sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3668 from owncloud/encryption_migrate_only_once 

make sure that only one process can enter the migration mode
remotes/origin/stable6
Björn Schießle 2013-06-13 03:31:31 +07:00
parent a178de8501 6394fedb33
commit 2b179ccff0
3 changed files with 74 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/files_encryption/hooks/hooks.php
Unescape Escape View File

@ -67,10 +67,13 @@ class Hooks {
$session->setPrivateKey($privateKey, $params['uid']);
// Check if first-run file migration has already been performed
$migrationCompleted = $util->getMigrationStatus();
$ready = false;
if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
$ready = $util->beginMigration();
}
// If migration not yet done
if (!$migrationCompleted) {
if ($ready) {
$userView = new \OC_FilesystemView('/' . $params['uid']);
@ -102,7 +105,7 @@ class Hooks {
}
// Register successful migration in DB
$util->setMigrationStatus(1);
$util->finishMigration();
}

64
apps/files_encryption/lib/util.php
Unescape Escape View File

@ -96,10 +96,13 @@ class Util {
//// DONE: test new encryption with sharing
//// TODO: test new encryption with proxies
const MIGRATION_COMPLETED = 1; // migration to new encryption completed
const MIGRATION_IN_PROGRESS = -1; // migration is running
const MIGRATION_OPEN = 0; // user still needs to be migrated
private $view; // OC_FilesystemView object for filesystem operations
private $userId; // ID of the currently logged-in user
private $pwd; // User Password
private $client; // Client side encryption mode flag
private $publicKeyDir; // Dir containing all public user keys
private $encryptionDir; // Dir containing user's files_encryption
@ -1054,36 +1057,56 @@ class Util {
}
/**
* @brief Set file migration status for user
* @param $status
* @return bool
* @brief start migration mode to initially encrypt users data
* @return boolean
*/
public function setMigrationStatus($status) {
public function beginMigration() {
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?';
$args = array(
$status,
$this->userId
);
$return = false;
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?';
$args = array(self::MIGRATION_IN_PROGRESS, $this->userId, self::MIGRATION_OPEN);
$query = \OCP\DB::prepare($sql);
$result = $query->execute($args);
$manipulatedRows = $result->numRows();
if ($query->execute($args)) {
if ($manipulatedRows === 1) {
$return = true;
\OCP\Util::writeLog('Encryption library', "Start migration to encryption mode for " . $this->userId, \OCP\Util::INFO);
} else {
\OCP\Util::writeLog('Encryption library', "Could not activate migration mode for " . $this->userId . ". Probably another process already started the initial encryption", \OCP\Util::WARN);
}
return true;
return $return;
}
} else {
/**
* @brief close migration mode after users data has been encrypted successfully
* @return boolean
*/
public function finishMigration() {
return false;
$return = false;
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ? and `migration_status` = ?';
$args = array(self::MIGRATION_COMPLETED, $this->userId, self::MIGRATION_IN_PROGRESS);
$query = \OCP\DB::prepare($sql);
$result = $query->execute($args);
$manipulatedRows = $result->numRows();
if ($manipulatedRows === 1) {
$return = true;
\OCP\Util::writeLog('Encryption library', "Finish migration successfully for " . $this->userId, \OCP\Util::INFO);
} else {
\OCP\Util::writeLog('Encryption library', "Could not deactivate migration mode for " . $this->userId, \OCP\Util::WARN);
}
return $return;
}
/**
* @brief Check whether pwd recovery is enabled for a given user
* @return bool 1 = yes, 0 = no, false = no record
* @brief check if files are already migrated to the encryption system
* @return migration status, false = in case of no record
* @note If records are not being returned, check for a hidden space
* at the start of the uid in db
*/
@ -1112,14 +1135,11 @@ class Util {
// If no record is found
if (empty($migrationStatus)) {
\OCP\Util::writeLog('Encryption library', "Could not get migration status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
return false;
// If a record is found
} else {
return $migrationStatus[0];
return (int)$migrationStatus[0];
}
}

29
apps/files_encryption/tests/util.php
Unescape Escape View File

@ -182,8 +182,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$params['uid'] = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER;
$params['password'] = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER;
$util = new Encryption\Util($this->view, \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$util->setMigrationStatus(0);
$this->setMigrationStatus(0, \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$this->assertTrue(OCA\Encryption\Hooks::login($params));
@ -285,7 +284,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$params['password'] = \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER;
$util = new Encryption\Util($this->view, \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$util->setMigrationStatus(0);
$this->setMigrationStatus(0, \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER);
$this->assertTrue(OCA\Encryption\Hooks::login($params));
@ -330,4 +329,28 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$params['password'] = $password;
OCA\Encryption\Hooks::login($params);
}
/**
* helper function to set migration status to the right value
* to be able to test the migration path
*
* @param $status needed migration status for test
* @param $user for which user the status should be set
* @return boolean
*/
private function setMigrationStatus($status, $user) {
$sql = 'UPDATE `*PREFIX*encryption` SET `migration_status` = ? WHERE `uid` = ?';
$args = array(
$status,
$user
);
$query = \OCP\DB::prepare($sql);
if ($query->execute($args)) {
return true;
} else {
return false;
}
}
}