/**
* @large
*/
function testRecoveryFile()
{
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
\OCA\Files_Encryption\Helper::adminEnableRecovery(null, 'test123');
$recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryKeyId');
// login as admin
self::loginHelper(self::TEST_ENCRYPTION_SHARE_USER1);
$util = new \OCA\Files_Encryption\Util(new \OC\Files\View('/'), self::TEST_ENCRYPTION_SHARE_USER1);
// check if recovery password match
$this->assertTrue($util->checkRecoveryPassword('test123'));
// enable recovery for admin
$this->assertTrue($util->setRecoveryForUser(1));
$util->addRecoveryKeys();
// create folder structure
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files' . $this->folder1);
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files' . $this->folder1 . $this->subfolder);
$this->view->mkdir('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files' . $this->folder1 . $this->subfolder . $this->subsubfolder);
// save file with content
$cryptedFile1 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->filename, $this->dataShort);
$cryptedFile2 = file_put_contents('crypt:///' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename, $this->dataShort);
// test that data was successfully written
$this->assertInternalType('int', $cryptedFile1);
$this->assertInternalType('int', $cryptedFile2);
// check if share key for admin and recovery exists
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER1 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . self::TEST_ENCRYPTION_SHARE_USER1 . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// disable recovery for admin
$this->assertTrue($util->setRecoveryForUser(0));
// remove all recovery keys
$util->removeRecoveryKeys('/');
// check if share key for recovery not exists
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// enable recovery for admin
$this->assertTrue($util->setRecoveryForUser(1));
// add recovery keys again
$util->addRecoveryKeys('/');
// check if share key for admin and recovery exists
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertTrue($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
// cleanup
$this->view->chroot('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files/');
$this->view->unlink($this->filename);
$this->view->unlink($this->folder1);
$this->view->chroot('/');
// check if share key for recovery not exists
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertFalse($this->view->file_exists('/' . self::TEST_ENCRYPTION_SHARE_USER1 . '/files_encryption/keys/' . $this->folder1 . $this->subfolder . $this->subsubfolder . '/' . $this->filename . '/' . $recoveryKeyId . '.shareKey'));
$this->assertTrue(\OCA\Files_Encryption\Helper::adminEnableRecovery(null, 'test123'));
$this->assertTrue(\OCA\Files_Encryption\Helper::adminDisableRecovery('test123'));
$this->assertEquals(0, \OC::$server->getAppConfig()->getValue('files_encryption', 'recoveryAdminEnabled'));
}
/**
* Copyright (c) 2013, Sam Tuke <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*
* Script to handle admin settings for encrypted key recovery
*/
\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('files_encryption');
\OCP\JSON::callCheck();
$l = \OC::$server->getL10N('files_encryption');
if (isset($_POST['userEnableRecovery']) && (0 == $_POST['userEnableRecovery'] || '1' === $_POST['userEnableRecovery'])) {
$userId = \OCP\USER::getUser();
$view = new \OC\Files\View('/');
$util = new \OCA\Files_Encryption\Util($view, $userId);
// Save recovery preference to DB
$return = $util->setRecoveryForUser($_POST['userEnableRecovery']);
if ($_POST['userEnableRecovery'] === '1') {
$util->addRecoveryKeys();
} else {
$util->removeRecoveryKeys();
}
} else {
$return = false;
}
// Return success or failure
if ($return) {
\OCP\JSON::success(array('data' => array('message' => $l->t('File recovery settings updated'))));
} else {
\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update file recovery'))));
}
