/**
* decrypt private key and add it to the current session
* @param array $params with 'uid' and 'password'
* @return mixed session or false
*/
public function initEncryption($params)
{
$session = new \OCA\Encryption\Session($this->view);
// we tried to initialize the encryption app for this session
$session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED);
$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
if ($privateKey === false) {
\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid'] . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
return false;
}
$session->setPrivateKey($privateKey);
$session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
return $session;
}
/**
* Startup encryption backend upon user login
* @note This method should never be called for users using client side encryption
*/
public static function login($params)
{
if (\OCP\App::isEnabled('files_encryption') === false) {
return true;
}
$l = new \OC_L10N('files_encryption');
$view = new \OC\Files\View('/');
// ensure filesystem is loaded
if (!\OC\Files\Filesystem::$loaded) {
\OC_Util::setupFS($params['uid']);
}
$privateKey = Keymanager::getPrivateKey($view, $params['uid']);
// if no private key exists, check server configuration
if (!$privateKey) {
//check if all requirements are met
if (!Helper::checkRequirements() || !Helper::checkConfiguration()) {
$error_msg = $l->t("Missing requirements.");
$hint = $l->t('Please make sure that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
\OC_App::disable('files_encryption');
\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
\OCP\Template::printErrorPage($error_msg, $hint);
}
}
$util = new Util($view, $params['uid']);
// setup user, if user not ready force relogin
if (Helper::setupUser($util, $params['password']) === false) {
return false;
}
$session = $util->initEncryption($params);
// Check if first-run file migration has already been performed
$ready = false;
$migrationStatus = $util->getMigrationStatus();
if ($migrationStatus === Util::MIGRATION_OPEN && $session !== false) {
$ready = $util->beginMigration();
} elseif ($migrationStatus === Util::MIGRATION_IN_PROGRESS) {
// refuse login as long as the initial encryption is running
sleep(5);
\OCP\User::logout();
return false;
}
$result = true;
// If migration not yet done
if ($ready) {
// Encrypt existing user files
try {
$result = $util->encryptAll('/' . $params['uid'] . '/' . 'files');
} catch (\Exception $ex) {
\OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL);
$result = false;
}
if ($result) {
\OC_Log::write('Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed', \OC_Log::INFO);
// Register successful migration in DB
$util->finishMigration();
} else {
\OCP\Util::writeLog('Encryption library', 'Initial encryption failed!', \OCP\Util::FATAL);
$util->resetMigrationStatus();
\OCP\User::logout();
}
}
return $result;
}
