/** * @brief */ public static function postUnshare($params) { // NOTE: $params has keys: // [itemType] => file // [itemSource] => 13 // [shareType] => 0 // [shareWith] => test1 // [itemParent] => if (\OCP\App::isEnabled('files_encryption') === false) { return true; } if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') { $view = new \OC_FilesystemView('/'); $userId = \OCP\User::getUser(); $util = new Util($view, $userId); $path = $util->fileIdToPath($params['itemSource']); // check if this is a re-share if ($params['itemParent']) { // get the parent from current share $parent = $util->getShareParent($params['itemParent']); // get target path $targetPath = $util->fileIdToPath($params['itemSource']); $targetPathSplit = array_reverse(explode('/', $targetPath)); // init values $path = ''; $sharedPart = ltrim($parent['file_target'], '/'); // rebuild path foreach ($targetPathSplit as $pathPart) { if ($pathPart !== $sharedPart) { $path = '/' . $pathPart . $path; } else { break; } } // prefix path with Shared $path = '/Shared' . $parent['file_target'] . $path; } // for group shares get a list of the group members if ($params['shareType'] === \OCP\Share::SHARE_TYPE_GROUP) { $userIds = \OC_Group::usersInGroup($params['shareWith']); } else { if ($params['shareType'] === \OCP\Share::SHARE_TYPE_LINK) { $userIds = array($util->getPublicShareKeyId()); } else { $userIds = array($params['shareWith']); } } // get the path including mount point only if not a shared folder if (strncmp($path, '/Shared', strlen('/Shared') !== 0)) { // get path including the the storage mount point $path = $util->getPathWithMountPoint($params['itemSource']); } // if we unshare a folder we need a list of all (sub-)files if ($params['itemType'] === 'folder') { $allFiles = $util->getAllFiles($path); } else { $allFiles = array($path); } foreach ($allFiles as $path) { // check if the user still has access to the file, otherwise delete share key $sharingUsers = $util->getSharingUsersArray(true, $path); // Unshare every user who no longer has access to the file $delUsers = array_diff($userIds, $sharingUsers); // delete share key Keymanager::delShareKey($view, $delUsers, $path); } } }
/** * @medium */ function testRecursiveDelShareKeys() { // generate filename $filename = '/tmp-' . time() . '.txt'; // create folder structure $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1'); $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder'); $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder/subsubfolder'); // enable encryption proxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = true; // save file with content $cryptedFile = file_put_contents('crypt:///' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/subfolder/subsubfolder' . $filename, $this->dataShort); // test that data was successfully written $this->assertTrue(is_int($cryptedFile)); // change encryption proxy to previous state \OC_FileProxy::$enabled = $proxyStatus; // recursive delete keys Encryption\Keymanager::delShareKey($this->view, array('admin'), '/folder1/'); // check if share key not exists $this->assertFalse($this->view->file_exists('/admin/files_encryption/share-keys/folder1/subfolder/subsubfolder/' . $filename . '.admin.shareKey')); // enable encryption proxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = true; // cleanup $this->view->unlink('/admin/files/folder1'); // change encryption proxy to previous state \OC_FileProxy::$enabled = $proxyStatus; }
/** * @medium */ function testRecursiveDelShareKeysFile() { $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1/existingFile.txt', 'data'); // create folder structure for some dummy share key files $this->view->mkdir('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1'); // create some dummy share keys $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user1.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user2.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey', 'data'); $this->view->file_put_contents('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey', 'data'); // recursive delete share keys from user1 and user2 Encryption\Keymanager::delShareKey($this->view, array('user1', 'user2', Test_Encryption_Keymanager::TEST_USER), '/folder1/existingFile.txt', Test_Encryption_Keymanager::TEST_USER); // check if share keys from user1 and user2 are deleted $this->assertFalse($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.user1.shareKey')); $this->assertFalse($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.user2.shareKey')); // check if share keys for user3 and owner $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.' . Test_Encryption_Keymanager::TEST_USER . '.shareKey')); $this->assertTrue($this->view->file_exists('/' . Test_Encryption_Keymanager::TEST_USER . '/files_encryption/share-keys/folder1/existingFile.txt.user3.shareKey')); // cleanup $this->view->deleteAll('/' . Test_Encryption_Keymanager::TEST_USER . '/files/folder1'); }
/** * unmount file from yourself */ public static function postUmount($params) { if (!isset(self::$umountedFiles[$params[\OC\Files\Filesystem::signal_param_path]])) { return true; } $umountedFile = self::$umountedFiles[$params[\OC\Files\Filesystem::signal_param_path]]; $path = $umountedFile['path']; $user = $umountedFile['uid']; $itemType = $umountedFile['itemType']; $view = new \OC\Files\View(); $util = new Util($view, $user); // we don't need to remember the file any longer unset(self::$umountedFiles[$params[\OC\Files\Filesystem::signal_param_path]]); // if we unshare a folder we need a list of all (sub-)files if ($itemType === 'folder') { $allFiles = $util->getAllFiles($path); } else { $allFiles = array($path); } foreach ($allFiles as $path) { // check if the user still has access to the file, otherwise delete share key $sharingUsers = \OCP\Share::getUsersSharingFile($path, $user); if (!in_array(\OCP\User::getUser(), $sharingUsers['users'])) { Keymanager::delShareKey($view, array(\OCP\User::getUser()), $path, $user); } } }