nextcloud /
server
@@ -34,27 +34,27 @@ |
||
| 34 | 34 | * @package OC\IntegrityCheck\Helpers |
| 35 | 35 | */ |
| 36 | 36 | class AppLocator { |
| 37 | - /** |
|
| 38 | - * Provides \OC_App::getAppPath($appId) |
|
| 39 | - * |
|
| 40 | - * @param string $appId |
|
| 41 | - * @return string |
|
| 42 | - * @throws \Exception If the app cannot be found |
|
| 43 | - */ |
|
| 44 | - public function getAppPath(string $appId): string { |
|
| 45 | - $path = \OC_App::getAppPath($appId); |
|
| 46 | - if ($path === false) { |
|
| 47 | - throw new \Exception('App not found'); |
|
| 48 | - } |
|
| 49 | - return $path; |
|
| 50 | - } |
|
| 37 | + /** |
|
| 38 | + * Provides \OC_App::getAppPath($appId) |
|
| 39 | + * |
|
| 40 | + * @param string $appId |
|
| 41 | + * @return string |
|
| 42 | + * @throws \Exception If the app cannot be found |
|
| 43 | + */ |
|
| 44 | + public function getAppPath(string $appId): string { |
|
| 45 | + $path = \OC_App::getAppPath($appId); |
|
| 46 | + if ($path === false) { |
|
| 47 | + throw new \Exception('App not found'); |
|
| 48 | + } |
|
| 49 | + return $path; |
|
| 50 | + } |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * Providers \OC_App::getAllApps() |
|
| 54 | - * |
|
| 55 | - * @return array |
|
| 56 | - */ |
|
| 57 | - public function getAllApps(): array { |
|
| 58 | - return \OC_App::getAllApps(); |
|
| 59 | - } |
|
| 52 | + /** |
|
| 53 | + * Providers \OC_App::getAllApps() |
|
| 54 | + * |
|
| 55 | + * @return array |
|
| 56 | + */ |
|
| 57 | + public function getAllApps(): array { |
|
| 58 | + return \OC_App::getAllApps(); |
|
| 59 | + } |
|
| 60 | 60 | } |
@@ -87,7 +87,7 @@ discard block |
||
| 87 | 87 | $this->output = $output; |
| 88 | 88 | |
| 89 | 89 | if ($user !== '' && $this->userManager->userExists($user) === false) { |
| 90 | - $this->output->writeln('User "' . $user . '" does not exist. Please check the username and try again'); |
|
| 90 | + $this->output->writeln('User "'.$user.'" does not exist. Please check the username and try again'); |
|
| 91 | 91 | return false; |
| 92 | 92 | } |
| 93 | 93 | |
@@ -105,9 +105,9 @@ discard block |
||
| 105 | 105 | $this->output->writeln('Files for following users couldn\'t be decrypted, '); |
| 106 | 106 | $this->output->writeln('maybe the user is not set up in a way that supports this operation: '); |
| 107 | 107 | foreach ($this->failed as $uid => $paths) { |
| 108 | - $this->output->writeln(' ' . $uid); |
|
| 108 | + $this->output->writeln(' '.$uid); |
|
| 109 | 109 | foreach ($paths as $path) { |
| 110 | - $this->output->writeln(' ' . $path); |
|
| 110 | + $this->output->writeln(' '.$path); |
|
| 111 | 111 | } |
| 112 | 112 | } |
| 113 | 113 | $this->output->writeln(''); |
@@ -129,10 +129,10 @@ discard block |
||
| 129 | 129 | /** @var IEncryptionModule $module */ |
| 130 | 130 | $module = call_user_func($moduleDesc['callback']); |
| 131 | 131 | $this->output->writeln(''); |
| 132 | - $this->output->writeln('Prepare "' . $module->getDisplayName() . '"'); |
|
| 132 | + $this->output->writeln('Prepare "'.$module->getDisplayName().'"'); |
|
| 133 | 133 | $this->output->writeln(''); |
| 134 | 134 | if ($module->prepareDecryptAll($this->input, $this->output, $user) === false) { |
| 135 | - $this->output->writeln('Module "' . $moduleDesc['displayName'] . '" does not support the functionality to decrypt all files again or the initialization of the module failed!'); |
|
| 135 | + $this->output->writeln('Module "'.$moduleDesc['displayName'].'" does not support the functionality to decrypt all files again or the initialization of the module failed!'); |
|
| 136 | 136 | return false; |
| 137 | 137 | } |
| 138 | 138 | } |
@@ -206,7 +206,7 @@ discard block |
||
| 206 | 206 | protected function decryptUsersFiles($uid, ProgressBar $progress, $userCount) { |
| 207 | 207 | $this->setupUserFS($uid); |
| 208 | 208 | $directories = []; |
| 209 | - $directories[] = '/' . $uid . '/files'; |
|
| 209 | + $directories[] = '/'.$uid.'/files'; |
|
| 210 | 210 | |
| 211 | 211 | while ($root = array_pop($directories)) { |
| 212 | 212 | $content = $this->rootView->getDirectoryContent($root); |
@@ -215,7 +215,7 @@ discard block |
||
| 215 | 215 | if ($file->getStorage()->instanceOfStorage('OCA\Files_Sharing\SharedStorage')) { |
| 216 | 216 | continue; |
| 217 | 217 | } |
| 218 | - $path = $root . '/' . $file['name']; |
|
| 218 | + $path = $root.'/'.$file['name']; |
|
| 219 | 219 | if ($this->rootView->is_dir($path)) { |
| 220 | 220 | $directories[] = $path; |
| 221 | 221 | continue; |
@@ -259,7 +259,7 @@ discard block |
||
| 259 | 259 | } |
| 260 | 260 | |
| 261 | 261 | $source = $path; |
| 262 | - $target = $path . '.decrypted.' . $this->getTimestamp(); |
|
| 262 | + $target = $path.'.decrypted.'.$this->getTimestamp(); |
|
| 263 | 263 | |
| 264 | 264 | try { |
| 265 | 265 | $this->rootView->copy($source, $target); |
@@ -37,258 +37,258 @@ |
||
| 37 | 37 | use Symfony\Component\Console\Output\OutputInterface; |
| 38 | 38 | |
| 39 | 39 | class DecryptAll { |
| 40 | - /** @var OutputInterface */ |
|
| 41 | - protected $output; |
|
| 42 | - |
|
| 43 | - /** @var InputInterface */ |
|
| 44 | - protected $input; |
|
| 45 | - |
|
| 46 | - /** @var Manager */ |
|
| 47 | - protected $encryptionManager; |
|
| 48 | - |
|
| 49 | - /** @var IUserManager */ |
|
| 50 | - protected $userManager; |
|
| 51 | - |
|
| 52 | - /** @var View */ |
|
| 53 | - protected $rootView; |
|
| 54 | - |
|
| 55 | - /** @var array files which couldn't be decrypted */ |
|
| 56 | - protected $failed; |
|
| 57 | - |
|
| 58 | - /** |
|
| 59 | - * @param Manager $encryptionManager |
|
| 60 | - * @param IUserManager $userManager |
|
| 61 | - * @param View $rootView |
|
| 62 | - */ |
|
| 63 | - public function __construct( |
|
| 64 | - Manager $encryptionManager, |
|
| 65 | - IUserManager $userManager, |
|
| 66 | - View $rootView |
|
| 67 | - ) { |
|
| 68 | - $this->encryptionManager = $encryptionManager; |
|
| 69 | - $this->userManager = $userManager; |
|
| 70 | - $this->rootView = $rootView; |
|
| 71 | - $this->failed = []; |
|
| 72 | - } |
|
| 73 | - |
|
| 74 | - /** |
|
| 75 | - * start to decrypt all files |
|
| 76 | - * |
|
| 77 | - * @param InputInterface $input |
|
| 78 | - * @param OutputInterface $output |
|
| 79 | - * @param string $user which users data folder should be decrypted, default = all users |
|
| 80 | - * @return bool |
|
| 81 | - * @throws \Exception |
|
| 82 | - */ |
|
| 83 | - public function decryptAll(InputInterface $input, OutputInterface $output, $user = '') { |
|
| 84 | - $this->input = $input; |
|
| 85 | - $this->output = $output; |
|
| 86 | - |
|
| 87 | - if ($user !== '' && $this->userManager->userExists($user) === false) { |
|
| 88 | - $this->output->writeln('User "' . $user . '" does not exist. Please check the username and try again'); |
|
| 89 | - return false; |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - $this->output->writeln('prepare encryption modules...'); |
|
| 93 | - if ($this->prepareEncryptionModules($user) === false) { |
|
| 94 | - return false; |
|
| 95 | - } |
|
| 96 | - $this->output->writeln(' done.'); |
|
| 97 | - |
|
| 98 | - $this->decryptAllUsersFiles($user); |
|
| 99 | - |
|
| 100 | - if (empty($this->failed)) { |
|
| 101 | - $this->output->writeln('all files could be decrypted successfully!'); |
|
| 102 | - } else { |
|
| 103 | - $this->output->writeln('Files for following users couldn\'t be decrypted, '); |
|
| 104 | - $this->output->writeln('maybe the user is not set up in a way that supports this operation: '); |
|
| 105 | - foreach ($this->failed as $uid => $paths) { |
|
| 106 | - $this->output->writeln(' ' . $uid); |
|
| 107 | - foreach ($paths as $path) { |
|
| 108 | - $this->output->writeln(' ' . $path); |
|
| 109 | - } |
|
| 110 | - } |
|
| 111 | - $this->output->writeln(''); |
|
| 112 | - } |
|
| 113 | - |
|
| 114 | - return true; |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - /** |
|
| 118 | - * prepare encryption modules to perform the decrypt all function |
|
| 119 | - * |
|
| 120 | - * @param $user |
|
| 121 | - * @return bool |
|
| 122 | - */ |
|
| 123 | - protected function prepareEncryptionModules($user) { |
|
| 124 | - // prepare all encryption modules for decrypt all |
|
| 125 | - $encryptionModules = $this->encryptionManager->getEncryptionModules(); |
|
| 126 | - foreach ($encryptionModules as $moduleDesc) { |
|
| 127 | - /** @var IEncryptionModule $module */ |
|
| 128 | - $module = call_user_func($moduleDesc['callback']); |
|
| 129 | - $this->output->writeln(''); |
|
| 130 | - $this->output->writeln('Prepare "' . $module->getDisplayName() . '"'); |
|
| 131 | - $this->output->writeln(''); |
|
| 132 | - if ($module->prepareDecryptAll($this->input, $this->output, $user) === false) { |
|
| 133 | - $this->output->writeln('Module "' . $moduleDesc['displayName'] . '" does not support the functionality to decrypt all files again or the initialization of the module failed!'); |
|
| 134 | - return false; |
|
| 135 | - } |
|
| 136 | - } |
|
| 137 | - |
|
| 138 | - return true; |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - /** |
|
| 142 | - * iterate over all user and encrypt their files |
|
| 143 | - * |
|
| 144 | - * @param string $user which users files should be decrypted, default = all users |
|
| 145 | - */ |
|
| 146 | - protected function decryptAllUsersFiles($user = '') { |
|
| 147 | - $this->output->writeln("\n"); |
|
| 148 | - |
|
| 149 | - $userList = []; |
|
| 150 | - if ($user === '') { |
|
| 151 | - $fetchUsersProgress = new ProgressBar($this->output); |
|
| 152 | - $fetchUsersProgress->setFormat(" %message% \n [%bar%]"); |
|
| 153 | - $fetchUsersProgress->start(); |
|
| 154 | - $fetchUsersProgress->setMessage("Fetch list of users..."); |
|
| 155 | - $fetchUsersProgress->advance(); |
|
| 156 | - |
|
| 157 | - foreach ($this->userManager->getBackends() as $backend) { |
|
| 158 | - $limit = 500; |
|
| 159 | - $offset = 0; |
|
| 160 | - do { |
|
| 161 | - $users = $backend->getUsers('', $limit, $offset); |
|
| 162 | - foreach ($users as $user) { |
|
| 163 | - $userList[] = $user; |
|
| 164 | - } |
|
| 165 | - $offset += $limit; |
|
| 166 | - $fetchUsersProgress->advance(); |
|
| 167 | - } while (count($users) >= $limit); |
|
| 168 | - $fetchUsersProgress->setMessage("Fetch list of users... finished"); |
|
| 169 | - $fetchUsersProgress->finish(); |
|
| 170 | - } |
|
| 171 | - } else { |
|
| 172 | - $userList[] = $user; |
|
| 173 | - } |
|
| 174 | - |
|
| 175 | - $this->output->writeln("\n\n"); |
|
| 176 | - |
|
| 177 | - $progress = new ProgressBar($this->output); |
|
| 178 | - $progress->setFormat(" %message% \n [%bar%]"); |
|
| 179 | - $progress->start(); |
|
| 180 | - $progress->setMessage("starting to decrypt files..."); |
|
| 181 | - $progress->advance(); |
|
| 182 | - |
|
| 183 | - $numberOfUsers = count($userList); |
|
| 184 | - $userNo = 1; |
|
| 185 | - foreach ($userList as $uid) { |
|
| 186 | - $userCount = "$uid ($userNo of $numberOfUsers)"; |
|
| 187 | - $this->decryptUsersFiles($uid, $progress, $userCount); |
|
| 188 | - $userNo++; |
|
| 189 | - } |
|
| 190 | - |
|
| 191 | - $progress->setMessage("starting to decrypt files... finished"); |
|
| 192 | - $progress->finish(); |
|
| 193 | - |
|
| 194 | - $this->output->writeln("\n\n"); |
|
| 195 | - } |
|
| 196 | - |
|
| 197 | - /** |
|
| 198 | - * encrypt files from the given user |
|
| 199 | - * |
|
| 200 | - * @param string $uid |
|
| 201 | - * @param ProgressBar $progress |
|
| 202 | - * @param string $userCount |
|
| 203 | - */ |
|
| 204 | - protected function decryptUsersFiles($uid, ProgressBar $progress, $userCount) { |
|
| 205 | - $this->setupUserFS($uid); |
|
| 206 | - $directories = []; |
|
| 207 | - $directories[] = '/' . $uid . '/files'; |
|
| 208 | - |
|
| 209 | - while ($root = array_pop($directories)) { |
|
| 210 | - $content = $this->rootView->getDirectoryContent($root); |
|
| 211 | - foreach ($content as $file) { |
|
| 212 | - // only decrypt files owned by the user |
|
| 213 | - if ($file->getStorage()->instanceOfStorage('OCA\Files_Sharing\SharedStorage')) { |
|
| 214 | - continue; |
|
| 215 | - } |
|
| 216 | - $path = $root . '/' . $file['name']; |
|
| 217 | - if ($this->rootView->is_dir($path)) { |
|
| 218 | - $directories[] = $path; |
|
| 219 | - continue; |
|
| 220 | - } else { |
|
| 221 | - try { |
|
| 222 | - $progress->setMessage("decrypt files for user $userCount: $path"); |
|
| 223 | - $progress->advance(); |
|
| 224 | - if ($file->isEncrypted() === false) { |
|
| 225 | - $progress->setMessage("decrypt files for user $userCount: $path (already decrypted)"); |
|
| 226 | - $progress->advance(); |
|
| 227 | - } else { |
|
| 228 | - if ($this->decryptFile($path) === false) { |
|
| 229 | - $progress->setMessage("decrypt files for user $userCount: $path (already decrypted)"); |
|
| 230 | - $progress->advance(); |
|
| 231 | - } |
|
| 232 | - } |
|
| 233 | - } catch (\Exception $e) { |
|
| 234 | - if (isset($this->failed[$uid])) { |
|
| 235 | - $this->failed[$uid][] = $path; |
|
| 236 | - } else { |
|
| 237 | - $this->failed[$uid] = [$path]; |
|
| 238 | - } |
|
| 239 | - } |
|
| 240 | - } |
|
| 241 | - } |
|
| 242 | - } |
|
| 243 | - } |
|
| 244 | - |
|
| 245 | - /** |
|
| 246 | - * encrypt file |
|
| 247 | - * |
|
| 248 | - * @param string $path |
|
| 249 | - * @return bool |
|
| 250 | - */ |
|
| 251 | - protected function decryptFile($path) { |
|
| 252 | - // skip already decrypted files |
|
| 253 | - $fileInfo = $this->rootView->getFileInfo($path); |
|
| 254 | - if ($fileInfo !== false && !$fileInfo->isEncrypted()) { |
|
| 255 | - return true; |
|
| 256 | - } |
|
| 257 | - |
|
| 258 | - $source = $path; |
|
| 259 | - $target = $path . '.decrypted.' . $this->getTimestamp(); |
|
| 260 | - |
|
| 261 | - try { |
|
| 262 | - $this->rootView->copy($source, $target); |
|
| 263 | - $this->rootView->touch($target, $fileInfo->getMTime()); |
|
| 264 | - $this->rootView->rename($target, $source); |
|
| 265 | - } catch (DecryptionFailedException $e) { |
|
| 266 | - if ($this->rootView->file_exists($target)) { |
|
| 267 | - $this->rootView->unlink($target); |
|
| 268 | - } |
|
| 269 | - return false; |
|
| 270 | - } |
|
| 271 | - |
|
| 272 | - return true; |
|
| 273 | - } |
|
| 274 | - |
|
| 275 | - /** |
|
| 276 | - * get current timestamp |
|
| 277 | - * |
|
| 278 | - * @return int |
|
| 279 | - */ |
|
| 280 | - protected function getTimestamp() { |
|
| 281 | - return time(); |
|
| 282 | - } |
|
| 283 | - |
|
| 284 | - |
|
| 285 | - /** |
|
| 286 | - * setup user file system |
|
| 287 | - * |
|
| 288 | - * @param string $uid |
|
| 289 | - */ |
|
| 290 | - protected function setupUserFS($uid) { |
|
| 291 | - \OC_Util::tearDownFS(); |
|
| 292 | - \OC_Util::setupFS($uid); |
|
| 293 | - } |
|
| 40 | + /** @var OutputInterface */ |
|
| 41 | + protected $output; |
|
| 42 | + |
|
| 43 | + /** @var InputInterface */ |
|
| 44 | + protected $input; |
|
| 45 | + |
|
| 46 | + /** @var Manager */ |
|
| 47 | + protected $encryptionManager; |
|
| 48 | + |
|
| 49 | + /** @var IUserManager */ |
|
| 50 | + protected $userManager; |
|
| 51 | + |
|
| 52 | + /** @var View */ |
|
| 53 | + protected $rootView; |
|
| 54 | + |
|
| 55 | + /** @var array files which couldn't be decrypted */ |
|
| 56 | + protected $failed; |
|
| 57 | + |
|
| 58 | + /** |
|
| 59 | + * @param Manager $encryptionManager |
|
| 60 | + * @param IUserManager $userManager |
|
| 61 | + * @param View $rootView |
|
| 62 | + */ |
|
| 63 | + public function __construct( |
|
| 64 | + Manager $encryptionManager, |
|
| 65 | + IUserManager $userManager, |
|
| 66 | + View $rootView |
|
| 67 | + ) { |
|
| 68 | + $this->encryptionManager = $encryptionManager; |
|
| 69 | + $this->userManager = $userManager; |
|
| 70 | + $this->rootView = $rootView; |
|
| 71 | + $this->failed = []; |
|
| 72 | + } |
|
| 73 | + |
|
| 74 | + /** |
|
| 75 | + * start to decrypt all files |
|
| 76 | + * |
|
| 77 | + * @param InputInterface $input |
|
| 78 | + * @param OutputInterface $output |
|
| 79 | + * @param string $user which users data folder should be decrypted, default = all users |
|
| 80 | + * @return bool |
|
| 81 | + * @throws \Exception |
|
| 82 | + */ |
|
| 83 | + public function decryptAll(InputInterface $input, OutputInterface $output, $user = '') { |
|
| 84 | + $this->input = $input; |
|
| 85 | + $this->output = $output; |
|
| 86 | + |
|
| 87 | + if ($user !== '' && $this->userManager->userExists($user) === false) { |
|
| 88 | + $this->output->writeln('User "' . $user . '" does not exist. Please check the username and try again'); |
|
| 89 | + return false; |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + $this->output->writeln('prepare encryption modules...'); |
|
| 93 | + if ($this->prepareEncryptionModules($user) === false) { |
|
| 94 | + return false; |
|
| 95 | + } |
|
| 96 | + $this->output->writeln(' done.'); |
|
| 97 | + |
|
| 98 | + $this->decryptAllUsersFiles($user); |
|
| 99 | + |
|
| 100 | + if (empty($this->failed)) { |
|
| 101 | + $this->output->writeln('all files could be decrypted successfully!'); |
|
| 102 | + } else { |
|
| 103 | + $this->output->writeln('Files for following users couldn\'t be decrypted, '); |
|
| 104 | + $this->output->writeln('maybe the user is not set up in a way that supports this operation: '); |
|
| 105 | + foreach ($this->failed as $uid => $paths) { |
|
| 106 | + $this->output->writeln(' ' . $uid); |
|
| 107 | + foreach ($paths as $path) { |
|
| 108 | + $this->output->writeln(' ' . $path); |
|
| 109 | + } |
|
| 110 | + } |
|
| 111 | + $this->output->writeln(''); |
|
| 112 | + } |
|
| 113 | + |
|
| 114 | + return true; |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + /** |
|
| 118 | + * prepare encryption modules to perform the decrypt all function |
|
| 119 | + * |
|
| 120 | + * @param $user |
|
| 121 | + * @return bool |
|
| 122 | + */ |
|
| 123 | + protected function prepareEncryptionModules($user) { |
|
| 124 | + // prepare all encryption modules for decrypt all |
|
| 125 | + $encryptionModules = $this->encryptionManager->getEncryptionModules(); |
|
| 126 | + foreach ($encryptionModules as $moduleDesc) { |
|
| 127 | + /** @var IEncryptionModule $module */ |
|
| 128 | + $module = call_user_func($moduleDesc['callback']); |
|
| 129 | + $this->output->writeln(''); |
|
| 130 | + $this->output->writeln('Prepare "' . $module->getDisplayName() . '"'); |
|
| 131 | + $this->output->writeln(''); |
|
| 132 | + if ($module->prepareDecryptAll($this->input, $this->output, $user) === false) { |
|
| 133 | + $this->output->writeln('Module "' . $moduleDesc['displayName'] . '" does not support the functionality to decrypt all files again or the initialization of the module failed!'); |
|
| 134 | + return false; |
|
| 135 | + } |
|
| 136 | + } |
|
| 137 | + |
|
| 138 | + return true; |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + /** |
|
| 142 | + * iterate over all user and encrypt their files |
|
| 143 | + * |
|
| 144 | + * @param string $user which users files should be decrypted, default = all users |
|
| 145 | + */ |
|
| 146 | + protected function decryptAllUsersFiles($user = '') { |
|
| 147 | + $this->output->writeln("\n"); |
|
| 148 | + |
|
| 149 | + $userList = []; |
|
| 150 | + if ($user === '') { |
|
| 151 | + $fetchUsersProgress = new ProgressBar($this->output); |
|
| 152 | + $fetchUsersProgress->setFormat(" %message% \n [%bar%]"); |
|
| 153 | + $fetchUsersProgress->start(); |
|
| 154 | + $fetchUsersProgress->setMessage("Fetch list of users..."); |
|
| 155 | + $fetchUsersProgress->advance(); |
|
| 156 | + |
|
| 157 | + foreach ($this->userManager->getBackends() as $backend) { |
|
| 158 | + $limit = 500; |
|
| 159 | + $offset = 0; |
|
| 160 | + do { |
|
| 161 | + $users = $backend->getUsers('', $limit, $offset); |
|
| 162 | + foreach ($users as $user) { |
|
| 163 | + $userList[] = $user; |
|
| 164 | + } |
|
| 165 | + $offset += $limit; |
|
| 166 | + $fetchUsersProgress->advance(); |
|
| 167 | + } while (count($users) >= $limit); |
|
| 168 | + $fetchUsersProgress->setMessage("Fetch list of users... finished"); |
|
| 169 | + $fetchUsersProgress->finish(); |
|
| 170 | + } |
|
| 171 | + } else { |
|
| 172 | + $userList[] = $user; |
|
| 173 | + } |
|
| 174 | + |
|
| 175 | + $this->output->writeln("\n\n"); |
|
| 176 | + |
|
| 177 | + $progress = new ProgressBar($this->output); |
|
| 178 | + $progress->setFormat(" %message% \n [%bar%]"); |
|
| 179 | + $progress->start(); |
|
| 180 | + $progress->setMessage("starting to decrypt files..."); |
|
| 181 | + $progress->advance(); |
|
| 182 | + |
|
| 183 | + $numberOfUsers = count($userList); |
|
| 184 | + $userNo = 1; |
|
| 185 | + foreach ($userList as $uid) { |
|
| 186 | + $userCount = "$uid ($userNo of $numberOfUsers)"; |
|
| 187 | + $this->decryptUsersFiles($uid, $progress, $userCount); |
|
| 188 | + $userNo++; |
|
| 189 | + } |
|
| 190 | + |
|
| 191 | + $progress->setMessage("starting to decrypt files... finished"); |
|
| 192 | + $progress->finish(); |
|
| 193 | + |
|
| 194 | + $this->output->writeln("\n\n"); |
|
| 195 | + } |
|
| 196 | + |
|
| 197 | + /** |
|
| 198 | + * encrypt files from the given user |
|
| 199 | + * |
|
| 200 | + * @param string $uid |
|
| 201 | + * @param ProgressBar $progress |
|
| 202 | + * @param string $userCount |
|
| 203 | + */ |
|
| 204 | + protected function decryptUsersFiles($uid, ProgressBar $progress, $userCount) { |
|
| 205 | + $this->setupUserFS($uid); |
|
| 206 | + $directories = []; |
|
| 207 | + $directories[] = '/' . $uid . '/files'; |
|
| 208 | + |
|
| 209 | + while ($root = array_pop($directories)) { |
|
| 210 | + $content = $this->rootView->getDirectoryContent($root); |
|
| 211 | + foreach ($content as $file) { |
|
| 212 | + // only decrypt files owned by the user |
|
| 213 | + if ($file->getStorage()->instanceOfStorage('OCA\Files_Sharing\SharedStorage')) { |
|
| 214 | + continue; |
|
| 215 | + } |
|
| 216 | + $path = $root . '/' . $file['name']; |
|
| 217 | + if ($this->rootView->is_dir($path)) { |
|
| 218 | + $directories[] = $path; |
|
| 219 | + continue; |
|
| 220 | + } else { |
|
| 221 | + try { |
|
| 222 | + $progress->setMessage("decrypt files for user $userCount: $path"); |
|
| 223 | + $progress->advance(); |
|
| 224 | + if ($file->isEncrypted() === false) { |
|
| 225 | + $progress->setMessage("decrypt files for user $userCount: $path (already decrypted)"); |
|
| 226 | + $progress->advance(); |
|
| 227 | + } else { |
|
| 228 | + if ($this->decryptFile($path) === false) { |
|
| 229 | + $progress->setMessage("decrypt files for user $userCount: $path (already decrypted)"); |
|
| 230 | + $progress->advance(); |
|
| 231 | + } |
|
| 232 | + } |
|
| 233 | + } catch (\Exception $e) { |
|
| 234 | + if (isset($this->failed[$uid])) { |
|
| 235 | + $this->failed[$uid][] = $path; |
|
| 236 | + } else { |
|
| 237 | + $this->failed[$uid] = [$path]; |
|
| 238 | + } |
|
| 239 | + } |
|
| 240 | + } |
|
| 241 | + } |
|
| 242 | + } |
|
| 243 | + } |
|
| 244 | + |
|
| 245 | + /** |
|
| 246 | + * encrypt file |
|
| 247 | + * |
|
| 248 | + * @param string $path |
|
| 249 | + * @return bool |
|
| 250 | + */ |
|
| 251 | + protected function decryptFile($path) { |
|
| 252 | + // skip already decrypted files |
|
| 253 | + $fileInfo = $this->rootView->getFileInfo($path); |
|
| 254 | + if ($fileInfo !== false && !$fileInfo->isEncrypted()) { |
|
| 255 | + return true; |
|
| 256 | + } |
|
| 257 | + |
|
| 258 | + $source = $path; |
|
| 259 | + $target = $path . '.decrypted.' . $this->getTimestamp(); |
|
| 260 | + |
|
| 261 | + try { |
|
| 262 | + $this->rootView->copy($source, $target); |
|
| 263 | + $this->rootView->touch($target, $fileInfo->getMTime()); |
|
| 264 | + $this->rootView->rename($target, $source); |
|
| 265 | + } catch (DecryptionFailedException $e) { |
|
| 266 | + if ($this->rootView->file_exists($target)) { |
|
| 267 | + $this->rootView->unlink($target); |
|
| 268 | + } |
|
| 269 | + return false; |
|
| 270 | + } |
|
| 271 | + |
|
| 272 | + return true; |
|
| 273 | + } |
|
| 274 | + |
|
| 275 | + /** |
|
| 276 | + * get current timestamp |
|
| 277 | + * |
|
| 278 | + * @return int |
|
| 279 | + */ |
|
| 280 | + protected function getTimestamp() { |
|
| 281 | + return time(); |
|
| 282 | + } |
|
| 283 | + |
|
| 284 | + |
|
| 285 | + /** |
|
| 286 | + * setup user file system |
|
| 287 | + * |
|
| 288 | + * @param string $uid |
|
| 289 | + */ |
|
| 290 | + protected function setupUserFS($uid) { |
|
| 291 | + \OC_Util::tearDownFS(); |
|
| 292 | + \OC_Util::setupFS($uid); |
|
| 293 | + } |
|
| 294 | 294 | } |
@@ -33,35 +33,35 @@ |
||
| 33 | 33 | * @since 14.0.0 |
| 34 | 34 | */ |
| 35 | 35 | class CloudFederationNotification implements ICloudFederationNotification { |
| 36 | - private $message = []; |
|
| 36 | + private $message = []; |
|
| 37 | 37 | |
| 38 | - /** |
|
| 39 | - * add a message to the notification |
|
| 40 | - * |
|
| 41 | - * @param string $notificationType (e.g. SHARE_ACCEPTED) |
|
| 42 | - * @param string $resourceType (e.g. file, calendar, contact,...) |
|
| 43 | - * @param string $providerId id of the share |
|
| 44 | - * @param array $notification payload of the notification |
|
| 45 | - * |
|
| 46 | - * @since 14.0.0 |
|
| 47 | - */ |
|
| 48 | - public function setMessage($notificationType, $resourceType, $providerId, array $notification) { |
|
| 49 | - $this->message = [ |
|
| 50 | - 'notificationType' => $notificationType, |
|
| 51 | - 'resourceType' => $resourceType, |
|
| 52 | - 'providerId' => $providerId, |
|
| 53 | - 'notification' => $notification, |
|
| 54 | - ]; |
|
| 55 | - } |
|
| 38 | + /** |
|
| 39 | + * add a message to the notification |
|
| 40 | + * |
|
| 41 | + * @param string $notificationType (e.g. SHARE_ACCEPTED) |
|
| 42 | + * @param string $resourceType (e.g. file, calendar, contact,...) |
|
| 43 | + * @param string $providerId id of the share |
|
| 44 | + * @param array $notification payload of the notification |
|
| 45 | + * |
|
| 46 | + * @since 14.0.0 |
|
| 47 | + */ |
|
| 48 | + public function setMessage($notificationType, $resourceType, $providerId, array $notification) { |
|
| 49 | + $this->message = [ |
|
| 50 | + 'notificationType' => $notificationType, |
|
| 51 | + 'resourceType' => $resourceType, |
|
| 52 | + 'providerId' => $providerId, |
|
| 53 | + 'notification' => $notification, |
|
| 54 | + ]; |
|
| 55 | + } |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * get message, ready to send out |
|
| 59 | - * |
|
| 60 | - * @return array |
|
| 61 | - * |
|
| 62 | - * @since 14.0.0 |
|
| 63 | - */ |
|
| 64 | - public function getMessage() { |
|
| 65 | - return $this->message; |
|
| 66 | - } |
|
| 57 | + /** |
|
| 58 | + * get message, ready to send out |
|
| 59 | + * |
|
| 60 | + * @return array |
|
| 61 | + * |
|
| 62 | + * @since 14.0.0 |
|
| 63 | + */ |
|
| 64 | + public function getMessage() { |
|
| 65 | + return $this->message; |
|
| 66 | + } |
|
| 67 | 67 | } |
@@ -38,7 +38,7 @@ |
||
| 38 | 38 | |
| 39 | 39 | public function run($dummy) { |
| 40 | 40 | $systemConfig = \OC::$server->getSystemConfig(); |
| 41 | - $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/nextcloud.log'); |
|
| 41 | + $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT.'/data').'/nextcloud.log'); |
|
| 42 | 42 | |
| 43 | 43 | $this->maxSize = \OC::$server->getConfig()->getSystemValue('log_rotate_size', 100 * 1024 * 1024); |
| 44 | 44 | if ($this->shouldRotateBySize()) { |
@@ -33,17 +33,17 @@ |
||
| 33 | 33 | * location and manage that with your own tools. |
| 34 | 34 | */ |
| 35 | 35 | class Rotate extends \OCP\BackgroundJob\Job { |
| 36 | - use RotationTrait; |
|
| 36 | + use RotationTrait; |
|
| 37 | 37 | |
| 38 | - public function run($dummy) { |
|
| 39 | - $systemConfig = \OC::$server->getSystemConfig(); |
|
| 40 | - $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/nextcloud.log'); |
|
| 38 | + public function run($dummy) { |
|
| 39 | + $systemConfig = \OC::$server->getSystemConfig(); |
|
| 40 | + $this->filePath = $systemConfig->getValue('logfile', $systemConfig->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/nextcloud.log'); |
|
| 41 | 41 | |
| 42 | - $this->maxSize = \OC::$server->getConfig()->getSystemValue('log_rotate_size', 100 * 1024 * 1024); |
|
| 43 | - if ($this->shouldRotateBySize()) { |
|
| 44 | - $rotatedFile = $this->rotate(); |
|
| 45 | - $msg = 'Log file "'.$this->filePath.'" was over '.$this->maxSize.' bytes, moved to "'.$rotatedFile.'"'; |
|
| 46 | - \OC::$server->getLogger()->warning($msg, ['app' => Rotate::class]); |
|
| 47 | - } |
|
| 48 | - } |
|
| 42 | + $this->maxSize = \OC::$server->getConfig()->getSystemValue('log_rotate_size', 100 * 1024 * 1024); |
|
| 43 | + if ($this->shouldRotateBySize()) { |
|
| 44 | + $rotatedFile = $this->rotate(); |
|
| 45 | + $msg = 'Log file "'.$this->filePath.'" was over '.$this->maxSize.' bytes, moved to "'.$rotatedFile.'"'; |
|
| 46 | + \OC::$server->getLogger()->warning($msg, ['app' => Rotate::class]); |
|
| 47 | + } |
|
| 48 | + } |
|
| 49 | 49 | } |
@@ -27,51 +27,51 @@ |
||
| 27 | 27 | namespace OC\Security\FeaturePolicy; |
| 28 | 28 | |
| 29 | 29 | class FeaturePolicy extends \OCP\AppFramework\Http\FeaturePolicy { |
| 30 | - public function getAutoplayDomains(): array { |
|
| 31 | - return $this->autoplayDomains; |
|
| 32 | - } |
|
| 30 | + public function getAutoplayDomains(): array { |
|
| 31 | + return $this->autoplayDomains; |
|
| 32 | + } |
|
| 33 | 33 | |
| 34 | - public function setAutoplayDomains(array $autoplayDomains): void { |
|
| 35 | - $this->autoplayDomains = $autoplayDomains; |
|
| 36 | - } |
|
| 34 | + public function setAutoplayDomains(array $autoplayDomains): void { |
|
| 35 | + $this->autoplayDomains = $autoplayDomains; |
|
| 36 | + } |
|
| 37 | 37 | |
| 38 | - public function getCameraDomains(): array { |
|
| 39 | - return $this->cameraDomains; |
|
| 40 | - } |
|
| 38 | + public function getCameraDomains(): array { |
|
| 39 | + return $this->cameraDomains; |
|
| 40 | + } |
|
| 41 | 41 | |
| 42 | - public function setCameraDomains(array $cameraDomains): void { |
|
| 43 | - $this->cameraDomains = $cameraDomains; |
|
| 44 | - } |
|
| 42 | + public function setCameraDomains(array $cameraDomains): void { |
|
| 43 | + $this->cameraDomains = $cameraDomains; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - public function getFullscreenDomains(): array { |
|
| 47 | - return $this->fullscreenDomains; |
|
| 48 | - } |
|
| 46 | + public function getFullscreenDomains(): array { |
|
| 47 | + return $this->fullscreenDomains; |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - public function setFullscreenDomains(array $fullscreenDomains): void { |
|
| 51 | - $this->fullscreenDomains = $fullscreenDomains; |
|
| 52 | - } |
|
| 50 | + public function setFullscreenDomains(array $fullscreenDomains): void { |
|
| 51 | + $this->fullscreenDomains = $fullscreenDomains; |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - public function getGeolocationDomains(): array { |
|
| 55 | - return $this->geolocationDomains; |
|
| 56 | - } |
|
| 54 | + public function getGeolocationDomains(): array { |
|
| 55 | + return $this->geolocationDomains; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - public function setGeolocationDomains(array $geolocationDomains): void { |
|
| 59 | - $this->geolocationDomains = $geolocationDomains; |
|
| 60 | - } |
|
| 58 | + public function setGeolocationDomains(array $geolocationDomains): void { |
|
| 59 | + $this->geolocationDomains = $geolocationDomains; |
|
| 60 | + } |
|
| 61 | 61 | |
| 62 | - public function getMicrophoneDomains(): array { |
|
| 63 | - return $this->microphoneDomains; |
|
| 64 | - } |
|
| 62 | + public function getMicrophoneDomains(): array { |
|
| 63 | + return $this->microphoneDomains; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - public function setMicrophoneDomains(array $microphoneDomains): void { |
|
| 67 | - $this->microphoneDomains = $microphoneDomains; |
|
| 68 | - } |
|
| 66 | + public function setMicrophoneDomains(array $microphoneDomains): void { |
|
| 67 | + $this->microphoneDomains = $microphoneDomains; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - public function getPaymentDomains(): array { |
|
| 71 | - return $this->paymentDomains; |
|
| 72 | - } |
|
| 70 | + public function getPaymentDomains(): array { |
|
| 71 | + return $this->paymentDomains; |
|
| 72 | + } |
|
| 73 | 73 | |
| 74 | - public function setPaymentDomains(array $paymentDomains): void { |
|
| 75 | - $this->paymentDomains = $paymentDomains; |
|
| 76 | - } |
|
| 74 | + public function setPaymentDomains(array $paymentDomains): void { |
|
| 75 | + $this->paymentDomains = $paymentDomains; |
|
| 76 | + } |
|
| 77 | 77 | } |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | */ |
| 145 | 145 | public function getKey(IUser $user): Key { |
| 146 | 146 | $uid = $user->getUID(); |
| 147 | - return $this->retrieveKey('user-' . $uid); |
|
| 147 | + return $this->retrieveKey('user-'.$uid); |
|
| 148 | 148 | } |
| 149 | 149 | |
| 150 | 150 | /** |
@@ -158,7 +158,7 @@ discard block |
||
| 158 | 158 | if ($instanceId === null) { |
| 159 | 159 | throw new \RuntimeException('no instance id!'); |
| 160 | 160 | } |
| 161 | - return $this->retrieveKey('system-' . $instanceId); |
|
| 161 | + return $this->retrieveKey('system-'.$instanceId); |
|
| 162 | 162 | } |
| 163 | 163 | |
| 164 | 164 | private function logOpensslError(): void { |
@@ -166,6 +166,6 @@ discard block |
||
| 166 | 166 | while ($error = openssl_error_string()) { |
| 167 | 167 | $errors[] = $error; |
| 168 | 168 | } |
| 169 | - $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors)); |
|
| 169 | + $this->logger->critical('Something is wrong with your openssl setup: '.implode(', ', $errors)); |
|
| 170 | 170 | } |
| 171 | 171 | } |
@@ -37,134 +37,134 @@ |
||
| 37 | 37 | use Psr\Log\LoggerInterface; |
| 38 | 38 | |
| 39 | 39 | class Manager { |
| 40 | - /** @var IAppData */ |
|
| 41 | - private $appData; |
|
| 42 | - /** @var ICrypto */ |
|
| 43 | - private $crypto; |
|
| 44 | - /** @var IConfig */ |
|
| 45 | - private $config; |
|
| 46 | - private LoggerInterface $logger; |
|
| 47 | - |
|
| 48 | - public function __construct(Factory $appDataFactory, |
|
| 49 | - ICrypto $crypto, |
|
| 50 | - IConfig $config, |
|
| 51 | - LoggerInterface $logger |
|
| 52 | - ) { |
|
| 53 | - $this->appData = $appDataFactory->get('identityproof'); |
|
| 54 | - $this->crypto = $crypto; |
|
| 55 | - $this->config = $config; |
|
| 56 | - $this->logger = $logger; |
|
| 57 | - } |
|
| 58 | - |
|
| 59 | - /** |
|
| 60 | - * Calls the openssl functions to generate a public and private key. |
|
| 61 | - * In a separate function for unit testing purposes. |
|
| 62 | - * |
|
| 63 | - * @return array [$publicKey, $privateKey] |
|
| 64 | - * @throws \RuntimeException |
|
| 65 | - */ |
|
| 66 | - protected function generateKeyPair(): array { |
|
| 67 | - $config = [ |
|
| 68 | - 'digest_alg' => 'sha512', |
|
| 69 | - 'private_key_bits' => 2048, |
|
| 70 | - ]; |
|
| 71 | - |
|
| 72 | - // Generate new key |
|
| 73 | - $res = openssl_pkey_new($config); |
|
| 74 | - |
|
| 75 | - if ($res === false) { |
|
| 76 | - $this->logOpensslError(); |
|
| 77 | - throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - if (openssl_pkey_export($res, $privateKey, null, $config) === false) { |
|
| 81 | - $this->logOpensslError(); |
|
| 82 | - throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 83 | - } |
|
| 84 | - |
|
| 85 | - // Extract the public key from $res to $pubKey |
|
| 86 | - $publicKey = openssl_pkey_get_details($res); |
|
| 87 | - $publicKey = $publicKey['key']; |
|
| 88 | - |
|
| 89 | - return [$publicKey, $privateKey]; |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * Generate a key for a given ID |
|
| 94 | - * Note: If a key already exists it will be overwritten |
|
| 95 | - * |
|
| 96 | - * @param string $id key id |
|
| 97 | - * @return Key |
|
| 98 | - * @throws \RuntimeException |
|
| 99 | - */ |
|
| 100 | - protected function generateKey(string $id): Key { |
|
| 101 | - [$publicKey, $privateKey] = $this->generateKeyPair(); |
|
| 102 | - |
|
| 103 | - // Write the private and public key to the disk |
|
| 104 | - try { |
|
| 105 | - $this->appData->newFolder($id); |
|
| 106 | - } catch (\Exception $e) { |
|
| 107 | - } |
|
| 108 | - $folder = $this->appData->getFolder($id); |
|
| 109 | - $folder->newFile('private') |
|
| 110 | - ->putContent($this->crypto->encrypt($privateKey)); |
|
| 111 | - $folder->newFile('public') |
|
| 112 | - ->putContent($publicKey); |
|
| 113 | - |
|
| 114 | - return new Key($publicKey, $privateKey); |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - /** |
|
| 118 | - * Get key for a specific id |
|
| 119 | - * |
|
| 120 | - * @param string $id |
|
| 121 | - * @return Key |
|
| 122 | - * @throws \RuntimeException |
|
| 123 | - */ |
|
| 124 | - protected function retrieveKey(string $id): Key { |
|
| 125 | - try { |
|
| 126 | - $folder = $this->appData->getFolder($id); |
|
| 127 | - $privateKey = $this->crypto->decrypt( |
|
| 128 | - $folder->getFile('private')->getContent() |
|
| 129 | - ); |
|
| 130 | - $publicKey = $folder->getFile('public')->getContent(); |
|
| 131 | - return new Key($publicKey, $privateKey); |
|
| 132 | - } catch (\Exception $e) { |
|
| 133 | - return $this->generateKey($id); |
|
| 134 | - } |
|
| 135 | - } |
|
| 136 | - |
|
| 137 | - /** |
|
| 138 | - * Get public and private key for $user |
|
| 139 | - * |
|
| 140 | - * @param IUser $user |
|
| 141 | - * @return Key |
|
| 142 | - * @throws \RuntimeException |
|
| 143 | - */ |
|
| 144 | - public function getKey(IUser $user): Key { |
|
| 145 | - $uid = $user->getUID(); |
|
| 146 | - return $this->retrieveKey('user-' . $uid); |
|
| 147 | - } |
|
| 148 | - |
|
| 149 | - /** |
|
| 150 | - * Get instance wide public and private key |
|
| 151 | - * |
|
| 152 | - * @return Key |
|
| 153 | - * @throws \RuntimeException |
|
| 154 | - */ |
|
| 155 | - public function getSystemKey(): Key { |
|
| 156 | - $instanceId = $this->config->getSystemValue('instanceid', null); |
|
| 157 | - if ($instanceId === null) { |
|
| 158 | - throw new \RuntimeException('no instance id!'); |
|
| 159 | - } |
|
| 160 | - return $this->retrieveKey('system-' . $instanceId); |
|
| 161 | - } |
|
| 162 | - |
|
| 163 | - private function logOpensslError(): void { |
|
| 164 | - $errors = []; |
|
| 165 | - while ($error = openssl_error_string()) { |
|
| 166 | - $errors[] = $error; |
|
| 167 | - } |
|
| 168 | - $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors)); |
|
| 169 | - } |
|
| 40 | + /** @var IAppData */ |
|
| 41 | + private $appData; |
|
| 42 | + /** @var ICrypto */ |
|
| 43 | + private $crypto; |
|
| 44 | + /** @var IConfig */ |
|
| 45 | + private $config; |
|
| 46 | + private LoggerInterface $logger; |
|
| 47 | + |
|
| 48 | + public function __construct(Factory $appDataFactory, |
|
| 49 | + ICrypto $crypto, |
|
| 50 | + IConfig $config, |
|
| 51 | + LoggerInterface $logger |
|
| 52 | + ) { |
|
| 53 | + $this->appData = $appDataFactory->get('identityproof'); |
|
| 54 | + $this->crypto = $crypto; |
|
| 55 | + $this->config = $config; |
|
| 56 | + $this->logger = $logger; |
|
| 57 | + } |
|
| 58 | + |
|
| 59 | + /** |
|
| 60 | + * Calls the openssl functions to generate a public and private key. |
|
| 61 | + * In a separate function for unit testing purposes. |
|
| 62 | + * |
|
| 63 | + * @return array [$publicKey, $privateKey] |
|
| 64 | + * @throws \RuntimeException |
|
| 65 | + */ |
|
| 66 | + protected function generateKeyPair(): array { |
|
| 67 | + $config = [ |
|
| 68 | + 'digest_alg' => 'sha512', |
|
| 69 | + 'private_key_bits' => 2048, |
|
| 70 | + ]; |
|
| 71 | + |
|
| 72 | + // Generate new key |
|
| 73 | + $res = openssl_pkey_new($config); |
|
| 74 | + |
|
| 75 | + if ($res === false) { |
|
| 76 | + $this->logOpensslError(); |
|
| 77 | + throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + if (openssl_pkey_export($res, $privateKey, null, $config) === false) { |
|
| 81 | + $this->logOpensslError(); |
|
| 82 | + throw new \RuntimeException('OpenSSL reported a problem'); |
|
| 83 | + } |
|
| 84 | + |
|
| 85 | + // Extract the public key from $res to $pubKey |
|
| 86 | + $publicKey = openssl_pkey_get_details($res); |
|
| 87 | + $publicKey = $publicKey['key']; |
|
| 88 | + |
|
| 89 | + return [$publicKey, $privateKey]; |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * Generate a key for a given ID |
|
| 94 | + * Note: If a key already exists it will be overwritten |
|
| 95 | + * |
|
| 96 | + * @param string $id key id |
|
| 97 | + * @return Key |
|
| 98 | + * @throws \RuntimeException |
|
| 99 | + */ |
|
| 100 | + protected function generateKey(string $id): Key { |
|
| 101 | + [$publicKey, $privateKey] = $this->generateKeyPair(); |
|
| 102 | + |
|
| 103 | + // Write the private and public key to the disk |
|
| 104 | + try { |
|
| 105 | + $this->appData->newFolder($id); |
|
| 106 | + } catch (\Exception $e) { |
|
| 107 | + } |
|
| 108 | + $folder = $this->appData->getFolder($id); |
|
| 109 | + $folder->newFile('private') |
|
| 110 | + ->putContent($this->crypto->encrypt($privateKey)); |
|
| 111 | + $folder->newFile('public') |
|
| 112 | + ->putContent($publicKey); |
|
| 113 | + |
|
| 114 | + return new Key($publicKey, $privateKey); |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + /** |
|
| 118 | + * Get key for a specific id |
|
| 119 | + * |
|
| 120 | + * @param string $id |
|
| 121 | + * @return Key |
|
| 122 | + * @throws \RuntimeException |
|
| 123 | + */ |
|
| 124 | + protected function retrieveKey(string $id): Key { |
|
| 125 | + try { |
|
| 126 | + $folder = $this->appData->getFolder($id); |
|
| 127 | + $privateKey = $this->crypto->decrypt( |
|
| 128 | + $folder->getFile('private')->getContent() |
|
| 129 | + ); |
|
| 130 | + $publicKey = $folder->getFile('public')->getContent(); |
|
| 131 | + return new Key($publicKey, $privateKey); |
|
| 132 | + } catch (\Exception $e) { |
|
| 133 | + return $this->generateKey($id); |
|
| 134 | + } |
|
| 135 | + } |
|
| 136 | + |
|
| 137 | + /** |
|
| 138 | + * Get public and private key for $user |
|
| 139 | + * |
|
| 140 | + * @param IUser $user |
|
| 141 | + * @return Key |
|
| 142 | + * @throws \RuntimeException |
|
| 143 | + */ |
|
| 144 | + public function getKey(IUser $user): Key { |
|
| 145 | + $uid = $user->getUID(); |
|
| 146 | + return $this->retrieveKey('user-' . $uid); |
|
| 147 | + } |
|
| 148 | + |
|
| 149 | + /** |
|
| 150 | + * Get instance wide public and private key |
|
| 151 | + * |
|
| 152 | + * @return Key |
|
| 153 | + * @throws \RuntimeException |
|
| 154 | + */ |
|
| 155 | + public function getSystemKey(): Key { |
|
| 156 | + $instanceId = $this->config->getSystemValue('instanceid', null); |
|
| 157 | + if ($instanceId === null) { |
|
| 158 | + throw new \RuntimeException('no instance id!'); |
|
| 159 | + } |
|
| 160 | + return $this->retrieveKey('system-' . $instanceId); |
|
| 161 | + } |
|
| 162 | + |
|
| 163 | + private function logOpensslError(): void { |
|
| 164 | + $errors = []; |
|
| 165 | + while ($error = openssl_error_string()) { |
|
| 166 | + $errors[] = $error; |
|
| 167 | + } |
|
| 168 | + $this->logger->critical('Something is wrong with your openssl setup: ' . implode(', ', $errors)); |
|
| 169 | + } |
|
| 170 | 170 | } |
@@ -36,46 +36,46 @@ |
||
| 36 | 36 | * @package OC\Security\CSRF |
| 37 | 37 | */ |
| 38 | 38 | class CsrfToken { |
| 39 | - /** @var string */ |
|
| 40 | - private $value; |
|
| 41 | - /** @var string */ |
|
| 42 | - private $encryptedValue = ''; |
|
| 39 | + /** @var string */ |
|
| 40 | + private $value; |
|
| 41 | + /** @var string */ |
|
| 42 | + private $encryptedValue = ''; |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * @param string $value Value of the token. Can be encrypted or not encrypted. |
|
| 46 | - */ |
|
| 47 | - public function __construct(string $value) { |
|
| 48 | - $this->value = $value; |
|
| 49 | - } |
|
| 44 | + /** |
|
| 45 | + * @param string $value Value of the token. Can be encrypted or not encrypted. |
|
| 46 | + */ |
|
| 47 | + public function __construct(string $value) { |
|
| 48 | + $this->value = $value; |
|
| 49 | + } |
|
| 50 | 50 | |
| 51 | - /** |
|
| 52 | - * Encrypted value of the token. This is used to mitigate BREACH alike |
|
| 53 | - * vulnerabilities. For display measures do use this functionality. |
|
| 54 | - * |
|
| 55 | - * @return string |
|
| 56 | - */ |
|
| 57 | - public function getEncryptedValue(): string { |
|
| 58 | - if ($this->encryptedValue === '') { |
|
| 59 | - $sharedSecret = random_bytes(\strlen($this->value)); |
|
| 60 | - $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret); |
|
| 61 | - } |
|
| 51 | + /** |
|
| 52 | + * Encrypted value of the token. This is used to mitigate BREACH alike |
|
| 53 | + * vulnerabilities. For display measures do use this functionality. |
|
| 54 | + * |
|
| 55 | + * @return string |
|
| 56 | + */ |
|
| 57 | + public function getEncryptedValue(): string { |
|
| 58 | + if ($this->encryptedValue === '') { |
|
| 59 | + $sharedSecret = random_bytes(\strlen($this->value)); |
|
| 60 | + $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret); |
|
| 61 | + } |
|
| 62 | 62 | |
| 63 | - return $this->encryptedValue; |
|
| 64 | - } |
|
| 63 | + return $this->encryptedValue; |
|
| 64 | + } |
|
| 65 | 65 | |
| 66 | - /** |
|
| 67 | - * The unencrypted value of the token. Used for decrypting an already |
|
| 68 | - * encrypted token. |
|
| 69 | - * |
|
| 70 | - * @return string |
|
| 71 | - */ |
|
| 72 | - public function getDecryptedValue(): string { |
|
| 73 | - $token = explode(':', $this->value); |
|
| 74 | - if (\count($token) !== 2) { |
|
| 75 | - return ''; |
|
| 76 | - } |
|
| 77 | - $obfuscatedToken = $token[0]; |
|
| 78 | - $secret = $token[1]; |
|
| 79 | - return base64_decode($obfuscatedToken) ^ base64_decode($secret); |
|
| 80 | - } |
|
| 66 | + /** |
|
| 67 | + * The unencrypted value of the token. Used for decrypting an already |
|
| 68 | + * encrypted token. |
|
| 69 | + * |
|
| 70 | + * @return string |
|
| 71 | + */ |
|
| 72 | + public function getDecryptedValue(): string { |
|
| 73 | + $token = explode(':', $this->value); |
|
| 74 | + if (\count($token) !== 2) { |
|
| 75 | + return ''; |
|
| 76 | + } |
|
| 77 | + $obfuscatedToken = $token[0]; |
|
| 78 | + $secret = $token[1]; |
|
| 79 | + return base64_decode($obfuscatedToken) ^ base64_decode($secret); |
|
| 80 | + } |
|
| 81 | 81 | } |
@@ -57,7 +57,7 @@ |
||
| 57 | 57 | public function getEncryptedValue(): string { |
| 58 | 58 | if ($this->encryptedValue === '') { |
| 59 | 59 | $sharedSecret = random_bytes(\strlen($this->value)); |
| 60 | - $this->encryptedValue = base64_encode($this->value ^ $sharedSecret) . ':' . base64_encode($sharedSecret); |
|
| 60 | + $this->encryptedValue = base64_encode($this->value ^ $sharedSecret).':'.base64_encode($sharedSecret); |
|
| 61 | 61 | } |
| 62 | 62 | |
| 63 | 63 | return $this->encryptedValue; |
@@ -35,59 +35,59 @@ |
||
| 35 | 35 | * @package OC\Security\CSRF\TokenStorage |
| 36 | 36 | */ |
| 37 | 37 | class SessionStorage { |
| 38 | - /** @var ISession */ |
|
| 39 | - private $session; |
|
| 38 | + /** @var ISession */ |
|
| 39 | + private $session; |
|
| 40 | 40 | |
| 41 | - /** |
|
| 42 | - * @param ISession $session |
|
| 43 | - */ |
|
| 44 | - public function __construct(ISession $session) { |
|
| 45 | - $this->session = $session; |
|
| 46 | - } |
|
| 41 | + /** |
|
| 42 | + * @param ISession $session |
|
| 43 | + */ |
|
| 44 | + public function __construct(ISession $session) { |
|
| 45 | + $this->session = $session; |
|
| 46 | + } |
|
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * @param ISession $session |
|
| 50 | - */ |
|
| 51 | - public function setSession(ISession $session) { |
|
| 52 | - $this->session = $session; |
|
| 53 | - } |
|
| 48 | + /** |
|
| 49 | + * @param ISession $session |
|
| 50 | + */ |
|
| 51 | + public function setSession(ISession $session) { |
|
| 52 | + $this->session = $session; |
|
| 53 | + } |
|
| 54 | 54 | |
| 55 | - /** |
|
| 56 | - * Returns the current token or throws an exception if none is found. |
|
| 57 | - * |
|
| 58 | - * @return string |
|
| 59 | - * @throws \Exception |
|
| 60 | - */ |
|
| 61 | - public function getToken(): string { |
|
| 62 | - $token = $this->session->get('requesttoken'); |
|
| 63 | - if (empty($token)) { |
|
| 64 | - throw new \Exception('Session does not contain a requesttoken'); |
|
| 65 | - } |
|
| 55 | + /** |
|
| 56 | + * Returns the current token or throws an exception if none is found. |
|
| 57 | + * |
|
| 58 | + * @return string |
|
| 59 | + * @throws \Exception |
|
| 60 | + */ |
|
| 61 | + public function getToken(): string { |
|
| 62 | + $token = $this->session->get('requesttoken'); |
|
| 63 | + if (empty($token)) { |
|
| 64 | + throw new \Exception('Session does not contain a requesttoken'); |
|
| 65 | + } |
|
| 66 | 66 | |
| 67 | - return $token; |
|
| 68 | - } |
|
| 67 | + return $token; |
|
| 68 | + } |
|
| 69 | 69 | |
| 70 | - /** |
|
| 71 | - * Set the valid current token to $value. |
|
| 72 | - * |
|
| 73 | - * @param string $value |
|
| 74 | - */ |
|
| 75 | - public function setToken(string $value) { |
|
| 76 | - $this->session->set('requesttoken', $value); |
|
| 77 | - } |
|
| 70 | + /** |
|
| 71 | + * Set the valid current token to $value. |
|
| 72 | + * |
|
| 73 | + * @param string $value |
|
| 74 | + */ |
|
| 75 | + public function setToken(string $value) { |
|
| 76 | + $this->session->set('requesttoken', $value); |
|
| 77 | + } |
|
| 78 | 78 | |
| 79 | - /** |
|
| 80 | - * Removes the current token. |
|
| 81 | - */ |
|
| 82 | - public function removeToken() { |
|
| 83 | - $this->session->remove('requesttoken'); |
|
| 84 | - } |
|
| 85 | - /** |
|
| 86 | - * Whether the storage has a storage. |
|
| 87 | - * |
|
| 88 | - * @return bool |
|
| 89 | - */ |
|
| 90 | - public function hasToken(): bool { |
|
| 91 | - return $this->session->exists('requesttoken'); |
|
| 92 | - } |
|
| 79 | + /** |
|
| 80 | + * Removes the current token. |
|
| 81 | + */ |
|
| 82 | + public function removeToken() { |
|
| 83 | + $this->session->remove('requesttoken'); |
|
| 84 | + } |
|
| 85 | + /** |
|
| 86 | + * Whether the storage has a storage. |
|
| 87 | + * |
|
| 88 | + * @return bool |
|
| 89 | + */ |
|
| 90 | + public function hasToken(): bool { |
|
| 91 | + return $this->session->exists('requesttoken'); |
|
| 92 | + } |
|
| 93 | 93 | } |
@@ -34,78 +34,78 @@ |
||
| 34 | 34 | * @package OC\Security\CSRF |
| 35 | 35 | */ |
| 36 | 36 | class CsrfTokenManager { |
| 37 | - /** @var CsrfTokenGenerator */ |
|
| 38 | - private $tokenGenerator; |
|
| 39 | - /** @var SessionStorage */ |
|
| 40 | - private $sessionStorage; |
|
| 41 | - /** @var CsrfToken|null */ |
|
| 42 | - private $csrfToken = null; |
|
| 37 | + /** @var CsrfTokenGenerator */ |
|
| 38 | + private $tokenGenerator; |
|
| 39 | + /** @var SessionStorage */ |
|
| 40 | + private $sessionStorage; |
|
| 41 | + /** @var CsrfToken|null */ |
|
| 42 | + private $csrfToken = null; |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * @param CsrfTokenGenerator $tokenGenerator |
|
| 46 | - * @param SessionStorage $storageInterface |
|
| 47 | - */ |
|
| 48 | - public function __construct(CsrfTokenGenerator $tokenGenerator, |
|
| 49 | - SessionStorage $storageInterface) { |
|
| 50 | - $this->tokenGenerator = $tokenGenerator; |
|
| 51 | - $this->sessionStorage = $storageInterface; |
|
| 52 | - } |
|
| 44 | + /** |
|
| 45 | + * @param CsrfTokenGenerator $tokenGenerator |
|
| 46 | + * @param SessionStorage $storageInterface |
|
| 47 | + */ |
|
| 48 | + public function __construct(CsrfTokenGenerator $tokenGenerator, |
|
| 49 | + SessionStorage $storageInterface) { |
|
| 50 | + $this->tokenGenerator = $tokenGenerator; |
|
| 51 | + $this->sessionStorage = $storageInterface; |
|
| 52 | + } |
|
| 53 | 53 | |
| 54 | - /** |
|
| 55 | - * Returns the current CSRF token, if none set it will create a new one. |
|
| 56 | - * |
|
| 57 | - * @return CsrfToken |
|
| 58 | - */ |
|
| 59 | - public function getToken(): CsrfToken { |
|
| 60 | - if (!\is_null($this->csrfToken)) { |
|
| 61 | - return $this->csrfToken; |
|
| 62 | - } |
|
| 54 | + /** |
|
| 55 | + * Returns the current CSRF token, if none set it will create a new one. |
|
| 56 | + * |
|
| 57 | + * @return CsrfToken |
|
| 58 | + */ |
|
| 59 | + public function getToken(): CsrfToken { |
|
| 60 | + if (!\is_null($this->csrfToken)) { |
|
| 61 | + return $this->csrfToken; |
|
| 62 | + } |
|
| 63 | 63 | |
| 64 | - if ($this->sessionStorage->hasToken()) { |
|
| 65 | - $value = $this->sessionStorage->getToken(); |
|
| 66 | - } else { |
|
| 67 | - $value = $this->tokenGenerator->generateToken(); |
|
| 68 | - $this->sessionStorage->setToken($value); |
|
| 69 | - } |
|
| 64 | + if ($this->sessionStorage->hasToken()) { |
|
| 65 | + $value = $this->sessionStorage->getToken(); |
|
| 66 | + } else { |
|
| 67 | + $value = $this->tokenGenerator->generateToken(); |
|
| 68 | + $this->sessionStorage->setToken($value); |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - $this->csrfToken = new CsrfToken($value); |
|
| 72 | - return $this->csrfToken; |
|
| 73 | - } |
|
| 71 | + $this->csrfToken = new CsrfToken($value); |
|
| 72 | + return $this->csrfToken; |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - /** |
|
| 76 | - * Invalidates any current token and sets a new one. |
|
| 77 | - * |
|
| 78 | - * @return CsrfToken |
|
| 79 | - */ |
|
| 80 | - public function refreshToken(): CsrfToken { |
|
| 81 | - $value = $this->tokenGenerator->generateToken(); |
|
| 82 | - $this->sessionStorage->setToken($value); |
|
| 83 | - $this->csrfToken = new CsrfToken($value); |
|
| 84 | - return $this->csrfToken; |
|
| 85 | - } |
|
| 75 | + /** |
|
| 76 | + * Invalidates any current token and sets a new one. |
|
| 77 | + * |
|
| 78 | + * @return CsrfToken |
|
| 79 | + */ |
|
| 80 | + public function refreshToken(): CsrfToken { |
|
| 81 | + $value = $this->tokenGenerator->generateToken(); |
|
| 82 | + $this->sessionStorage->setToken($value); |
|
| 83 | + $this->csrfToken = new CsrfToken($value); |
|
| 84 | + return $this->csrfToken; |
|
| 85 | + } |
|
| 86 | 86 | |
| 87 | - /** |
|
| 88 | - * Remove the current token from the storage. |
|
| 89 | - */ |
|
| 90 | - public function removeToken() { |
|
| 91 | - $this->csrfToken = null; |
|
| 92 | - $this->sessionStorage->removeToken(); |
|
| 93 | - } |
|
| 87 | + /** |
|
| 88 | + * Remove the current token from the storage. |
|
| 89 | + */ |
|
| 90 | + public function removeToken() { |
|
| 91 | + $this->csrfToken = null; |
|
| 92 | + $this->sessionStorage->removeToken(); |
|
| 93 | + } |
|
| 94 | 94 | |
| 95 | - /** |
|
| 96 | - * Verifies whether the provided token is valid. |
|
| 97 | - * |
|
| 98 | - * @param CsrfToken $token |
|
| 99 | - * @return bool |
|
| 100 | - */ |
|
| 101 | - public function isTokenValid(CsrfToken $token): bool { |
|
| 102 | - if (!$this->sessionStorage->hasToken()) { |
|
| 103 | - return false; |
|
| 104 | - } |
|
| 95 | + /** |
|
| 96 | + * Verifies whether the provided token is valid. |
|
| 97 | + * |
|
| 98 | + * @param CsrfToken $token |
|
| 99 | + * @return bool |
|
| 100 | + */ |
|
| 101 | + public function isTokenValid(CsrfToken $token): bool { |
|
| 102 | + if (!$this->sessionStorage->hasToken()) { |
|
| 103 | + return false; |
|
| 104 | + } |
|
| 105 | 105 | |
| 106 | - return hash_equals( |
|
| 107 | - $this->sessionStorage->getToken(), |
|
| 108 | - $token->getDecryptedValue() |
|
| 109 | - ); |
|
| 110 | - } |
|
| 106 | + return hash_equals( |
|
| 107 | + $this->sessionStorage->getToken(), |
|
| 108 | + $token->getDecryptedValue() |
|
| 109 | + ); |
|
| 110 | + } |
|
| 111 | 111 | } |
