nextcloud / server

apps/encryption/lib/Exceptions/PrivateKeyMissingException.php

Indentation +9 added lines, -9 removed lines

@@ -28,14 +28,14 @@
 
 class PrivateKeyMissingException extends GenericEncryptionException {
 
-	/**
-	 * @param string $userId
-	 */
-	public function __construct($userId) {
-		if(empty($userId)) {
-			$userId = "<no-user-id-given>";
-		}
-		parent::__construct("Private Key missing for user: $userId");
-	}
+    /**
+     * @param string $userId
+     */
+    public function __construct($userId) {
+        if(empty($userId)) {
+            $userId = "<no-user-id-given>";
+        }
+        parent::__construct("Private Key missing for user: $userId");
+    }
 
 }

Spacing +1 added lines, -1 removed lines

@@ -32,7 +32,7 @@
 	 * @param string $userId
 	 */
 	public function __construct($userId) {
-		if(empty($userId)) {
+		if (empty($userId)) {
 			$userId = "<no-user-id-given>";
 		}
 		parent::__construct("Private Key missing for user: $userId");

apps/encryption/lib/AppInfo/Application.php

Spacing +12 added lines, -12 removed lines

@@ -62,7 +62,7 @@ 
 		$this->encryptionManager = \OC::$server->getEncryptionManager();
 		$this->config = \OC::$server->getConfig();
 		$this->registerServices();
-		if($encryptionSystemReady === false) {
+		if ($encryptionSystemReady === false) {
 			/** @var Session $session */
 			$session = $this->getContainer()->query('Session');
 			$session->setStatus(Session::RUN_MIGRATION);
@@ -133,7 +133,7 @@ 
 		$container = $this->getContainer();
 
 		$container->registerService('Crypt',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 				return new Crypt($server->getLogger(),
 					$server->getUserSession(),
@@ -142,14 +142,14 @@ 
 			});
 
 		$container->registerService('Session',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 				return new Session($server->getSession());
 			}
 		);
 
 		$container->registerService('KeyManager',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 
 				return new KeyManager($server->getEncryptionKeyStorage(),
@@ -163,7 +163,7 @@ 
 			});
 
 		$container->registerService('Recovery',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 
 				return new Recovery(
@@ -177,7 +177,7 @@ 
 					new View());
 			});
 
-		$container->registerService('RecoveryController', function (IAppContainer $c) {
+		$container->registerService('RecoveryController', function(IAppContainer $c) {
 			$server = $c->getServer();
 			return new RecoveryController(
 				$c->getAppName(),
@@ -187,7 +187,7 @@ 
 				$c->query('Recovery'));
 		});
 
-		$container->registerService('StatusController', function (IAppContainer $c) {
+		$container->registerService('StatusController', function(IAppContainer $c) {
 			$server = $c->getServer();
 			return new StatusController(
 				$c->getAppName(),
@@ -197,7 +197,7 @@ 
 			);
 		});
 
-		$container->registerService('SettingsController', function (IAppContainer $c) {
+		$container->registerService('SettingsController', function(IAppContainer $c) {
 			$server = $c->getServer();
 			return new SettingsController(
 				$c->getAppName(),
@@ -214,7 +214,7 @@ 
 		});
 
 		$container->registerService('UserSetup',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 				return new Setup($server->getLogger(),
 					$server->getUserSession(),
@@ -223,7 +223,7 @@ 
 			});
 
 		$container->registerService('Util',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 
 				return new Util(
@@ -236,7 +236,7 @@ 
 			});
 
 		$container->registerService('EncryptAll',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				$server = $c->getServer();
 				return new EncryptAll(
 					$c->query('UserSetup'),
@@ -254,7 +254,7 @@ 
 		);
 
 		$container->registerService('DecryptAll',
-			function (IAppContainer $c) {
+			function(IAppContainer $c) {
 				return new DecryptAll(
 					$c->query('Util'),
 					$c->query('KeyManager'),

Indentation +218 added lines, -218 removed lines

@@ -48,222 +48,222 @@
 
 class Application extends \OCP\AppFramework\App {
 
-	/** @var IManager */
-	private $encryptionManager;
-	/** @var IConfig */
-	private $config;
-
-	/**
-	 * @param array $urlParams
-	 * @param bool $encryptionSystemReady
-	 */
-	public function __construct($urlParams = array(), $encryptionSystemReady = true) {
-		parent::__construct('encryption', $urlParams);
-		$this->encryptionManager = \OC::$server->getEncryptionManager();
-		$this->config = \OC::$server->getConfig();
-		$this->registerServices();
-		if($encryptionSystemReady === false) {
-			/** @var Session $session */
-			$session = $this->getContainer()->query('Session');
-			$session->setStatus(Session::RUN_MIGRATION);
-		}
-		if ($this->encryptionManager->isEnabled() && $encryptionSystemReady) {
-			/** @var Setup $setup */
-			$setup = $this->getContainer()->query('UserSetup');
-			$setup->setupSystem();
-		}
-	}
-
-	/**
-	 * register hooks
-	 */
-
-	public function registerHooks() {
-		if (!$this->config->getSystemValue('maintenance', false)) {
-
-			$container = $this->getContainer();
-			$server = $container->getServer();
-			// Register our hooks and fire them.
-			$hookManager = new HookManager();
-
-			$hookManager->registerHook([
-				new UserHooks($container->query('KeyManager'),
-					$server->getUserManager(),
-					$server->getLogger(),
-					$container->query('UserSetup'),
-					$server->getUserSession(),
-					$container->query('Util'),
-					$container->query('Session'),
-					$container->query('Crypt'),
-					$container->query('Recovery'))
-			]);
-
-			$hookManager->fireHooks();
-
-		} else {
-			// Logout user if we are in maintenance to force re-login
-			$this->getContainer()->getServer()->getUserSession()->logout();
-		}
-	}
-
-	public function registerEncryptionModule() {
-		$container = $this->getContainer();
-
-
-		$this->encryptionManager->registerEncryptionModule(
-			Encryption::ID,
-			Encryption::DISPLAY_NAME,
-			function() use ($container) {
-
-			return new Encryption(
-				$container->query('Crypt'),
-				$container->query('KeyManager'),
-				$container->query('Util'),
-				$container->query('Session'),
-				$container->query('EncryptAll'),
-				$container->query('DecryptAll'),
-				$container->getServer()->getLogger(),
-				$container->getServer()->getL10N($container->getAppName())
-			);
-		});
-
-	}
-
-	public function registerServices() {
-		$container = $this->getContainer();
-
-		$container->registerService('Crypt',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new Crypt($server->getLogger(),
-					$server->getUserSession(),
-					$server->getConfig(),
-					$server->getL10N($c->getAppName()));
-			});
-
-		$container->registerService('Session',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new Session($server->getSession());
-			}
-		);
-
-		$container->registerService('KeyManager',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-
-				return new KeyManager($server->getEncryptionKeyStorage(),
-					$c->query('Crypt'),
-					$server->getConfig(),
-					$server->getUserSession(),
-					new Session($server->getSession()),
-					$server->getLogger(),
-					$c->query('Util')
-				);
-			});
-
-		$container->registerService('Recovery',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-
-				return new Recovery(
-					$server->getUserSession(),
-					$c->query('Crypt'),
-					$server->getSecureRandom(),
-					$c->query('KeyManager'),
-					$server->getConfig(),
-					$server->getEncryptionKeyStorage(),
-					$server->getEncryptionFilesHelper(),
-					new View());
-			});
-
-		$container->registerService('RecoveryController', function (IAppContainer $c) {
-			$server = $c->getServer();
-			return new RecoveryController(
-				$c->getAppName(),
-				$server->getRequest(),
-				$server->getConfig(),
-				$server->getL10N($c->getAppName()),
-				$c->query('Recovery'));
-		});
-
-		$container->registerService('StatusController', function (IAppContainer $c) {
-			$server = $c->getServer();
-			return new StatusController(
-				$c->getAppName(),
-				$server->getRequest(),
-				$server->getL10N($c->getAppName()),
-				$c->query('Session')
-			);
-		});
-
-		$container->registerService('SettingsController', function (IAppContainer $c) {
-			$server = $c->getServer();
-			return new SettingsController(
-				$c->getAppName(),
-				$server->getRequest(),
-				$server->getL10N($c->getAppName()),
-				$server->getUserManager(),
-				$server->getUserSession(),
-				$c->query('KeyManager'),
-				$c->query('Crypt'),
-				$c->query('Session'),
-				$server->getSession(),
-				$c->query('Util')
-			);
-		});
-
-		$container->registerService('UserSetup',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new Setup($server->getLogger(),
-					$server->getUserSession(),
-					$c->query('Crypt'),
-					$c->query('KeyManager'));
-			});
-
-		$container->registerService('Util',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-
-				return new Util(
-					new View(),
-					$c->query('Crypt'),
-					$server->getLogger(),
-					$server->getUserSession(),
-					$server->getConfig(),
-					$server->getUserManager());
-			});
-
-		$container->registerService('EncryptAll',
-			function (IAppContainer $c) {
-				$server = $c->getServer();
-				return new EncryptAll(
-					$c->query('UserSetup'),
-					$c->getServer()->getUserManager(),
-					new View(),
-					$c->query('KeyManager'),
-					$c->query('Util'),
-					$server->getConfig(),
-					$server->getMailer(),
-					$server->getL10N('encryption'),
-					new QuestionHelper(),
-					$server->getSecureRandom()
-				);
-			}
-		);
-
-		$container->registerService('DecryptAll',
-			function (IAppContainer $c) {
-				return new DecryptAll(
-					$c->query('Util'),
-					$c->query('KeyManager'),
-					$c->query('Crypt'),
-					$c->query('Session'),
-					new QuestionHelper()
-				);
-			}
-		);
-
-	}
+    /** @var IManager */
+    private $encryptionManager;
+    /** @var IConfig */
+    private $config;
+
+    /**
+     * @param array $urlParams
+     * @param bool $encryptionSystemReady
+     */
+    public function __construct($urlParams = array(), $encryptionSystemReady = true) {
+        parent::__construct('encryption', $urlParams);
+        $this->encryptionManager = \OC::$server->getEncryptionManager();
+        $this->config = \OC::$server->getConfig();
+        $this->registerServices();
+        if($encryptionSystemReady === false) {
+            /** @var Session $session */
+            $session = $this->getContainer()->query('Session');
+            $session->setStatus(Session::RUN_MIGRATION);
+        }
+        if ($this->encryptionManager->isEnabled() && $encryptionSystemReady) {
+            /** @var Setup $setup */
+            $setup = $this->getContainer()->query('UserSetup');
+            $setup->setupSystem();
+        }
+    }
+
+    /**
+     * register hooks
+     */
+
+    public function registerHooks() {
+        if (!$this->config->getSystemValue('maintenance', false)) {
+
+            $container = $this->getContainer();
+            $server = $container->getServer();
+            // Register our hooks and fire them.
+            $hookManager = new HookManager();
+
+            $hookManager->registerHook([
+                new UserHooks($container->query('KeyManager'),
+                    $server->getUserManager(),
+                    $server->getLogger(),
+                    $container->query('UserSetup'),
+                    $server->getUserSession(),
+                    $container->query('Util'),
+                    $container->query('Session'),
+                    $container->query('Crypt'),
+                    $container->query('Recovery'))
+            ]);
+
+            $hookManager->fireHooks();
+
+        } else {
+            // Logout user if we are in maintenance to force re-login
+            $this->getContainer()->getServer()->getUserSession()->logout();
+        }
+    }
+
+    public function registerEncryptionModule() {
+        $container = $this->getContainer();
+
+
+        $this->encryptionManager->registerEncryptionModule(
+            Encryption::ID,
+            Encryption::DISPLAY_NAME,
+            function() use ($container) {
+
+            return new Encryption(
+                $container->query('Crypt'),
+                $container->query('KeyManager'),
+                $container->query('Util'),
+                $container->query('Session'),
+                $container->query('EncryptAll'),
+                $container->query('DecryptAll'),
+                $container->getServer()->getLogger(),
+                $container->getServer()->getL10N($container->getAppName())
+            );
+        });
+
+    }
+
+    public function registerServices() {
+        $container = $this->getContainer();
+
+        $container->registerService('Crypt',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new Crypt($server->getLogger(),
+                    $server->getUserSession(),
+                    $server->getConfig(),
+                    $server->getL10N($c->getAppName()));
+            });
+
+        $container->registerService('Session',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new Session($server->getSession());
+            }
+        );
+
+        $container->registerService('KeyManager',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+
+                return new KeyManager($server->getEncryptionKeyStorage(),
+                    $c->query('Crypt'),
+                    $server->getConfig(),
+                    $server->getUserSession(),
+                    new Session($server->getSession()),
+                    $server->getLogger(),
+                    $c->query('Util')
+                );
+            });
+
+        $container->registerService('Recovery',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+
+                return new Recovery(
+                    $server->getUserSession(),
+                    $c->query('Crypt'),
+                    $server->getSecureRandom(),
+                    $c->query('KeyManager'),
+                    $server->getConfig(),
+                    $server->getEncryptionKeyStorage(),
+                    $server->getEncryptionFilesHelper(),
+                    new View());
+            });
+
+        $container->registerService('RecoveryController', function (IAppContainer $c) {
+            $server = $c->getServer();
+            return new RecoveryController(
+                $c->getAppName(),
+                $server->getRequest(),
+                $server->getConfig(),
+                $server->getL10N($c->getAppName()),
+                $c->query('Recovery'));
+        });
+
+        $container->registerService('StatusController', function (IAppContainer $c) {
+            $server = $c->getServer();
+            return new StatusController(
+                $c->getAppName(),
+                $server->getRequest(),
+                $server->getL10N($c->getAppName()),
+                $c->query('Session')
+            );
+        });
+
+        $container->registerService('SettingsController', function (IAppContainer $c) {
+            $server = $c->getServer();
+            return new SettingsController(
+                $c->getAppName(),
+                $server->getRequest(),
+                $server->getL10N($c->getAppName()),
+                $server->getUserManager(),
+                $server->getUserSession(),
+                $c->query('KeyManager'),
+                $c->query('Crypt'),
+                $c->query('Session'),
+                $server->getSession(),
+                $c->query('Util')
+            );
+        });
+
+        $container->registerService('UserSetup',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new Setup($server->getLogger(),
+                    $server->getUserSession(),
+                    $c->query('Crypt'),
+                    $c->query('KeyManager'));
+            });
+
+        $container->registerService('Util',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+
+                return new Util(
+                    new View(),
+                    $c->query('Crypt'),
+                    $server->getLogger(),
+                    $server->getUserSession(),
+                    $server->getConfig(),
+                    $server->getUserManager());
+            });
+
+        $container->registerService('EncryptAll',
+            function (IAppContainer $c) {
+                $server = $c->getServer();
+                return new EncryptAll(
+                    $c->query('UserSetup'),
+                    $c->getServer()->getUserManager(),
+                    new View(),
+                    $c->query('KeyManager'),
+                    $c->query('Util'),
+                    $server->getConfig(),
+                    $server->getMailer(),
+                    $server->getL10N('encryption'),
+                    new QuestionHelper(),
+                    $server->getSecureRandom()
+                );
+            }
+        );
+
+        $container->registerService('DecryptAll',
+            function (IAppContainer $c) {
+                return new DecryptAll(
+                    $c->query('Util'),
+                    $c->query('KeyManager'),
+                    $c->query('Crypt'),
+                    $c->query('Session'),
+                    new QuestionHelper()
+                );
+            }
+        );
+
+    }
 }

apps/encryption/lib/Recovery.php

Indentation +287 added lines, -287 removed lines

@@ -38,293 +38,293 @@
 class Recovery {
 
 
-	/**
-	 * @var null|IUser
-	 */
-	protected $user;
-	/**
-	 * @var Crypt
-	 */
-	protected $crypt;
-	/**
-	 * @var ISecureRandom
-	 */
-	private $random;
-	/**
-	 * @var KeyManager
-	 */
-	private $keyManager;
-	/**
-	 * @var IConfig
-	 */
-	private $config;
-	/**
-	 * @var IStorage
-	 */
-	private $keyStorage;
-	/**
-	 * @var View
-	 */
-	private $view;
-	/**
-	 * @var IFile
-	 */
-	private $file;
-
-	/**
-	 * @param IUserSession $user
-	 * @param Crypt $crypt
-	 * @param ISecureRandom $random
-	 * @param KeyManager $keyManager
-	 * @param IConfig $config
-	 * @param IStorage $keyStorage
-	 * @param IFile $file
-	 * @param View $view
-	 */
-	public function __construct(IUserSession $user,
-								Crypt $crypt,
-								ISecureRandom $random,
-								KeyManager $keyManager,
-								IConfig $config,
-								IStorage $keyStorage,
-								IFile $file,
-								View $view) {
-		$this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false;
-		$this->crypt = $crypt;
-		$this->random = $random;
-		$this->keyManager = $keyManager;
-		$this->config = $config;
-		$this->keyStorage = $keyStorage;
-		$this->view = $view;
-		$this->file = $file;
-	}
-
-	/**
-	 * @param string $password
-	 * @return bool
-	 */
-	public function enableAdminRecovery($password) {
-		$appConfig = $this->config;
-		$keyManager = $this->keyManager;
-
-		if (!$keyManager->recoveryKeyExists()) {
-			$keyPair = $this->crypt->createKeyPair();
-			if(!is_array($keyPair)) {
-				return false;
-			}
-
-			$this->keyManager->setRecoveryKey($password, $keyPair);
-		}
-
-		if ($keyManager->checkRecoveryPassword($password)) {
-			$appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1);
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * change recovery key id
-	 *
-	 * @param string $newPassword
-	 * @param string $oldPassword
-	 * @return bool
-	 */
-	public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
-		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
-		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
-		if($decryptedRecoveryKey === false) {
-			return false;
-		}
-		$encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword);
-		$header = $this->crypt->generateHeader();
-		if ($encryptedRecoveryKey) {
-			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $recoveryPassword
-	 * @return bool
-	 */
-	public function disableAdminRecovery($recoveryPassword) {
-		$keyManager = $this->keyManager;
-
-		if ($keyManager->checkRecoveryPassword($recoveryPassword)) {
-			// Set recoveryAdmin as disabled
-			$this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0);
-			return true;
-		}
-		return false;
-	}
-
-	/**
-	 * check if recovery is enabled for user
-	 *
-	 * @param string $user if no user is given we check the current logged-in user
-	 *
-	 * @return bool
-	 */
-	public function isRecoveryEnabledForUser($user = '') {
-		$uid = empty($user) ? $this->user->getUID() : $user;
-		$recoveryMode = $this->config->getUserValue($uid,
-			'encryption',
-			'recoveryEnabled',
-			0);
-
-		return ($recoveryMode === '1');
-	}
-
-	/**
-	 * check if recovery is key is enabled by the administrator
-	 *
-	 * @return bool
-	 */
-	public function isRecoveryKeyEnabled() {
-		$enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0);
-
-		return ($enabled === '1');
-	}
-
-	/**
-	 * @param string $value
-	 * @return bool
-	 */
-	public function setRecoveryForUser($value) {
-
-		try {
-			$this->config->setUserValue($this->user->getUID(),
-				'encryption',
-				'recoveryEnabled',
-				$value);
-
-			if ($value === '1') {
-				$this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
-			} else {
-				$this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/');
-			}
-
-			return true;
-		} catch (PreConditionNotMetException $e) {
-			return false;
-		}
-	}
-
-	/**
-	 * add recovery key to all encrypted files
-	 * @param string $path
-	 */
-	private function addRecoveryKeys($path) {
-		$dirContent = $this->view->getDirectoryContent($path);
-		foreach ($dirContent as $item) {
-			$filePath = $item->getPath();
-			if ($item['type'] === 'dir') {
-				$this->addRecoveryKeys($filePath . '/');
-			} else {
-				$fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
-				if (!empty($fileKey)) {
-					$accessList = $this->file->getAccessList($filePath);
-					$publicKeys = array();
-					foreach ($accessList['users'] as $uid) {
-						$publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
-					}
-
-					$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID());
-
-					$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-					$this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
-				}
-			}
-		}
-	}
-
-	/**
-	 * remove recovery key to all encrypted files
-	 * @param string $path
-	 */
-	private function removeRecoveryKeys($path) {
-		$dirContent = $this->view->getDirectoryContent($path);
-		foreach ($dirContent as $item) {
-			$filePath = $item->getPath();
-			if ($item['type'] === 'dir') {
-				$this->removeRecoveryKeys($filePath . '/');
-			} else {
-				$this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId());
-			}
-		}
-	}
-
-	/**
-	 * recover users files with the recovery key
-	 *
-	 * @param string $recoveryPassword
-	 * @param string $user
-	 */
-	public function recoverUsersFiles($recoveryPassword, $user) {
-		$encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
-
-		$privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);
-		if($privateKey !== false) {
-			$this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
-		}
-	}
-
-	/**
-	 * recover users files
-	 *
-	 * @param string $path
-	 * @param string $privateKey
-	 * @param string $uid
-	 */
-	private function recoverAllFiles($path, $privateKey, $uid) {
-		$dirContent = $this->view->getDirectoryContent($path);
-
-		foreach ($dirContent as $item) {
-			// Get relative path from encryption/keyfiles
-			$filePath = $item->getPath();
-			if ($this->view->is_dir($filePath)) {
-				$this->recoverAllFiles($filePath . '/', $privateKey, $uid);
-			} else {
-				$this->recoverFile($filePath, $privateKey, $uid);
-			}
-		}
-
-	}
-
-	/**
-	 * recover file
-	 *
-	 * @param string $path
-	 * @param string $privateKey
-	 * @param string $uid
-	 */
-	private function recoverFile($path, $privateKey, $uid) {
-		$encryptedFileKey = $this->keyManager->getEncryptedFileKey($path);
-		$shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId());
-
-		if ($encryptedFileKey && $shareKey && $privateKey) {
-			$fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
-				$shareKey,
-				$privateKey);
-		}
-
-		if (!empty($fileKey)) {
-			$accessList = $this->file->getAccessList($path);
-			$publicKeys = array();
-			foreach ($accessList['users'] as $user) {
-				$publicKeys[$user] = $this->keyManager->getPublicKey($user);
-			}
-
-			$publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
-
-			$encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
-			$this->keyManager->setAllFileKeys($path, $encryptedKeyfiles);
-		}
-
-	}
+    /**
+     * @var null|IUser
+     */
+    protected $user;
+    /**
+     * @var Crypt
+     */
+    protected $crypt;
+    /**
+     * @var ISecureRandom
+     */
+    private $random;
+    /**
+     * @var KeyManager
+     */
+    private $keyManager;
+    /**
+     * @var IConfig
+     */
+    private $config;
+    /**
+     * @var IStorage
+     */
+    private $keyStorage;
+    /**
+     * @var View
+     */
+    private $view;
+    /**
+     * @var IFile
+     */
+    private $file;
+
+    /**
+     * @param IUserSession $user
+     * @param Crypt $crypt
+     * @param ISecureRandom $random
+     * @param KeyManager $keyManager
+     * @param IConfig $config
+     * @param IStorage $keyStorage
+     * @param IFile $file
+     * @param View $view
+     */
+    public function __construct(IUserSession $user,
+                                Crypt $crypt,
+                                ISecureRandom $random,
+                                KeyManager $keyManager,
+                                IConfig $config,
+                                IStorage $keyStorage,
+                                IFile $file,
+                                View $view) {
+        $this->user = ($user && $user->isLoggedIn()) ? $user->getUser() : false;
+        $this->crypt = $crypt;
+        $this->random = $random;
+        $this->keyManager = $keyManager;
+        $this->config = $config;
+        $this->keyStorage = $keyStorage;
+        $this->view = $view;
+        $this->file = $file;
+    }
+
+    /**
+     * @param string $password
+     * @return bool
+     */
+    public function enableAdminRecovery($password) {
+        $appConfig = $this->config;
+        $keyManager = $this->keyManager;
+
+        if (!$keyManager->recoveryKeyExists()) {
+            $keyPair = $this->crypt->createKeyPair();
+            if(!is_array($keyPair)) {
+                return false;
+            }
+
+            $this->keyManager->setRecoveryKey($password, $keyPair);
+        }
+
+        if ($keyManager->checkRecoveryPassword($password)) {
+            $appConfig->setAppValue('encryption', 'recoveryAdminEnabled', 1);
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * change recovery key id
+     *
+     * @param string $newPassword
+     * @param string $oldPassword
+     * @return bool
+     */
+    public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
+        $recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
+        $decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
+        if($decryptedRecoveryKey === false) {
+            return false;
+        }
+        $encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword);
+        $header = $this->crypt->generateHeader();
+        if ($encryptedRecoveryKey) {
+            $this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * @param string $recoveryPassword
+     * @return bool
+     */
+    public function disableAdminRecovery($recoveryPassword) {
+        $keyManager = $this->keyManager;
+
+        if ($keyManager->checkRecoveryPassword($recoveryPassword)) {
+            // Set recoveryAdmin as disabled
+            $this->config->setAppValue('encryption', 'recoveryAdminEnabled', 0);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * check if recovery is enabled for user
+     *
+     * @param string $user if no user is given we check the current logged-in user
+     *
+     * @return bool
+     */
+    public function isRecoveryEnabledForUser($user = '') {
+        $uid = empty($user) ? $this->user->getUID() : $user;
+        $recoveryMode = $this->config->getUserValue($uid,
+            'encryption',
+            'recoveryEnabled',
+            0);
+
+        return ($recoveryMode === '1');
+    }
+
+    /**
+     * check if recovery is key is enabled by the administrator
+     *
+     * @return bool
+     */
+    public function isRecoveryKeyEnabled() {
+        $enabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', 0);
+
+        return ($enabled === '1');
+    }
+
+    /**
+     * @param string $value
+     * @return bool
+     */
+    public function setRecoveryForUser($value) {
+
+        try {
+            $this->config->setUserValue($this->user->getUID(),
+                'encryption',
+                'recoveryEnabled',
+                $value);
+
+            if ($value === '1') {
+                $this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
+            } else {
+                $this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/');
+            }
+
+            return true;
+        } catch (PreConditionNotMetException $e) {
+            return false;
+        }
+    }
+
+    /**
+     * add recovery key to all encrypted files
+     * @param string $path
+     */
+    private function addRecoveryKeys($path) {
+        $dirContent = $this->view->getDirectoryContent($path);
+        foreach ($dirContent as $item) {
+            $filePath = $item->getPath();
+            if ($item['type'] === 'dir') {
+                $this->addRecoveryKeys($filePath . '/');
+            } else {
+                $fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
+                if (!empty($fileKey)) {
+                    $accessList = $this->file->getAccessList($filePath);
+                    $publicKeys = array();
+                    foreach ($accessList['users'] as $uid) {
+                        $publicKeys[$uid] = $this->keyManager->getPublicKey($uid);
+                    }
+
+                    $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $this->user->getUID());
+
+                    $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+                    $this->keyManager->setAllFileKeys($filePath, $encryptedKeyfiles);
+                }
+            }
+        }
+    }
+
+    /**
+     * remove recovery key to all encrypted files
+     * @param string $path
+     */
+    private function removeRecoveryKeys($path) {
+        $dirContent = $this->view->getDirectoryContent($path);
+        foreach ($dirContent as $item) {
+            $filePath = $item->getPath();
+            if ($item['type'] === 'dir') {
+                $this->removeRecoveryKeys($filePath . '/');
+            } else {
+                $this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId());
+            }
+        }
+    }
+
+    /**
+     * recover users files with the recovery key
+     *
+     * @param string $recoveryPassword
+     * @param string $user
+     */
+    public function recoverUsersFiles($recoveryPassword, $user) {
+        $encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
+
+        $privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);
+        if($privateKey !== false) {
+            $this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
+        }
+    }
+
+    /**
+     * recover users files
+     *
+     * @param string $path
+     * @param string $privateKey
+     * @param string $uid
+     */
+    private function recoverAllFiles($path, $privateKey, $uid) {
+        $dirContent = $this->view->getDirectoryContent($path);
+
+        foreach ($dirContent as $item) {
+            // Get relative path from encryption/keyfiles
+            $filePath = $item->getPath();
+            if ($this->view->is_dir($filePath)) {
+                $this->recoverAllFiles($filePath . '/', $privateKey, $uid);
+            } else {
+                $this->recoverFile($filePath, $privateKey, $uid);
+            }
+        }
+
+    }
+
+    /**
+     * recover file
+     *
+     * @param string $path
+     * @param string $privateKey
+     * @param string $uid
+     */
+    private function recoverFile($path, $privateKey, $uid) {
+        $encryptedFileKey = $this->keyManager->getEncryptedFileKey($path);
+        $shareKey = $this->keyManager->getShareKey($path, $this->keyManager->getRecoveryKeyId());
+
+        if ($encryptedFileKey && $shareKey && $privateKey) {
+            $fileKey = $this->crypt->multiKeyDecrypt($encryptedFileKey,
+                $shareKey,
+                $privateKey);
+        }
+
+        if (!empty($fileKey)) {
+            $accessList = $this->file->getAccessList($path);
+            $publicKeys = array();
+            foreach ($accessList['users'] as $user) {
+                $publicKeys[$user] = $this->keyManager->getPublicKey($user);
+            }
+
+            $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid);
+
+            $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($fileKey, $publicKeys);
+            $this->keyManager->setAllFileKeys($path, $encryptedKeyfiles);
+        }
+
+    }
 
 
 }

Spacing +10 added lines, -10 removed lines

@@ -109,7 +109,7 @@ 
 
 		if (!$keyManager->recoveryKeyExists()) {
 			$keyPair = $this->crypt->createKeyPair();
-			if(!is_array($keyPair)) {
+			if (!is_array($keyPair)) {
 				return false;
 			}
 
@@ -134,13 +134,13 @@ 
 	public function changeRecoveryKeyPassword($newPassword, $oldPassword) {
 		$recoveryKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
 		$decryptedRecoveryKey = $this->crypt->decryptPrivateKey($recoveryKey, $oldPassword);
-		if($decryptedRecoveryKey === false) {
+		if ($decryptedRecoveryKey === false) {
 			return false;
 		}
 		$encryptedRecoveryKey = $this->crypt->encryptPrivateKey($decryptedRecoveryKey, $newPassword);
 		$header = $this->crypt->generateHeader();
 		if ($encryptedRecoveryKey) {
-			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header . $encryptedRecoveryKey);
+			$this->keyManager->setSystemPrivateKey($this->keyManager->getRecoveryKeyId(), $header.$encryptedRecoveryKey);
 			return true;
 		}
 		return false;
@@ -202,9 +202,9 @@ 
 				$value);
 
 			if ($value === '1') {
-				$this->addRecoveryKeys('/' . $this->user->getUID() . '/files/');
+				$this->addRecoveryKeys('/'.$this->user->getUID().'/files/');
 			} else {
-				$this->removeRecoveryKeys('/' . $this->user->getUID() . '/files/');
+				$this->removeRecoveryKeys('/'.$this->user->getUID().'/files/');
 			}
 
 			return true;
@@ -222,7 +222,7 @@ 
 		foreach ($dirContent as $item) {
 			$filePath = $item->getPath();
 			if ($item['type'] === 'dir') {
-				$this->addRecoveryKeys($filePath . '/');
+				$this->addRecoveryKeys($filePath.'/');
 			} else {
 				$fileKey = $this->keyManager->getFileKey($filePath, $this->user->getUID());
 				if (!empty($fileKey)) {
@@ -250,7 +250,7 @@ 
 		foreach ($dirContent as $item) {
 			$filePath = $item->getPath();
 			if ($item['type'] === 'dir') {
-				$this->removeRecoveryKeys($filePath . '/');
+				$this->removeRecoveryKeys($filePath.'/');
 			} else {
 				$this->keyManager->deleteShareKey($filePath, $this->keyManager->getRecoveryKeyId());
 			}
@@ -267,8 +267,8 @@ 
 		$encryptedKey = $this->keyManager->getSystemPrivateKey($this->keyManager->getRecoveryKeyId());
 
 		$privateKey = $this->crypt->decryptPrivateKey($encryptedKey, $recoveryPassword);
-		if($privateKey !== false) {
-			$this->recoverAllFiles('/' . $user . '/files/', $privateKey, $user);
+		if ($privateKey !== false) {
+			$this->recoverAllFiles('/'.$user.'/files/', $privateKey, $user);
 		}
 	}
 
@@ -286,7 +286,7 @@ 
 			// Get relative path from encryption/keyfiles
 			$filePath = $item->getPath();
 			if ($this->view->is_dir($filePath)) {
-				$this->recoverAllFiles($filePath . '/', $privateKey, $uid);
+				$this->recoverAllFiles($filePath.'/', $privateKey, $uid);
 			} else {
 				$this->recoverFile($filePath, $privateKey, $uid);
 			}

apps/encryption/lib/Command/MigrateKeys.php

Indentation +76 added lines, -76 removed lines

@@ -36,91 +36,91 @@
 
 class MigrateKeys extends Command {
 
-	/** @var IUserManager */
-	private $userManager;
-	/** @var View */
-	private $view;
-	/** @var IDBConnection */
-	private $connection;
-	/** @var IConfig */
-	private $config;
-	/** @var  ILogger */
-	private $logger;
+    /** @var IUserManager */
+    private $userManager;
+    /** @var View */
+    private $view;
+    /** @var IDBConnection */
+    private $connection;
+    /** @var IConfig */
+    private $config;
+    /** @var  ILogger */
+    private $logger;
 
-	/**
-	 * @param IUserManager $userManager
-	 * @param View $view
-	 * @param IDBConnection $connection
-	 * @param IConfig $config
-	 * @param ILogger $logger
-	 */
-	public function __construct(IUserManager $userManager,
-								View $view,
-								IDBConnection $connection,
-								IConfig $config,
-								ILogger $logger) {
+    /**
+     * @param IUserManager $userManager
+     * @param View $view
+     * @param IDBConnection $connection
+     * @param IConfig $config
+     * @param ILogger $logger
+     */
+    public function __construct(IUserManager $userManager,
+                                View $view,
+                                IDBConnection $connection,
+                                IConfig $config,
+                                ILogger $logger) {
 
-		$this->userManager = $userManager;
-		$this->view = $view;
-		$this->connection = $connection;
-		$this->config = $config;
-		$this->logger = $logger;
-		parent::__construct();
-	}
+        $this->userManager = $userManager;
+        $this->view = $view;
+        $this->connection = $connection;
+        $this->config = $config;
+        $this->logger = $logger;
+        parent::__construct();
+    }
 
-	protected function configure() {
-		$this
-			->setName('encryption:migrate')
-			->setDescription('initial migration to encryption 2.0')
-			->addArgument(
-				'user_id',
-				InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
-				'will migrate keys of the given user(s)'
-			);
-	}
+    protected function configure() {
+        $this
+            ->setName('encryption:migrate')
+            ->setDescription('initial migration to encryption 2.0')
+            ->addArgument(
+                'user_id',
+                InputArgument::OPTIONAL | InputArgument::IS_ARRAY,
+                'will migrate keys of the given user(s)'
+            );
+    }
 
-	protected function execute(InputInterface $input, OutputInterface $output) {
+    protected function execute(InputInterface $input, OutputInterface $output) {
 
-		// perform system reorganization
-		$migration = new Migration($this->config, $this->view, $this->connection, $this->logger);
+        // perform system reorganization
+        $migration = new Migration($this->config, $this->view, $this->connection, $this->logger);
 
-		$users = $input->getArgument('user_id');
-		if (!empty($users)) {
-			foreach ($users as $user) {
-				if ($this->userManager->userExists($user)) {
-					$output->writeln("Migrating keys   <info>$user</info>");
-					$migration->reorganizeFolderStructureForUser($user);
-				} else {
-					$output->writeln("<error>Unknown user $user</error>");
-				}
-			}
-		} else {
-			$output->writeln("Reorganize system folder structure");
-			$migration->reorganizeSystemFolderStructure();
-			$migration->updateDB();
-			foreach($this->userManager->getBackends() as $backend) {
-				$name = get_class($backend);
+        $users = $input->getArgument('user_id');
+        if (!empty($users)) {
+            foreach ($users as $user) {
+                if ($this->userManager->userExists($user)) {
+                    $output->writeln("Migrating keys   <info>$user</info>");
+                    $migration->reorganizeFolderStructureForUser($user);
+                } else {
+                    $output->writeln("<error>Unknown user $user</error>");
+                }
+            }
+        } else {
+            $output->writeln("Reorganize system folder structure");
+            $migration->reorganizeSystemFolderStructure();
+            $migration->updateDB();
+            foreach($this->userManager->getBackends() as $backend) {
+                $name = get_class($backend);
 
-				if ($backend instanceof IUserBackend) {
-					$name = $backend->getBackendName();
-				}
+                if ($backend instanceof IUserBackend) {
+                    $name = $backend->getBackendName();
+                }
 
-				$output->writeln("Migrating keys for users on backend <info>$name</info>");
+                $output->writeln("Migrating keys for users on backend <info>$name</info>");
 
-				$limit = 500;
-				$offset = 0;
-				do {
-					$users = $backend->getUsers('', $limit, $offset);
-					foreach ($users as $user) {
-						$output->writeln("   <info>$user</info>");
-						$migration->reorganizeFolderStructureForUser($user);
-					}
-					$offset += $limit;
-				} while(count($users) >= $limit);
-			}
-		}
+                $limit = 500;
+                $offset = 0;
+                do {
+                    $users = $backend->getUsers('', $limit, $offset);
+                    foreach ($users as $user) {
+                        $output->writeln("   <info>$user</info>");
+                        $migration->reorganizeFolderStructureForUser($user);
+                    }
+                    $offset += $limit;
+                } while(count($users) >= $limit);
+            }
+        }
 
-		$migration->finalCleanUp();
+        $migration->finalCleanUp();
 
-	}
+    }
 }

Spacing +2 added lines, -2 removed lines

@@ -98,7 +98,7 @@ 
 			$output->writeln("Reorganize system folder structure");
 			$migration->reorganizeSystemFolderStructure();
 			$migration->updateDB();
-			foreach($this->userManager->getBackends() as $backend) {
+			foreach ($this->userManager->getBackends() as $backend) {
 				$name = get_class($backend);
 
 				if ($backend instanceof IUserBackend) {
@@ -116,7 +116,7 @@ 
 						$migration->reorganizeFolderStructureForUser($user);
 					}
 					$offset += $limit;
-				} while(count($users) >= $limit);
+				} while (count($users) >= $limit);
 			}
 		}
 

apps/encryption/lib/Command/EnableMasterKey.php

Indentation +49 added lines, -49 removed lines

@@ -34,54 +34,54 @@
 
 class EnableMasterKey extends Command {
 
-	/** @var Util */
-	protected $util;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var  QuestionHelper */
-	protected $questionHelper;
-
-	/**
-	 * @param Util $util
-	 * @param IConfig $config
-	 * @param QuestionHelper $questionHelper
-	 */
-	public function __construct(Util $util,
-								IConfig $config,
-								QuestionHelper $questionHelper) {
-
-		$this->util = $util;
-		$this->config = $config;
-		$this->questionHelper = $questionHelper;
-		parent::__construct();
-	}
-
-	protected function configure() {
-		$this
-			->setName('encryption:enable-master-key')
-			->setDescription('Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again.');
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output) {
-
-		$isAlreadyEnabled = $this->util->isMasterKeyEnabled();
-
-		if($isAlreadyEnabled) {
-			$output->writeln('Master key already enabled');
-		} else {
-			$question = new ConfirmationQuestion(
-				'Warning: Only available for fresh installations with no existing encrypted data! '
-			. 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
-			if ($this->questionHelper->ask($input, $output, $question)) {
-				$this->config->setAppValue('encryption', 'useMasterKey', '1');
-				$output->writeln('Master key successfully enabled.');
-			} else {
-				$output->writeln('aborted.');
-			}
-		}
-
-	}
+    /** @var Util */
+    protected $util;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var  QuestionHelper */
+    protected $questionHelper;
+
+    /**
+     * @param Util $util
+     * @param IConfig $config
+     * @param QuestionHelper $questionHelper
+     */
+    public function __construct(Util $util,
+                                IConfig $config,
+                                QuestionHelper $questionHelper) {
+
+        $this->util = $util;
+        $this->config = $config;
+        $this->questionHelper = $questionHelper;
+        parent::__construct();
+    }
+
+    protected function configure() {
+        $this
+            ->setName('encryption:enable-master-key')
+            ->setDescription('Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again.');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output) {
+
+        $isAlreadyEnabled = $this->util->isMasterKeyEnabled();
+
+        if($isAlreadyEnabled) {
+            $output->writeln('Master key already enabled');
+        } else {
+            $question = new ConfirmationQuestion(
+                'Warning: Only available for fresh installations with no existing encrypted data! '
+            . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
+            if ($this->questionHelper->ask($input, $output, $question)) {
+                $this->config->setAppValue('encryption', 'useMasterKey', '1');
+                $output->writeln('Master key successfully enabled.');
+            } else {
+                $output->writeln('aborted.');
+            }
+        }
+
+    }
 
 }

Spacing +1 added lines, -1 removed lines

@@ -68,7 +68,7 @@
 
 		$isAlreadyEnabled = $this->util->isMasterKeyEnabled();
 
-		if($isAlreadyEnabled) {
+		if ($isAlreadyEnabled) {
 			$output->writeln('Master key already enabled');
 		} else {
 			$question = new ConfirmationQuestion(

apps/encryption/lib/Hooks/UserHooks.php

Spacing +2 added lines, -2 removed lines

@@ -276,7 +276,7 @@ 
 			// Save private key
 			if ($encryptedPrivateKey) {
 				$this->keyManager->setPrivateKey($this->user->getUser()->getUID(),
-					$this->crypt->generateHeader() . $encryptedPrivateKey);
+					$this->crypt->generateHeader().$encryptedPrivateKey);
 			} else {
 				$this->logger->error('Encryption could not update users encryption password');
 			}
@@ -313,7 +313,7 @@ 
 				$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
 
 				if ($encryptedKey) {
-					$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
+					$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader().$encryptedKey);
 
 					if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
 						$this->recovery->recoverUsersFiles($recoveryPassword, $user);

Indentation +302 added lines, -302 removed lines

@@ -41,306 +41,306 @@
 
 class UserHooks implements IHook {
 
-	/**
-	 * list of user for which we perform a password reset
-	 * @var array
-	 */
-	protected static $passwordResetUsers = [];
-
-	/**
-	 * @var KeyManager
-	 */
-	private $keyManager;
-	/**
-	 * @var IUserManager
-	 */
-	private $userManager;
-	/**
-	 * @var ILogger
-	 */
-	private $logger;
-	/**
-	 * @var Setup
-	 */
-	private $userSetup;
-	/**
-	 * @var IUserSession
-	 */
-	private $user;
-	/**
-	 * @var Util
-	 */
-	private $util;
-	/**
-	 * @var Session
-	 */
-	private $session;
-	/**
-	 * @var Recovery
-	 */
-	private $recovery;
-	/**
-	 * @var Crypt
-	 */
-	private $crypt;
-
-	/**
-	 * UserHooks constructor.
-	 *
-	 * @param KeyManager $keyManager
-	 * @param IUserManager $userManager
-	 * @param ILogger $logger
-	 * @param Setup $userSetup
-	 * @param IUserSession $user
-	 * @param Util $util
-	 * @param Session $session
-	 * @param Crypt $crypt
-	 * @param Recovery $recovery
-	 */
-	public function __construct(KeyManager $keyManager,
-								IUserManager $userManager,
-								ILogger $logger,
-								Setup $userSetup,
-								IUserSession $user,
-								Util $util,
-								Session $session,
-								Crypt $crypt,
-								Recovery $recovery) {
-
-		$this->keyManager = $keyManager;
-		$this->userManager = $userManager;
-		$this->logger = $logger;
-		$this->userSetup = $userSetup;
-		$this->user = $user;
-		$this->util = $util;
-		$this->session = $session;
-		$this->recovery = $recovery;
-		$this->crypt = $crypt;
-	}
-
-	/**
-	 * Connects Hooks
-	 *
-	 * @return null
-	 */
-	public function addHooks() {
-		OCUtil::connectHook('OC_User', 'post_login', $this, 'login');
-		OCUtil::connectHook('OC_User', 'logout', $this, 'logout');
-
-		// this hooks only make sense if no master key is used
-		if ($this->util->isMasterKeyEnabled() === false) {
-			OCUtil::connectHook('OC_User',
-				'post_setPassword',
-				$this,
-				'setPassphrase');
-
-			OCUtil::connectHook('OC_User',
-				'pre_setPassword',
-				$this,
-				'preSetPassphrase');
-
-			OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
-				'post_passwordReset',
-				$this,
-				'postPasswordReset');
-
-			OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
-				'pre_passwordReset',
-				$this,
-				'prePasswordReset');
-
-			OCUtil::connectHook('OC_User',
-				'post_createUser',
-				$this,
-				'postCreateUser');
-
-			OCUtil::connectHook('OC_User',
-				'post_deleteUser',
-				$this,
-				'postDeleteUser');
-		}
-	}
-
-
-	/**
-	 * Startup encryption backend upon user login
-	 *
-	 * @note This method should never be called for users using client side encryption
-	 * @param array $params
-	 * @return boolean|null
-	 */
-	public function login($params) {
-
-		if (!App::isEnabled('encryption')) {
-			return true;
-		}
-
-		// ensure filesystem is loaded
-		if (!\OC\Files\Filesystem::$loaded) {
-			$this->setupFS($params['uid']);
-		}
-		if ($this->util->isMasterKeyEnabled() === false) {
-			$this->userSetup->setupUser($params['uid'], $params['password']);
-		}
-
-		$this->keyManager->init($params['uid'], $params['password']);
-	}
-
-	/**
-	 * remove keys from session during logout
-	 */
-	public function logout() {
-		$this->session->clear();
-	}
-
-	/**
-	 * setup encryption backend upon user created
-	 *
-	 * @note This method should never be called for users using client side encryption
-	 * @param array $params
-	 */
-	public function postCreateUser($params) {
-
-		if (App::isEnabled('encryption')) {
-			$this->userSetup->setupUser($params['uid'], $params['password']);
-		}
-	}
-
-	/**
-	 * cleanup encryption backend upon user deleted
-	 *
-	 * @param array $params : uid, password
-	 * @note This method should never be called for users using client side encryption
-	 */
-	public function postDeleteUser($params) {
-
-		if (App::isEnabled('encryption')) {
-			$this->keyManager->deletePublicKey($params['uid']);
-		}
-	}
-
-	public function prePasswordReset($params) {
-		if (App::isEnabled('encryption')) {
-			$user = $params['uid'];
-			self::$passwordResetUsers[$user] = true;
-		}
-	}
-
-	public function postPasswordReset($params) {
-		$uid = $params['uid'];
-		$password = $params['password'];
-		$this->keyManager->backupUserKeys('passwordReset', $uid);
-		$this->keyManager->deleteUserKeys($uid);
-		$this->userSetup->setupUser($uid, $password);
-		unset(self::$passwordResetUsers[$uid]);
-	}
-
-	/**
-	 * If the password can't be changed within Nextcloud, than update the key password in advance.
-	 *
-	 * @param array $params : uid, password
-	 * @return boolean|null
-	 */
-	public function preSetPassphrase($params) {
-		$user = $this->userManager->get($params['uid']);
-
-		if ($user && !$user->canChangePassword()) {
-			$this->setPassphrase($params);
-		}
-	}
-
-	/**
-	 * Change a user's encryption passphrase
-	 *
-	 * @param array $params keys: uid, password
-	 * @return boolean|null
-	 */
-	public function setPassphrase($params) {
-
-		// if we are in the process to resetting a user password, we have nothing
-		// to do here
-		if (isset(self::$passwordResetUsers[$params['uid']])) {
-			return true;
-		}
-
-		// Get existing decrypted private key
-		$privateKey = $this->session->getPrivateKey();
-		$user = $this->user->getUser();
-
-		// current logged in user changes his own password
-		if ($user && $params['uid'] === $user->getUID() && $privateKey) {
-
-			// Encrypt private key with new user pwd as passphrase
-			$encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
-
-			// Save private key
-			if ($encryptedPrivateKey) {
-				$this->keyManager->setPrivateKey($this->user->getUser()->getUID(),
-					$this->crypt->generateHeader() . $encryptedPrivateKey);
-			} else {
-				$this->logger->error('Encryption could not update users encryption password');
-			}
-
-			// NOTE: Session does not need to be updated as the
-			// private key has not changed, only the passphrase
-			// used to decrypt it has changed
-		} else { // admin changed the password for a different user, create new keys and re-encrypt file keys
-			$user = $params['uid'];
-			$this->initMountPoints($user);
-			$recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
-
-			// we generate new keys if...
-			// ...we have a recovery password and the user enabled the recovery key
-			// ...encryption was activated for the first time (no keys exists)
-			// ...the user doesn't have any files
-			if (
-				($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword)
-				|| !$this->keyManager->userHasKeys($user)
-				|| !$this->util->userHasFiles($user)
-			) {
-
-				// backup old keys
-				//$this->backupAllKeys('recovery');
-
-				$newUserPassword = $params['password'];
-
-				$keyPair = $this->crypt->createKeyPair();
-
-				// Save public key
-				$this->keyManager->setPublicKey($user, $keyPair['publicKey']);
-
-				// Encrypt private key with new password
-				$encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
-
-				if ($encryptedKey) {
-					$this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
-
-					if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
-						$this->recovery->recoverUsersFiles($recoveryPassword, $user);
-					}
-				} else {
-					$this->logger->error('Encryption Could not update users encryption password');
-				}
-			}
-		}
-	}
-
-	/**
-	 * init mount points for given user
-	 *
-	 * @param string $user
-	 * @throws \OC\User\NoUserException
-	 */
-	protected function initMountPoints($user) {
-		Filesystem::initMountPoints($user);
-	}
-
-	/**
-	 * setup file system for user
-	 *
-	 * @param string $uid user id
-	 */
-	protected function setupFS($uid) {
-		\OC_Util::setupFS($uid);
-	}
+    /**
+     * list of user for which we perform a password reset
+     * @var array
+     */
+    protected static $passwordResetUsers = [];
+
+    /**
+     * @var KeyManager
+     */
+    private $keyManager;
+    /**
+     * @var IUserManager
+     */
+    private $userManager;
+    /**
+     * @var ILogger
+     */
+    private $logger;
+    /**
+     * @var Setup
+     */
+    private $userSetup;
+    /**
+     * @var IUserSession
+     */
+    private $user;
+    /**
+     * @var Util
+     */
+    private $util;
+    /**
+     * @var Session
+     */
+    private $session;
+    /**
+     * @var Recovery
+     */
+    private $recovery;
+    /**
+     * @var Crypt
+     */
+    private $crypt;
+
+    /**
+     * UserHooks constructor.
+     *
+     * @param KeyManager $keyManager
+     * @param IUserManager $userManager
+     * @param ILogger $logger
+     * @param Setup $userSetup
+     * @param IUserSession $user
+     * @param Util $util
+     * @param Session $session
+     * @param Crypt $crypt
+     * @param Recovery $recovery
+     */
+    public function __construct(KeyManager $keyManager,
+                                IUserManager $userManager,
+                                ILogger $logger,
+                                Setup $userSetup,
+                                IUserSession $user,
+                                Util $util,
+                                Session $session,
+                                Crypt $crypt,
+                                Recovery $recovery) {
+
+        $this->keyManager = $keyManager;
+        $this->userManager = $userManager;
+        $this->logger = $logger;
+        $this->userSetup = $userSetup;
+        $this->user = $user;
+        $this->util = $util;
+        $this->session = $session;
+        $this->recovery = $recovery;
+        $this->crypt = $crypt;
+    }
+
+    /**
+     * Connects Hooks
+     *
+     * @return null
+     */
+    public function addHooks() {
+        OCUtil::connectHook('OC_User', 'post_login', $this, 'login');
+        OCUtil::connectHook('OC_User', 'logout', $this, 'logout');
+
+        // this hooks only make sense if no master key is used
+        if ($this->util->isMasterKeyEnabled() === false) {
+            OCUtil::connectHook('OC_User',
+                'post_setPassword',
+                $this,
+                'setPassphrase');
+
+            OCUtil::connectHook('OC_User',
+                'pre_setPassword',
+                $this,
+                'preSetPassphrase');
+
+            OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
+                'post_passwordReset',
+                $this,
+                'postPasswordReset');
+
+            OCUtil::connectHook('\OC\Core\LostPassword\Controller\LostController',
+                'pre_passwordReset',
+                $this,
+                'prePasswordReset');
+
+            OCUtil::connectHook('OC_User',
+                'post_createUser',
+                $this,
+                'postCreateUser');
+
+            OCUtil::connectHook('OC_User',
+                'post_deleteUser',
+                $this,
+                'postDeleteUser');
+        }
+    }
+
+
+    /**
+     * Startup encryption backend upon user login
+     *
+     * @note This method should never be called for users using client side encryption
+     * @param array $params
+     * @return boolean|null
+     */
+    public function login($params) {
+
+        if (!App::isEnabled('encryption')) {
+            return true;
+        }
+
+        // ensure filesystem is loaded
+        if (!\OC\Files\Filesystem::$loaded) {
+            $this->setupFS($params['uid']);
+        }
+        if ($this->util->isMasterKeyEnabled() === false) {
+            $this->userSetup->setupUser($params['uid'], $params['password']);
+        }
+
+        $this->keyManager->init($params['uid'], $params['password']);
+    }
+
+    /**
+     * remove keys from session during logout
+     */
+    public function logout() {
+        $this->session->clear();
+    }
+
+    /**
+     * setup encryption backend upon user created
+     *
+     * @note This method should never be called for users using client side encryption
+     * @param array $params
+     */
+    public function postCreateUser($params) {
+
+        if (App::isEnabled('encryption')) {
+            $this->userSetup->setupUser($params['uid'], $params['password']);
+        }
+    }
+
+    /**
+     * cleanup encryption backend upon user deleted
+     *
+     * @param array $params : uid, password
+     * @note This method should never be called for users using client side encryption
+     */
+    public function postDeleteUser($params) {
+
+        if (App::isEnabled('encryption')) {
+            $this->keyManager->deletePublicKey($params['uid']);
+        }
+    }
+
+    public function prePasswordReset($params) {
+        if (App::isEnabled('encryption')) {
+            $user = $params['uid'];
+            self::$passwordResetUsers[$user] = true;
+        }
+    }
+
+    public function postPasswordReset($params) {
+        $uid = $params['uid'];
+        $password = $params['password'];
+        $this->keyManager->backupUserKeys('passwordReset', $uid);
+        $this->keyManager->deleteUserKeys($uid);
+        $this->userSetup->setupUser($uid, $password);
+        unset(self::$passwordResetUsers[$uid]);
+    }
+
+    /**
+     * If the password can't be changed within Nextcloud, than update the key password in advance.
+     *
+     * @param array $params : uid, password
+     * @return boolean|null
+     */
+    public function preSetPassphrase($params) {
+        $user = $this->userManager->get($params['uid']);
+
+        if ($user && !$user->canChangePassword()) {
+            $this->setPassphrase($params);
+        }
+    }
+
+    /**
+     * Change a user's encryption passphrase
+     *
+     * @param array $params keys: uid, password
+     * @return boolean|null
+     */
+    public function setPassphrase($params) {
+
+        // if we are in the process to resetting a user password, we have nothing
+        // to do here
+        if (isset(self::$passwordResetUsers[$params['uid']])) {
+            return true;
+        }
+
+        // Get existing decrypted private key
+        $privateKey = $this->session->getPrivateKey();
+        $user = $this->user->getUser();
+
+        // current logged in user changes his own password
+        if ($user && $params['uid'] === $user->getUID() && $privateKey) {
+
+            // Encrypt private key with new user pwd as passphrase
+            $encryptedPrivateKey = $this->crypt->encryptPrivateKey($privateKey, $params['password'], $params['uid']);
+
+            // Save private key
+            if ($encryptedPrivateKey) {
+                $this->keyManager->setPrivateKey($this->user->getUser()->getUID(),
+                    $this->crypt->generateHeader() . $encryptedPrivateKey);
+            } else {
+                $this->logger->error('Encryption could not update users encryption password');
+            }
+
+            // NOTE: Session does not need to be updated as the
+            // private key has not changed, only the passphrase
+            // used to decrypt it has changed
+        } else { // admin changed the password for a different user, create new keys and re-encrypt file keys
+            $user = $params['uid'];
+            $this->initMountPoints($user);
+            $recoveryPassword = isset($params['recoveryPassword']) ? $params['recoveryPassword'] : null;
+
+            // we generate new keys if...
+            // ...we have a recovery password and the user enabled the recovery key
+            // ...encryption was activated for the first time (no keys exists)
+            // ...the user doesn't have any files
+            if (
+                ($this->recovery->isRecoveryEnabledForUser($user) && $recoveryPassword)
+                || !$this->keyManager->userHasKeys($user)
+                || !$this->util->userHasFiles($user)
+            ) {
+
+                // backup old keys
+                //$this->backupAllKeys('recovery');
+
+                $newUserPassword = $params['password'];
+
+                $keyPair = $this->crypt->createKeyPair();
+
+                // Save public key
+                $this->keyManager->setPublicKey($user, $keyPair['publicKey']);
+
+                // Encrypt private key with new password
+                $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $newUserPassword, $user);
+
+                if ($encryptedKey) {
+                    $this->keyManager->setPrivateKey($user, $this->crypt->generateHeader() . $encryptedKey);
+
+                    if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
+                        $this->recovery->recoverUsersFiles($recoveryPassword, $user);
+                    }
+                } else {
+                    $this->logger->error('Encryption Could not update users encryption password');
+                }
+            }
+        }
+    }
+
+    /**
+     * init mount points for given user
+     *
+     * @param string $user
+     * @throws \OC\User\NoUserException
+     */
+    protected function initMountPoints($user) {
+        Filesystem::initMountPoints($user);
+    }
+
+    /**
+     * setup file system for user
+     *
+     * @param string $uid user id
+     */
+    protected function setupFS($uid) {
+        \OC_Util::setupFS($uid);
+    }
 }

apps/encryption/lib/Hooks/Contracts/IHook.php

Indentation +6 added lines, -6 removed lines

@@ -24,10 +24,10 @@
 
 
 interface IHook {
-	/**
-	 * Connects Hooks
-	 *
-	 * @return null
-	 */
-	public function addHooks();
+    /**
+     * Connects Hooks
+     *
+     * @return null
+     */
+    public function addHooks();
 }

apps/encryption/lib/Settings/Admin.php

Indentation +85 added lines, -85 removed lines

@@ -38,90 +38,90 @@
 
 class Admin implements ISettings {
 
-	/** @var IL10N */
-	private $l;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var ISession */
-	private $session;
-
-	public function __construct(
-		IL10N $l,
-		ILogger $logger,
-		IUserSession $userSession,
-		IConfig $config,
-		IUserManager $userManager,
-		ISession $session
-	) {
-		$this->l = $l;
-		$this->logger = $logger;
-		$this->userSession = $userSession;
-		$this->config = $config;
-		$this->userManager = $userManager;
-		$this->session = $session;
-	}
-
-	/**
-	 * @return TemplateResponse
-	 */
-	public function getForm() {
-		$crypt = new Crypt(
-			$this->logger,
-			$this->userSession,
-			$this->config,
-			$this->l);
-
-		$util = new Util(
-			new View(),
-			$crypt,
-			$this->logger,
-			$this->userSession,
-			$this->config,
-			$this->userManager);
-
-		// Check if an adminRecovery account is enabled for recovering files after lost pwd
-		$recoveryAdminEnabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', '0');
-		$session = new Session($this->session);
-
-		$encryptHomeStorage = $util->shouldEncryptHomeStorage();
-
-		$parameters = [
-			'recoveryEnabled'    => $recoveryAdminEnabled,
-			'initStatus'         => $session->getStatus(),
-			'encryptHomeStorage' => $encryptHomeStorage,
-			'masterKeyEnabled'   => $util->isMasterKeyEnabled(),
-		];
-
-		return new TemplateResponse('encryption', 'settings-admin', $parameters, '');
-	}
-
-	/**
-	 * @return string the section ID, e.g. 'sharing'
-	 */
-	public function getSection() {
-		return 'encryption';
-	}
-
-	/**
-	 * @return int whether the form should be rather on the top or bottom of
-	 * the admin section. The forms are arranged in ascending order of the
-	 * priority values. It is required to return a value between 0 and 100.
-	 *
-	 * E.g.: 70
-	 */
-	public function getPriority() {
-		return 5;
-	}
+    /** @var IL10N */
+    private $l;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var ISession */
+    private $session;
+
+    public function __construct(
+        IL10N $l,
+        ILogger $logger,
+        IUserSession $userSession,
+        IConfig $config,
+        IUserManager $userManager,
+        ISession $session
+    ) {
+        $this->l = $l;
+        $this->logger = $logger;
+        $this->userSession = $userSession;
+        $this->config = $config;
+        $this->userManager = $userManager;
+        $this->session = $session;
+    }
+
+    /**
+     * @return TemplateResponse
+     */
+    public function getForm() {
+        $crypt = new Crypt(
+            $this->logger,
+            $this->userSession,
+            $this->config,
+            $this->l);
+
+        $util = new Util(
+            new View(),
+            $crypt,
+            $this->logger,
+            $this->userSession,
+            $this->config,
+            $this->userManager);
+
+        // Check if an adminRecovery account is enabled for recovering files after lost pwd
+        $recoveryAdminEnabled = $this->config->getAppValue('encryption', 'recoveryAdminEnabled', '0');
+        $session = new Session($this->session);
+
+        $encryptHomeStorage = $util->shouldEncryptHomeStorage();
+
+        $parameters = [
+            'recoveryEnabled'    => $recoveryAdminEnabled,
+            'initStatus'         => $session->getStatus(),
+            'encryptHomeStorage' => $encryptHomeStorage,
+            'masterKeyEnabled'   => $util->isMasterKeyEnabled(),
+        ];
+
+        return new TemplateResponse('encryption', 'settings-admin', $parameters, '');
+    }
+
+    /**
+     * @return string the section ID, e.g. 'sharing'
+     */
+    public function getSection() {
+        return 'encryption';
+    }
+
+    /**
+     * @return int whether the form should be rather on the top or bottom of
+     * the admin section. The forms are arranged in ascending order of the
+     * priority values. It is required to return a value between 0 and 100.
+     *
+     * E.g.: 70
+     */
+    public function getPriority() {
+        return 5;
+    }
 
 }

apps/encryption/lib/Session.php

Indentation +154 added lines, -154 removed lines

@@ -29,159 +29,159 @@
 
 class Session {
 
-	/** @var ISession */
-	protected $session;
-
-	const NOT_INITIALIZED = '0';
-	const INIT_EXECUTED = '1';
-	const INIT_SUCCESSFUL = '2';
-	const RUN_MIGRATION = '3';
-
-	/**
-	 * @param ISession $session
-	 */
-	public function __construct(ISession $session) {
-		$this->session = $session;
-	}
-
-	/**
-	 * Sets status of encryption app
-	 *
-	 * @param string $status INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INITIALIZED
-	 */
-	public function setStatus($status) {
-		$this->session->set('encryptionInitialized', $status);
-	}
-
-	/**
-	 * Gets status if we already tried to initialize the encryption app
-	 *
-	 * @return string init status INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INITIALIZED
-	 */
-	public function getStatus() {
-		$status = $this->session->get('encryptionInitialized');
-		if (is_null($status)) {
-			$status = self::NOT_INITIALIZED;
-		}
-
-		return $status;
-	}
-
-	/**
-	 * check if encryption was initialized successfully
-	 *
-	 * @return bool
-	 */
-	public function isReady() {
-		$status = $this->getStatus();
-		return $status === self::INIT_SUCCESSFUL;
-	}
-
-	/**
-	 * Gets user or public share private key from session
-	 *
-	 * @return string $privateKey The user's plaintext private key
-	 * @throws Exceptions\PrivateKeyMissingException
-	 */
-	public function getPrivateKey() {
-		$key = $this->session->get('privateKey');
-		if (is_null($key)) {
-			throw new Exceptions\PrivateKeyMissingException('please try to log-out and log-in again', 0);
-		}
-		return $key;
-	}
-
-	/**
-	 * check if private key is set
-	 *
-	 * @return boolean
-	 */
-	public function isPrivateKeySet() {
-		$key = $this->session->get('privateKey');
-		if (is_null($key)) {
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Sets user private key to session
-	 *
-	 * @param string $key users private key
-	 *
-	 * @note this should only be set on login
-	 */
-	public function setPrivateKey($key) {
-		$this->session->set('privateKey', $key);
-	}
-
-	/**
-	 * store data needed for the decrypt all operation in the session
-	 *
-	 * @param string $user
-	 * @param string $key
-	 */
-	public function prepareDecryptAll($user, $key) {
-		$this->session->set('decryptAll', true);
-		$this->session->set('decryptAllKey', $key);
-		$this->session->set('decryptAllUid', $user);
-	}
-
-	/**
-	 * check if we are in decrypt all mode
-	 *
-	 * @return bool
-	 */
-	public function decryptAllModeActivated() {
-		$decryptAll = $this->session->get('decryptAll');
-		return ($decryptAll === true);
-	}
-
-	/**
-	 * get uid used for decrypt all operation
-	 *
-	 * @return string
-	 * @throws \Exception
-	 */
-	public function getDecryptAllUid() {
-		$uid = $this->session->get('decryptAllUid');
-		if (is_null($uid) && $this->decryptAllModeActivated()) {
-			throw new \Exception('No uid found while in decrypt all mode');
-		} elseif (is_null($uid)) {
-			throw new \Exception('Please activate decrypt all mode first');
-		}
-
-		return $uid;
-	}
-
-	/**
-	 * get private key for decrypt all operation
-	 *
-	 * @return string
-	 * @throws PrivateKeyMissingException
-	 */
-	public function getDecryptAllKey() {
-		$privateKey = $this->session->get('decryptAllKey');
-		if (is_null($privateKey) && $this->decryptAllModeActivated()) {
-			throw new PrivateKeyMissingException('No private key found while in decrypt all mode');
-		} elseif (is_null($privateKey)) {
-			throw new PrivateKeyMissingException('Please activate decrypt all mode first');
-		}
-
-		return $privateKey;
-	}
-
-	/**
-	 * remove keys from session
-	 */
-	public function clear() {
-		$this->session->remove('publicSharePrivateKey');
-		$this->session->remove('privateKey');
-		$this->session->remove('encryptionInitialized');
-		$this->session->remove('decryptAll');
-		$this->session->remove('decryptAllKey');
-		$this->session->remove('decryptAllUid');
-	}
+    /** @var ISession */
+    protected $session;
+
+    const NOT_INITIALIZED = '0';
+    const INIT_EXECUTED = '1';
+    const INIT_SUCCESSFUL = '2';
+    const RUN_MIGRATION = '3';
+
+    /**
+     * @param ISession $session
+     */
+    public function __construct(ISession $session) {
+        $this->session = $session;
+    }
+
+    /**
+     * Sets status of encryption app
+     *
+     * @param string $status INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INITIALIZED
+     */
+    public function setStatus($status) {
+        $this->session->set('encryptionInitialized', $status);
+    }
+
+    /**
+     * Gets status if we already tried to initialize the encryption app
+     *
+     * @return string init status INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INITIALIZED
+     */
+    public function getStatus() {
+        $status = $this->session->get('encryptionInitialized');
+        if (is_null($status)) {
+            $status = self::NOT_INITIALIZED;
+        }
+
+        return $status;
+    }
+
+    /**
+     * check if encryption was initialized successfully
+     *
+     * @return bool
+     */
+    public function isReady() {
+        $status = $this->getStatus();
+        return $status === self::INIT_SUCCESSFUL;
+    }
+
+    /**
+     * Gets user or public share private key from session
+     *
+     * @return string $privateKey The user's plaintext private key
+     * @throws Exceptions\PrivateKeyMissingException
+     */
+    public function getPrivateKey() {
+        $key = $this->session->get('privateKey');
+        if (is_null($key)) {
+            throw new Exceptions\PrivateKeyMissingException('please try to log-out and log-in again', 0);
+        }
+        return $key;
+    }
+
+    /**
+     * check if private key is set
+     *
+     * @return boolean
+     */
+    public function isPrivateKeySet() {
+        $key = $this->session->get('privateKey');
+        if (is_null($key)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Sets user private key to session
+     *
+     * @param string $key users private key
+     *
+     * @note this should only be set on login
+     */
+    public function setPrivateKey($key) {
+        $this->session->set('privateKey', $key);
+    }
+
+    /**
+     * store data needed for the decrypt all operation in the session
+     *
+     * @param string $user
+     * @param string $key
+     */
+    public function prepareDecryptAll($user, $key) {
+        $this->session->set('decryptAll', true);
+        $this->session->set('decryptAllKey', $key);
+        $this->session->set('decryptAllUid', $user);
+    }
+
+    /**
+     * check if we are in decrypt all mode
+     *
+     * @return bool
+     */
+    public function decryptAllModeActivated() {
+        $decryptAll = $this->session->get('decryptAll');
+        return ($decryptAll === true);
+    }
+
+    /**
+     * get uid used for decrypt all operation
+     *
+     * @return string
+     * @throws \Exception
+     */
+    public function getDecryptAllUid() {
+        $uid = $this->session->get('decryptAllUid');
+        if (is_null($uid) && $this->decryptAllModeActivated()) {
+            throw new \Exception('No uid found while in decrypt all mode');
+        } elseif (is_null($uid)) {
+            throw new \Exception('Please activate decrypt all mode first');
+        }
+
+        return $uid;
+    }
+
+    /**
+     * get private key for decrypt all operation
+     *
+     * @return string
+     * @throws PrivateKeyMissingException
+     */
+    public function getDecryptAllKey() {
+        $privateKey = $this->session->get('decryptAllKey');
+        if (is_null($privateKey) && $this->decryptAllModeActivated()) {
+            throw new PrivateKeyMissingException('No private key found while in decrypt all mode');
+        } elseif (is_null($privateKey)) {
+            throw new PrivateKeyMissingException('Please activate decrypt all mode first');
+        }
+
+        return $privateKey;
+    }
+
+    /**
+     * remove keys from session
+     */
+    public function clear() {
+        $this->session->remove('publicSharePrivateKey');
+        $this->session->remove('privateKey');
+        $this->session->remove('encryptionInitialized');
+        $this->session->remove('decryptAll');
+        $this->session->remove('decryptAllKey');
+        $this->session->remove('decryptAllUid');
+    }
 
 }