/** * @large */ function testRecoveryForUser() { // login as admin self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1); $result = \OCA\Files_Encryption\Helper::adminEnableRecovery(null, 'test123'); $this->assertTrue($result); $recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryKeyId'); // login as user2 self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2); $util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), self::TEST_ENCRYPTION_SHARE_USER2); // enable recovery for admin $this->assertTrue($util->setRecoveryForUser(1)); // add recovery keys for existing files (e.g. the auto-generated welcome.txt) $util->addRecoveryKeys(); // create folder structure $this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1); $this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder); $this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder); // save file with content $cryptedFile1 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename, $this->dataShort); $cryptedFile2 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort); // test that data was successfully written $this->assertInternalType('int', $cryptedFile1); $this->assertInternalType('int', $cryptedFile2); // check if share key for user and recovery exists $this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey')); $this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey')); $this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey')); $this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey')); // login as admin self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1); // change password \OC_User::setPassword(self::TEST_ENCRYPTION_SHARE_USER2, 'test', 'test123'); $params = array('uid' => self::TEST_ENCRYPTION_SHARE_USER2, 'password' => 'test', 'recoveryPassword' => 'test123'); \OCA\Files_Encryption\Hooks::setPassphrase($params); // login as user2 self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER2, false, 'test'); // get file contents $retrievedCryptedFile1 = file_get_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/' . $this->filename); $retrievedCryptedFile2 = file_get_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename); // check if data is the same as we previously written $this->assertEquals($this->dataShort, $retrievedCryptedFile1); $this->assertEquals($this->dataShort, $retrievedCryptedFile2); // cleanup $this->view->chroot('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files/'); $this->view->unlink($this->folder1); $this->view->unlink($this->filename); $this->view->chroot('/'); // check if share key for user and recovery exists $this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey')); $this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey')); $this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER2 . '.shareKey')); $this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER2 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey')); // enable recovery for admin $this->assertTrue($util->setRecoveryForUser(0)); \OCA\Files_Encryption\Helper::adminDisableRecovery('test123'); $this->assertEquals(0, \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled')); //clean up, reset passwords \OC_User::setPassword(self::TEST_ENCRYPTION_SHARE_USER2, self::TEST_ENCRYPTION_SHARE_USER2, 'test123'); $params = array('uid' => self::TEST_ENCRYPTION_SHARE_USER2, 'password' => self::TEST_ENCRYPTION_SHARE_USER2, 'recoveryPassword' => 'test123'); \OCA\Files_Encryption\Hooks::setPassphrase($params); }
} if ($_POST['recoveryPassword'] !== $_POST['confirmPassword']) { $errorMessage = $l->t('Repeated recovery key password does not match the provided recovery key password'); \OCP\JSON::error(array('data' => array('message' => $errorMessage))); exit; } // Enable recoveryAdmin $recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryKeyId'); if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') { $return = Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']); // Return success or failure if ($return) { $successMessage = $l->t('Recovery key successfully enabled'); } else { $errorMessage = $l->t('Could not disable recovery key. Please check your recovery key password!'); } // Disable recoveryAdmin } elseif (isset($_POST['adminEnableRecovery']) && '0' === $_POST['adminEnableRecovery']) { $return = Helper::adminDisableRecovery($_POST['recoveryPassword']); if ($return) { $successMessage = $l->t('Recovery key successfully disabled'); } else { $errorMessage = $l->t('Could not disable recovery key. Please check your recovery key password!'); } } // Return success or failure if ($return) { \OCP\JSON::success(array('data' => array('message' => $successMessage))); } else { \OCP\JSON::error(array('data' => array('message' => $errorMessage))); }