sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ceanup encryption code, improved return codes

remotes/origin/ldap_group_count
Bjoern Schiessle 2014-05-22 15:43:42 +07:00
parent 790c0e8e7c
commit b16b17f920
4 changed files with 102 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apps/files_encryption/hooks/hooks.php
Unescape Escape View File

@ -90,6 +90,8 @@ class Hooks {
return false; return false;
} }
$result = true;
// If migration not yet done // If migration not yet done
if ($ready) { if ($ready) {
@ -97,15 +99,12 @@ class Hooks {
// Set legacy encryption key if it exists, to support // Set legacy encryption key if it exists, to support
// depreciated encryption system // depreciated encryption system
if ( $encLegacyKey = $userView->file_get_contents('encryption.key');
$userView->file_exists('encryption.key') if ($encLegacyKey) {
&& $encLegacyKey = $userView->file_get_contents('encryption.key')
) {
$plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']); $plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
$session->setLegacyKey($plainLegacyKey); $session->setLegacyKey($plainLegacyKey);
} }
// Encrypt existing user files // Encrypt existing user files
@ -113,26 +112,24 @@ class Hooks {
$result = $util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password']); $result = $util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password']);
} catch (\Exception $ex) { } catch (\Exception $ex) {
\OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL); \OCP\Util::writeLog('Encryption library', 'Initial encryption failed! Error: ' . $ex->getMessage(), \OCP\Util::FATAL);
$util->resetMigrationStatus();
\OCP\User::logout();
$result = false; $result = false;
} }
if ($result) { if ($result) {
\OC_Log::write( \OC_Log::write(
'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed' 'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed'
, \OC_Log::INFO , \OC_Log::INFO
); );
// Register successful migration in DB // Register successful migration in DB
$util->finishMigration(); $util->finishMigration();
} else {
\OCP\Util::writeLog('Encryption library', 'Initial encryption failed!', \OCP\Util::FATAL);
$util->resetMigrationStatus();
\OCP\User::logout();
} }
} }
return true; return $result;
} }
/** /**

75
apps/files_encryption/lib/util.php
Unescape Escape View File

@ -303,7 +303,7 @@ class Util {
* Find all files and their encryption status within a directory * Find all files and their encryption status within a directory
* @param string $directory The path of the parent directory to search * @param string $directory The path of the parent directory to search
* @param bool $found the founded files if called again * @param bool $found the founded files if called again
* @return mixed false if 0 found, array on success. Keys: name, path * @return array keys: plain, encrypted, legacy, broken
* @note $directory needs to be a path relative to OC data dir. e.g. * @note $directory needs to be a path relative to OC data dir. e.g.
* /admin/files NOT /backup OR /home/www/oc/data/admin/files * /admin/files NOT /backup OR /home/www/oc/data/admin/files
*/ */
@ -322,10 +322,7 @@ class Util {
); );
} }
if ( if ($this->view->is_dir($directory) && $handle = $this->view->opendir($directory)){
$this->view->is_dir($directory)
&& $handle = $this->view->opendir($directory)
) {
if (is_resource($handle)) { if (is_resource($handle)) {
while (false !== ($file = readdir($handle))) { while (false !== ($file = readdir($handle))) {
@ -390,34 +387,16 @@ class Util {
'name' => $file, 'name' => $file,
'path' => $relPath 'path' => $relPath
); );
} }
} }
}
} }
} }
\OC_FileProxy::$enabled = true;
if (empty($found)) {
return false;
} else {
return $found;
} }
} }
\OC_FileProxy::$enabled = true; \OC_FileProxy::$enabled = true;
return false; return $found;
} }
/** /**
@ -571,28 +550,6 @@ class Util {
return $result; return $result;
} }
/**
* @param string $path
* @return bool
*/
public function isSharedPath($path) {
$trimmed = ltrim($path, '/');
$split = explode('/', $trimmed);
if (isset($split[2]) && $split[2] === 'Shared') {
return true;
} else {
return false;
}
}
/** /**
* encrypt versions from given file * encrypt versions from given file
* @param array $filelist list of encrypted files, relative to data/user/files * @param array $filelist list of encrypted files, relative to data/user/files
@ -808,9 +765,9 @@ class Util {
*/ */
public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) { public function encryptAll($dirPath, $legacyPassphrase = null, $newPassphrase = null) {
$found = $this->findEncFiles($dirPath); $result = true;
if ($found) { $found = $this->findEncFiles($dirPath);
// Disable proxy to prevent file being encrypted twice // Disable proxy to prevent file being encrypted twice
\OC_FileProxy::$enabled = false; \OC_FileProxy::$enabled = false;
@ -841,7 +798,7 @@ class Util {
// Open enc file handle for binary writing, with same filename as original plain file // Open enc file handle for binary writing, with same filename as original plain file
$encHandle = fopen('crypt://' . $rawPath . '.part', 'wb'); $encHandle = fopen('crypt://' . $rawPath . '.part', 'wb');
if (is_resource($encHandle)) { if (is_resource($encHandle) && is_resource($plainHandle)) {
// Move plain file to a temporary location // Move plain file to a temporary location
$size = stream_copy_to_stream($plainHandle, $encHandle); $size = stream_copy_to_stream($plainHandle, $encHandle);
@ -869,14 +826,14 @@ class Util {
)); ));
$encryptedFiles[] = $relPath; $encryptedFiles[] = $relPath;
} else {
\OCP\Util::writeLog('files_encryption', 'initial encryption: could not encrypt ' . $rawPath, \OCP\Util::FATAL);
$result = false;
} }
} }
// Encrypt legacy encrypted files // Encrypt legacy encrypted files
if ( if (!empty($legacyPassphrase) && !empty($newPassphrase)) {
!empty($legacyPassphrase)
&& !empty($newPassphrase)
) {
foreach ($found['legacy'] as $legacyFile) { foreach ($found['legacy'] as $legacyFile) {
@ -901,6 +858,9 @@ class Util {
// close stream // close stream
fclose($encHandle); fclose($encHandle);
} else {
\OCP\Util::writeLog('files_encryption', 'initial encryption: could not encrypt legacy file ' . $rawPath, \OCP\Util::FATAL);
$result = false;
} }
// disable proxy to prevent file being encrypted twice // disable proxy to prevent file being encrypted twice
@ -914,15 +874,10 @@ class Util {
\OC_App::enable('files_versions'); \OC_App::enable('files_versions');
} }
$this->encryptVersions($encryptedFiles); $result = $result && $this->encryptVersions($encryptedFiles);
// If files were found, return true return $result;
return true;
} else {
// If no files were found, return false
return false;
}
} }
/** /**

9
apps/files_encryption/tests/helper.php
Unescape Escape View File

@ -18,15 +18,20 @@ use OCA\Encryption;
class Test_Encryption_Helper extends \PHPUnit_Framework_TestCase { class Test_Encryption_Helper extends \PHPUnit_Framework_TestCase {
const TEST_ENCRYPTION_HELPER_USER1 = "test-helper-user1"; const TEST_ENCRYPTION_HELPER_USER1 = "test-helper-user1";
const TEST_ENCRYPTION_HELPER_USER2 = "test-helper-user2";
public static function setUpBeforeClass() { public static function setUpBeforeClass() {
// create test user // create test user
\Test_Encryption_Util::loginHelper(\Test_Encryption_Helper::TEST_ENCRYPTION_HELPER_USER2, true);
\Test_Encryption_Util::loginHelper(\Test_Encryption_Helper::TEST_ENCRYPTION_HELPER_USER1, true); \Test_Encryption_Util::loginHelper(\Test_Encryption_Helper::TEST_ENCRYPTION_HELPER_USER1, true);
} }
public static function tearDownAfterClass() { public static function tearDownAfterClass() {
// cleanup test user // cleanup test user
\OC_User::deleteUser(\Test_Encryption_Helper::TEST_ENCRYPTION_HELPER_USER1); \OC_User::deleteUser(\Test_Encryption_Helper::TEST_ENCRYPTION_HELPER_USER1);
\OC_User::deleteUser(\Test_Encryption_Helper::TEST_ENCRYPTION_HELPER_USER2);
\OC_Hook::clear();
\OC_FileProxy::clearProxies();
} }
/** /**
@ -81,9 +86,11 @@ class Test_Encryption_Helper extends \PHPUnit_Framework_TestCase {
$path1 = "/" . self::TEST_ENCRYPTION_HELPER_USER1 . "/files/foo/bar.txt"; $path1 = "/" . self::TEST_ENCRYPTION_HELPER_USER1 . "/files/foo/bar.txt";
$path2 = "/" . self::TEST_ENCRYPTION_HELPER_USER1 . "/cache/foo/bar.txt"; $path2 = "/" . self::TEST_ENCRYPTION_HELPER_USER1 . "/cache/foo/bar.txt";
$path3 = "/" . self::TEST_ENCRYPTION_HELPER_USER1 . "/thumbnails/foo"; $path3 = "/" . self::TEST_ENCRYPTION_HELPER_USER2 . "/thumbnails/foo";
$path4 ="/" . "/" . self::TEST_ENCRYPTION_HELPER_USER1; $path4 ="/" . "/" . self::TEST_ENCRYPTION_HELPER_USER1;
\Test_Encryption_Util::loginHelper(self::TEST_ENCRYPTION_HELPER_USER1);
// if we are logged-in every path should return the currently logged-in user // if we are logged-in every path should return the currently logged-in user
$this->assertEquals(self::TEST_ENCRYPTION_HELPER_USER1, Encryption\Helper::getUser($path3)); $this->assertEquals(self::TEST_ENCRYPTION_HELPER_USER1, Encryption\Helper::getUser($path3));

12
apps/files_encryption/tests/util.php
Unescape Escape View File

@ -306,18 +306,6 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$this->view->unlink($this->userId . '/files/' . $filename); $this->view->unlink($this->userId . '/files/' . $filename);
} }
/**
* @medium
*/
function testIsSharedPath() {
$sharedPath = '/user1/files/Shared/test';
$path = '/user1/files/test';
$this->assertTrue($this->util->isSharedPath($sharedPath));
$this->assertFalse($this->util->isSharedPath($path));
}
function testEncryptAll() { function testEncryptAll() {
$filename = "/encryptAll" . uniqid() . ".txt"; $filename = "/encryptAll" . uniqid() . ".txt";