//check if password is correct
$passwordCorrect = $this->userManager->checkPassword($uid, $newPassword);
if ($passwordCorrect === false) {
// if check with uid fails we need to check the password with the login name
// e.g. in the ldap case. For local user we need to check the password with
// the uid because in this case the login name is case insensitive
$loginName = $this->ocSession->get('loginname');
$passwordCorrect = $this->userManager->checkPassword($loginName, $newPassword);
}
if ($passwordCorrect !== false) {
$encryptedKey = $this->keyManager->getPrivateKey($uid);
$decryptedKey = $this->crypt->decryptPrivateKey($encryptedKey, $oldPassword, $uid);
if ($decryptedKey) {
$encryptedKey = $this->crypt->encryptPrivateKey($decryptedKey, $newPassword, $uid);
$header = $this->crypt->generateHeader();
if ($encryptedKey) {
$this->keyManager->setPrivateKey($uid, $header . $encryptedKey);
$this->session->setPrivateKey($decryptedKey);
$result = true;
}
} else {
$errorMessage = $this->l->t('The old password was not correct, please try again.');
}
} else {
$errorMessage = $this->l->t('The current log-in password was not correct, please try again.');
}
if ($result === true) {
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return new DataResponse(['message' => (string) $this->l->t('Private key password successfully updated.')]);
} else {
return new DataResponse(['message' => (string) $errorMessage], Http::STATUS_BAD_REQUEST);
}
}
/**
* Decrypt private key and store it
*
* @param string $uid userid
* @param string $passPhrase users password
* @return boolean
*/
public function init($uid, $passPhrase)
{
$this->session->setStatus(Session::INIT_EXECUTED);
try {
if ($this->util->isMasterKeyEnabled()) {
$uid = $this->getMasterKeyId();
$passPhrase = $this->getMasterKeyPassword();
$privateKey = $this->getSystemPrivateKey($uid);
} else {
$privateKey = $this->getPrivateKey($uid);
}
$privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid);
} catch (PrivateKeyMissingException $e) {
return false;
} catch (DecryptionFailedException $e) {
return false;
}
if ($privateKey) {
$this->session->setPrivateKey($privateKey);
$this->session->setStatus(Session::INIT_SUCCESSFUL);
return true;
}
return false;
}
/**
* @depends testThatGetPrivateKeyThrowsExceptionWhenNotSet
*/
public function testSetAndGetPrivateKey()
{
$this->instance->setPrivateKey('dummyPrivateKey');
$this->assertEquals('dummyPrivateKey', $this->instance->getPrivateKey());
}
