nextcloud / server

apps/encryption/lib/Controller/RecoveryController.php

Indentation +155 added lines, -155 removed lines

@@ -34,160 +34,160 @@
 use OCP\AppFramework\Http\DataResponse;
 
 class RecoveryController extends Controller {
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IL10N
-	 */
-	private $l;
-	/**
-	 * @var Recovery
-	 */
-	private $recovery;
-
-	/**
-	 * @param string $AppName
-	 * @param IRequest $request
-	 * @param IConfig $config
-	 * @param IL10N $l10n
-	 * @param Recovery $recovery
-	 */
-	public function __construct($AppName,
-								IRequest $request,
-								IConfig $config,
-								IL10N $l10n,
-								Recovery $recovery) {
-		parent::__construct($AppName, $request);
-		$this->config = $config;
-		$this->l = $l10n;
-		$this->recovery = $recovery;
-	}
-
-	/**
-	 * @param string $recoveryPassword
-	 * @param string $confirmPassword
-	 * @param string $adminEnableRecovery
-	 * @return DataResponse
-	 */
-	public function adminRecovery($recoveryPassword, $confirmPassword, $adminEnableRecovery) {
-		// Check if both passwords are the same
-		if (empty($recoveryPassword)) {
-			$errorMessage = (string)$this->l->t('Missing recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]],
-				Http::STATUS_BAD_REQUEST);
-		}
-
-		if (empty($confirmPassword)) {
-			$errorMessage = (string)$this->l->t('Please repeat the recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]],
-				Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($recoveryPassword !== $confirmPassword) {
-			$errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]],
-				Http::STATUS_BAD_REQUEST);
-		}
-
-		if (isset($adminEnableRecovery) && $adminEnableRecovery === '1') {
-			if ($this->recovery->enableAdminRecovery($recoveryPassword)) {
-				return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully enabled')]]);
-			}
-			return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
-		} elseif (isset($adminEnableRecovery) && $adminEnableRecovery === '0') {
-			if ($this->recovery->disableAdminRecovery($recoveryPassword)) {
-				return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully disabled')]]);
-			}
-			return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
-		}
-		// this response should never be sent but just in case.
-		return new DataResponse(['data' => ['message' => (string)$this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST);
-	}
-
-	/**
-	 * @param string $newPassword
-	 * @param string $oldPassword
-	 * @param string $confirmPassword
-	 * @return DataResponse
-	 */
-	public function changeRecoveryPassword($newPassword, $oldPassword, $confirmPassword) {
-		//check if both passwords are the same
-		if (empty($oldPassword)) {
-			$errorMessage = (string)$this->l->t('Please provide the old recovery password');
-			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		if (empty($newPassword)) {
-			$errorMessage = (string)$this->l->t('Please provide a new recovery password');
-			return new DataResponse (['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		if (empty($confirmPassword)) {
-			$errorMessage = (string)$this->l->t('Please repeat the new recovery password');
-			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		if ($newPassword !== $confirmPassword) {
-			$errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
-			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
-		}
-
-		$result = $this->recovery->changeRecoveryKeyPassword($newPassword,
-			$oldPassword);
-
-		if ($result) {
-			return new DataResponse(
-				[
-					'data' => [
-						'message' => (string)$this->l->t('Password successfully changed.')]
-				]
-			);
-		}
-		return new DataResponse(
-			[
-				'data' => [
-					'message' => (string)$this->l->t('Could not change the password. Maybe the old password was not correct.')
-				]
-			], Http::STATUS_BAD_REQUEST);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 *
-	 * @param string $userEnableRecovery
-	 * @return DataResponse
-	 */
-	public function userSetRecovery($userEnableRecovery) {
-		if ($userEnableRecovery === '0' || $userEnableRecovery === '1') {
-
-			$result = $this->recovery->setRecoveryForUser($userEnableRecovery);
-
-			if ($result) {
-				if ($userEnableRecovery === '0') {
-					return new DataResponse(
-						[
-							'data' => [
-								'message' => (string)$this->l->t('Recovery Key disabled')]
-						]
-					);
-				}
-				return new DataResponse(
-					[
-						'data' => [
-							'message' => (string)$this->l->t('Recovery Key enabled')]
-					]
-				);
-			}
-
-		}
-		return new DataResponse(
-			[
-				'data' => [
-					'message' => (string)$this->l->t('Could not enable the recovery key, please try again or contact your administrator')
-				]
-			], Http::STATUS_BAD_REQUEST);
-	}
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IL10N
+     */
+    private $l;
+    /**
+     * @var Recovery
+     */
+    private $recovery;
+
+    /**
+     * @param string $AppName
+     * @param IRequest $request
+     * @param IConfig $config
+     * @param IL10N $l10n
+     * @param Recovery $recovery
+     */
+    public function __construct($AppName,
+                                IRequest $request,
+                                IConfig $config,
+                                IL10N $l10n,
+                                Recovery $recovery) {
+        parent::__construct($AppName, $request);
+        $this->config = $config;
+        $this->l = $l10n;
+        $this->recovery = $recovery;
+    }
+
+    /**
+     * @param string $recoveryPassword
+     * @param string $confirmPassword
+     * @param string $adminEnableRecovery
+     * @return DataResponse
+     */
+    public function adminRecovery($recoveryPassword, $confirmPassword, $adminEnableRecovery) {
+        // Check if both passwords are the same
+        if (empty($recoveryPassword)) {
+            $errorMessage = (string)$this->l->t('Missing recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]],
+                Http::STATUS_BAD_REQUEST);
+        }
+
+        if (empty($confirmPassword)) {
+            $errorMessage = (string)$this->l->t('Please repeat the recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]],
+                Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($recoveryPassword !== $confirmPassword) {
+            $errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]],
+                Http::STATUS_BAD_REQUEST);
+        }
+
+        if (isset($adminEnableRecovery) && $adminEnableRecovery === '1') {
+            if ($this->recovery->enableAdminRecovery($recoveryPassword)) {
+                return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully enabled')]]);
+            }
+            return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
+        } elseif (isset($adminEnableRecovery) && $adminEnableRecovery === '0') {
+            if ($this->recovery->disableAdminRecovery($recoveryPassword)) {
+                return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully disabled')]]);
+            }
+            return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
+        }
+        // this response should never be sent but just in case.
+        return new DataResponse(['data' => ['message' => (string)$this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST);
+    }
+
+    /**
+     * @param string $newPassword
+     * @param string $oldPassword
+     * @param string $confirmPassword
+     * @return DataResponse
+     */
+    public function changeRecoveryPassword($newPassword, $oldPassword, $confirmPassword) {
+        //check if both passwords are the same
+        if (empty($oldPassword)) {
+            $errorMessage = (string)$this->l->t('Please provide the old recovery password');
+            return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        if (empty($newPassword)) {
+            $errorMessage = (string)$this->l->t('Please provide a new recovery password');
+            return new DataResponse (['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        if (empty($confirmPassword)) {
+            $errorMessage = (string)$this->l->t('Please repeat the new recovery password');
+            return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        if ($newPassword !== $confirmPassword) {
+            $errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
+            return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+        }
+
+        $result = $this->recovery->changeRecoveryKeyPassword($newPassword,
+            $oldPassword);
+
+        if ($result) {
+            return new DataResponse(
+                [
+                    'data' => [
+                        'message' => (string)$this->l->t('Password successfully changed.')]
+                ]
+            );
+        }
+        return new DataResponse(
+            [
+                'data' => [
+                    'message' => (string)$this->l->t('Could not change the password. Maybe the old password was not correct.')
+                ]
+            ], Http::STATUS_BAD_REQUEST);
+    }
+
+    /**
+     * @NoAdminRequired
+     *
+     * @param string $userEnableRecovery
+     * @return DataResponse
+     */
+    public function userSetRecovery($userEnableRecovery) {
+        if ($userEnableRecovery === '0' || $userEnableRecovery === '1') {
+
+            $result = $this->recovery->setRecoveryForUser($userEnableRecovery);
+
+            if ($result) {
+                if ($userEnableRecovery === '0') {
+                    return new DataResponse(
+                        [
+                            'data' => [
+                                'message' => (string)$this->l->t('Recovery Key disabled')]
+                        ]
+                    );
+                }
+                return new DataResponse(
+                    [
+                        'data' => [
+                            'message' => (string)$this->l->t('Recovery Key enabled')]
+                    ]
+                );
+            }
+
+        }
+        return new DataResponse(
+            [
+                'data' => [
+                    'message' => (string)$this->l->t('Could not enable the recovery key, please try again or contact your administrator')
+                ]
+            ], Http::STATUS_BAD_REQUEST);
+    }
 
 }

Spacing +18 added lines, -18 removed lines

@@ -74,36 +74,36 @@ 
 	public function adminRecovery($recoveryPassword, $confirmPassword, $adminEnableRecovery) {
 		// Check if both passwords are the same
 		if (empty($recoveryPassword)) {
-			$errorMessage = (string)$this->l->t('Missing recovery key password');
+			$errorMessage = (string) $this->l->t('Missing recovery key password');
 			return new DataResponse(['data' => ['message' => $errorMessage]],
 				Http::STATUS_BAD_REQUEST);
 		}
 
 		if (empty($confirmPassword)) {
-			$errorMessage = (string)$this->l->t('Please repeat the recovery key password');
+			$errorMessage = (string) $this->l->t('Please repeat the recovery key password');
 			return new DataResponse(['data' => ['message' => $errorMessage]],
 				Http::STATUS_BAD_REQUEST);
 		}
 
 		if ($recoveryPassword !== $confirmPassword) {
-			$errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
+			$errorMessage = (string) $this->l->t('Repeated recovery key password does not match the provided recovery key password');
 			return new DataResponse(['data' => ['message' => $errorMessage]],
 				Http::STATUS_BAD_REQUEST);
 		}
 
 		if (isset($adminEnableRecovery) && $adminEnableRecovery === '1') {
 			if ($this->recovery->enableAdminRecovery($recoveryPassword)) {
-				return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully enabled')]]);
+				return new DataResponse(['data' => ['message' => (string) $this->l->t('Recovery key successfully enabled')]]);
 			}
-			return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
+			return new DataResponse(['data' => ['message' => (string) $this->l->t('Could not enable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
 		} elseif (isset($adminEnableRecovery) && $adminEnableRecovery === '0') {
 			if ($this->recovery->disableAdminRecovery($recoveryPassword)) {
-				return new DataResponse(['data' => ['message' => (string)$this->l->t('Recovery key successfully disabled')]]);
+				return new DataResponse(['data' => ['message' => (string) $this->l->t('Recovery key successfully disabled')]]);
 			}
-			return new DataResponse(['data' => ['message' => (string)$this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
+			return new DataResponse(['data' => ['message' => (string) $this->l->t('Could not disable recovery key. Please check your recovery key password!')]], Http::STATUS_BAD_REQUEST);
 		}
 		// this response should never be sent but just in case.
-		return new DataResponse(['data' => ['message' => (string)$this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST);
+		return new DataResponse(['data' => ['message' => (string) $this->l->t('Missing parameters')]], Http::STATUS_BAD_REQUEST);
 	}
 
 	/**
@@ -115,22 +115,22 @@ 
 	public function changeRecoveryPassword($newPassword, $oldPassword, $confirmPassword) {
 		//check if both passwords are the same
 		if (empty($oldPassword)) {
-			$errorMessage = (string)$this->l->t('Please provide the old recovery password');
+			$errorMessage = (string) $this->l->t('Please provide the old recovery password');
 			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
 		}
 
 		if (empty($newPassword)) {
-			$errorMessage = (string)$this->l->t('Please provide a new recovery password');
-			return new DataResponse (['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
+			$errorMessage = (string) $this->l->t('Please provide a new recovery password');
+			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
 		}
 
 		if (empty($confirmPassword)) {
-			$errorMessage = (string)$this->l->t('Please repeat the new recovery password');
+			$errorMessage = (string) $this->l->t('Please repeat the new recovery password');
 			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
 		}
 
 		if ($newPassword !== $confirmPassword) {
-			$errorMessage = (string)$this->l->t('Repeated recovery key password does not match the provided recovery key password');
+			$errorMessage = (string) $this->l->t('Repeated recovery key password does not match the provided recovery key password');
 			return new DataResponse(['data' => ['message' => $errorMessage]], Http::STATUS_BAD_REQUEST);
 		}
 
@@ -141,14 +141,14 @@ 
 			return new DataResponse(
 				[
 					'data' => [
-						'message' => (string)$this->l->t('Password successfully changed.')]
+						'message' => (string) $this->l->t('Password successfully changed.')]
 				]
 			);
 		}
 		return new DataResponse(
 			[
 				'data' => [
-					'message' => (string)$this->l->t('Could not change the password. Maybe the old password was not correct.')
+					'message' => (string) $this->l->t('Could not change the password. Maybe the old password was not correct.')
 				]
 			], Http::STATUS_BAD_REQUEST);
 	}
@@ -169,14 +169,14 @@ 
 					return new DataResponse(
 						[
 							'data' => [
-								'message' => (string)$this->l->t('Recovery Key disabled')]
+								'message' => (string) $this->l->t('Recovery Key disabled')]
 						]
 					);
 				}
 				return new DataResponse(
 					[
 						'data' => [
-							'message' => (string)$this->l->t('Recovery Key enabled')]
+							'message' => (string) $this->l->t('Recovery Key enabled')]
 					]
 				);
 			}
@@ -185,7 +185,7 @@ 
 		return new DataResponse(
 			[
 				'data' => [
-					'message' => (string)$this->l->t('Could not enable the recovery key, please try again or contact your administrator')
+					'message' => (string) $this->l->t('Could not enable the recovery key, please try again or contact your administrator')
 				]
 			], Http::STATUS_BAD_REQUEST);
 	}

apps/encryption/lib/Exceptions/PublicKeyMissingException.php

Indentation +9 added lines, -9 removed lines

@@ -25,14 +25,14 @@
 
 class PublicKeyMissingException extends GenericEncryptionException {
 
-	/**
-	 * @param string $userId
-	 */
-	public function __construct($userId) {
-		if(empty($userId)) {
-			$userId = "<no-user-id-given>";
-		}
-		parent::__construct("Public Key missing for user: $userId");
-	}
+    /**
+     * @param string $userId
+     */
+    public function __construct($userId) {
+        if(empty($userId)) {
+            $userId = "<no-user-id-given>";
+        }
+        parent::__construct("Public Key missing for user: $userId");
+    }
 
 }

Spacing +1 added lines, -1 removed lines

@@ -29,7 +29,7 @@
 	 * @param string $userId
 	 */
 	public function __construct($userId) {
-		if(empty($userId)) {
+		if (empty($userId)) {
 			$userId = "<no-user-id-given>";
 		}
 		parent::__construct("Public Key missing for user: $userId");

apps/encryption/lib/Exceptions/PrivateKeyMissingException.php

Indentation +9 added lines, -9 removed lines

@@ -28,14 +28,14 @@
 
 class PrivateKeyMissingException extends GenericEncryptionException {
 
-	/**
-	 * @param string $userId
-	 */
-	public function __construct($userId) {
-		if(empty($userId)) {
-			$userId = "<no-user-id-given>";
-		}
-		parent::__construct("Private Key missing for user: $userId");
-	}
+    /**
+     * @param string $userId
+     */
+    public function __construct($userId) {
+        if(empty($userId)) {
+            $userId = "<no-user-id-given>";
+        }
+        parent::__construct("Private Key missing for user: $userId");
+    }
 
 }

Spacing +1 added lines, -1 removed lines

@@ -32,7 +32,7 @@
 	 * @param string $userId
 	 */
 	public function __construct($userId) {
-		if(empty($userId)) {
+		if (empty($userId)) {
 			$userId = "<no-user-id-given>";
 		}
 		parent::__construct("Private Key missing for user: $userId");

apps/encryption/lib/Recovery.php

Indentation +287 added lines, -287 removed lines

@@ -38,293 +38,293 @@
 class Recovery {
 
 
-	/**
-	 * @var null|IUser
-	 */
-	protected $user;
-	/**
-	 * @var Crypt
-	 */
-	protected $crypt;
-	/**
-	 * @var ISecureRandom
-	 */
-	private $random;
-	/**
-	 * @var KeyManager
-	 */
-	private $keyManager;
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IStorage
-	 */
-	private $keyStorage;
-	/**
-	 * @var View
-	 */
-	private $view;
-	/**
-	 * @var IFile
-	 */
-	private $file;
-
-	/**
-	 * @param IUserSession $user
-	 * @param Crypt $crypt
-	 * @param ISecureRandom $random
-	 * @param KeyManager $keyManager
-	 * @param IConfig $config
-	 * @param IStorage $keyStorage
-	 * @param IFile $file
-	 * @param View $view
-	 */
-	public function __construct(IUserSession $user,
-								Crypt $crypt,
-								ISecureRandom $random,
-								KeyManager $keyManager,
-								IConfig $config,
-								IStorage $keyStorage,
-								IFile $file,
-								View $view) {
-		$this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false;
-		$this->crypt = $crypt;
-		$this->random = $random;
-		$this->keyManager = $keyManager;
-		$this->config = $config;
-		$this->keyStorage = $keyStorage;
-		$this->view = $view;
-		$this->file = $file;
-	}
-
-	/**
-	 * @param string $password
-	 * @return bool
-	 */
-	public function enableAdminRecovery($password) {
-		$appConfig = $this->config;
-		$keyManager = $this->keyManager;
-
-		if (!$keyManager->recoveryKeyExists()) {
-			$keyPair = $this->crypt->createKeyPair();
-			if(!is_array($keyPair)) {
-				return false;
-			}
-
-			$this->keyManager->setRecoveryKey($password, $keyPair);
-		}
-
-		if ($keyManager->checkRecoveryPassword($password)) {
-			$appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1);
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * change recovery key id
-	 *
-	 * @param string $newPassword
-	 * @param string $oldPassword
-	 * @return bool
-	 */
-	public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
-		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
-		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
-		if($decryptedRecoveryKey === false) {
-			return false;
-		}
-		$encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword);
-		$header = $this->crypt->generateHeader();
-		if ($encryptedRecoveryKey) {
-			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $recoveryPassword
-	 * @return bool
-	 */
-	public function disableAdminRecovery($recoveryPassword) {
-		$keyManager = $this->keyManager;
-
-		if ($keyManager->checkRecoveryPassword($recoveryPassword)) {
-			// Set recoveryAdmin as disabled
-			$this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * check if recovery is enabled for user
-	 *
-	 * @param string $user if no user is given we check the current logged-in user
-	 *
-	 * @return bool
-	 */
-	public function isRecoveryEnabledForUser($user = '') {
-		$uid = empty($user) ? $this->user->getUID() : $user;
-		$recoveryMode = $this->config->getUserValue($uid,
-			'encryption',
-			'recoveryEnabled',
-			0);
-
-		return ($recoveryMode === '1');
-	}
-
-	/**
-	 * check if recovery is key is enabled by the administrator
-	 *
-	 * @return bool
-	 */
-	public function isRecoveryKeyEnabled() {
-		$enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0);
-
-		return ($enabled === '1');
-	}
-
-	/**
-	 * @param string $value
-	 * @return bool
-	 */
-	public function setRecoveryForUser($value) {
-
-		try {
-			$this->config->setUserValue($this->user->getUID(),
-				'encryption',
-				'recoveryEnabled',
-				$value);
-
-			if ($value === '1') {
-				$this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
-			} else {
-				$this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/');
-			}
-
-			return true;
-		} catch (PreConditionNotMetException $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * add recovery key to all encrypted files
-	 * @param string $path
-	 */
-	private function addRecoveryKeys($path) {
-		$dirContent = $this->view->getDirectoryContent($path);
-		foreach ($dirContent as $item) {
-			$filePath = $item->getPath();
-			if ($item['type'] === 'dir') {
-				$this->addRecoveryKeys($filePath . '/');
-			} else {
-				$fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
-				if (!empty($fileKey)) {
-					$accessList = $this->file->getAccessList($filePath);
-					$publicKeys = array();
-					foreach ($accessList['users'] as $uid) {
-						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
-					}
-
-					$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID());
-
-					$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-					$this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
-				}
-			}
-		}
-	}
-
-	/**
-	 * remove recovery key to all encrypted files
-	 * @param string $path
-	 */
-	private function removeRecoveryKeys($path) {
-		$dirContent = $this->view->getDirectoryContent($path);
-		foreach ($dirContent as $item) {
-			$filePath = $item->getPath();
-			if ($item['type'] === 'dir') {
-				$this->removeRecoveryKeys($filePath . '/');
-			} else {
-				$this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId());
-			}
-		}
-	}
-
-	/**
-	 * recover users files with the recovery key
-	 *
-	 * @param string $recoveryPassword
-	 * @param string $user
-	 */
-	public function recoverUsersFiles($recoveryPassword, $user) {
-		$encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
-
-		$privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);
-		if($privateKey !== false) {
-			$this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
-		}
-	}
-
-	/**
-	 * recover users files
-	 *
-	 * @param string $path
-	 * @param string $privateKey
-	 * @param string $uid
-	 */
-	private function recoverAllFiles($path, $privateKey, $uid) {
-		$dirContent = $this->view->getDirectoryContent($path);
-
-		foreach ($dirContent as $item) {
-			// Get relative path from encryption/keyfiles
-			$filePath = $item->getPath();
-			if ($this->view->is_dir($filePath)) {
-				$this->recoverAllFiles($filePath . '/', $privateKey, $uid);
-			} else {
-				$this->recoverFile($filePath, $privateKey, $uid);
-			}
-		}
-
-	}
-
-	/**
-	 * recover file
-	 *
-	 * @param string $path
-	 * @param string $privateKey
-	 * @param string $uid
-	 */
-	private function recoverFile($path, $privateKey, $uid) {
-		$encryptedFileKey = $this->keyManager->getEncryptedFileKey($path);
-		$shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId());
-
-		if ($encryptedFileKey && $shareKey && $privateKey) {
-			$fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$privateKey);
-		}
-
-		if (!empty($fileKey)) {
-			$accessList = $this->file->getAccessList($path);
-			$publicKeys = array();
-			foreach ($accessList['users'] as $user) {
-				$publicKeys[$user] = $this->keyManager->getPublicKey($user);
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
-
-			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-			$this->keyManager->setAllFileKeys($path, $encryptedKeyfiles);
-		}
-
-	}
+    /**
+     * @var null|IUser
+     */
+    protected $user;
+    /**
+     * @var Crypt
+     */
+    protected $crypt;
+    /**
+     * @var ISecureRandom
+     */
+    private $random;
+    /**
+     * @var KeyManager
+     */
+    private $keyManager;
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IStorage
+     */
+    private $keyStorage;
+    /**
+     * @var View
+     */
+    private $view;
+    /**
+     * @var IFile
+     */
+    private $file;
+
+    /**
+     * @param IUserSession $user
+     * @param Crypt $crypt
+     * @param ISecureRandom $random
+     * @param KeyManager $keyManager
+     * @param IConfig $config
+     * @param IStorage $keyStorage
+     * @param IFile $file
+     * @param View $view
+     */
+    public function __construct(IUserSession $user,
+                                Crypt $crypt,
+                                ISecureRandom $random,
+                                KeyManager $keyManager,
+                                IConfig $config,
+                                IStorage $keyStorage,
+                                IFile $file,
+                                View $view) {
+        $this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false;
+        $this->crypt = $crypt;
+        $this->random = $random;
+        $this->keyManager = $keyManager;
+        $this->config = $config;
+        $this->keyStorage = $keyStorage;
+        $this->view = $view;
+        $this->file = $file;
+    }
+
+    /**
+     * @param string $password
+     * @return bool
+     */
+    public function enableAdminRecovery($password) {
+        $appConfig = $this->config;
+        $keyManager = $this->keyManager;
+
+        if (!$keyManager->recoveryKeyExists()) {
+            $keyPair = $this->crypt->createKeyPair();
+            if(!is_array($keyPair)) {
+                return false;
+            }
+
+            $this->keyManager->setRecoveryKey($password, $keyPair);
+        }
+
+        if ($keyManager->checkRecoveryPassword($password)) {
+            $appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1);
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * change recovery key id
+     *
+     * @param string $newPassword
+     * @param string $oldPassword
+     * @return bool
+     */
+    public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
+        $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
+        $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
+        if($decryptedRecoveryKey === false) {
+            return false;
+        }
+        $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword);
+        $header = $this->crypt->generateHeader();
+        if ($encryptedRecoveryKey) {
+            $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $recoveryPassword
+     * @return bool
+     */
+    public function disableAdminRecovery($recoveryPassword) {
+        $keyManager = $this->keyManager;
+
+        if ($keyManager->checkRecoveryPassword($recoveryPassword)) {
+            // Set recoveryAdmin as disabled
+            $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * check if recovery is enabled for user
+     *
+     * @param string $user if no user is given we check the current logged-in user
+     *
+     * @return bool
+     */
+    public function isRecoveryEnabledForUser($user = '') {
+        $uid = empty($user) ? $this->user->getUID() : $user;
+        $recoveryMode = $this->config->getUserValue($uid,
+            'encryption',
+            'recoveryEnabled',
+            0);
+
+        return ($recoveryMode === '1');
+    }
+
+    /**
+     * check if recovery is key is enabled by the administrator
+     *
+     * @return bool
+     */
+    public function isRecoveryKeyEnabled() {
+        $enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0);
+
+        return ($enabled === '1');
+    }
+
+    /**
+     * @param string $value
+     * @return bool
+     */
+    public function setRecoveryForUser($value) {
+
+        try {
+            $this->config->setUserValue($this->user->getUID(),
+                'encryption',
+                'recoveryEnabled',
+                $value);
+
+            if ($value === '1') {
+                $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
+            } else {
+                $this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/');
+            }
+
+            return true;
+        } catch (PreConditionNotMetException $e) {
+            return false;
+        }
+    }
+
+    /**
+     * add recovery key to all encrypted files
+     * @param string $path
+     */
+    private function addRecoveryKeys($path) {
+        $dirContent = $this->view->getDirectoryContent($path);
+        foreach ($dirContent as $item) {
+            $filePath = $item->getPath();
+            if ($item['type'] === 'dir') {
+                $this->addRecoveryKeys($filePath . '/');
+            } else {
+                $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
+                if (!empty($fileKey)) {
+                    $accessList = $this->file->getAccessList($filePath);
+                    $publicKeys = array();
+                    foreach ($accessList['users'] as $uid) {
+                        $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+                    }
+
+                    $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID());
+
+                    $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+                    $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
+                }
+            }
+        }
+    }
+
+    /**
+     * remove recovery key to all encrypted files
+     * @param string $path
+     */
+    private function removeRecoveryKeys($path) {
+        $dirContent = $this->view->getDirectoryContent($path);
+        foreach ($dirContent as $item) {
+            $filePath = $item->getPath();
+            if ($item['type'] === 'dir') {
+                $this->removeRecoveryKeys($filePath . '/');
+            } else {
+                $this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId());
+            }
+        }
+    }
+
+    /**
+     * recover users files with the recovery key
+     *
+     * @param string $recoveryPassword
+     * @param string $user
+     */
+    public function recoverUsersFiles($recoveryPassword, $user) {
+        $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
+
+        $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);
+        if($privateKey !== false) {
+            $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
+        }
+    }
+
+    /**
+     * recover users files
+     *
+     * @param string $path
+     * @param string $privateKey
+     * @param string $uid
+     */
+    private function recoverAllFiles($path, $privateKey, $uid) {
+        $dirContent = $this->view->getDirectoryContent($path);
+
+        foreach ($dirContent as $item) {
+            // Get relative path from encryption/keyfiles
+            $filePath = $item->getPath();
+            if ($this->view->is_dir($filePath)) {
+                $this->recoverAllFiles($filePath . '/', $privateKey, $uid);
+            } else {
+                $this->recoverFile($filePath, $privateKey, $uid);
+            }
+        }
+
+    }
+
+    /**
+     * recover file
+     *
+     * @param string $path
+     * @param string $privateKey
+     * @param string $uid
+     */
+    private function recoverFile($path, $privateKey, $uid) {
+        $encryptedFileKey = $this->keyManager->getEncryptedFileKey($path);
+        $shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId());
+
+        if ($encryptedFileKey && $shareKey && $privateKey) {
+            $fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $privateKey);
+        }
+
+        if (!empty($fileKey)) {
+            $accessList = $this->file->getAccessList($path);
+            $publicKeys = array();
+            foreach ($accessList['users'] as $user) {
+                $publicKeys[$user] = $this->keyManager->getPublicKey($user);
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
+
+            $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+            $this->keyManager->setAllFileKeys($path, $encryptedKeyfiles);
+        }
+
+    }
 
 
 }

Spacing +10 added lines, -10 removed lines

@@ -109,7 +109,7 @@ 
 
 		if (!$keyManager->recoveryKeyExists()) {
 			$keyPair = $this->crypt->createKeyPair();
-			if(!is_array($keyPair)) {
+			if (!is_array($keyPair)) {
 				return false;
 			}
 
@@ -134,13 +134,13 @@ 
 	public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
 		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
 		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
-		if($decryptedRecoveryKey === false) {
+		if ($decryptedRecoveryKey === false) {
 			return false;
 		}
 		$encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword);
 		$header = $this->crypt->generateHeader();
 		if ($encryptedRecoveryKey) {
-			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
+			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header.$encryptedRecoveryKey);
 			return true;
 		}
 		return false;
@@ -202,9 +202,9 @@ 
 				$value);
 
 			if ($value === '1') {
-				$this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
+				$this->addRecoveryKeys('/'.$this->user->getUID().'/files/');
 			} else {
-				$this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/');
+				$this->removeRecoveryKeys('/'.$this->user->getUID().'/files/');
 			}
 
 			return true;
@@ -222,7 +222,7 @@ 
 		foreach ($dirContent as $item) {
 			$filePath = $item->getPath();
 			if ($item['type'] === 'dir') {
-				$this->addRecoveryKeys($filePath . '/');
+				$this->addRecoveryKeys($filePath.'/');
 			} else {
 				$fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
 				if (!empty($fileKey)) {
@@ -250,7 +250,7 @@ 
 		foreach ($dirContent as $item) {
 			$filePath = $item->getPath();
 			if ($item['type'] === 'dir') {
-				$this->removeRecoveryKeys($filePath . '/');
+				$this->removeRecoveryKeys($filePath.'/');
 			} else {
 				$this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId());
 			}
@@ -267,8 +267,8 @@ 
 		$encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
 
 		$privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);
-		if($privateKey !== false) {
-			$this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
+		if ($privateKey !== false) {
+			$this->recoverAllFiles('/'.$user.'/files/', $privateKey, $user);
 		}
 	}
 
@@ -286,7 +286,7 @@ 
 			// Get relative path from encryption/keyfiles
 			$filePath = $item->getPath();
 			if ($this->view->is_dir($filePath)) {
-				$this->recoverAllFiles($filePath . '/', $privateKey, $uid);
+				$this->recoverAllFiles($filePath.'/', $privateKey, $uid);
 			} else {
 				$this->recoverFile($filePath, $privateKey, $uid);
 			}

apps/encryption/lib/Command/EnableMasterKey.php

Indentation +49 added lines, -49 removed lines

@@ -34,54 +34,54 @@
 
 class EnableMasterKey extends Command {
 
-	/** @var Util */
-	protected $util;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var  QuestionHelper */
-	protected $questionHelper;
-
-	/**
-	 * @param Util $util
-	 * @param IConfig $config
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(Util $util,
-								IConfig $config,
-								QuestionHelper $questionHelper) {
-
-		$this->util = $util;
-		$this->config = $config;
-		$this->questionHelper = $questionHelper;
-		parent::__construct();
-	}
-
-	protected function configure() {
-		$this
-			->setName('encryption:enable-master-key')
-			->setDescription('Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again.');
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output) {
-
-		$isAlreadyEnabled = $this->util->isMasterKeyEnabled();
-
-		if($isAlreadyEnabled) {
-			$output->writeln('Master key already enabled');
-		} else {
-			$question = new ConfirmationQuestion(
-				'Warning: Only available for fresh installations with no existing encrypted data! '
-			. 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
-			if ($this->questionHelper->ask($input, $output, $question)) {
-				$this->config->setAppValue('encryption', 'useMasterKey', '1');
-				$output->writeln('Master key successfully enabled.');
-			} else {
-				$output->writeln('aborted.');
-			}
-		}
-
-	}
+    /** @var Util */
+    protected $util;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var  QuestionHelper */
+    protected $questionHelper;
+
+    /**
+     * @param Util $util
+     * @param IConfig $config
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(Util $util,
+                                IConfig $config,
+                                QuestionHelper $questionHelper) {
+
+        $this->util = $util;
+        $this->config = $config;
+        $this->questionHelper = $questionHelper;
+        parent::__construct();
+    }
+
+    protected function configure() {
+        $this
+            ->setName('encryption:enable-master-key')
+            ->setDescription('Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again.');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output) {
+
+        $isAlreadyEnabled = $this->util->isMasterKeyEnabled();
+
+        if($isAlreadyEnabled) {
+            $output->writeln('Master key already enabled');
+        } else {
+            $question = new ConfirmationQuestion(
+                'Warning: Only available for fresh installations with no existing encrypted data! '
+            . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
+            if ($this->questionHelper->ask($input, $output, $question)) {
+                $this->config->setAppValue('encryption', 'useMasterKey', '1');
+                $output->writeln('Master key successfully enabled.');
+            } else {
+                $output->writeln('aborted.');
+            }
+        }
+
+    }
 
 }

Spacing +1 added lines, -1 removed lines

@@ -68,7 +68,7 @@
 
 		$isAlreadyEnabled = $this->util->isMasterKeyEnabled();
 
-		if($isAlreadyEnabled) {
+		if ($isAlreadyEnabled) {
 			$output->writeln('Master key already enabled');
 		} else {
 			$question = new ConfirmationQuestion(

apps/encryption/lib/Hooks/UserHooks.php

Spacing +2 added lines, -2 removed lines

@@ -276,7 +276,7 @@ 
 			// Save private key
 			if ($encryptedPrivateKey) {
 				$this->keyManager->setPrivateKey($this->user->getUser()->getUID(),
-					$this->crypt->generateHeader() . $encryptedPrivateKey);
+					$this->crypt->generateHeader().$encryptedPrivateKey);
 			} else {
 				$this->logger->error('Encryption could not update users encryption password');
 			}
@@ -313,7 +313,7 @@ 
 				$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
 
 				if ($encryptedKey) {
-					$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
+					$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader().$encryptedKey);
 
 					if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
 						$this->recovery->recoverUsersFiles($recoveryPassword, $user);

Indentation +289 added lines, -289 removed lines

@@ -41,293 +41,293 @@
 
 class UserHooks implements IHook {
 
-	/**
-	 * list of user for which we perform a password reset
-	 * @var array
-	 */
-	protected static $passwordResetUsers = [];
-
-	/**
-	 * @var KeyManager
-	 */
-	private $keyManager;
-	/**
-	 * @var IUserManager
-	 */
-	private $userManager;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-	/**
-	 * @var Setup
-	 */
-	private $userSetup;
-	/**
-	 * @var IUserSession
-	 */
-	private $user;
-	/**
-	 * @var Util
-	 */
-	private $util;
-	/**
-	 * @var Session
-	 */
-	private $session;
-	/**
-	 * @var Recovery
-	 */
-	private $recovery;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-
-	/**
-	 * UserHooks constructor.
-	 *
-	 * @param KeyManager $keyManager
-	 * @param IUserManager $userManager
-	 * @param ILogger $logger
-	 * @param Setup $userSetup
-	 * @param IUserSession $user
-	 * @param Util $util
-	 * @param Session $session
-	 * @param Crypt $crypt
-	 * @param Recovery $recovery
-	 */
-	public function __construct(KeyManager $keyManager,
-								IUserManager $userManager,
-								ILogger $logger,
-								Setup $userSetup,
-								IUserSession $user,
-								Util $util,
-								Session $session,
-								Crypt $crypt,
-								Recovery $recovery) {
-
-		$this->keyManager = $keyManager;
-		$this->userManager = $userManager;
-		$this->logger = $logger;
-		$this->userSetup = $userSetup;
-		$this->user = $user;
-		$this->util = $util;
-		$this->session = $session;
-		$this->recovery = $recovery;
-		$this->crypt = $crypt;
-	}
-
-	/**
-	 * Connects Hooks
-	 *
-	 * @return null
-	 */
-	public function addHooks() {
-		OCUtil::connectHook('OC_User', 'post_login', $this, 'login');
-		OCUtil::connectHook('OC_User', 'logout', $this, 'logout');
-
-		// this hooks only make sense if no master key is used
-		if ($this->util->isMasterKeyEnabled() === false) {
-			OCUtil::connectHook('OC_User',
-				'post_setPassword',
-				$this,
-				'setPassphrase');
-
-			OCUtil::connectHook('OC_User',
-				'pre_setPassword',
-				$this,
-				'preSetPassphrase');
-
-			OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
-				'post_passwordReset',
-				$this,
-				'postPasswordReset');
-
-			OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
-				'pre_passwordReset',
-				$this,
-				'prePasswordReset');
-
-			OCUtil::connectHook('OC_User',
-				'post_createUser',
-				$this,
-				'postCreateUser');
-
-			OCUtil::connectHook('OC_User',
-				'post_deleteUser',
-				$this,
-				'postDeleteUser');
-		}
-	}
-
-
-	/**
-	 * Startup encryption backend upon user login
-	 *
-	 * @note This method should never be called for users using client side encryption
-	 * @param array $params
-	 * @return boolean|null
-	 */
-	public function login($params) {
-		// ensure filesystem is loaded
-		if (!\OC\Files\Filesystem::$loaded) {
-			$this->setupFS($params['uid']);
-		}
-		if ($this->util->isMasterKeyEnabled() === false) {
-			$this->userSetup->setupUser($params['uid'], $params['password']);
-		}
-
-		$this->keyManager->init($params['uid'], $params['password']);
-	}
-
-	/**
-	 * remove keys from session during logout
-	 */
-	public function logout() {
-		$this->session->clear();
-	}
-
-	/**
-	 * setup encryption backend upon user created
-	 *
-	 * @note This method should never be called for users using client side encryption
-	 * @param array $params
-	 */
-	public function postCreateUser($params) {
-		$this->userSetup->setupUser($params['uid'], $params['password']);
-	}
-
-	/**
-	 * cleanup encryption backend upon user deleted
-	 *
-	 * @param array $params : uid, password
-	 * @note This method should never be called for users using client side encryption
-	 */
-	public function postDeleteUser($params) {
-		$this->keyManager->deletePublicKey($params['uid']);
-	}
-
-	public function prePasswordReset($params) {
-		$user = $params['uid'];
-		self::$passwordResetUsers[$user] = true;
-	}
-
-	public function postPasswordReset($params) {
-		$uid = $params['uid'];
-		$password = $params['password'];
-		$this->keyManager->backupUserKeys('passwordReset', $uid);
-		$this->keyManager->deleteUserKeys($uid);
-		$this->userSetup->setupUser($uid, $password);
-		unset(self::$passwordResetUsers[$uid]);
-	}
-
-	/**
-	 * If the password can't be changed within Nextcloud, than update the key password in advance.
-	 *
-	 * @param array $params : uid, password
-	 * @return boolean|null
-	 */
-	public function preSetPassphrase($params) {
-		$user = $this->userManager->get($params['uid']);
-
-		if ($user && !$user->canChangePassword()) {
-			$this->setPassphrase($params);
-		}
-	}
-
-	/**
-	 * Change a user's encryption passphrase
-	 *
-	 * @param array $params keys: uid, password
-	 * @return boolean|null
-	 */
-	public function setPassphrase($params) {
-
-		// if we are in the process to resetting a user password, we have nothing
-		// to do here
-		if (isset(self::$passwordResetUsers[$params['uid']])) {
-			return true;
-		}
-
-		// Get existing decrypted private key
-		$privateKey = $this->session->getPrivateKey();
-		$user = $this->user->getUser();
-
-		// current logged in user changes his own password
-		if ($user && $params['uid'] === $user->getUID() && $privateKey) {
-
-			// Encrypt private key with new user pwd as passphrase
-			$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
-
-			// Save private key
-			if ($encryptedPrivateKey) {
-				$this->keyManager->setPrivateKey($this->user->getUser()->getUID(),
-					$this->crypt->generateHeader() . $encryptedPrivateKey);
-			} else {
-				$this->logger->error('Encryption could not update users encryption password');
-			}
-
-			// NOTE: Session does not need to be updated as the
-			// private key has not changed, only the passphrase
-			// used to decrypt it has changed
-		} else { // admin changed the password for a different user, create new keys and re-encrypt file keys
-			$user = $params['uid'];
-			$this->initMountPoints($user);
-			$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
-
-			// we generate new keys if...
-			// ...we have a recovery password and the user enabled the recovery key
-			// ...encryption was activated for the first time (no keys exists)
-			// ...the user doesn't have any files
-			if (
-				($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword)
-				|| !$this->keyManager->userHasKeys($user)
-				|| !$this->util->userHasFiles($user)
-			) {
-
-				// backup old keys
-				//$this->backupAllKeys('recovery');
-
-				$newUserPassword = $params['password'];
-
-				$keyPair = $this->crypt->createKeyPair();
-
-				// Save public key
-				$this->keyManager->setPublicKey($user, $keyPair['publicKey']);
-
-				// Encrypt private key with new password
-				$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
-
-				if ($encryptedKey) {
-					$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
-
-					if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
-						$this->recovery->recoverUsersFiles($recoveryPassword, $user);
-					}
-				} else {
-					$this->logger->error('Encryption Could not update users encryption password');
-				}
-			}
-		}
-	}
-
-	/**
-	 * init mount points for given user
-	 *
-	 * @param string $user
-	 * @throws \OC\User\NoUserException
-	 */
-	protected function initMountPoints($user) {
-		Filesystem::initMountPoints($user);
-	}
-
-	/**
-	 * setup file system for user
-	 *
-	 * @param string $uid user id
-	 */
-	protected function setupFS($uid) {
-		\OC_Util::setupFS($uid);
-	}
+    /**
+     * list of user for which we perform a password reset
+     * @var array
+     */
+    protected static $passwordResetUsers = [];
+
+    /**
+     * @var KeyManager
+     */
+    private $keyManager;
+    /**
+     * @var IUserManager
+     */
+    private $userManager;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+    /**
+     * @var Setup
+     */
+    private $userSetup;
+    /**
+     * @var IUserSession
+     */
+    private $user;
+    /**
+     * @var Util
+     */
+    private $util;
+    /**
+     * @var Session
+     */
+    private $session;
+    /**
+     * @var Recovery
+     */
+    private $recovery;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+
+    /**
+     * UserHooks constructor.
+     *
+     * @param KeyManager $keyManager
+     * @param IUserManager $userManager
+     * @param ILogger $logger
+     * @param Setup $userSetup
+     * @param IUserSession $user
+     * @param Util $util
+     * @param Session $session
+     * @param Crypt $crypt
+     * @param Recovery $recovery
+     */
+    public function __construct(KeyManager $keyManager,
+                                IUserManager $userManager,
+                                ILogger $logger,
+                                Setup $userSetup,
+                                IUserSession $user,
+                                Util $util,
+                                Session $session,
+                                Crypt $crypt,
+                                Recovery $recovery) {
+
+        $this->keyManager = $keyManager;
+        $this->userManager = $userManager;
+        $this->logger = $logger;
+        $this->userSetup = $userSetup;
+        $this->user = $user;
+        $this->util = $util;
+        $this->session = $session;
+        $this->recovery = $recovery;
+        $this->crypt = $crypt;
+    }
+
+    /**
+     * Connects Hooks
+     *
+     * @return null
+     */
+    public function addHooks() {
+        OCUtil::connectHook('OC_User', 'post_login', $this, 'login');
+        OCUtil::connectHook('OC_User', 'logout', $this, 'logout');
+
+        // this hooks only make sense if no master key is used
+        if ($this->util->isMasterKeyEnabled() === false) {
+            OCUtil::connectHook('OC_User',
+                'post_setPassword',
+                $this,
+                'setPassphrase');
+
+            OCUtil::connectHook('OC_User',
+                'pre_setPassword',
+                $this,
+                'preSetPassphrase');
+
+            OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
+                'post_passwordReset',
+                $this,
+                'postPasswordReset');
+
+            OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
+                'pre_passwordReset',
+                $this,
+                'prePasswordReset');
+
+            OCUtil::connectHook('OC_User',
+                'post_createUser',
+                $this,
+                'postCreateUser');
+
+            OCUtil::connectHook('OC_User',
+                'post_deleteUser',
+                $this,
+                'postDeleteUser');
+        }
+    }
+
+
+    /**
+     * Startup encryption backend upon user login
+     *
+     * @note This method should never be called for users using client side encryption
+     * @param array $params
+     * @return boolean|null
+     */
+    public function login($params) {
+        // ensure filesystem is loaded
+        if (!\OC\Files\Filesystem::$loaded) {
+            $this->setupFS($params['uid']);
+        }
+        if ($this->util->isMasterKeyEnabled() === false) {
+            $this->userSetup->setupUser($params['uid'], $params['password']);
+        }
+
+        $this->keyManager->init($params['uid'], $params['password']);
+    }
+
+    /**
+     * remove keys from session during logout
+     */
+    public function logout() {
+        $this->session->clear();
+    }
+
+    /**
+     * setup encryption backend upon user created
+     *
+     * @note This method should never be called for users using client side encryption
+     * @param array $params
+     */
+    public function postCreateUser($params) {
+        $this->userSetup->setupUser($params['uid'], $params['password']);
+    }
+
+    /**
+     * cleanup encryption backend upon user deleted
+     *
+     * @param array $params : uid, password
+     * @note This method should never be called for users using client side encryption
+     */
+    public function postDeleteUser($params) {
+        $this->keyManager->deletePublicKey($params['uid']);
+    }
+
+    public function prePasswordReset($params) {
+        $user = $params['uid'];
+        self::$passwordResetUsers[$user] = true;
+    }
+
+    public function postPasswordReset($params) {
+        $uid = $params['uid'];
+        $password = $params['password'];
+        $this->keyManager->backupUserKeys('passwordReset', $uid);
+        $this->keyManager->deleteUserKeys($uid);
+        $this->userSetup->setupUser($uid, $password);
+        unset(self::$passwordResetUsers[$uid]);
+    }
+
+    /**
+     * If the password can't be changed within Nextcloud, than update the key password in advance.
+     *
+     * @param array $params : uid, password
+     * @return boolean|null
+     */
+    public function preSetPassphrase($params) {
+        $user = $this->userManager->get($params['uid']);
+
+        if ($user && !$user->canChangePassword()) {
+            $this->setPassphrase($params);
+        }
+    }
+
+    /**
+     * Change a user's encryption passphrase
+     *
+     * @param array $params keys: uid, password
+     * @return boolean|null
+     */
+    public function setPassphrase($params) {
+
+        // if we are in the process to resetting a user password, we have nothing
+        // to do here
+        if (isset(self::$passwordResetUsers[$params['uid']])) {
+            return true;
+        }
+
+        // Get existing decrypted private key
+        $privateKey = $this->session->getPrivateKey();
+        $user = $this->user->getUser();
+
+        // current logged in user changes his own password
+        if ($user && $params['uid'] === $user->getUID() && $privateKey) {
+
+            // Encrypt private key with new user pwd as passphrase
+            $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
+
+            // Save private key
+            if ($encryptedPrivateKey) {
+                $this->keyManager->setPrivateKey($this->user->getUser()->getUID(),
+                    $this->crypt->generateHeader() . $encryptedPrivateKey);
+            } else {
+                $this->logger->error('Encryption could not update users encryption password');
+            }
+
+            // NOTE: Session does not need to be updated as the
+            // private key has not changed, only the passphrase
+            // used to decrypt it has changed
+        } else { // admin changed the password for a different user, create new keys and re-encrypt file keys
+            $user = $params['uid'];
+            $this->initMountPoints($user);
+            $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
+
+            // we generate new keys if...
+            // ...we have a recovery password and the user enabled the recovery key
+            // ...encryption was activated for the first time (no keys exists)
+            // ...the user doesn't have any files
+            if (
+                ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword)
+                || !$this->keyManager->userHasKeys($user)
+                || !$this->util->userHasFiles($user)
+            ) {
+
+                // backup old keys
+                //$this->backupAllKeys('recovery');
+
+                $newUserPassword = $params['password'];
+
+                $keyPair = $this->crypt->createKeyPair();
+
+                // Save public key
+                $this->keyManager->setPublicKey($user, $keyPair['publicKey']);
+
+                // Encrypt private key with new password
+                $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
+
+                if ($encryptedKey) {
+                    $this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
+
+                    if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
+                        $this->recovery->recoverUsersFiles($recoveryPassword, $user);
+                    }
+                } else {
+                    $this->logger->error('Encryption Could not update users encryption password');
+                }
+            }
+        }
+    }
+
+    /**
+     * init mount points for given user
+     *
+     * @param string $user
+     * @throws \OC\User\NoUserException
+     */
+    protected function initMountPoints($user) {
+        Filesystem::initMountPoints($user);
+    }
+
+    /**
+     * setup file system for user
+     *
+     * @param string $uid user id
+     */
+    protected function setupFS($uid) {
+        \OC_Util::setupFS($uid);
+    }
 }

apps/encryption/lib/Hooks/Contracts/IHook.php

Indentation +6 added lines, -6 removed lines

@@ -24,10 +24,10 @@
 
 
 interface IHook {
-	/**
-	 * Connects Hooks
-	 *
-	 * @return null
-	 */
-	public function addHooks();
+    /**
+     * Connects Hooks
+     *
+     * @return null
+     */
+    public function addHooks();
 }

apps/encryption/lib/Crypto/EncryptAll.php

Spacing +14 added lines, -14 removed lines

@@ -133,7 +133,7 @@ 
 		$this->input = $input;
 		$this->output = $output;
 
-		$headline = 'Encrypt all files with the ' . Encryption::DISPLAY_NAME;
+		$headline = 'Encrypt all files with the '.Encryption::DISPLAY_NAME;
 		$this->output->writeln("\n");
 		$this->output->writeln($headline);
 		$this->output->writeln(str_pad('', strlen($headline), '='));
@@ -179,14 +179,14 @@ 
 		$progress->setFormat(" %message% \n [%bar%]");
 		$progress->start();
 
-		foreach($this->userManager->getBackends() as $backend) {
+		foreach ($this->userManager->getBackends() as $backend) {
 			$limit = 500;
 			$offset = 0;
 			do {
 				$users = $backend->getUsers('', $limit, $offset);
 				foreach ($users as $user) {
 					if ($this->keyManager->userHasKeys($user) === false) {
-						$progress->setMessage('Create key-pair for ' . $user);
+						$progress->setMessage('Create key-pair for '.$user);
 						$progress->advance();
 						$this->setupUserFS($user);
 						$password = $this->generateOneTimePassword($user);
@@ -198,7 +198,7 @@ 
 					}
 				}
 				$offset += $limit;
-			} while(count($users) >= $limit);
+			} while (count($users) >= $limit);
 		}
 
 		$progress->setMessage('Key-pair created for all users');
@@ -236,7 +236,7 @@ 
 	 */
 	protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) {
 		$userNo = 1;
-		foreach($this->userManager->getBackends() as $backend) {
+		foreach ($this->userManager->getBackends() as $backend) {
 			$limit = 500;
 			$offset = 0;
 			do {
@@ -247,7 +247,7 @@ 
 					$userNo++;
 				}
 				$offset += $limit;
-			} while(count($users) >= $limit);
+			} while (count($users) >= $limit);
 		}
 	}
 
@@ -262,19 +262,19 @@ 
 
 		$this->setupUserFS($uid);
 		$directories = array();
-		$directories[] =  '/' . $uid . '/files';
+		$directories[] = '/'.$uid.'/files';
 
-		while($root = array_pop($directories)) {
+		while ($root = array_pop($directories)) {
 			$content = $this->rootView->getDirectoryContent($root);
 			foreach ($content as $file) {
-				$path = $root . '/' . $file['name'];
+				$path = $root.'/'.$file['name'];
 				if ($this->rootView->is_dir($path)) {
 					$directories[] = $path;
 					continue;
 				} else {
 					$progress->setMessage("encrypt files for user $userCount: $path");
 					$progress->advance();
-					if($this->encryptFile($path) === false) {
+					if ($this->encryptFile($path) === false) {
 						$progress->setMessage("encrypt files for user $userCount: $path (already encrypted)");
 						$progress->advance();
 					}
@@ -292,7 +292,7 @@ 
 	protected function encryptFile($path) {
 
 		$source = $path;
-		$target = $path . '.encrypted.' . time();
+		$target = $path.'.encrypted.'.time();
 
 		try {
 			$this->rootView->copy($source, $target);
@@ -414,7 +414,7 @@ 
 					continue;
 				}
 
-				$subject = (string)$this->l->t('one-time password for server-side-encryption');
+				$subject = (string) $this->l->t('one-time password for server-side-encryption');
 				list($htmlBody, $textBody) = $this->createMailBody($password);
 
 				// send it out now
@@ -462,11 +462,11 @@ 
 	protected function createMailBody($password) {
 
 		$html = new \OC_Template("encryption", "mail", "");
-		$html->assign ('password', $password);
+		$html->assign('password', $password);
 		$htmlMail = $html->fetchPage();
 
 		$plainText = new \OC_Template("encryption", "altmail", "");
-		$plainText->assign ('password', $password);
+		$plainText->assign('password', $password);
 		$plainTextMail = $plainText->fetchPage();
 
 		return [$htmlMail, $plainTextMail];

Indentation +429 added lines, -429 removed lines

@@ -45,434 +45,434 @@
 
 class EncryptAll {
 
-	/** @var Setup */
-	protected $userSetup;
-
-	/** @var IUserManager */
-	protected $userManager;
-
-	/** @var View */
-	protected $rootView;
-
-	/** @var KeyManager */
-	protected $keyManager;
-
-	/** @var Util */
-	protected $util;
-
-	/** @var array  */
-	protected $userPasswords;
-
-	/** @var  IConfig */
-	protected $config;
-
-	/** @var IMailer */
-	protected $mailer;
-
-	/** @var  IL10N */
-	protected $l;
-
-	/** @var  QuestionHelper */
-	protected $questionHelper;
-
-	/** @var  OutputInterface */
-	protected $output;
-
-	/** @var  InputInterface */
-	protected $input;
-
-	/** @var ISecureRandom */
-	protected $secureRandom;
-
-	/**
-	 * @param Setup $userSetup
-	 * @param IUserManager $userManager
-	 * @param View $rootView
-	 * @param KeyManager $keyManager
-	 * @param Util $util
-	 * @param IConfig $config
-	 * @param IMailer $mailer
-	 * @param IL10N $l
-	 * @param QuestionHelper $questionHelper
-	 * @param ISecureRandom $secureRandom
-	 */
-	public function __construct(
-		Setup $userSetup,
-		IUserManager $userManager,
-		View $rootView,
-		KeyManager $keyManager,
-		Util $util,
-		IConfig $config,
-		IMailer $mailer,
-		IL10N $l,
-		QuestionHelper $questionHelper,
-		ISecureRandom $secureRandom
-	) {
-		$this->userSetup = $userSetup;
-		$this->userManager = $userManager;
-		$this->rootView = $rootView;
-		$this->keyManager = $keyManager;
-		$this->util = $util;
-		$this->config = $config;
-		$this->mailer = $mailer;
-		$this->l = $l;
-		$this->questionHelper = $questionHelper;
-		$this->secureRandom = $secureRandom;
-		// store one time passwords for the users
-		$this->userPasswords = array();
-	}
-
-	/**
-	 * start to encrypt all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 */
-	public function encryptAll(InputInterface $input, OutputInterface $output) {
-
-		$this->input = $input;
-		$this->output = $output;
-
-		$headline = 'Encrypt all files with the ' . Encryption::DISPLAY_NAME;
-		$this->output->writeln("\n");
-		$this->output->writeln($headline);
-		$this->output->writeln(str_pad('', strlen($headline), '='));
-		$this->output->writeln("\n");
-
-		if ($this->util->isMasterKeyEnabled()) {
-			$this->output->writeln('Use master key to encrypt all files.');
-			$this->keyManager->validateMasterKey();
-		} else {
-			//create private/public keys for each user and store the private key password
-			$this->output->writeln('Create key-pair for every user');
-			$this->output->writeln('------------------------------');
-			$this->output->writeln('');
-			$this->output->writeln('This module will encrypt all files in the users files folder initially.');
-			$this->output->writeln('Already existing versions and files in the trash bin will not be encrypted.');
-			$this->output->writeln('');
-			$this->createKeyPairs();
-		}
-
-
-		// output generated encryption key passwords
-		if ($this->util->isMasterKeyEnabled() === false) {
-			//send-out or display password list and write it to a file
-			$this->output->writeln("\n");
-			$this->output->writeln('Generated encryption key passwords');
-			$this->output->writeln('----------------------------------');
-			$this->output->writeln('');
-			$this->outputPasswords();
-		}
-
-		//setup users file system and encrypt all files one by one (take should encrypt setting of storage into account)
-		$this->output->writeln("\n");
-		$this->output->writeln('Start to encrypt users files');
-		$this->output->writeln('----------------------------');
-		$this->output->writeln('');
-		$this->encryptAllUsersFiles();
-		$this->output->writeln("\n");
-	}
-
-	/**
-	 * create key-pair for every user
-	 */
-	protected function createKeyPairs() {
-		$this->output->writeln("\n");
-		$progress = new ProgressBar($this->output);
-		$progress->setFormat(" %message% \n [%bar%]");
-		$progress->start();
-
-		foreach($this->userManager->getBackends() as $backend) {
-			$limit = 500;
-			$offset = 0;
-			do {
-				$users = $backend->getUsers('', $limit, $offset);
-				foreach ($users as $user) {
-					if ($this->keyManager->userHasKeys($user) === false) {
-						$progress->setMessage('Create key-pair for ' . $user);
-						$progress->advance();
-						$this->setupUserFS($user);
-						$password = $this->generateOneTimePassword($user);
-						$this->userSetup->setupUser($user, $password);
-					} else {
-						// users which already have a key-pair will be stored with a
-						// empty password and filtered out later
-						$this->userPasswords[$user] = '';
-					}
-				}
-				$offset += $limit;
-			} while(count($users) >= $limit);
-		}
-
-		$progress->setMessage('Key-pair created for all users');
-		$progress->finish();
-	}
-
-	/**
-	 * iterate over all user and encrypt their files
-	 */
-	protected function encryptAllUsersFiles() {
-		$this->output->writeln("\n");
-		$progress = new ProgressBar($this->output);
-		$progress->setFormat(" %message% \n [%bar%]");
-		$progress->start();
-		$numberOfUsers = count($this->userPasswords);
-		$userNo = 1;
-		if ($this->util->isMasterKeyEnabled()) {
-			$this->encryptAllUserFilesWithMasterKey($progress);
-		} else {
-			foreach ($this->userPasswords as $uid => $password) {
-				$userCount = "$uid ($userNo of $numberOfUsers)";
-				$this->encryptUsersFiles($uid, $progress, $userCount);
-				$userNo++;
-			}
-		}
-		$progress->setMessage("all files encrypted");
-		$progress->finish();
-
-	}
-
-	/**
-	 * encrypt all user files with the master key
-	 *
-	 * @param ProgressBar $progress
-	 */
-	protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) {
-		$userNo = 1;
-		foreach($this->userManager->getBackends() as $backend) {
-			$limit = 500;
-			$offset = 0;
-			do {
-				$users = $backend->getUsers('', $limit, $offset);
-				foreach ($users as $user) {
-					$userCount = "$user ($userNo)";
-					$this->encryptUsersFiles($user, $progress, $userCount);
-					$userNo++;
-				}
-				$offset += $limit;
-			} while(count($users) >= $limit);
-		}
-	}
-
-	/**
-	 * encrypt files from the given user
-	 *
-	 * @param string $uid
-	 * @param ProgressBar $progress
-	 * @param string $userCount
-	 */
-	protected function encryptUsersFiles($uid, ProgressBar $progress, $userCount) {
-
-		$this->setupUserFS($uid);
-		$directories = array();
-		$directories[] =  '/' . $uid . '/files';
-
-		while($root = array_pop($directories)) {
-			$content = $this->rootView->getDirectoryContent($root);
-			foreach ($content as $file) {
-				$path = $root . '/' . $file['name'];
-				if ($this->rootView->is_dir($path)) {
-					$directories[] = $path;
-					continue;
-				} else {
-					$progress->setMessage("encrypt files for user $userCount: $path");
-					$progress->advance();
-					if($this->encryptFile($path) === false) {
-						$progress->setMessage("encrypt files for user $userCount: $path (already encrypted)");
-						$progress->advance();
-					}
-				}
-			}
-		}
-	}
-
-	/**
-	 * encrypt file
-	 *
-	 * @param string $path
-	 * @return bool
-	 */
-	protected function encryptFile($path) {
-
-		$source = $path;
-		$target = $path . '.encrypted.' . time();
-
-		try {
-			$this->rootView->copy($source, $target);
-			$this->rootView->rename($target, $source);
-		} catch (DecryptionFailedException $e) {
-			if ($this->rootView->file_exists($target)) {
-				$this->rootView->unlink($target);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * output one-time encryption passwords
-	 */
-	protected function outputPasswords() {
-		$table = new Table($this->output);
-		$table->setHeaders(array('Username', 'Private key password'));
-
-		//create rows
-		$newPasswords = array();
-		$unchangedPasswords = array();
-		foreach ($this->userPasswords as $uid => $password) {
-			if (empty($password)) {
-				$unchangedPasswords[] = $uid;
-			} else {
-				$newPasswords[] = [$uid, $password];
-			}
-		}
-
-		if (empty($newPasswords)) {
-			$this->output->writeln("\nAll users already had a key-pair, no further action needed.\n");
-			return;
-		}
-
-		$table->setRows($newPasswords);
-		$table->render();
-
-		if (!empty($unchangedPasswords)) {
-			$this->output->writeln("\nThe following users already had a key-pair which was reused without setting a new password:\n");
-			foreach ($unchangedPasswords as $uid) {
-				$this->output->writeln("    $uid");
-			}
-		}
-
-		$this->writePasswordsToFile($newPasswords);
-
-		$this->output->writeln('');
-		$question = new ConfirmationQuestion('Do you want to send the passwords directly to the users by mail? (y/n) ', false);
-		if ($this->questionHelper->ask($this->input, $this->output, $question)) {
-			$this->sendPasswordsByMail();
-		}
-	}
-
-	/**
-	 * write one-time encryption passwords to a csv file
-	 *
-	 * @param array $passwords
-	 */
-	protected function writePasswordsToFile(array $passwords) {
-		$fp = $this->rootView->fopen('oneTimeEncryptionPasswords.csv', 'w');
-		foreach ($passwords as $pwd) {
-			fputcsv($fp, $pwd);
-		}
-		fclose($fp);
-		$this->output->writeln("\n");
-		$this->output->writeln('A list of all newly created passwords was written to data/oneTimeEncryptionPasswords.csv');
-		$this->output->writeln('');
-		$this->output->writeln('Each of these users need to login to the web interface, go to the');
-		$this->output->writeln('personal settings section "basic encryption module" and');
-		$this->output->writeln('update the private key password to match the login password again by');
-		$this->output->writeln('entering the one-time password into the "old log-in password" field');
-		$this->output->writeln('and their current login password');
-	}
-
-	/**
-	 * setup user file system
-	 *
-	 * @param string $uid
-	 */
-	protected function setupUserFS($uid) {
-		\OC_Util::tearDownFS();
-		\OC_Util::setupFS($uid);
-	}
-
-	/**
-	 * generate one time password for the user and store it in a array
-	 *
-	 * @param string $uid
-	 * @return string password
-	 */
-	protected function generateOneTimePassword($uid) {
-		$password = $this->secureRandom->generate(8);
-		$this->userPasswords[$uid] = $password;
-		return $password;
-	}
-
-	/**
-	 * send encryption key passwords to the users by mail
-	 */
-	protected function sendPasswordsByMail() {
-		$noMail = [];
-
-		$this->output->writeln('');
-		$progress = new ProgressBar($this->output, count($this->userPasswords));
-		$progress->start();
-
-		foreach ($this->userPasswords as $uid => $password) {
-			$progress->advance();
-			if (!empty($password)) {
-				$recipient = $this->userManager->get($uid);
-				$recipientDisplayName = $recipient->getDisplayName();
-				$to = $recipient->getEMailAddress();
-
-				if ($to === '') {
-					$noMail[] = $uid;
-					continue;
-				}
-
-				$subject = (string)$this->l->t('one-time password for server-side-encryption');
-				list($htmlBody, $textBody) = $this->createMailBody($password);
-
-				// send it out now
-				try {
-					$message = $this->mailer->createMessage();
-					$message->setSubject($subject);
-					$message->setTo([$to => $recipientDisplayName]);
-					$message->setHtmlBody($htmlBody);
-					$message->setPlainBody($textBody);
-					$message->setFrom([
-						\OCP\Util::getDefaultEmailAddress('admin-noreply')
-					]);
-
-					$this->mailer->send($message);
-				} catch (\Exception $e) {
-					$noMail[] = $uid;
-				}
-			}
-		}
-
-		$progress->finish();
-
-		if (empty($noMail)) {
-			$this->output->writeln("\n\nPassword successfully send to all users");
-		} else {
-			$table = new Table($this->output);
-			$table->setHeaders(array('Username', 'Private key password'));
-			$this->output->writeln("\n\nCould not send password to following users:\n");
-			$rows = [];
-			foreach ($noMail as $uid) {
-				$rows[] = [$uid, $this->userPasswords[$uid]];
-			}
-			$table->setRows($rows);
-			$table->render();
-		}
-
-	}
-
-	/**
-	 * create mail body for plain text and html mail
-	 *
-	 * @param string $password one-time encryption password
-	 * @return array an array of the html mail body and the plain text mail body
-	 */
-	protected function createMailBody($password) {
-
-		$html = new \OC_Template("encryption", "mail", "");
-		$html->assign ('password', $password);
-		$htmlMail = $html->fetchPage();
-
-		$plainText = new \OC_Template("encryption", "altmail", "");
-		$plainText->assign ('password', $password);
-		$plainTextMail = $plainText->fetchPage();
-
-		return [$htmlMail, $plainTextMail];
-	}
+    /** @var Setup */
+    protected $userSetup;
+
+    /** @var IUserManager */
+    protected $userManager;
+
+    /** @var View */
+    protected $rootView;
+
+    /** @var KeyManager */
+    protected $keyManager;
+
+    /** @var Util */
+    protected $util;
+
+    /** @var array  */
+    protected $userPasswords;
+
+    /** @var  IConfig */
+    protected $config;
+
+    /** @var IMailer */
+    protected $mailer;
+
+    /** @var  IL10N */
+    protected $l;
+
+    /** @var  QuestionHelper */
+    protected $questionHelper;
+
+    /** @var  OutputInterface */
+    protected $output;
+
+    /** @var  InputInterface */
+    protected $input;
+
+    /** @var ISecureRandom */
+    protected $secureRandom;
+
+    /**
+     * @param Setup $userSetup
+     * @param IUserManager $userManager
+     * @param View $rootView
+     * @param KeyManager $keyManager
+     * @param Util $util
+     * @param IConfig $config
+     * @param IMailer $mailer
+     * @param IL10N $l
+     * @param QuestionHelper $questionHelper
+     * @param ISecureRandom $secureRandom
+     */
+    public function __construct(
+        Setup $userSetup,
+        IUserManager $userManager,
+        View $rootView,
+        KeyManager $keyManager,
+        Util $util,
+        IConfig $config,
+        IMailer $mailer,
+        IL10N $l,
+        QuestionHelper $questionHelper,
+        ISecureRandom $secureRandom
+    ) {
+        $this->userSetup = $userSetup;
+        $this->userManager = $userManager;
+        $this->rootView = $rootView;
+        $this->keyManager = $keyManager;
+        $this->util = $util;
+        $this->config = $config;
+        $this->mailer = $mailer;
+        $this->l = $l;
+        $this->questionHelper = $questionHelper;
+        $this->secureRandom = $secureRandom;
+        // store one time passwords for the users
+        $this->userPasswords = array();
+    }
+
+    /**
+     * start to encrypt all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     */
+    public function encryptAll(InputInterface $input, OutputInterface $output) {
+
+        $this->input = $input;
+        $this->output = $output;
+
+        $headline = 'Encrypt all files with the ' . Encryption::DISPLAY_NAME;
+        $this->output->writeln("\n");
+        $this->output->writeln($headline);
+        $this->output->writeln(str_pad('', strlen($headline), '='));
+        $this->output->writeln("\n");
+
+        if ($this->util->isMasterKeyEnabled()) {
+            $this->output->writeln('Use master key to encrypt all files.');
+            $this->keyManager->validateMasterKey();
+        } else {
+            //create private/public keys for each user and store the private key password
+            $this->output->writeln('Create key-pair for every user');
+            $this->output->writeln('------------------------------');
+            $this->output->writeln('');
+            $this->output->writeln('This module will encrypt all files in the users files folder initially.');
+            $this->output->writeln('Already existing versions and files in the trash bin will not be encrypted.');
+            $this->output->writeln('');
+            $this->createKeyPairs();
+        }
+
+
+        // output generated encryption key passwords
+        if ($this->util->isMasterKeyEnabled() === false) {
+            //send-out or display password list and write it to a file
+            $this->output->writeln("\n");
+            $this->output->writeln('Generated encryption key passwords');
+            $this->output->writeln('----------------------------------');
+            $this->output->writeln('');
+            $this->outputPasswords();
+        }
+
+        //setup users file system and encrypt all files one by one (take should encrypt setting of storage into account)
+        $this->output->writeln("\n");
+        $this->output->writeln('Start to encrypt users files');
+        $this->output->writeln('----------------------------');
+        $this->output->writeln('');
+        $this->encryptAllUsersFiles();
+        $this->output->writeln("\n");
+    }
+
+    /**
+     * create key-pair for every user
+     */
+    protected function createKeyPairs() {
+        $this->output->writeln("\n");
+        $progress = new ProgressBar($this->output);
+        $progress->setFormat(" %message% \n [%bar%]");
+        $progress->start();
+
+        foreach($this->userManager->getBackends() as $backend) {
+            $limit = 500;
+            $offset = 0;
+            do {
+                $users = $backend->getUsers('', $limit, $offset);
+                foreach ($users as $user) {
+                    if ($this->keyManager->userHasKeys($user) === false) {
+                        $progress->setMessage('Create key-pair for ' . $user);
+                        $progress->advance();
+                        $this->setupUserFS($user);
+                        $password = $this->generateOneTimePassword($user);
+                        $this->userSetup->setupUser($user, $password);
+                    } else {
+                        // users which already have a key-pair will be stored with a
+                        // empty password and filtered out later
+                        $this->userPasswords[$user] = '';
+                    }
+                }
+                $offset += $limit;
+            } while(count($users) >= $limit);
+        }
+
+        $progress->setMessage('Key-pair created for all users');
+        $progress->finish();
+    }
+
+    /**
+     * iterate over all user and encrypt their files
+     */
+    protected function encryptAllUsersFiles() {
+        $this->output->writeln("\n");
+        $progress = new ProgressBar($this->output);
+        $progress->setFormat(" %message% \n [%bar%]");
+        $progress->start();
+        $numberOfUsers = count($this->userPasswords);
+        $userNo = 1;
+        if ($this->util->isMasterKeyEnabled()) {
+            $this->encryptAllUserFilesWithMasterKey($progress);
+        } else {
+            foreach ($this->userPasswords as $uid => $password) {
+                $userCount = "$uid ($userNo of $numberOfUsers)";
+                $this->encryptUsersFiles($uid, $progress, $userCount);
+                $userNo++;
+            }
+        }
+        $progress->setMessage("all files encrypted");
+        $progress->finish();
+
+    }
+
+    /**
+     * encrypt all user files with the master key
+     *
+     * @param ProgressBar $progress
+     */
+    protected function encryptAllUserFilesWithMasterKey(ProgressBar $progress) {
+        $userNo = 1;
+        foreach($this->userManager->getBackends() as $backend) {
+            $limit = 500;
+            $offset = 0;
+            do {
+                $users = $backend->getUsers('', $limit, $offset);
+                foreach ($users as $user) {
+                    $userCount = "$user ($userNo)";
+                    $this->encryptUsersFiles($user, $progress, $userCount);
+                    $userNo++;
+                }
+                $offset += $limit;
+            } while(count($users) >= $limit);
+        }
+    }
+
+    /**
+     * encrypt files from the given user
+     *
+     * @param string $uid
+     * @param ProgressBar $progress
+     * @param string $userCount
+     */
+    protected function encryptUsersFiles($uid, ProgressBar $progress, $userCount) {
+
+        $this->setupUserFS($uid);
+        $directories = array();
+        $directories[] =  '/' . $uid . '/files';
+
+        while($root = array_pop($directories)) {
+            $content = $this->rootView->getDirectoryContent($root);
+            foreach ($content as $file) {
+                $path = $root . '/' . $file['name'];
+                if ($this->rootView->is_dir($path)) {
+                    $directories[] = $path;
+                    continue;
+                } else {
+                    $progress->setMessage("encrypt files for user $userCount: $path");
+                    $progress->advance();
+                    if($this->encryptFile($path) === false) {
+                        $progress->setMessage("encrypt files for user $userCount: $path (already encrypted)");
+                        $progress->advance();
+                    }
+                }
+            }
+        }
+    }
+
+    /**
+     * encrypt file
+     *
+     * @param string $path
+     * @return bool
+     */
+    protected function encryptFile($path) {
+
+        $source = $path;
+        $target = $path . '.encrypted.' . time();
+
+        try {
+            $this->rootView->copy($source, $target);
+            $this->rootView->rename($target, $source);
+        } catch (DecryptionFailedException $e) {
+            if ($this->rootView->file_exists($target)) {
+                $this->rootView->unlink($target);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * output one-time encryption passwords
+     */
+    protected function outputPasswords() {
+        $table = new Table($this->output);
+        $table->setHeaders(array('Username', 'Private key password'));
+
+        //create rows
+        $newPasswords = array();
+        $unchangedPasswords = array();
+        foreach ($this->userPasswords as $uid => $password) {
+            if (empty($password)) {
+                $unchangedPasswords[] = $uid;
+            } else {
+                $newPasswords[] = [$uid, $password];
+            }
+        }
+
+        if (empty($newPasswords)) {
+            $this->output->writeln("\nAll users already had a key-pair, no further action needed.\n");
+            return;
+        }
+
+        $table->setRows($newPasswords);
+        $table->render();
+
+        if (!empty($unchangedPasswords)) {
+            $this->output->writeln("\nThe following users already had a key-pair which was reused without setting a new password:\n");
+            foreach ($unchangedPasswords as $uid) {
+                $this->output->writeln("    $uid");
+            }
+        }
+
+        $this->writePasswordsToFile($newPasswords);
+
+        $this->output->writeln('');
+        $question = new ConfirmationQuestion('Do you want to send the passwords directly to the users by mail? (y/n) ', false);
+        if ($this->questionHelper->ask($this->input, $this->output, $question)) {
+            $this->sendPasswordsByMail();
+        }
+    }
+
+    /**
+     * write one-time encryption passwords to a csv file
+     *
+     * @param array $passwords
+     */
+    protected function writePasswordsToFile(array $passwords) {
+        $fp = $this->rootView->fopen('oneTimeEncryptionPasswords.csv', 'w');
+        foreach ($passwords as $pwd) {
+            fputcsv($fp, $pwd);
+        }
+        fclose($fp);
+        $this->output->writeln("\n");
+        $this->output->writeln('A list of all newly created passwords was written to data/oneTimeEncryptionPasswords.csv');
+        $this->output->writeln('');
+        $this->output->writeln('Each of these users need to login to the web interface, go to the');
+        $this->output->writeln('personal settings section "basic encryption module" and');
+        $this->output->writeln('update the private key password to match the login password again by');
+        $this->output->writeln('entering the one-time password into the "old log-in password" field');
+        $this->output->writeln('and their current login password');
+    }
+
+    /**
+     * setup user file system
+     *
+     * @param string $uid
+     */
+    protected function setupUserFS($uid) {
+        \OC_Util::tearDownFS();
+        \OC_Util::setupFS($uid);
+    }
+
+    /**
+     * generate one time password for the user and store it in a array
+     *
+     * @param string $uid
+     * @return string password
+     */
+    protected function generateOneTimePassword($uid) {
+        $password = $this->secureRandom->generate(8);
+        $this->userPasswords[$uid] = $password;
+        return $password;
+    }
+
+    /**
+     * send encryption key passwords to the users by mail
+     */
+    protected function sendPasswordsByMail() {
+        $noMail = [];
+
+        $this->output->writeln('');
+        $progress = new ProgressBar($this->output, count($this->userPasswords));
+        $progress->start();
+
+        foreach ($this->userPasswords as $uid => $password) {
+            $progress->advance();
+            if (!empty($password)) {
+                $recipient = $this->userManager->get($uid);
+                $recipientDisplayName = $recipient->getDisplayName();
+                $to = $recipient->getEMailAddress();
+
+                if ($to === '') {
+                    $noMail[] = $uid;
+                    continue;
+                }
+
+                $subject = (string)$this->l->t('one-time password for server-side-encryption');
+                list($htmlBody, $textBody) = $this->createMailBody($password);
+
+                // send it out now
+                try {
+                    $message = $this->mailer->createMessage();
+                    $message->setSubject($subject);
+                    $message->setTo([$to => $recipientDisplayName]);
+                    $message->setHtmlBody($htmlBody);
+                    $message->setPlainBody($textBody);
+                    $message->setFrom([
+                        \OCP\Util::getDefaultEmailAddress('admin-noreply')
+                    ]);
+
+                    $this->mailer->send($message);
+                } catch (\Exception $e) {
+                    $noMail[] = $uid;
+                }
+            }
+        }
+
+        $progress->finish();
+
+        if (empty($noMail)) {
+            $this->output->writeln("\n\nPassword successfully send to all users");
+        } else {
+            $table = new Table($this->output);
+            $table->setHeaders(array('Username', 'Private key password'));
+            $this->output->writeln("\n\nCould not send password to following users:\n");
+            $rows = [];
+            foreach ($noMail as $uid) {
+                $rows[] = [$uid, $this->userPasswords[$uid]];
+            }
+            $table->setRows($rows);
+            $table->render();
+        }
+
+    }
+
+    /**
+     * create mail body for plain text and html mail
+     *
+     * @param string $password one-time encryption password
+     * @return array an array of the html mail body and the plain text mail body
+     */
+    protected function createMailBody($password) {
+
+        $html = new \OC_Template("encryption", "mail", "");
+        $html->assign ('password', $password);
+        $htmlMail = $html->fetchPage();
+
+        $plainText = new \OC_Template("encryption", "altmail", "");
+        $plainText->assign ('password', $password);
+        $plainTextMail = $plainText->fetchPage();
+
+        return [$htmlMail, $plainTextMail];
+    }
 
 }

apps/encryption/lib/Crypto/DecryptAll.php

Indentation +123 added lines, -123 removed lines

@@ -35,127 +35,127 @@
 
 class DecryptAll {
 
-	/** @var Util  */
-	protected $util;
-
-	/** @var QuestionHelper  */
-	protected $questionHelper;
-
-	/** @var  Crypt */
-	protected $crypt;
-
-	/** @var  KeyManager */
-	protected $keyManager;
-
-	/** @var Session  */
-	protected $session;
-
-	/**
-	 * @param Util $util
-	 * @param KeyManager $keyManager
-	 * @param Crypt $crypt
-	 * @param Session $session
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(
-		Util $util,
-		KeyManager $keyManager,
-		Crypt $crypt,
-		Session $session,
-		QuestionHelper $questionHelper
-	) {
-		$this->util = $util;
-		$this->keyManager = $keyManager;
-		$this->crypt = $crypt;
-		$this->session = $session;
-		$this->questionHelper = $questionHelper;
-	}
-
-	/**
-	 * prepare encryption module to decrypt all files
-	 *
-	 * @param InputInterface $input
-	 * @param OutputInterface $output
-	 * @param $user
-	 * @return bool
-	 */
-	public function prepare(InputInterface $input, OutputInterface $output, $user) {
-
-		$question = new Question('Please enter the recovery key password: ');
-
-		if($this->util->isMasterKeyEnabled()) {
-			$output->writeln('Use master key to decrypt all files');
-			$user = $this->keyManager->getMasterKeyId();
-			$password =$this->keyManager->getMasterKeyPassword();
-		} else {
-			$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
-			if (!empty($user)) {
-				$output->writeln('You can only decrypt the users files if you know');
-				$output->writeln('the users password or if he activated the recovery key.');
-				$output->writeln('');
-				$questionUseLoginPassword = new ConfirmationQuestion(
-					'Do you want to use the users login password to decrypt all files? (y/n) ',
-					false
-				);
-				$useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
-				if ($useLoginPassword) {
-					$question = new Question('Please enter the user\'s login password: ');
-				} else if ($this->util->isRecoveryEnabledForUser($user) === false) {
-					$output->writeln('No recovery key available for user ' . $user);
-					return false;
-				} else {
-					$user = $recoveryKeyId;
-				}
-			} else {
-				$output->writeln('You can only decrypt the files of all users if the');
-				$output->writeln('recovery key is enabled by the admin and activated by the users.');
-				$output->writeln('');
-				$user = $recoveryKeyId;
-			}
-
-			$question->setHidden(true);
-			$question->setHiddenFallback(false);
-			$password = $this->questionHelper->ask($input, $output, $question);
-		}
-
-		$privateKey = $this->getPrivateKey($user, $password);
-		if ($privateKey !== false) {
-			$this->updateSession($user, $privateKey);
-			return true;
-		} else {
-			$output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
-		}
-
-
-		return false;
-	}
-
-	/**
-	 * get the private key which will be used to decrypt all files
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @return bool|string
-	 * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
-	 */
-	protected function getPrivateKey($user, $password) {
-		$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
-		$masterKeyId = $this->keyManager->getMasterKeyId();
-		if ($user === $recoveryKeyId) {
-			$recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
-			$privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
-		} elseif ($user === $masterKeyId) {
-			$masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
-			$privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
-		} else {
-			$userKey = $this->keyManager->getPrivateKey($user);
-			$privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
-		}
-
-		return $privateKey;
-	}
-
-	protected function updateSession($user, $privateKey) {
-		$this->session->prepareDecryptAll($user, $privateKey);
-	}
+    /** @var Util  */
+    protected $util;
+
+    /** @var QuestionHelper  */
+    protected $questionHelper;
+
+    /** @var  Crypt */
+    protected $crypt;
+
+    /** @var  KeyManager */
+    protected $keyManager;
+
+    /** @var Session  */
+    protected $session;
+
+    /**
+     * @param Util $util
+     * @param KeyManager $keyManager
+     * @param Crypt $crypt
+     * @param Session $session
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(
+        Util $util,
+        KeyManager $keyManager,
+        Crypt $crypt,
+        Session $session,
+        QuestionHelper $questionHelper
+    ) {
+        $this->util = $util;
+        $this->keyManager = $keyManager;
+        $this->crypt = $crypt;
+        $this->session = $session;
+        $this->questionHelper = $questionHelper;
+    }
+
+    /**
+     * prepare encryption module to decrypt all files
+     *
+     * @param InputInterface $input
+     * @param OutputInterface $output
+     * @param $user
+     * @return bool
+     */
+    public function prepare(InputInterface $input, OutputInterface $output, $user) {
+
+        $question = new Question('Please enter the recovery key password: ');
+
+        if($this->util->isMasterKeyEnabled()) {
+            $output->writeln('Use master key to decrypt all files');
+            $user = $this->keyManager->getMasterKeyId();
+            $password =$this->keyManager->getMasterKeyPassword();
+        } else {
+            $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+            if (!empty($user)) {
+                $output->writeln('You can only decrypt the users files if you know');
+                $output->writeln('the users password or if he activated the recovery key.');
+                $output->writeln('');
+                $questionUseLoginPassword = new ConfirmationQuestion(
+                    'Do you want to use the users login password to decrypt all files? (y/n) ',
+                    false
+                );
+                $useLoginPassword = $this->questionHelper->ask($input, $output, $questionUseLoginPassword);
+                if ($useLoginPassword) {
+                    $question = new Question('Please enter the user\'s login password: ');
+                } else if ($this->util->isRecoveryEnabledForUser($user) === false) {
+                    $output->writeln('No recovery key available for user ' . $user);
+                    return false;
+                } else {
+                    $user = $recoveryKeyId;
+                }
+            } else {
+                $output->writeln('You can only decrypt the files of all users if the');
+                $output->writeln('recovery key is enabled by the admin and activated by the users.');
+                $output->writeln('');
+                $user = $recoveryKeyId;
+            }
+
+            $question->setHidden(true);
+            $question->setHiddenFallback(false);
+            $password = $this->questionHelper->ask($input, $output, $question);
+        }
+
+        $privateKey = $this->getPrivateKey($user, $password);
+        if ($privateKey !== false) {
+            $this->updateSession($user, $privateKey);
+            return true;
+        } else {
+            $output->writeln('Could not decrypt private key, maybe you entered the wrong password?');
+        }
+
+
+        return false;
+    }
+
+    /**
+     * get the private key which will be used to decrypt all files
+     *
+     * @param string $user
+     * @param string $password
+     * @return bool|string
+     * @throws \OCA\Encryption\Exceptions\PrivateKeyMissingException
+     */
+    protected function getPrivateKey($user, $password) {
+        $recoveryKeyId = $this->keyManager->getRecoveryKeyId();
+        $masterKeyId = $this->keyManager->getMasterKeyId();
+        if ($user === $recoveryKeyId) {
+            $recoveryKey = $this->keyManager->getSystemPrivateKey($recoveryKeyId);
+            $privateKey = $this->crypt->decryptPrivateKey($recoveryKey, $password);
+        } elseif ($user === $masterKeyId) {
+            $masterKey = $this->keyManager->getSystemPrivateKey($masterKeyId);
+            $privateKey = $this->crypt->decryptPrivateKey($masterKey, $password, $masterKeyId);
+        } else {
+            $userKey = $this->keyManager->getPrivateKey($user);
+            $privateKey = $this->crypt->decryptPrivateKey($userKey, $password, $user);
+        }
+
+        return $privateKey;
+    }
+
+    protected function updateSession($user, $privateKey) {
+        $this->session->prepareDecryptAll($user, $privateKey);
+    }
 }

Spacing +3 added lines, -3 removed lines

@@ -83,10 +83,10 @@ 
 
 		$question = new Question('Please enter the recovery key password: ');
 
-		if($this->util->isMasterKeyEnabled()) {
+		if ($this->util->isMasterKeyEnabled()) {
 			$output->writeln('Use master key to decrypt all files');
 			$user = $this->keyManager->getMasterKeyId();
-			$password =$this->keyManager->getMasterKeyPassword();
+			$password = $this->keyManager->getMasterKeyPassword();
 		} else {
 			$recoveryKeyId = $this->keyManager->getRecoveryKeyId();
 			if (!empty($user)) {
@@ -101,7 +101,7 @@ 
 				if ($useLoginPassword) {
 					$question = new Question('Please enter the user\'s login password: ');
 				} else if ($this->util->isRecoveryEnabledForUser($user) === false) {
-					$output->writeln('No recovery key available for user ' . $user);
+					$output->writeln('No recovery key available for user '.$user);
 					return false;
 				} else {
 					$user = $recoveryKeyId;